1.0.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.0.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.1.1.2	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6626 CTO 21-343 (IP=2,AU)
1.1.137.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
1.1.178.75	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 22C00393(IP=75,TH)
1.10.133.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
1.10.144.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.10.160.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.10.190.192	32	DT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C00902 (IP=192,TH)
1.117.70.51	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:38	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01564 (IP=51,CN)
1.12.233.92	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00396 (IP=92,CN)
1.12.241.17	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=17,CN)
1.13.165.17	24	SW	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:29	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=17,CN)
1.13.174.126	24	SW	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=126,CN)
1.13.188.164	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=164,CN)
1.14.17.89	24	RT	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00345 (IP=89,CN)
1.14.63.229	24	KD	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=229,CN)
1.15.140.98	24	RB	None	2021-12-09 00:00:00	2022-03-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire Report (IP=98,CN)
1.15.146.140	32	RT	None	2021-12-24 00:00:00	2022-03-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00725 (IP=140,CN)
1.15.221.53	24	BB	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=53,CN)
1.15.84.219	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=219,CN)
1.164.151.93	24	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:18	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=93,TW)
1.165.142.153	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:14	HIVE Case #7894 CTO 22-187 (IP=153,TW)
1.179.178.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.179.182.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.179.247.182	24	WR	None	2021-12-15 00:00:00	2022-03-13 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=182,TH)
1.2.161.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.2.254.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.20.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.20.224.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.20.81.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.200.72.0	21	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,TW)
1.202.77.134	24	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:49	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=134,CN)
1.209.249.188	24	NAB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=188,KR)
1.209.43.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
1.214.142.19	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:55	HIVE Case #7104 TO-S-2022-0138 (IP=19,KR)
1.224.4.60	24	AR	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:18	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Report (IP=60,KR)
1.234.2.232	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:24	HIVE Case #7535 TO-S-2022-0176 (IP=232,KR)
1.234.21.73	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:25	HIVE Case #7535 TO-S-2022-0176 (IP=73,KR)
1.246.222.201	24	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:39	SIPVicious Security Scanner - SourceFire (IP=201,KR)
1.246.223.16	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:05	Generic URI Injection wget Attempt - IPS Events (IP=16,KR)
1.248.122.240	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=240,KR)
1.34.110.193	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:24:58	HIVE Case #7608 CTO 22-137 (IP=193,TW)
1.38.44.106	24	WR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SQL injection - Web Attacks (IP=106,IN)
1.4.176.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TH TO-S-2021-1081 Hive Case 4872 Malware Activity
1.4.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
1.52.198.87	24	WR	None	2022-02-22 00:00:00	2022-05-22 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=87,VN)
1.52.248.1	24	RB	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=1,VN)
1.53.148.244	24	RB	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=244,VN)
1.53.152.146	24	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:4) - SourceFire (IP=146,VN)
1.54.8.171	24	KD	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt- Sourcefire(IP=171,VN)
1.55.195.241	24	WR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58741:4) - Sourcefire (IP=241,VN)
1.55.198.201	24	WR	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Sourcefire (IP=201,VN)
1.55.21.38	24	TH	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-31 17:30:55	SQL injection - 6 Hr Web Report (IP=38,VN)
1.7.0.2	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=2,IN)
1.9.85.244	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:20	HIVE Case #7277 CTO 22-084 (IP=244,MY)
1.9.85.245	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:21	HIVE Case #7277 CTO 22-084 (IP=245,MY)
1.9.85.246	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:22	HIVE Case #7277 CTO 22-084 (IP=246,MY)
1.9.85.247	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:24	HIVE Case #7199 CTO 22-074 (IP=247,MY)
1.9.85.248	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:55	HIVE Case #7271 CTO 22-083 (IP=248,MY)
1.9.85.249	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:55	HIVE Case #7271 CTO 22-083 (IP=249,MY)
1.9.85.250	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:56	HIVE Case #7271 CTO 22-083 (IP=250,MY)
1.9.85.251	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:22	HIVE Case #7277 CTO 22-084 (IP=251,MY)
1.9.85.252	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:24	HIVE Case #7199 CTO 22-074 (IP=252,MY)
1.9.85.253	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:25	HIVE Case #7199 CTO 22-074 (IP=253,MY)
1.9.85.254	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:56	HIVE Case #7271 CTO 22-083 (IP=254,MY)
100.1.119.41	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:37	HIVE Case #7199 CTO 22-074 (IP=41,US)
100.14.239.83	32	wmp	None	2022-05-05 00:00:00	2022-08-05 00:00:00	2022-05-05 22:44:31	HIVE Case #7509 IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=83,US)
100.2.206.46	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:30	HIVE Case #7904 CTO 22-189 (IP=46,US)
100.2.229.132	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:19	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=132,US)
100.24.26.239	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:29	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=239,US)
100.24.32.212	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:48	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=212,US)
100.24.64.86	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=86,US)
100.25.166.81	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	Known Attack Tool - TT# 22C00608 (IP=81,US)
100.26.112.146	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:29	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=146,US)
100.26.198.14	32	ZH	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=14,US)
100.26.29.109	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=109,US)
100.26.29.122	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=122, US)
100.26.95.86	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:56	HIVE Case #7662 CTO 22-145 (IP=86,US)
100.27.20.203	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=203,US)
100.27.42.166	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=166,US)
100.43.22.234	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=234,US)
100.43.220.234	32	EE	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:53	HIVE Case #7096 IOC_New Sandworm (IP=234,US)
100.43.220.235	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:25	HIVE Case #7199 CTO 22-074 (IP=235,US)
100.43.220.236	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:26	HIVE Case #7199 CTO 22-074 (IP=236,US)
100.43.220.237	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:26	HIVE Case #7199 CTO 22-074 (IP=237,US)
100.43.220.238	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:27	HIVE Case #7199 CTO 22-074 (IP=238,US)
1001travaux.fr	---	jkc	None	2021-03-22 00:00:00	2022-03-22 00:00:00	2023-01-19 22:53:54	Case # 5090 TO-S-2021-1185 Malicious Domain
10080.site	---	TLM	None	2021-12-02 00:00:00	2022-12-02 00:00:00	2023-01-19 23:05:29	HIVE Case #6600 TO-S-2022-0090
1008691.com	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:53	HIVE Case #5637 TO-S-2021-1321
101.0.32.95	24	RS	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:32	SIPVicious Security Scanner - IPS Events (IP=95,IN)
101.0.54.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
101.100.163.118	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=118,SG)
101.102.231.204	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=204,JP)
101.108.128.80	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=80,TH)
101.108.129.66	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=66,TH)
101.108.23.241	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
101.108.251.250	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
101.109.176.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TH TO-S-2021-1081 Hive Case 4872 Malware Activity
101.110.101.101	32	KH	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	Self-Report/Attempted VCS connection - TT# 22C00491 (IP=101,CN)
101.119.56.250	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=250,AU)
101.132.248.171	32	RR	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00435 (IP=171,CN)
101.132.255.43	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=43,CN)
101.200.127.149	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:55	HIVE Case #7874 CTO 22-181 (IP=149,CN)
101.200.146.2	32	BB	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00112 (IP=2,US)
101.203.174.175	24	EE	None	2021-01-10 00:00:00	2022-02-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attack (IP=175,CN) | updated by SW Block was inactive. Reactivated on 20211122 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=175,CN)
101.227.63.117	24	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=117,CN)
101.231.50.29	24	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=29,CN)
101.25.53.110	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=110,CN)
101.251.207.244	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:11	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01407 (IP=244,CN)
101.255.103.53	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - WebAttacks (IP=53,ID)
101.255.103.53	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - WebAttacks (IP=53,ID)
101.255.151.238	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Source Fire (IP=238,ID)
101.255.151.238	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Source Fire (IP=238,ID)
101.255.151.238	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Source Fire (IP=238,ID)
101.27.252.55	24	RS	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:25	Exploit.IoT.Generic - FE NX (IP=55,CN)
101.32.126.18	24	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=18,CN)
101.32.183.92	24	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=92,CN)
101.32.76.161	24	RR	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=161,CN)
101.32.82.254	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:54	HIVE Case #7380 CTO 22-099 (IP=254,IN)
101.32.83.15	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:29	HIVE Case #7495 CTO 22-120 (IP=15,IN)
101.33.11.29	24	DT	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	- Case # 6763 CMS Notified Report (IP=29,DE)
101.33.198.98	24	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:39	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=98,CN)
101.33.228.224	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=224,CN)
101.33.66.132	24	WR	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=132,KR)
101.34.20.50	24	RR	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=50,CN)
101.34.29.12	24	SW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=12, CN)
101.34.72.9	32	KH	None	2021-11-02 00:00:00	2022-01-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00276 (IP=9,CN)
101.35.148.171	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=171,CN)
101.35.154.34	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=34,CN)
101.35.181.149	24	KD	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Sourcefire (IP=149,CN)
101.35.3.20	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:03	HIVE Case #7862 CTO 22-176 (IP=20,CN)
101.36.102.93	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:13	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=93,VN)
101.36.114.167	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:13	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=167,KR)
101.36.123.191	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:14	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=191,HK)
101.36.125.203	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:14	HIVE Case #7282 CTO 22-085 (IP=203,HK)
101.36.221.72	24	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 23:23:57	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire Report (IP=72,CN)
101.42.252.6	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:44	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01512(IP=6,CN)
101.42.89.186	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:09	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=186,CN)
101.42.95.39	24	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=39,CN)
101.43.152.223	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:15	HIVE Case #7807 CTO 22-169 (IP=223,CN)
101.43.158.140	24	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=140,CN)
101.43.197.44	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:43	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 22C01130 (IP=44,CN)
101.50.103.248	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:38	HIVE Case #7199 CTO 22-074 (IP=248,PK)
101.51.187.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
101.51.64.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
101.53.133.153	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-15 16:47:39	HIVE Case #7919 COLS-NA TIP 22-0240 (IP=153,IN)
101.53.36.68	24	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:37	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=68,VN)
101.68.80.82	32	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-09 13:49:33	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01159 (IP=82,CN)
101.72.127.206	24	KD	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=206,CN)
101.99.94.253	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=253,MY)
101.99.95.17	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:43	IP linked to malicious domain - Hive Case 7346 (IP=17,MY)
102.115.144.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MU TO-S-2021-1037 Hive Case 4785 Malware Activity
102.115.224.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MU TO-S-2021-1037 Hive Case 4785 Malware Activity
102.126.79.233	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:20	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=223,SD)
102.129.152.211	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SQL injection - Web Attacks (IP=211,US)
102.129.153.239	32	KD	None	2021-10-31 00:00:00	2022-01-29 00:00:00	None	SQL injection- Web Attacks (IP=239,US)
102.129.18.158	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
102.132.55.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
102.141.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CG TO-S-2021-1037 Hive Case 4785 Malware Activity
102.157.92.22	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TN TO-S-2021-1037 Hive Case 4785 Malware Activity
102.167.12.100	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	KE TO-S-2021-1081 Hive Case 4872 Malware Activity
102.176.180.166	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KE TO-S-2021-1050 Hive Case 4821 Malware Activity
102.176.220.8	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
102.222.180.0	22	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	ZA TO-S-2021-1156 Malware Activity
102.44.158.79	24	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:44	SQL injection - 6HR Web Attacks (IP=79,EG)
102.50.244.205	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:27	HIVE Case #7199 CTO 22-074 (IP=205,MA)
102.64.38.130	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ZA TO-S-2021-1102 Malware Activity
102.64.64.2	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TZ TO-S-2021-1081 Hive Case 4872 Malware Activity
102.65.204.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
102.65.38.67	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:38	HIVE Case #7199 CTO 22-074 (IP=67,ZA)
102.68.128.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LY TO-S-2021-1037 Hive Case 4785 Malware Activity
102.68.17.95	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SO TO-S-2021-1050 Hive Case 4821 Malware Activity
102.89.44.151	24	AR	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 13:55:15	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=151,NG)
10293msg03jdqpeje0.mykajabi.com	---	TLM	None	2021-06-16 00:00:00	2022-08-10 00:00:00	2023-01-19 22:57:43	HIVE Case #5629 TO-S-2021-1303 | updated by TLM Block expiration extended with reason HIVE Case #5969 TO-S-2021-1289
1029547085.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
103.1.205.125	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=125,AU)
103.1.237.27	24	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 22:53:28	Malicious.LIVE.DTI.URL - Case# 8094 (IP=27,VN)
103.10.234.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
103.10.28.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NP TO-S-2021-1050 Hive Case 4821 Malware Activity
103.10.64.14	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	PL TO-S-2021-1102 Malware Activity
103.100.209.53	24	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=53,KZ)
103.100.211.0	24	dbc	None	2019-12-17 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2020-0187 Malicious Email Activity | updated by dbc Block was inactive. Reactivated on 20210128 with reason HK TO-S-2021-1050 Hive Case 4821 Malware Activity HK TO-S-2021-1050 Hive Case 4821 Malware Activity
103.100.211.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2020-0187 Malicious Email Activity | updated by dbc Block was inactive. Reactivated on 20210128 with reason HK TO-S-2021-1050 Hive Case 4821 Malware Activity HK TO-S-2021-1050 Hive Case 4821 Malware Activity
103.100.66.44	24	AR	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=44,CN)
103.101.116.188	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 14:46:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=188,IN)
103.101.129.175	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:45:58	HIVE Case #7458 CTO 22-113 (IP=175,AU)
103.101.197.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.102.1.134	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:12	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01409 (IP=134,ID)
103.102.220.50	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=50,AF)
103.102.5.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,US)
103.102.73.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.103.128.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
103.103.8.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,IN) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,IN)
103.104.211.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.104.28.154	24	RB	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability (IP=154,NP)
103.104.73.0	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,IN)
103.105.167.69	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:27	SIPVicious Security Scanner - IPS Events (IP=69,PK)
103.105.236.198	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
103.105.254.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
103.105.70.68	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.106.112.34	24	AR	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=34,ID)
103.106.158.118	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.106.159.98	24	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:15	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=98,ID)
103.106.250.239	24	NHL	None	2020-12-01 00:00:00	2022-12-01 00:00:00	None	Case # 4435 - IOC_ Operation_LagTime (IP=239,MY)
103.107.104.19	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:07	HIVE Case #7564 TO-S-2022-0180 (IP=19,HK)
103.107.196.148	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:04	HIVE Case #7546 CTO 22-127 (IP=148,AU)
103.107.196.197	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:05	HIVE Case #7546 CTO 22-127 (IP=197,AU)
103.107.197.93	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:03	HIVE Case #7546 CTO 22-127 (IP=93,AU)
103.107.198.110	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=110,SG)
103.107.198.110	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=110,SG)
103.107.198.94	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58728:3) - Source Fire (IP=94,SG)
103.107.60.133	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:41	Generic URI Injection wget Attempt - FE CMS IPS Events (IP=133,IN)
103.108.146.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,BD)
103.108.201.68	24	AR	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=68,IN)
103.108.94.58	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:23	Infection Match (blocked)- FIREEYE Web(IP=58,NZ)
103.109.3.28	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.109.40.0	22	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,VN)
103.11.190.68	24	SW	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-28 16:36:35	SIPVicious Security Scanner - IPS Events (IP=68,SG)
103.11.82.86	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=86,IN)
103.110.20.79	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.110.53.174	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:18	HIVE Case #7862 CTO 22-176 (IP=174,AF)
103.110.81.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.111.114.2	24	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) (IP=2, IN)
103.111.199.76	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=76,ID)
103.111.219.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
103.111.83.246	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=246,ID)
103.113.154.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.113.157.134	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:16	HIVE Case #7458 CTO 22-113 (IP=134,HK)
103.113.172.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.115.124.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.115.40.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.116.178.85	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:39	HIVE Case #7199 CTO 22-074 (IP=85,IN)
103.116.190.19	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:35	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR#22C01940 (IP=19,MM)
103.116.190.19	24	AR	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 13:49:50	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=19,MM)
103.116.4.201	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	JP TO-S-2021-1102 Malicious Email Activity
103.116.47.65	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:14	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=65,MY)
103.117.100.112	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=112,HK)
103.117.172.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.117.236.202	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:21	Attempted Access - Inbound Brute Force - IR# 22C01437 (IP=202,IN)
103.118.253.60	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=60,CN)
103.119.144.59	24	SW	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:35	Masscan TCP Port Scanner - IPS Events(IP=59,ID)
103.12.161.194	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:27	HIVE Case #7623 CTO 22-139 (IP=194,KH)
103.120.154.105	32	RR	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:21	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01682 (IP=105,ID)
103.120.202.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.120.251.175	24	KD	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	SQL injection- Web Attacks(IP=175,IN)
103.121.197.82	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malware Activity
103.121.22.98	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.121.235.176	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.121.36.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,BD) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,BD)
103.121.57.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.121.88.46	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=46,VN)
103.122.244.173	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:47:20	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Source Fire (IP=173,AU)
103.122.94.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
103.123.134.240	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:15	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=240,TW)
103.124.106.234	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:51	HIVE Case #7325 CTO 22-091 (IP=234,US)
103.124.172.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
103.125.27.149	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:06	SQL injection - 6Hr Web Attacks (IP=149,NP)
103.126.184.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	BD TO-S-2021-1102 Malware Activity
103.127.182.58	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:45	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=58,BD)
103.127.94.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.129.64.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.13.112.0	22	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,IN)
103.13.113.61	32	AR	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:17	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) IR 22C01873 (IP=61,IN)
103.13.240.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.130.219.103	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=103,VN)
103.131.156.21	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:10	HIVE Case #7627 CTO 22-140 (IP=21,BD)
103.131.157.102	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:27	HIVE Case #7623 CTO 22-139 (IP=102,BD)
103.131.74.24	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:14	HIVE Case #7668 CTO 22-146 (IP=24,VN)
103.132.228.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.133.137.147	24	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:16	Exploit.Spring4Shell.CVE-2022-22965 - FE Web (IP=147,CN)
103.134.19.125	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=125,ID)
103.135.33.250	24	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:55	HIVE Case #7904 CTO 22-189 (IP=250,HK)
103.136.17.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
103.136.172.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,IN) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,IN)
103.136.249.44	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:03	HIVE Case #7894 CTO 22-187 (IP=44,SG)
103.137.160.230	24	SW	None	2021-06-09 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:22	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - Web Attacks (IP=230,BD) | updated by SW Block was inactive. Reactivated on 20220715 with reason SQL injection - WebAttack (IP=230,BD)
103.137.185.249	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:16	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=249,VN)
103.137.4.161	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:44	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01695 (IP=161,VN)
103.137.80.52	24	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-04 00:19:33	SQL injection - 6hr Web Attacks (IP=52,BD)
103.137.80.54	24	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:19	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=54,BD)
103.137.88.0	22	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,LA)
103.138.109.174	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=174,VN)
103.138.12.218	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:45	HIVE Case #7458 CTO 22-113 (IP=218,CN)
103.138.144.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.138.145.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.138.149.25	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:22	HIVE Case #7341 CTO 22-092 (IP=25,HK)
103.138.4.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.138.5.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.139.0.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.139.10.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.139.48.191	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=191,AU)
103.139.48.94	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=94,AU)
103.140.186.84	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:03	HIVE Case #7894 CTO 22-187 (IP=84,SG)
103.140.187.40	24	EE	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:48	HIVE Case #7697 IOC_CVE-2022-30190_Follina_Zero-Day (IP=40,JP)
103.140.228.0	23	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,CN)
103.140.238.72	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:26	HIVE Case #7341 CTO 22-092 (IP=72,HK)
103.140.239.30	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:32	HIVE Case #7495 CTO 22-120 (IP=30,HK)
103.140.250.0	23	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,VN)
103.140.251.225	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=225,VN)
103.140.35.210	24	AR	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=210,ID)
103.140.45.162	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=162,KR)
103.141.70.170	24	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:26	SQL injection - Web Attacks (IP=170,BD)
103.141.97.68	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	JP TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
103.142.10.17	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:39	HIVE Case #7199 CTO 22-074 (IP=17,IN)
103.142.14.168	24	RT	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 HR WebAttack (IP=168,ID)
103.142.140.29	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:05	HIVE Case #7807 CTO 22-169 (IP=29,SG)
103.142.140.77	24	WR	None	2022-02-12 00:00:00	2022-05-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=77,SG)
103.142.62.6	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 22:45:01	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01370 (IP=6,ID)
103.144.233.160	24	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 13:50:50	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=160,IN)
103.144.250.0	24	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,ID)
103.144.36.195	24	RR	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:28	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=195,IN)
103.145.12.181	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=181,NL)
103.145.12.181	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=181,NL)
103.145.12.181	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=181,NL)
103.145.12.90	24	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:33	SIPVicious Security Scanner - IPS Events (IP=90,NL)
103.145.13.100	32	AR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	Unauthorized Access-Probe - TT# 22C00512 (IP=100,NL)
103.145.13.153	32	BMP	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	HTTP: Unauthorized Access-Probe - TT# 22C00420 (IP=153,NL)
103.145.13.25	32	TLM	None	2022-06-08 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:57	HIVE Case #7739 CTO 22-159 (IP=25,NL) | updated by TLM Block expiration extended with reason HIVE Case #7745 CTO 22-160 (IP=25,NL) HIVE Case #7745 CTO 22-160 (IP=25,NL)
103.145.13.25	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:57	HIVE Case #7739 CTO 22-159 (IP=25,NL) | updated by TLM Block expiration extended with reason HIVE Case #7745 CTO 22-160 (IP=25,NL) HIVE Case #7745 CTO 22-160 (IP=25,NL)
103.145.13.80	32	TLM	None	2022-06-08 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:57	HIVE Case #7739 CTO 22-159 (IP=80,NL) | updated by TLM Block expiration extended with reason HIVE Case #7745 CTO 22-160 (IP=80,NL) HIVE Case #7745 CTO 22-160 (IP=80,NL)
103.145.13.80	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:57	HIVE Case #7739 CTO 22-159 (IP=80,NL) | updated by TLM Block expiration extended with reason HIVE Case #7745 CTO 22-160 (IP=80,NL) HIVE Case #7745 CTO 22-160 (IP=80,NL)
103.145.13.91	24	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:16	SIPVicious Security Scanner - IPS Event (IP=91,NL)
103.145.14.22	24	AR	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=22,ID)
103.145.61.128	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:50	HIVE Case #7458 CTO 22-113 (IP=128,HK)
103.146.112.65	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=65,AU) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=65,AU)
103.146.202.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,ID)
103.146.232.5	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=5,IN)
103.147.12.210	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:31	HIVE Case #7769 CTO 22-165 (IP=210,CN)
103.147.169.2	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:18	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=2,BD)
103.147.225.26	24	WR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	MALWARE-CNC Win.Backdoor.Chopper web shell connection (1:37245:4) - Sourcefire (IP=26,HK)
103.148.20.0	23	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
103.148.232.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malware Activity
103.149.34.64	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malware Activity
103.15.105.29	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=29,MY)
103.15.28.176	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=176,HK)
103.15.28.55	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=55,HK)
103.15.60.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
103.150.187.124	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=124,IN)
103.151.228.119	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=119,KR)
103.152.119.79	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks(IP=79,ID)
103.152.248.193	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
103.152.255.82	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=82,PK)
103.153.157.111	24	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:23	SQL injection - Web Attacks (IP=111,DE)
103.153.157.116	24	TH	None	2022-07-07 00:00:00	2022-10-15 00:00:00	2022-07-17 13:55:39	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=116,DE) | updated by ZH Block expiration extended with reason SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - SourceFire (IP=116, DE) | updated by ZH Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=116,DE)
103.154.234.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1081 Hive Case 4872 Malware Activity
103.154.78.243	24	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:44	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=243,ID)
103.155.84.0	24	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,IN)
103.155.92.32	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:32	HIVE Case #7813 CTO 22-173 (IP=32,MY)
103.155.93.93	24	ZH	None	2021-06-15 00:00:00	2022-06-14 00:00:00	None	X97M/Downloader.hf Trojan - Case 5594, MAID 17378 (IP=93,MY)
103.156.126.0	24	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,BD)
103.156.242.41	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:08	HIVE Case #7807 CTO 22-169 (IP=41,TW)
103.156.25.24	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:04	HIVE Case #7894 CTO 22-187 (IP=24,CN)
103.157.224.0	24	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=0,IN)
103.157.36.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.157.97.0	24	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,ID)
103.158.105.61	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:28	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=61,IN)
103.158.171.22	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:54	SQL injection - Web Attacks (IP=22,IN)
103.159.132.70	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:52	HIVE Case #7546 CTO 22-127 (IP=70,MY)
103.160.144.173	24	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=173,IN)
103.160.174.20	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:51	SQL injection - Web Attacks (IP=20,IN)
103.160.192.8	24	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:31	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=8, IO)
103.161.17.228	24	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution attempt (1:41696:2) - SourceFire Report (IP=228,VN)
103.161.172.108	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=108,VN)
103.162.31.143	24	KH	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=143,VN)
103.162.72.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
103.163.187.101	24	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - FE IPS (IP=101,NL)
103.163.21.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,ID) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,ID)
103.163.214.6	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=6,VN)
103.163.248.29	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:48	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=29,US)
103.164.191.36	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:23	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=36,ID)
103.167.92.0	23	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=0,VN)
103.169.91.103	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:53	HIVE Case #7731 CTO 22-158 (IP=103,MY)
103.169.91.93	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:16	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=93,MY)
103.170.132.199	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:17	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=199,IN)
103.170.255.140	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:24	HIVE Case #8395 TO-S-2022-0233 (IP=140,VN)
103.172.188.18	24	ZH	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=18,BD)
103.172.204.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,ID)
103.177.44.17	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:05	HIVE Case #7894 CTO 22-187 (IP=17,HK)
103.178.236.75	24	RT	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-08 18:08:46	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire Report (IP=75,NL)
103.178.237.27	24	WR	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 13:58:39	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=27,NL)
103.179.188.93	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:18	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=93,VN)
103.18.109.170	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
103.18.138.3	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NZ TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
103.18.69.186	24	JP	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 13:55:25	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attacks (IP=186,IN)
103.18.78.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
103.181.56.125	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:58	Generic URI Injection wget Attempt - CMS IPS Events (IP=125,IN)
103.186.1.14	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=14,ID)
103.19.3.109	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:07	HIVE Case #7104 TO-S-2022-0138 (IP=109,JP)
103.19.3.21	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:09	HIVE Case #7104 TO-S-2022-0138 (IP=21,JP)
103.19.56.102	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:07	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01514 (IP=102,ID)
103.192.226.43	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:18	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=43,HK)
103.193.116.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
103.193.174.128	24	BB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=128,JP)
103.193.90.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.194.184.42	24	KH	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	MALWARE-CNC Win.Backdoor.Chopper web shell connection (1:37245:4) - Sourcefire (IP=42,HK)
103.195.100.2	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=2,US)
103.195.100.204	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=204,US)
103.195.100.89	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=89,US)
103.195.101.89	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=89,US)
103.195.101.98	31	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=98,US)
103.195.103.171	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=171,US)
103.195.103.18	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=18,US)
103.195.103.66	32	KH	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	TO-S-2022-1622/Pulse 192613-21/Malicious Activity - TT# 22C00140 (IP=66,US)
103.195.103.91	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=91,US)
103.195.26.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.196.211.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.196.234.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.197.134.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.198.240.250	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=250,CN)
103.199.116.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.199.16.131	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=131,VN)
103.199.16.30	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=30,VN)
103.199.17.124	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	VN TO-S-2017-1558 Malware | updated by TLM Block was inactive. Reactivated on 20211130 with reason HIVE Case #6595 CTO 21-327 (IP=124,VN) HIVE Case #6595 CTO 21-327 (IP=124,VN)
103.199.17.124	32	jky	None	2017-09-28 05:00:00	2022-05-30 00:00:00	None	VN TO-S-2017-1558 Malware | updated by TLM Block was inactive. Reactivated on 20211130 with reason HIVE Case #6595 CTO 21-327 (IP=124,VN) HIVE Case #6595 CTO 21-327 (IP=124,VN)
103.199.98.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.2.197.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
103.20.127.58	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=58,IN)
103.20.235.42	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:55	HIVE Case #7731 CTO 22-158 (IP=42,SG)
103.200.97.150	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:52	HIVE Case #7546 CTO 22-127 (IP=150,JP)
103.204.166.138	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.204.70.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.205.133.58	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:48	F5 BIG-IP iControl CVE-2021-22986 Unauthenticated Remote Command Execution - IPS Events (IP=58,BO)
103.205.211.88	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:05	HIVE Case #7894 CTO 22-187 (IP=88,MY)
103.205.8.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
103.207.168.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.208.204.253	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.208.86.126	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:29	HIVE Case #7227 CTO 22-076 (IP=126,NZ)
103.208.86.139	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:30	HIVE Case #7227 CTO 22-076 (IP=139,NZ)
103.208.86.154	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:31	HIVE Case #7227 CTO 22-076 (IP=154,NZ)
103.208.86.158	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:31	HIVE Case #7227 CTO 22-076 (IP=158,NZ)
103.208.86.162	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:32	HIVE Case #7227 CTO 22-076 (IP=162,NZ)
103.209.131.66	32	BB	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00584 (IP=66,IR)
103.209.140.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.21.59.158	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:08	Hive Case # 7440 (IP=158,IN)
103.210.38.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.211.216.225	24	AS	None	2022-02-18 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7025 COLS-NA TIP 0055 (IP=225,IN)
103.211.216.29	32	AS	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-26 16:43:46	HIVE Case #8178 COLS-NA TIP 22-0289 (IP=29,IN)
103.212.225.132	32	WR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00886 (IP=132,AU)
103.212.99.138	24	JP	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:13	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=138, HK)
103.214.112.199	32	KD	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00269 (IP=199,ID)
103.214.113.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
103.214.232.45	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
103.214.4.45	32	AS	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-26 16:43:45	HIVE Case #8178 COLS-NA TIP 22-0289 (IP=45,NL)
103.216.154.185	24	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:50	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=185,CN)
103.216.216.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
103.216.221.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
103.216.51.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KH TO-S-2021-1050 Hive Case 4821 Malware Activity
103.217.217.2	24	RR	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=2,ID)
103.217.217.2	24	RR	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=2,ID)
103.218.3.168	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-27 13:46:37	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=168,CN)
103.218.3.190	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=190,HK)
103.218.3.190	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=190,HK)
103.218.3.190	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=190,HK)
103.219.212.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.22.142.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
103.22.183.131	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:19	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=131,TH)
103.220.24.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.220.73.74	24	RR	None	2022-06-19 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:46	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Source Fire (IP=74,HK) | updated by RR Block expiration extended with reason POLICY-OTHER CA ARCserve Axis2 default credential login attempt - SourceFire (IP=74,HK)
103.221.254.102	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:36	HIVE Case #7258 CTO 22-082 (IP=102,BD)
103.224.182.222	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=222,AU) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=222,AU)
103.224.182.235	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=235,AU) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=235,AU)
103.224.182.239	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=239,AU)
103.224.182.241	32	tjh	None	2016-05-18 05:00:00	2022-06-14 00:00:00	2022-03-16 13:45:43	AU TO-S-2016-0635 | updated by srm Block was inactive. Reactivated on 20220316 with reason HIVE Case #NA FP Security (IP=241,AU)
103.224.182.243	32	srm	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:46:39	HIVE Case #NA FP Security (IP=243,AU)
103.224.212.220	24	JKC	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 20:45:27	Case # 8219 - Internal USACE Document with Redirect AU
103.224.212.222	32	srm	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HIVE Case #NA FP Security (IP=222,AU)
103.224.90.79	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
103.225.124.0	23	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,IN)
103.225.13.245	24	TH	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (1:8428:22) - SourceFire Report (IP=245,IN)
103.225.137.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
103.225.139.162	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PH TO-S-2021-1092 Hive Case 4875 Malware Activity
103.225.56.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
103.226.155.117	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:24	HIVE Case #7881 CTO 22-182 (IP=117,HK)
103.226.155.118	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:25	HIVE Case #7881 CTO 22-182 (IP=118,HK)
103.226.155.119	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:25	HIVE Case #7881 CTO 22-182 (IP=119,HK)
103.226.174.91	24	RR	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=91,ID)
103.227.176.20	32	srm	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=20,SG)
103.227.68.35	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=35,IN)
103.227.68.35	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=35,IN)
103.227.68.35	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=35,IN)
103.227.68.35	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=35,IN)
103.227.68.35	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=35,IN)
103.228.110.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
103.228.23.92	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:59	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6Hr Web Attacks (IP=24,VN)
103.229.66.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
103.23.119.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.23.31.136	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.230.15.41	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=41,JP)
103.230.154.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.230.48.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
103.231.172.226	24	SW	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=226,HK)
103.231.173.18	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: SQL Injection Attempt Detected - WebAttacks (IP=18, US)
103.232.137.55	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=55,TW)
103.232.154.62	24	SW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	SQL injection - WebAttacks (IP=62, NP)
103.232.239.169	24	DT	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-02 14:08:05	SQL injection - Web Attacks (IP=169,IN)
103.232.53.230	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=230,VN)
103.232.53.230	24	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:55	HIVE Case #7532 IOC_SOLARDEFLECTION C2 (IP=230,VN)
103.233.103.16	24	AR	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=16,ID)
103.233.192.204	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=204,TH)
103.234.24.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.234.254.230	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.234.72.215	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=215,HK)
103.234.72.215	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=215,HK)
103.234.72.215	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=215,HK)
103.235.35.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.236.135.74	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:58	HIVE Case #7874 CTO 22-181 (IP=74,PK)
103.236.150.31	24	EE	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:50	HIVE Case #7697 IOC_CVE-2022-30190_Follina_Zero-Day (IP=31,ID)
103.236.201.88	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=88,ID)
103.236.240.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.236.247.117	32	RT	None	2021-10-09 00:00:00	2022-01-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00105
103.237.103.0	24	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,MO)
103.237.174.234	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.237.37.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,BD) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,BD) HIVE Case #5968 TO-S-2021-1276 (IP=0,BD)
103.237.37.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,BD) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,BD) HIVE Case #5968 TO-S-2021-1276 (IP=0,BD)
103.237.38.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,BD)
103.238.106.194	24	SW	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SQL injection - WebAttacks (IP=194, IN)
103.238.225.37	24	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:33	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=37,HK)
103.238.228.105	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:20	HIVE Case #6585 CTO 21-323 (IP=105,IN) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=105,IN)
103.238.230.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
103.239.52.104	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KH TO-S-2021-1050 Hive Case 4821 Malware Activity
103.239.6.30	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:18	HIVE Case #6585 CTO 21-323 (IP=30,BD) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=30,BD)
103.24.107.230	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.24.20.30	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=30,IN)
103.240.108.0	22	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,ID)
103.240.32.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.240.79.140	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:14	SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (1:59735:1) - SourceFire Report (IP=140,IN)
103.240.90.0	23	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
103.242.133.48	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=48,CN)
103.242.51.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AF TO-S-2021-1037 Hive Case 4785 Malware Activity
103.243.25.114	24	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=114,HK)
103.243.26.225	24	EE	None	2022-02-22 00:00:00	2022-05-23 00:00:00	2022-02-25 23:37:19	HIVE Case #7087 IOC_ Vul MS-SQL Servers - Cobalt Strike (IP=225,HK)
103.243.82.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.244.124.98	24	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:13	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01210 (IP=98,IN)
103.244.90.38	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:53	HIVE Case #7104 TO-S-2022-0138 (IP=38,HK)
103.245.108.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.245.32.59	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.246.224.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.246.227.129	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.246.246.178	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=178,HK)
103.248.174.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.249.237.123	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.25.72.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
103.250.68.194	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.251.208.121	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.251.214.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.251.225.12	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.251.251.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.251.94.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,IN)
103.252.219.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.253.145.218	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:05	SQL injection- Web Attacks (IP=218,SG)
103.253.146.202	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:13	SQL injection - 6HR Web Attacks (IP=202,SG)
103.253.147.217	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:05	SQL injection - Web Attacks (IP=217,SG)
103.253.68.0	23	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=0,ID)
103.254.155.182	32	KH	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	PDF.LIVE.DTI.URL - Case 6770 (IP=182,CN)
103.254.169.154	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.254.223.2	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:16	Phish.LIVE.DTI.URL - FE CMS (IP=2,CN)
103.254.73.124	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=124,KR)
103.254.73.124	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=124,KR)
103.254.73.124	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=124,KR)
103.254.94.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.255.121.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.255.178.99	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:30	HIVE Case #7495 CTO 22-120 (IP=99,HK)
103.255.234.60	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.27.125.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
103.27.140.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
103.27.186.185	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=185,JP)
103.27.62.46	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:42	HIVE Case #7769 CTO 22-165 (IP=46,VN)
103.28.44.0	24	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
103.28.52.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
103.29.215.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,ID)
103.29.69.155	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:27	HIVE Case #7653 CTO 22-144 (IP=155,JP)
103.29.70.27	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:19	HIVE Case #7495 CTO 22-120 (IP=27,JP)
103.3.173.49	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SG TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
103.3.2.118	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=118,JP)
103.3.63.174	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=174,SG)
103.3.76.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
103.30.145.0	24	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=0,ID)
103.30.17.97	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=97,US)
103.31.52.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.35.151.162	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=162,HK)
103.35.151.220	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=220,HK)
103.35.168.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.36.100.248	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=248,BD)
103.36.248.47	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=47,AU)
103.36.249.70	24	KD	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=70,AU)
103.36.79.3	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:06	HIVE Case #7133 CTO 22-062 (IP=3,IN)
103.38.10.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
103.39.232.0	22	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6198 TO-S-2021-1556 (IP=0,CN)
103.4.64.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,BD)
103.4.67.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BD TO-S-2021-1092 Hive Case 4875 Malware Activity
103.40.163.32	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=32,HK)
103.40.196.86	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:57	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=86,IN)
103.40.197.68	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:54	SIPVicious Security Scanner - IPS Events (IP=68,IN)
103.40.201.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.41.204.169	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:26	HIVE Case #7535 TO-S-2022-0176 (IP=169,ID)
103.41.204.6	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:07	HTTP: ThinkPHP CMS Getshell Vulnerability - IR # 22C01192 (IP=6,ID)
103.41.24.200	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:41	Generic URI Injection wget Attempt - FE IPS Events (IP=200,IN)
103.41.24.200	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:17	Generic URI Injection wget Attempt - FE IPS Events (IP=200,IN)
103.41.27.241	32	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 22C00040 (IP=241,US)
103.41.36.191	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:40	Generic URI Injection wget Attempt - FE CMS IPS alert (IP=191,IN)
103.41.36.191	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:31	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=191,IN)
103.42.196.232	24	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=232,IN)
103.42.196.67	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:39	HIVE Case #7704 TO-S-2022-0190 (IP=67,IN)
103.42.196.68	24	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:06	SQL injection - WebAttacks (IP=68,IN)
103.42.252.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
103.42.57.17	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:26	HIVE Case #7535 TO-S-2022-0176 (IP=17,VN)
103.42.57.7	24	RR	None	2021-11-15 00:00:00	2022-02-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - ET Scans (IP=7,VN)
103.43.131.250	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.43.17.119	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:50	HIVE Case #7104 TO-S-2022-0138 (IP=119,CN)
103.43.17.70	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:50	HIVE Case #7104 TO-S-2022-0138 (IP=70,CN)
103.43.18.15	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:10	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=15,CN)
103.43.7.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.44.20.92	32	DT	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=92,HK)
103.45.115.198	24	RW	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=198,CN)
103.45.138.210	24	RR	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - SourceFire (IP=210,CN)
103.45.150.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,CN)
103.45.156.201	32	ZH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:33	HTTP: ThinkPHP CMS Getshell Vulnerability IR#: 22C01464 (IP=201,CN)
103.45.178.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.45.248.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.47.175.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.47.60.33	24	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=33,ID)
103.47.60.33	24	BB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,ID)
103.48.68.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
103.49.230.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
103.49.52.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
103.49.57.116	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.49.80.1	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=1,GB)
103.5.112.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.5.50.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,ID)
103.50.215.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.51.140.18	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=18,TW)
103.51.145.143	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:20	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=143,HK)
103.51.147.227	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:09	HIVE Case #7705 CTO 22-153 (IP=227,HK)
103.51.2.37	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:29	HIVE Case #7458 CTO 22-113 (IP=37,BD)
103.51.3.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.53.110.94	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.53.197.64	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=64,SG)
103.53.43.60	32	TLM	None	2022-09-01 00:00:00	2022-12-01 00:00:00	2022-09-02 21:05:01	HIVE Case #8225 COLS-NA-TIP 22-0305 (IP=60,IN)
103.55.105.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.56.149.127	32	ZH	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 22:30:41	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) IR# 22C01687 (IP=12,IN)
103.56.19.157	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:30	HIVE Case #7495 CTO 22-120 (IP=157,CN)
103.56.19.76	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:06	HIVE Case #7894 CTO 22-187 (IP=76,CN)
103.56.53.120	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:10	HIVE Case #7282 CTO 22-085 (IP=120,HK)
103.56.55.55	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=55,JP)
103.57.120.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.57.195.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.57.230.35	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=35,HK)
103.58.153.63	24	NAB	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 14:50:38	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=63,IN)
103.61.101.195	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:37:01	HIVE Case #7449 CTO 22-112 (IP=195,IN)
103.61.139.71	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:38	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=71,TW)
103.61.39.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
103.63.108.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
103.64.13.51	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:10	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=51,MY)
103.65.194.98	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=98,IN)
103.66.208.219	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:51	SIPVicious Security Scanner - FE IPS Events (IP=219,IN)
103.66.4.61	24	JY	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 22:44:41	SQL injection - 6 hour web attacks (IP=61,IN)
103.66.48.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
103.68.11.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
103.68.112.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.69.216.250	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=250,IN)
103.69.217.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.69.219.99	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.7.128.190	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:54	HIVE Case #7104 TO-S-2022-0138 (IP=190,IN)
103.7.32.58	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=58,KR)
103.70.201.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.70.28.0	22	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:27	HIVE Case #7535 TO-S-2022-0176 (IP=0,VN)
103.70.39.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.72.144.202	24	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=202,HK)
103.72.146.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,HK)
103.72.163.0	24	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,MY)
103.73.163.133	24	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:48	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=133,HK)
103.73.188.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.74.120.0	23	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	VN TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
103.74.120.123	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:06	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01811 (IP=123,VN)
103.75.190.50	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:53	HIVE Case #7546 CTO 22-127 (IP=50,MY)
103.75.201.2	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:14	HIVE Case #7535 TO-S-2022-0176 (IP=2,TH)
103.75.32.3	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:30	HIVE Case #6585 CTO 21-323 (IP=3,IN) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=3,IN) HIVE Case #7904 CTO 22-189 (IP=3,IN)
103.75.32.3	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:30	HIVE Case #6585 CTO 21-323 (IP=3,IN) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=3,IN) HIVE Case #7904 CTO 22-189 (IP=3,IN)
103.75.40.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
103.76.200.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
103.76.80.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
103.77.162.4	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=4,VN)
103.78.121.142	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:24	Infection Match (blocked)- FIREEYE Web(IP=142,IN)
103.78.161.25	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.78.216.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
103.78.242.62	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:39	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=62,MY)
103.78.54.14	32	TH	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:30:40	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C1606 (IP=14,BD)
103.79.120.66	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:16	HIVE Case #7282 CTO 22-085 (IP=66,CN)
103.79.120.70	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=70,CN)
103.79.76.88	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:34	HIVE Case #8395 TO-S-2022-0233 (IP=88,US)
103.79.77.178	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:33	HIVE Case #8395 TO-S-2022-0233 (IP=178,US)
103.8.112.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PK TO-S-2021-1037 Hive Case 4785 Malware Activity
103.8.25.88	32	TLM	None	2022-05-23 00:00:00	2022-11-22 00:00:00	2022-05-25 17:49:18	HIVE Case #7645 COLS-NA-TIP 22-0178 (IP=88,MY)
103.8.26.102	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=102,MY)
103.8.26.103	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=103,MY)
103.80.117.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.80.134.159	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=159,KR)
103.80.31.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.81.116.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
103.81.157.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.81.215.29	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.81.236.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
103.82.147.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.82.242.75	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.83.179.195	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 22:36:49	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability- Web Attacks(IP=195,SG)
103.83.198.57	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:13	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01410 (IP=57,ID)
103.83.20.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PK TO-S-2021-1050 Hive Case 4821 Malware Activity
103.83.36.0	22	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,US)
103.84.37.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.84.5.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
103.85.110.13	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=13,MY)
103.85.110.13	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=13,MY)
103.85.150.146	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.85.220.146	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
103.85.24.121	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:40	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=121,CN)
103.85.24.70	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=70,CN)
103.86.152.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
103.86.37.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PK TO-S-2021-1037 Hive Case 4785 Malware Activity
103.87.165.79	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.87.245.25	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.87.48.54	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=54,IN)
103.89.254.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.9.134.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.9.157.36	24	AR	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6 Hr Web Attacks (IP=36,VN)
103.9.188.78	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=78,KH)
103.9.191.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KH TO-S-2021-1037 Hive Case 4785 Malware Activity
103.9.79.216	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:33	HIVE Case #7769 CTO 22-165 (IP=216,VN)
103.9.79.232	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:33	HIVE Case #7769 CTO 22-165 (IP=232,VN)
103.90.156.246	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.91.228.10	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=10,BD)
103.91.231.10	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=10,BD)
103.91.54.184	24	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 13:50:05	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=184,BD)
103.91.64.134	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:54	HIVE Case #7546 CTO 22-127 (IP=134,MY)
103.91.82.35	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.92.154.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.92.206.34	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
103.92.25.43	32	SW	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) IR#22C00936(IP=43,VN)
103.93.176.84	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.93.194.138	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=138,IN)
103.93.79.140	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=140,JP)
103.94.17.172	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.94.59.187	24	BMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=187,IN)
103.94.64.127	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.95.14.0	24	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,IN)
103.95.220.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
103.95.97.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
103.96.104.182	32	TH	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 14:04:42	HTTP: Apache HTTP Server mod_proxy Denial of Service - IR# 22C01894 (IP=182,BD)
103.96.104.94	24	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=94,BD)
103.96.106.134	24	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:47	SQL injection - WebAttacks (IP=134,BD)
103.96.107.93	24	SW	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-09-01 13:52:41	SQL injection - WebAttacks (IP=93,BD)
103.96.129.138	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:40	HIVE Case #7198 CTO 22-071 (IP=138,HK)
103.96.14.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
103.97.179.137	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:10	HIVE Case #7881 CTO 22-182 (IP=137,HK)
103.97.60.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
103.99.176.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
104.104.111.127	32	RT	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt - Sourcefire Report (IP=127,US)
104.107.202.166	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=166,US)
104.109.235.54	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=54,GB)
104.117.244.27	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:06	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=27,US)
104.118.230.17	32	KD	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data - SourceFire (IP=17,US)
104.123.154.208	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:49	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) SourceFire (IP=208,US)
104.128.228.49	32	TLM	None	2021-08-30 00:00:00	2022-11-10 00:00:00	2022-05-11 15:10:00	HIVE Case #6085 TO-S-2021-1500 (IP=49,US) | updated by TLM Block was inactive. Reactivated on 20220511 with reason HIVE Case #7563 CTO 22-131 (IP=49,US)
104.128.74.186	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=186,US)
104.129.29.198	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:47	SIPVicious Security Scanner - IPS Events (IP=198,US)
104.129.29.6	32	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:00	SIPVicious Security Scanner - FE CMS IPS Events (IP=6,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=6,US) SIPVicious Security Scanner - FE IPS (IP=6,US)
104.129.29.6	32	TH	None	2022-06-07 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:00	SIPVicious Security Scanner - FE CMS IPS Events (IP=6,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=6,US) SIPVicious Security Scanner - FE IPS (IP=6,US)
104.129.48.106	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:12	SIPVicious Security Scanner - IPS Events (IP=106,US)
104.129.48.250	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:13	SIPVicious Security Scanner - IPS Events (IP=250,US)
104.129.5.168	32	KH	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 22:48:02	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire (IP=168,US)
104.131.0.25	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:19	SQL injection - Web Attacks (IP=25,US)
104.131.10.240	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:06	SQL injection - Web Attacks (IP=240,US)
104.131.100.24	32	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:15	SQL injection - Web Attacks (IP=24,US)
104.131.101.50	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:34	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=50,US)
104.131.101.81	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:38	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - SourceFire (IP=81,US)
104.131.102.53	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:28	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=53,US)
104.131.103.74	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:55	Possible Cross-site Scripting Attack - FE IPS Events (IP=74,US)
104.131.104.14	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:37	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=14,US)
104.131.105.182	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:11	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=182,US)
104.131.105.75	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:45	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=75,US)
104.131.105.83	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:25	SERVER-WEBAPP F5 iControl REST interface ssrf attempt - SourceFire (IP=83,US)
104.131.108.248	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:11	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=248,US)
104.131.109.106	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-31 14:41:59	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=106,US)
104.131.11.137	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:53:47	SQL injection - WebAttacks (IP=137,US)
104.131.110.24	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:52	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=24,US)
104.131.111.111	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:08	SQL injection - 6 Hr Web Report (IP=111,US)
104.131.111.57	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:41	SERVER-OTHER Apache Log4j logging remote code execution attempt - Source Fire (IP=57,US)
104.131.116.12	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:07	SQL injection - Web Attacks (IP=12,US)
104.131.117.113	32	RT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:57	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=113,US)
104.131.118.111	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:00	SERVER-WEBAPP Grafana getPluginAssets path traversal attempt (1:58721:1) - SourceFire (IP=111,US)
104.131.118.137	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:57	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=137,US)
104.131.12.135	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:59	SQL injection - 6Hr Web Attacks (IP=135,US)
104.131.12.158	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:06	SERVER-WEBAPP Cisco ASA directory traversal attempt - SourceFire (IP=158,US)
104.131.123.29	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:44:03	SQL injection - Web Attacks (IP=29,US)
104.131.125.193	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:26	SQL injection - 6 Hr Web Report (IP=193,US)
104.131.127.176	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:44:03	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=176,US)
104.131.15.115	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:10	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt - SourceFire (IP=115,US)
104.131.15.184	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:53	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=184, US)
104.131.16.39	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:11	SQL injection - Web Attacks (IP=39,US)
104.131.163.122	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=122, US)
104.131.163.130	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=130, US)
104.131.163.133	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=133, US)
104.131.163.135	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=135, US)
104.131.163.161	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=161, US)
104.131.163.166	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=166, US)
104.131.163.179	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=179, US)
104.131.163.190	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=190, US)
104.131.163.194	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=194, US)
104.131.163.202	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=202, US)
104.131.163.216	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=216, US)
104.131.163.58	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=58, US)
104.131.163.68	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=68, US)
104.131.163.74	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=74, US)
104.131.163.76	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=76, US)
104.131.163.84	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=84, US)
104.131.163.91	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=91, US)
104.131.163.99	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=99, US)
104.131.164.13	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=13, US)
104.131.164.17	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=17, US)
104.131.164.29	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=29, US)
104.131.164.59	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=59, US)
104.131.164.61	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=61, US)
104.131.164.83	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=83, US)
104.131.17.237	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:53:47	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (1:58069:1) - SourceFire (IP=237, US)
104.131.176.242	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:42	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Source Fire (IP=242,US)
104.131.177.26	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:53	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=26,US)
104.131.18.169	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:03	SQL injection- 6hr Web Attacks (IP=169,US)
104.131.180.137	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:53	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=137,US)
104.131.19.90	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:41	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=90,US)
104.131.2.21	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:05	HTTP SQL Injection Attempt - Web Attacks (IP=21,US)
104.131.20.225	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:44	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - Sourcefire (IP=225,US)
104.131.21.160	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:17	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=160,US)
104.131.23.247	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:24	SQL injection - 6 Hr Web Report (IP=247,US)
104.131.23.49	32	AR	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:19	SQL injection - 6 Hr Web Report (IP=49,US)
104.131.23.59	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:52	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=59,US)
104.131.23.71	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:36	SQL injection - Web Attacks (IP=71,US)
104.131.24.32	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:47:56	SQL injection - Web Attacks (IP=32,US)
104.131.28.114	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:42	HTTP: Apache mod_cgi Bash Environment Variable Code Injection- 6hr Web Attacks (IP=114,US)
104.131.28.166	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:05	SQL use of concat function with select - likely SQL injection - SourceFire (IP=166,US)
104.131.28.194	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:45	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire (IP=194,US)
104.131.29.215	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:48	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire (IP=215, US)
104.131.30.28	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:42	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=28,US)
104.131.31.132	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:34	SQL injection - Web Attacks (IP=132,US)
104.131.31.43	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:40	SERVER-WEBAPP Unraid Operating System PHP code injection attempt - SourceFire (IP=43,US)
104.131.31.6	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:08	POLICY-OTHER CA ARCserve Axis2 default credential login attempt - SourceFire (IP=6,US)
104.131.32.226	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:10	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=226,US)
104.131.33.39	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:03	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=.39,US)
104.131.33.85	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:08	SIPVicious Security Scanner - IPS Events (IP=85,US)
104.131.37.156	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:22	SQL injection - 6hr Web Attacks (IP=156,US)
104.131.38.44	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:37	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=44,US)
104.131.39.7	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:00	SQL injection - Web Attacks (IP=7,US)
104.131.39.75	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:44	SQL injection - 6hr Web Attacks (IP=75,US)
104.131.40.125	32	TH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-10 13:46:12	SQL injection - 6 Hr Web Report (IP=125,US)
104.131.43.220	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:55	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=220,US)
104.131.47.14	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:50	SQL injection Web Attacks (IP=14,US)
104.131.48.171	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:50	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=171,US)
104.131.48.18	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:17	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=18,US)
104.131.48.22	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:18	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=22,US)
104.131.48.239	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:32	SQL injection - 6Hr Web Attacks (IP=239,US)
104.131.48.65	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:17	SQL injection - Web Attacks (IP=65,US)
104.131.48.90	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:19	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=90,US)
104.131.49.115	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:33	SQL injection - 6Hr Web Attacks (IP=115,US)
104.131.49.73	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:15	HTTP: Firefuzzer SQL Injection Scanning II - 6Hr Web Attacks(IP=73,US)
104.131.50.78	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:46	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - Sourcefire (IP=78,US)
104.131.51.74	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:11	SQL injection - Web Attacks (IP=74,US)
104.131.51.96	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:33	SQL injection - 6Hr Web Attacks (IP=96,US)
104.131.52.15	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:51	SQL injection Web Attacks (IP=15,US)
104.131.52.85	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:55	SQL injection - Web Attacks (IP=42,US)
104.131.52.86	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:30	SQL injection - Web Attacks (IP=86,US)
104.131.52.88	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:21	HTTP SQL Injection Attempt - Web Attacks (IP=88,US)
104.131.53.212	32	AR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-26 15:25:09	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=212,US)
104.131.53.240	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:16	SQL injection - 6Hr Web Attacks (IP=240,US)
104.131.53.33	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:36	SQL injection - Web Attacks (IP=33,US)
104.131.54.133	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:52	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=133,US)
104.131.54.177	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:16	SQL injection - 6Hr Web Attacks (IP=177,US)
104.131.54.235	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:17	SQL injection - 6Hr Web Attacks (IP=235,US)
104.131.55.163	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:10	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51466:1) - Sourcefire Rpt (IP=163,US)
104.131.56.144	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:38	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=144,US)
104.131.56.199	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:42	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=199,US)
104.131.56.46	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:32	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58734:4) - SourceFire (IP=46,US)
104.131.57.91	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:09	SQL injection - WebAttacks (IP=91,US)
104.131.59.233	32	TH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-15 13:49:52	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire Report (IP=233,US)
104.131.61.126	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:45	SQL injection - WebAttacks (IP=126,US)
104.131.62.48	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:28	HIVE Case #7535 TO-S-2022-0176 (IP=48,US)
104.131.64.192	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:37	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=192,US)
104.131.65.118	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:39	SQL injection - 6Hr Web Attacks (IP=118,US)
104.131.66.129	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:49	SQL injection - 6 HR WebAttack (IP=129,US)
104.131.66.158	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:53	rConfig SQL Injection Vulnerability - Web Attacks (IP=158,US)
104.131.67.128	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:47:57	SQL injection - Web Attacks (IP=128,US)
104.131.67.223	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:46	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Sourcefire (IP=223,US)
104.131.68.234	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:47:58	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=234,US)
104.131.68.242	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:22	SQL injection - Web Attacks (IP=242,US)
104.131.71.117	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:49	SERVER-OTHER PHP webshell upload attempt - SourceFire (IP=117,US)
104.131.71.134	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:47:58	SQL injection - Web Attacks (IP=134,US)
104.131.75.252	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:19	SQL injection - 6hr web attacks (IP=252,US)
104.131.77.194	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:46	SQL injection - WebAttacks (IP=194,US)
104.131.77.199	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:27	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=199,US)
104.131.79.244	32	NAB	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:53	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=244,US)
104.131.80.17	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:54	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=17,US)
104.131.83.83	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:56	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=83,US)
104.131.84.218	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:38:41	POLICY-OTHER PHP uri tag injection attempt - SourceFire Report (IP=218,US)
104.131.84.91	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:49	SERVER-OTHER PHP webshell upload attempt (1:49457:2) - SourceFire (IP=91, US)
104.131.85.29	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:19	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=29,US)
104.131.85.4	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:20	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=4,US)
104.131.86.118	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:21	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=118,US)
104.131.86.167	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:46	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=167,US)
104.131.87.224	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:21	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=224,US)
104.131.89.232	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:17	SQL injection - Web Attacks (IP=232,US)
104.131.89.58	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:22	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=58,US)
104.131.89.65	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:11	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=65,US)
104.131.9.248	32	RR	None	2018-01-25 06:00:00	2022-09-21 00:00:00	2022-06-23 22:22:00	ET SCAN Potential SSH Scan (IP=248,US) | updated by ABC with reason Command Injection Attempt (IP=248,US) | updated by RS Block was inactive. Reactivated on 20220623 with reason SQL injection - 6Hr Web Attacks (IP=248,US)
104.131.9.26	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:15	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=26,US)
104.131.90.127	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:36	SQL injection - 6hr Web Attacks (IP=127,US)
104.131.90.68	32	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:27	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=68,US)
104.131.92.168	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:38	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:50015:1) - SourceFire (IP=168,US)
104.131.93.131	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:14	SQL injection - 6 Hr Web Report (IP=131,US)
104.131.93.241	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:35	SQL injection - 6 Hr Web Report (IP=241,US)
104.131.93.29	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:43	POLICY-OTHER PHP uri tag injection attempt - Source Fire (IP=29,US)
104.131.94.212	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:24	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=212,US)
104.131.95.44	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:45	SQL injection - 6hr Web Attacks (IP=44,US)
104.131.97.245	32	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:16	HTTP: SQL Injection - Exploit - WebAttacks (IP=245,US)
104.131.98.55	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:51	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - SourceFire (IP=55,US)
104.140.114.110	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
104.140.114.113	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
104.140.188.18	32	EE	None	2021-03-10 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:31	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=18,US) | updated by AR Block was inactive. Reactivated on 20210609 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42 | updated by TLM Block was inactive. Reactivated on 20220413 with reason HIVE Case #7387 CTO 22-103(IP=18,US)
104.140.188.46	32	EE	None	2021-03-03 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:32	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=46,US) | updated by RT Block was inactive. Reactivated on 20210604 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou | updated by TLM Block was inactive. Reactivated on 20220413 with reason HIVE Case #7387 CTO 22-103(IP=46,US)
104.143.43.76	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=76,JP)
104.143.92.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,US)
104.148.41.201	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	country TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
104.149.133.98	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:00	SIPVicious Security Scanner - FE CMS IPS Events (IP=98,US)
104.149.137.190	32	KH	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:27	SIPVicious Security Scanner - FE CMS (IP=190,US)
104.149.138.146	32	KH	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:27	SIPVicious Security Scanner - FE CMS (IP=146,US)
104.149.142.206	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:55	SIPVicious Security Scanner - IPS Events(IP=206,US)
104.149.145.226	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:56	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=226,US)
104.149.150.90	32	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:52	SIPVicious Security Scanner - FE CMS IPS Events (IP=90,US)
104.149.159.66	32	KH	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:26	SIPVicious Security Scanner - FE CMS (IP=66,US)
104.149.163.234	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:01	SIPVicious Security Scanner - FE CMS IPS Events (IP=234,US)
104.149.170.183	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:38	HIVE Case #7813 CTO 22-173 (IP=183,US)
104.152.108.40	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=40,US)
104.152.109.198	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=198,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=198,US)
104.152.110.45	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
104.152.110.54	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=54,US)
104.152.110.64	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=64,US)
104.152.52.100	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:41	Masscan TCP Port Scanner - FE IPS Events (IP=100,US)
104.152.52.100	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:17	Masscan TCP Port Scanner - FE IPS Events (IP=100,US)
104.152.52.101	32	TH	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=101,US)
104.152.52.116	32	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=116,US)
104.152.52.119	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:07	Masscan TCP Port Scanner - FE IPS (IP=119,US)
104.152.52.125	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:58	SIPVicious Security Scanner - IPS Events (IP=125,US)
104.152.52.143	32	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=143,US)
104.152.52.154	32	KH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=154,US)
104.152.52.156	32	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP= 156, US)
104.152.52.178	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:40	Masscan TCP Port Scanner - IPS Events(IP=178,US)
104.152.52.195	32	TH	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:19	Masscan TCP Port Scanner - FE CMS IPS Events (IP=195,US)
104.152.52.198	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:00	Masscan TCP Port Scanner - FE CMS IPS Events (IP=198,US)
104.152.52.222	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:08	Masscan TCP Port Scanner - FE IPS (IP=222,US)
104.153.233.177	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
104.155.149.103	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:49	HIVE Case #7779 CTO 22-162 (IP=103,US)
104.156.155.28	32	SW	None	2022-08-24 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:28	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=28, US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=28,US)
104.156.232.19	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:13	HIVE Case #7341 CTO 22-092 (IP=19,AU)
104.156.249.40	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=40,US)
104.156.48.210	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=210,US)
104.156.60.17	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=17,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=17,US)
104.156.62.231	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=231,US)
104.156.63.229	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:15	HIVE Case #7894 CTO 22-187 (IP=229,US)
104.16.18.94	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:06	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=94,US)
104.160.183.5	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:08	HIVE Case #7881 CTO 22-182 (IP=5,US)
104.161.21.112	32	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:37	SQL injection - WebAttacks (IP=112,US)
104.161.26.249	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=249,US)
104.161.32.111	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:19	HIVE Case #7696 CTO 22-152 (IP=111,US)
104.163.187.68	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=68,CA)
104.164.161.126	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:53	WordPress Contact Form 7 CVE-2020-35489 File Upload Vulnerability - FE IPS Events (IP=126,US)
104.166.112.99	24	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:50:00	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=99,CN)
104.168.134.199	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:27	HIVE Case #7115 CTO 22-060 (IP=199,US)
104.168.134.4	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:27	HIVE Case #7115 CTO 22-060 (IP=4,US)
104.168.134.63	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:23	HIVE Case #7227 CTO 22-076 (IP=63,US)
104.168.138.207	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=207,US)
104.168.14.206	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:06	HIVE Case #7894 CTO 22-187 (IP=206,US)
104.168.140.23	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:15	HIVE Case #8328 TO-S-2022-0230 (IP=23,US)
104.168.147.253	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=253,US)
104.168.152.229	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=229,US)
104.168.154.79	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:15	HIVE Case #7535 TO-S-2022-0176 (IP=79,US)
104.168.165.18	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=18,US)
104.168.165.212	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
104.168.165.78	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:20	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01681(IP=78,US)
104.168.173.135	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
104.168.174.80	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:47	HIVE Case #7898 CTO 22-188 (IP=80,US)
104.168.176.59	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:54	HIVE Case #7731 CTO 22-158 (IP=59,US)
104.168.211.111	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
104.168.211.171	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:50	HIVE Case #7676 CTO 22-147 (IP=171,US)
104.168.211.246	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:32	HIVE Case #8395 TO-S-2022-0233 (IP=246,US)
104.168.213.233	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
104.168.215.231	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:37	NullMixer Malware - IR# 23C02034 (IP=231,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=231,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=231,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=231,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=231,US)
104.168.218.225	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:01	HIVE Case #7669 TO-S-2022-0187 (IP=225,US)
104.168.236.57	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
104.168.236.99	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:02	HIVE Case #7669 TO-S-2022-0187 (IP=99,US)
104.168.246.62	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:21	HIVE Case #7432 CTO 22-110 (IP=62,US)
104.168.249.10	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-14 11:18:27	HIVE Case #8297 TO-S-2022-0229 (IP=10,US)
104.168.249.46	32	AS	None	2021-12-09 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:27	HIVE Case #6627 CTO 21-328 (IP=46,US) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=46,US)
104.168.249.49	32	TLM	None	2022-03-14 00:00:00	2022-12-21 00:00:00	2022-09-23 18:14:31	HIVE Case #7198 CTO 22-071 (IP=49,US) | updated by TLM Block was inactive. Reactivated on 20220922 with reason HIVE Case #8346 TO-S-2022-0231 (IP=49,US)
104.168.47.10	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=10,US)
104.168.49.29	32	NAB	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-28 13:41:35	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=29,US)
104.168.83.46	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=46,US)
104.168.96.106	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=106,US)
104.17.60.58	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:38	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=58,US)
104.17.71.206	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:40	HIVE Case #7327 COLS-NA TIP 22-0114 (IP=206,undefined)
104.18.10.207	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:08	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=207,US)
104.18.11.207	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:09	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=207,US)
104.18.146.7	32	TLM	None	2022-05-12 00:00:00	2022-11-11 00:00:00	2022-05-12 15:45:27	HIVE Case #7545 COLS-NA-TIP 22-0162 (IP=7,undefined)
104.18.225.41	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=41,undefined)
104.18.43.123	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:29	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01666 (IP=123,US)
104.18.7.145	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:47	Phish.LIVE.DTI.URL Case #7749 (IP=145,US)
104.19.191.28	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:39	HIVE Case #7813 CTO 22-173 (IP=28,undefined)
104.192.142.10	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=10,US)
104.192.142.11	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=11,US)
104.192.142.9	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=9,US)
104.192.3.126	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:21	APP-DETECT Oracle Java debug wire protocol remote debugging attempt (1:31302:5) - Sourcefire (IP=126,US)
104.192.6.141	32	RR	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 13:46:18	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=141,US)
104.192.6.151	32	TH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:43	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire Report (IP=151,US)
104.193.142.126	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
104.194.10.153	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=153,US)
104.194.10.181	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=181,US)
104.194.10.57	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=57,US)
104.194.11.148	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=148,US)
104.194.11.248	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=248,US)
104.194.11.7	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=7,US)
104.194.226.67	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
104.194.231.107	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=107,US)
104.194.242.241	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=241,US)
104.194.8.114	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=114,US)
104.194.8.13	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=13,US)
104.194.8.164	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=164,US)
104.194.9.101	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=101,US)
104.194.9.228	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=228,US)
104.196.177.93	32	NAB	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:50	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=93,US)
104.197.208.116	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:37	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=116,US)
104.199.102.109	24	WR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:45199:2) - Web Attacks (IP=109,BE)
104.199.230.114	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:06	HIVE Case #7705 CTO 22-153 (IP=114,TW)
104.199.34.185	24	NAB	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:06	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=185,BE)
104.200.20.186	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:10	SERVER-WEBAPP Atlassian Confluence information disclosure attempt - WebAttacks (IP=186,US)
104.200.67.117	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
104.201.19.26	32	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt- Sourcefire (IP=26,US)
104.207.130.78	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:26:07	HIVE Case #7150 CTO 22-064 (IP=78,DE)
104.207.135.87	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=87,US)
104.207.138.138	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 18:56:24	HIVE Case #8121 CTO 22-223 (IP=138,US)
104.208.101.160	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:07	HIVE Case #7282 CTO 22-085 (IP=160,HK)
104.208.71.112	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:28	HIVE Case #7653 CTO 22-144 (IP=112,HK)
104.208.73.55	24	KD	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	Yara Rule FE_Webshell_JSP_Generic_5 - Case # 6558 (IP=55,HK)
104.21.0.170	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6036 CTO 21-231 (IP=170,undefined)
104.21.12.9	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:22	HIVE Case #7199 CTO 22-074 (IP=9,undefined)
104.21.14.128	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6984 (IP=128,US)
104.21.20.51	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:54	HIVE Case #7381 CTO 22-102 v2 (IP=51,undefined)
104.21.21.241	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:36	HIVE Case #8395 TO-S-2022-0233 (IP=241,undefined)
104.21.234.230	32	TLM	None	2021-07-29 00:00:00	2022-01-29 00:00:00	None	HIVE Case #5885 TO-S-2021-1439 (IP=230,US)
104.21.38.210	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 19:15:22	HIVE Case #7897 TO-S-2022-0205 (IP=210,undefined)
104.21.45.207	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:13:02	HIVE Case #8259 TO-S-2022-0228 (IP=207,US)
104.21.45.65	32	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 17:05:48	HIVE Case #7873 CTO 22-180 (IP=65,US)
104.21.51.239	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:39	HIVE Case #7673 TO-S-2022-0189 (IP=239,undefined)
104.21.54.112	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=112,US)
104.21.59.24	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=24,US)
104.21.6.243	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=243,US)
104.21.65.22	24	EE	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	HIVE Case #6405 IOC_Sliver-TA551 (IP=22,undefined)
104.21.66.14	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:38	HIVE Case #7673 TO-S-2022-0189 (IP=14,undefined)
104.21.72.84	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=84,undefined)
104.21.83.57	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6037 CTO 21-226 (IP=57,undefined)
104.21.88.65	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=65,US)
104.21.9.190	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=190,US)
104.21.90.18	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=18,US)
104.21.91.115	24	EE	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	HIVE Case #6405 IOC_Sliver-TA551 (IP=115,undefined)
104.21.95.19	32	TLM	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-05 14:31:18	HIVE Case #7312 COLS-NA-TIP 22-0110 (IP=19,US)
104.210.49.104	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=104,US)
104.211.213.191	32	SW	None	2021-12-09 00:00:00	2022-03-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 22C00508(IP=191,US)
104.211.245.117	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:48	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=117, IN)
104.211.4.126	32	RW	None	2021-11-23 00:00:00	2022-02-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=126,US)
104.212.59.33	32	KH	None	2022-08-06 00:00:00	2022-11-04 00:00:00	2022-08-06 22:54:32	Phish.URL.Emotet - FE NX (IP=33,US)
104.215.154.205	24	GM	None	2021-03-11 00:00:00	2022-01-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=205,SG) | updated by AR Block was inactive. Reactivated on 20211014 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=205,SG)
104.216.86.202	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=202,US)
104.217.249.118	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=118,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=118,US)
104.217.253.134	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:59	HIVE Case #7104 TO-S-2022-0138 (IP=134,US)
104.218.165.75	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:37	HIVE Case #8395 TO-S-2022-0233 (IP=75,GB)
104.219.232.46	32	RR	None	2022-03-04 00:00:00	2022-06-03 00:00:00	2022-03-05 14:46:03	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=46,US) | updated by RR Block expiration extended with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=46,US)
104.219.233.120	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:21	HIVE Case #7928 CTO 22-194 (IP=120,US)
104.219.248.113	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
104.219.250.242	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
104.219.41.56	32	RR	None	2022-03-30 00:00:00	2022-10-29 00:00:00	2022-08-01 13:55:56	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=56,US) | updated by ZH Block expiration extended with reason ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt (1:21002462:3) - SourceFire (IP=56, US) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - Web Attacks (IP=56,US)
104.222.43.118	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:33	HIVE Case #7676 CTO 22-147 (IP=118,US)
104.222.43.119	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:34	HIVE Case #7676 CTO 22-147 (IP=119,US)
104.222.43.128	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:40	HIVE Case #7779 CTO 22-162 (IP=128,US)
104.222.43.160	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:46	HIVE Case #7662 CTO 22-145 (IP=160,US)
104.222.43.161	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:46	HIVE Case #7662 CTO 22-145 (IP=161,US)
104.222.43.179	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:06	HIVE Case #7696 CTO 22-152 (IP=179,US)
104.222.43.18	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=18,US)
104.222.43.192	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:06	HIVE Case #7668 CTO 22-146 (IP=192,US)
104.222.43.232	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:40	HIVE Case #7652 CTO 22-141 (IP=232,US)
104.222.43.71	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:40	HIVE Case #7779 CTO 22-162 (IP=71,US)
104.223.123.7	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=7,US)
104.223.15.176	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=176,US)
104.223.15.49	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=49,US)
104.223.15.65	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=65,US)
104.223.213.145	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=145,US)
104.223.34.198	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:01	HIVE Case #7881 CTO 22-182 (IP=198,NL)
104.223.34.198	24	EE	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:51	HIVE Case #7326 IOC_Fire Chili Rootkits (IP=198,NL)
104.223.54.254	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:44	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=254,US)
104.223.55.62	32	KH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:10	SIPVicious Security Scanner - FE CMS (IP=62,US)
104.223.56.130	32	KH	None	2022-03-24 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:01	SIPVicious Security Scanner - FE IPS (IP=130,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=130,US)
104.223.79.148	32	TLM	None	2021-10-15 00:00:00	2022-04-15 00:00:00	None	HIVE Case #6367 CTO 21-281 (IP=148,US)
104.223.93.108	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=108,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=108,US)
104.223.93.132	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:40	HIVE Case #7652 CTO 22-141 (IP=132,US)
104.223.98.244	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=244,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=244,US)
104.224.46.185	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=185,US)
104.226.231.193	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
104.227.248.242	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:07	HIVE Case #7381 CTO 22-102 v2 (IP=242,NL)
104.232.98.4	32	TLM	None	2021-10-15 00:00:00	2022-10-15 00:00:00	None	HIVE Case #6367 CTO 21-281 (IP=4,US)
104.233.162.100	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=100,US)
104.233.201.98	32	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 21:47:17	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01843 (IP=98,US)
104.236.150.159	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:43	CVE_2021_44228:LOG4J_RCE - Elastic (IP=159,US)
104.236.230.191	32	RT	None	2022-03-03 00:00:00	2022-06-02 00:00:00	2022-03-04 14:43:09	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - Sourcefire Report (IP=191,US) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=191,US)
104.236.81.125	32	ZH	None	2022-03-01 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:24	SIPVicious Security Scanner - IPS Events (IP=125,US) | updated by RS Block was inactive. Reactivated on 20220621 with reason SIPVicious Security Scanner - IPS Events (IP=125,US)
104.237.130.127	32	TH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 (IP=127,US)
104.237.131.176	32	BB	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=176,US)
104.237.144.219	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:55:57	Webshell.Binary.php.FEC2 - FE NX (IP=219,US)
104.237.145.168	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=168,US)
104.237.218.74	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=74,US)
104.237.9.95	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=95,US)
104.238.147.141	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:43	HIVE Case #7342 CTO 22-092 FRAGO (IP=141,US)
104.238.189.186	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=186,FR)
104.238.189.186	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=186,FR)
104.238.189.186	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=186,FR)
104.238.220.89	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=89,US)
104.238.221.213	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=213,US)
104.238.221.65	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=65,US)
104.238.61.85	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=85,US)
104.238.68.196	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
104.243.143.68	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=68,US)
104.243.35.115	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=115,US) | block entry has been change from 104.243.35.115/3 to 104.243.35.115/32
104.243.35.32	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=32,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
104.243.37.153	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=153,US)
104.243.37.219	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=219,US)
104.243.37.30	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=30,US)
104.243.37.7	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=7,US)
104.243.38.34	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=34,US)
104.243.40.193	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=193,US)
104.243.43.207	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=207,US)
104.243.44.69	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=69,US)
104.243.45.217	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=217,US)
104.244.154.114	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=114,US)
104.244.156.179	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=179,US)
104.244.72.115	32	kmw	None	2019-12-26 00:00:00	2022-06-13 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=115,LU) HIVE Case #6652 CTO 21-345 F1 (IP=115,LU)
104.244.72.115	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=115,LU) HIVE Case #6652 CTO 21-345 F1 (IP=115,LU)
104.244.72.115	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	US TO-S-2020-0206 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=115,LU) HIVE Case #6652 CTO 21-345 F1 (IP=115,LU)
104.244.73.46	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:36	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=46,LU)
104.244.74.181	24	AR	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 13:44:45	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=181,LU)
104.244.74.211	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=211,LU)
104.244.74.57	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=57,LU)
104.244.74.97	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=97,LU)
104.244.75.25	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	LU TO-S-2021-1102 Malware Activity
104.244.75.80	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:07	SQL Injection - 6hr Web Attacks (IP=80,LU)
104.244.76.13	24	srm	None	2022-02-16 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:30	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=13,LU) | updated by AR Block was inactive. Reactivated on 20220707 with reason SQL injection - Web Attacks (IP=13,LU) SQL injection - Web Attacks (IP=13,LU)
104.244.76.13	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:30	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=13,LU) | updated by AR Block was inactive. Reactivated on 20220707 with reason SQL injection - Web Attacks (IP=13,LU) SQL injection - Web Attacks (IP=13,LU)
104.244.76.170	32	RR	None	2021-03-09 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00578 (IP=170,US) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=170,LU) HIVE Case #6652 CTO 21-345 F1 (IP=170,LU)
104.244.76.170	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00578 (IP=170,US) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=170,LU) HIVE Case #6652 CTO 21-345 F1 (IP=170,LU)
104.244.76.54	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LU TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
104.244.77.199	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=199,LU)
104.244.78.194	24	KH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44245 (IP=194,LU)
104.244.79.6	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=6,LU)
104.244.79.9	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:19	HTTP: ThinkPHP CMS Getshell Vulnerability IR# 22C01648 (IP=9,LU)
104.247.73.113	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=113,US)
104.247.75.218	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
104.247.76.214	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=214,US)
104.247.81.190	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
104.247.81.54	24	WR	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:22	Malicious IPs - Case # 7232 (IP=54,CA)
104.247.82.52	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CA TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
104.247.82.73	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	CA TO-S-2021-1102 Malicious Email Activity
104.248.0.176	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:22	SQL injection - Web Attacks (IP=176,US)
104.248.1.149	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:18	SQL injection - 6Hr Web Attacks (IP=149,US)
104.248.1.189	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:14	SQL injection - 6 HR WebAttacks (IP=189,US)
104.248.10.107	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:49	SQL injection - 6 Hr Web Report (IP=107,US)
104.248.10.222	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:55	File /etc/passwd Access Attempt Detect - FE IPS Alerts (IP=222,US)
104.248.11.110	32	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:06	SQL injection - WebAttacks (IP=110,US)
104.248.112.164	32	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 13:54:42	SQL injection - WebAttacks (IP=164,US)
104.248.112.36	32	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:00	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - SourceFire (IP=36,US)
104.248.113.223	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:01	SQL injection - 6Hr Web Attacks (IP=223,US)
104.248.113.46	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:17	SQL injection - Web Attacks (IP=46,US)
104.248.116.62	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:15	SQL injection - 6 HR WebAttacks (IP=62,US)
104.248.123.143	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:05	SQL injection - WebAttacks (IP=143,US)
104.248.125.89	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 22:48:43	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - SourceFire (IP=89,US)
104.248.126.249	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:51	SQL injection - WebAttacks (IP=249,US)
104.248.127.143	32	TH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 13:54:39	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire Report (IP=143,US)
104.248.131.40	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:49	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=40,DE)
104.248.132.125	24	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:07	SQL injection - 6 Hr Web Report (IP=125,DE)
104.248.139.232	24	RT	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 22:49:46	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=232,DE)
104.248.140.202	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:50	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=202,DE)
104.248.143.60	24	TH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-26 13:48:05	SQL injection - 6 Hr Web Report (IP=60,DE)
104.248.145.31	24	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:12	SQL injection - 6hr Web Attacks (IP=31,SG)
104.248.148.21	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:21	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (1:58069:1) - SourceFire (IP=21, SG)
104.248.149.98	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:08	SQL injection- WebAttacks(IP=98,SG)
104.248.150.149	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:10	SQL injection - WebAttacks (IP=149,SG)
104.248.150.85	32	RB	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:30	DT Attempts/Hunt Team Submission - IR #22C01910 (IP=85,US)
104.248.151.254	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:57	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=254,SG)
104.248.152.192	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:45	HIVE Case #7731 CTO 22-158 (IP=192,SG)
104.248.155.164	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:09	SQL injection - Web Attacks (IP=164,SG)
104.248.157.69	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:16	SQL injection - Web Attacks (IP=69,SG)
104.248.159.108	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:39	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=108,SG)
104.248.160.104	24	WR	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 14:30:09	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=104,GB)
104.248.161.89	24	KH	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:49	File /etc/passwd Access Attempt Detect - FE CMS (IP=89,GB)
104.248.162.71	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:02	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=71,GB)
104.248.163.154	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:07	SQL injection - Web Attacks (IP=154,GB)
104.248.164.149	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:39	SQL injection - WebAttacks (IP=149,GB)
104.248.164.178	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:38	Threat Request // DT / SQLi attempts - IR# 22C01641 (IP=178,GB)
104.248.166.209	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:16	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=209,GB)
104.248.167.233	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:15	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire Report (IP=233,GB)
104.248.168.131	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:08	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection- FE NX (IP=131,GB)
104.248.169.14	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:18	SQL injection - Web Attacks (IP=14,GB)
104.248.17.199	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:07	SERVER-WEBAPP Yealink Device Management server side request forgery attempt (1:57367:1) - SourceFire (IP=199,DE)
104.248.170.202	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:37	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=202, GB)
104.248.171.209	24	RR	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 13:48:13	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=209,GB)
104.248.172.110	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:53	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - SourceFire (IP=110,GB)
104.248.172.125	24	RB	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 22:41:29	HTTP: PHP File Inclusion Vulnerability (IP=125,GB)
104.248.173.100	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:15	SQL injection - 6hr Web Attacks (IP=100,GB)
104.248.174.1	24	RT	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-10 14:46:57	SQL injection - 6HR Web Attack (IP=1,GB)
104.248.175.144	24	TH	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:25	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - FireEye CMS (IP=144,GB)
104.248.184.153	32	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=153,US)
104.248.192.72	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:01	SQL injection - 6hr web attacks (IP=72,NL)
104.248.194.65	24	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:44:58	SQL injection - WebAttacks (IP=65,NL)
104.248.195.134	24	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:33	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt - Source Fire (IP=134,NL)
104.248.195.157	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:50	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - SourceFire (IP=157,NL)
104.248.196.152	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:48	SQL injection - 6HR Web Attacks (IP=152,NL)
104.248.197.2	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:11	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=2,NL)
104.248.198.215	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:11	SERVER-WEBAPP CGit cgit_clone_objects function directory traversal attempt - SourceFire (IP=215,NL)
104.248.2.196	32	NAB	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:47	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=196,US)
104.248.2.84	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:46	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - Sourcefire (IP=84,US)
104.248.200.187	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:23	SQL injection - Web Attacks (IP=187,NL)
104.248.201.79	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:16	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=79,NL)
104.248.202.27	24	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:44	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58734:4) - SourceFire Report (IP=27,NL)
104.248.203.133	24	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 00:00:32	SQL injection - WebAttacks (IP=133,NL)
104.248.203.3	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:53	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=3,NL)
104.248.204.80	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:52	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=80,NL)
104.248.205.94	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:26	SQL Injection - 6Hr Web Attacks (IP=94,NL)
104.248.206.211	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:46	SQL injection - 6Hr Web Attacks (IP=211,US)
104.248.207.52	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:39	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=52,NL)
104.248.21.120	24	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:32	SQL injection - WebAttacks (IP=120,DE)
104.248.22.86	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:24	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=86,DE)
104.248.226.246	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:54	SERVER-WEBAPP WebSVN search command injection attempt - SourceFire (IP=246,US)
104.248.226.50	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:12	SQL injection - Web Attacks (IP=50,US)
104.248.228.189	32	KH	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:12	SQL injection - Web Attacks (IP=189,US)
104.248.229.0	32	AR	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:20	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - SourceFire (IP=0,USA)
104.248.23.155	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:59	SQL injection - 6 Hr Web Report (IP=155,DE)
104.248.232.41	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:14	SQL injection - Web Attacks (IP=41,US)
104.248.232.58	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:54	SQL injection - Web Attacks (IP=58,US)
104.248.235.243	32	KH	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:12	SQL injection - Web Attacks (IP=243,US)
104.248.237.196	32	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:46	SQL injection - Web Attacks (IP=196,US)
104.248.238.89	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:47	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - Sourcefire (IP=89,US)
104.248.24.90	24	KD	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-16 14:40:51	SQL injection- Web Attacks(IP=90,DE)
104.248.241.152	24	AR	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 13:55:05	SQL injection - 6HR Web Attacks (IP=152,DE)
104.248.241.83	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:16	SQL injection - Web Attacks (IP=83,DE)
104.248.244.169	24	DT	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:09	AdobeColdFusionAdministratorAccessRestriction - Web Attacks (IP=169,DE)
104.248.245.185	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:55	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - SourceFire (IP=185,DE)
104.248.252.93	32	KH	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 22:47:31	PHP File Inclusion Vulnerability - IR# 22C01979 (IP=93,US)
104.248.255.188	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:02	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Source Fire (IP=188,DE)
104.248.3.60	32	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:35	SQL use of sleep function in HTTP header - likely SQL injection attempt - Web Attacks (IP=60,US)
104.248.30.191	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:39	SQL union select - possible sql injection attempt - POST parameter (1:15874:14) - SourceFire (IP=191,DE)
104.248.31.34	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00398 (IP=34,DE)
104.248.32.51	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:26	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt - SourceFire (IP=51,DE)
104.248.34.174	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:07	SQL injection - 6Hr Web Attacks (IP=174,DE)
104.248.37.59	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:06	SQL injection - Web Attacks (IP=59,DE)
104.248.38.171	32	TH	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HTTP: Apache Tomcat HTTP PUT Remote Code Execution - TT# 22C00740 (IP=171,DE)
104.248.38.171	32	TH	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HTTP: Apache Tomcat HTTP PUT Remote Code Execution - TT# 22C00740 (IP=171,DE)
104.248.38.171	32	TH	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HTTP: Apache Tomcat HTTP PUT Remote Code Execution - TT# 22C00740 (IP=171,DE)
104.248.38.171	32	TH	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HTTP: Apache Tomcat HTTP PUT Remote Code Execution - TT# 22C00740 (IP=171,DE)
104.248.38.171	32	TH	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HTTP: Apache Tomcat HTTP PUT Remote Code Execution - TT# 22C00740 (IP=171,DE)
104.248.38.192	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:32	4640 HTTP PHP Code Injection - IR# 22C01673 (IP=192,US)
104.248.38.192	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:38	4640 HTTP PHP Code Injection - IR# 22C01673 (IP=192,US)
104.248.4.124	32	RB	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-17 22:34:58	SQL injection - WebAttacks (IP=124,US)
104.248.4.201	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:52	SQL injection - 6 Hr Web Report (IP=201,US)
104.248.4.244	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:09	SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (1:41642:2) - Sourcefire Rpt (IP=244,US)
104.248.4.83	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:49	SQL injection - 6Hr Web Attacks (IP=83,US)
104.248.40.84	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:46	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=84, DE)
104.248.46.37	24	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:07	SQL injection - WebAttacks (IP=37,DE)
104.248.47.9	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	Phishing.PDF.PhishingX.FEC3 Hive Case #6613 (IP=9,DE)
104.248.47.9	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	Phishing.PDF.PhishingX.FEC3 Hive Case #6613 (IP=9,DE)
104.248.49.236	32	SW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	VMware vSphere CVE-2021-21985 Remote Code Execution Vulnerability - IPS Events (IP=236, US)
104.248.51.21	32	BMP	None	2021-12-16 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 - Interactsh.com (IP=21,US)
104.248.51.50	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:46	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire Report (IP=50,US)
104.248.51.53	32	SW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=53, US)
104.248.52.211	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:20	SQL injection - Web Attacks (IP=211,US)
104.248.53.134	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:41	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=134,US)
104.248.53.255	32	KD	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SQL 1 = 0 - possible sql injection attempt - Web Attacks (IP=255,US)
104.248.53.27	32	SW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=27, US)
104.248.53.36	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SQL injection - Web Attacks (IP=36,US)
104.248.53.48	32	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:01	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - SourceFire (IP=48,US)
104.248.55.157	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:17	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=157,US)
104.248.56.14	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:20	SQL injection - Web Attacks (IP=14,US)
104.248.56.180	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:14	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=180,US)
104.248.57.58	32	SW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	F5 BIG-IP iControl CVE-2021-22986 Unauthenticated Remote Command Execution - IPS Events (IP=58, US)
104.248.57.86	32	SW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=86, US)
104.248.59.141	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=141,US)
104.248.59.238	32	SW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=238, US)
104.248.6.99	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:07	SQL injection - Web Attacks (IP=99,US)
104.248.60.194	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:56	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=194,US)
104.248.61.191	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SQL injection - Web Attacks (IP=191,US)
104.248.61.80	32	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 22:56:33	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=80,US)
104.248.61.86	32	KD	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SQL injection - Web Attacks (IP=86,US)
104.248.62.32	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:57	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=32,US)
104.248.63.15	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:17	SQL injection - 6Hr Web Attacks (IP=15,US)
104.248.63.55	32	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:52	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt- Sourcefire(IP=55,US)
104.248.7.173	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:51	HTTP: ThinkPHP CMS Getshell Vulnerability - 6Hr Web Attacks (IP=173,US)
104.248.7.236	32	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:34	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - WebAttacks (IP=236,US)
104.248.8.243	32	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:48	SQL injection - WebAttacks (IP=243,US)
104.248.80.28	24	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:56	SQL injection - 6 Hr Web Report (IP=28,NL)
104.248.81.188	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:30	SQL Injection - Web Attacks(IP=188,NL)
104.248.82.1	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:41	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - Sourcefire Report (IP=1,NL)
104.248.84.45	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:45	HTTP: PHP File Inclusion Vulnerability - IR# 22C01549 (IP=45,US)
104.248.85.124	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:07	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=124,NL)
104.248.86.185	24	TC	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 13:56:58	SQL injection - 6hr Web Attacks (IP=185,NL)
104.248.88.39	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:18	SQL injection - Web Attcks (IP=39,NL)
104.248.89.1	32	RB	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 13:51:59	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=1,NL)
104.248.9.162	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:29	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=162,US)
104.248.9.217	32	AR	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 13:50:51	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=217,US)
104.248.9.57	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:23	MALWARE-BACKDOOR JSP webshell backdoor detected - SourceFire (IP=57,US)
104.248.90.218	24	RR	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:04	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - Web Attacks (IP=218,NL)
104.248.92.145	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:16	SQL injection - Web Attacks (IP=145,NL)
104.248.93.98	24	RT	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:18	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=98,NL)
104.248.94.217	24	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 22:41:52	SQL injection - 6HR Web Attacks (IP=217, NL)
104.249.174.171	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:05	HIVE Case #7807 CTO 22-169 (IP=171,US)
104.250.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ET TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
104.254.244.19	32	RW	None	2021-09-16 00:00:00	2022-05-24 00:00:00	2022-02-24 14:46:15	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=19,US) | updated by KH Block was inactive. Reactivated on 20211231 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:4) - Sourcefire (IP=19,US) | updated by RT Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - Sourcefire Report (IP=19,US)
104.254.246.43	32	ZH	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 23:01:45	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire (IP=43,US)
104.26.2.69	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:56	HIVE Case #7820 CTO 22-174 (IP=69,US)
104.26.3.69	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:57	HIVE Case #7820 CTO 22-174 (IP=69,US)
104.26.6.32	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 20:26:09	HIVE Case #8166 COLS-NA TIP 21-0386 (IP=32,US)
104.28.194.247	32	RB	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-11 22:52:14	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=247,ID)
104.28.213.2	24	RS	None	2022-07-18 00:00:00	2022-10-17 00:00:00	2022-07-19 13:47:50	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=2,EG) | updated by RR Block expiration extended with reason SERVER-APACHE Apache Tomcat remote JSP file upload attempt - SourceFire (IP=2,EG)
104.28.226.248	24	RS	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:45	File /etc/passwd Access Attempt Detect - IPS Events (IP=248,ID)
104.37.106.201	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:50	HIVE Case #7662 CTO 22-145 (IP=201,US)
104.40.241.213	24	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:39	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=213,NL)
104.43.164.195	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:19	HIVE Case #7653 CTO 22-144 (IP=195,US)
104.43.241.132	24	BB	None	2021-10-23 00:00:00	2022-01-21 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 22C00228 (IP=132,US)
104.45.134.205	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:57	HIVE Case #7820 CTO 22-174 (IP=205,US)
104.46.162.224	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:10	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=224,AU)
104.46.162.226	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:10	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=226,AU)
104.59.37.83	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5734 CTO-21-173 (IP=83,US)
104.6.92.229	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:47	HIVE Case #7904 CTO 22-189 (IP=229,US)
104.68.233.114	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:29	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - SourceFire Report (IP=114,US)
104.70.220.237	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=237,US)
104.79.152.165	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:03	Windows Executable Download With Double File Extension - FE IPS Alerts (IP=165,US)
105.155.191.122	24	RR	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=122,MA)
105.159.248.137	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=137,MA)
105.163.1.204	24	SW	None	2022-07-19 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:43	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=204,KE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=204,KE) SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=204,KE)
105.163.1.204	24	RR	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:43	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=204,KE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=204,KE) SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=204,KE)
105.163.1.207	24	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:13	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=207,KE)
105.163.1.207	24	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:13	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=207,KE) SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=207,KE)
105.186.124.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
105.186.242.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
105.196.208.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,EG)
105.198.236.99	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:40	HIVE Case #7199 CTO 22-074 (IP=99,EG)
105.212.92.87	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
105.213.94.68	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=68,ZA)
105.216.34.17	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
105.216.45.177	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
105.216.46.13	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
105.234.154.169	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
105.235.130.92	24	SW	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:36	SQL injection - WebAttacks (IP=92,DZ)
105.247.128.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ZA TO-S-2021-1081 Hive Case 4872 Malware Activity
105.27.237.116	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:37	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=116,KE)
105.27.244.132	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=132,UG)
1057257567.kdsncompany.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:43	HIVE Case #5940 TO-S-2021-1447
106.0.55.114	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
106.12.105.21	24	DT	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-30 13:47:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=21,CN)
106.12.138.245	32	DT	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00033 (IP=245,CN)
106.12.141.94	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=94,CN)
106.12.145.58	24	RB	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=58,CN)
106.12.203.219	24	RR	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=219,CN)
106.12.203.219	24	RR	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=219,CN)
106.12.25.41	24	AR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:43	HTTP: ThinkPHP CMS Getshell Vulnerability - 6Hr Web Attacks (IP=41,CN)
106.12.3.163	24	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:08	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=163,CN)
106.13.17.16	24	CR	None	2019-10-14 00:00:00	2022-02-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Web Attack (IP=16,CN) | updated by KH Block was inactive. Reactivated on 20211124 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - Sourcefire (IP=16,CN)
106.13.86.246	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:39	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=246,CN)
106.14.68.226	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=226,CN)
106.15.196.210	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 22C00431 (IP=210,CN)
106.15.236.246	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=246,CN)
106.15.47.133	24	KD	None	2021-10-30 00:00:00	2022-01-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=133,CN)
106.193.202.188	32	SW	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information TT# 22C00261(IP=188, IN)
106.195.67.99	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=99,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=99,IN)
106.197.182.122	24	RT	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	SQL injection - 6HR Web Attacks (IP=122,IN)
106.214.16.0	20	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,IN)
106.214.174.66	32	AS	None	2021-12-16 00:00:00	2022-06-16 00:00:00	None	HIVE Case #6671 CTO 21-350 (IP=66,IN)
106.220.76.130	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:40	HIVE Case #7199 CTO 22-074 (IP=130,IN)
106.223.24.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
106.240.232.162	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:26	HIVE Case #7653 CTO 22-144 (IP=162,KR)
106.246.158.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
106.246.224.219	24	KH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 13:50:54	URI Injection wget Attempt - FE CMS (IP=219,KR)
106.248.236.130	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=130,KR)
106.37.73.111	32	DT	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00101 (IP=111,CN)
106.38.29.195	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-16 13:49:21	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- IR# 22C01262(IP=195,CN)
106.41.126.23	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:11	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=23,CN)
106.41.51.123	24	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:54:00	SIPVicious Security Scanner - IPS Events (IP=123,CN)
106.51.39.244	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:18	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01598 (IP=244,IN)
106.52.236.147	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:20	HIVE Case #7495 CTO 22-120 (IP=147,CN)
106.54.222.51	24	NAB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=51,CN)
106.59.9.14	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:38	Attempted Access - Inbound Brute Force - IR# 22C01752 (IP=14,CN)
106.75.164.156	24	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=156,CN)
106.75.172.40	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:34	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=40,CN)
106.75.3.35	32	AR	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 13:32:47	RAT: GhostRat Traffic Detected - IR# 23C01981 (IP=35,CN)
106.75.35.156	24	RB	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 22:45:40	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=156,CN)
106.75.5.26	24	ZH	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 23:01:46	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=26,CN)
106.75.71.81	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:40	HIVE Case #7110 CTO 22-057 (IP=81,CN)
106.81.231.54	24	ZH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=54,CN)
107.0.42.85	32	RT	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (1:25459:15) (ip=85,cn) | updated by RT Block was inactive. Reactivated on 20220111 with reason INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - Sourcefire Report (IP=85,US) INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - Sourcefire Report (IP=85,US)
107.0.42.85	32	alj	None	2018-11-28 06:00:00	2022-04-11 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (1:25459:15) (ip=85,cn) | updated by RT Block was inactive. Reactivated on 20220111 with reason INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - Sourcefire Report (IP=85,US) INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - Sourcefire Report (IP=85,US)
107.148.0.26	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:52	HIVE Case #7380 CTO 22-099 (IP=26,US)
107.148.12.162	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:11	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=162,US)
107.148.13.247	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:11	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=247,US)
107.148.146.127	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=127,US)
107.148.165.151	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=151,US)
107.148.165.158	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=158,US)
107.148.200.122	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.148.200.122	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.148.200.122	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.148.200.122	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.150.10.173	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:00	HIVE Case #7104 TO-S-2022-0138 (IP=173,US)
107.150.10.190	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:00	HIVE Case #7104 TO-S-2022-0138 (IP=190,US)
107.150.107.155	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=155,US)
107.150.108.62	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=62,US)
107.150.11.228	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:35	HIVE Case #7380 CTO 22-099 (IP=228,US)
107.150.110.0	24	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:03	HIVE Case #7826 TO-S-2022-0203 (IP=0,US)
107.150.110.233	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:40	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=233,US)
107.150.112.211	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:41	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=211,SG)
107.150.112.96	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=96,SG)
107.150.124.43	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:31	HIVE Case #7495 CTO 22-120 (IP=43,HK)
107.150.126.0	24	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:04	HIVE Case #7826 TO-S-2022-0203 (IP=0,KR)
107.150.127.140	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:42	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=140,KR)
107.150.169.54	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=54,TR)
107.150.4.224	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=224,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=224,US) HIVE Case #5968 TO-S-2021-1276 (IP=224,US)
107.150.4.224	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=224,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=224,US) HIVE Case #5968 TO-S-2021-1276 (IP=224,US)
107.150.59.162	32	srm	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	HIVE Case #NA FP Security (IP=162,US)
107.150.6.4	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=4,US)
107.150.7.145	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=145,US)
107.150.7.145	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=145,US)
107.150.7.145	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=145,US)
107.150.99.112	24	RR	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 14:56:26	SERVER-WEBAPP Movable Type CMS command injection attempt - SourceFire (IP=112,HK)
107.152.217.4	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:19	SQL injection - 6Hr Web Attacks (IP=4,US)
107.154.147.43	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.154.147.43	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.154.147.43	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.154.147.43	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.154.156.7	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=7,US)
107.154.169.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
107.155.113.29	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:17	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=29,US) | updated by KD Block was inactive. Reactivated on 20211004 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=29,US) SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=29,US)
107.155.113.29	32	KD	None	2021-10-04 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:17	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=29,US) | updated by KD Block was inactive. Reactivated on 20211004 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=29,US) SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=29,US)
107.155.113.29	32	UA	None	2021-06-22 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:17	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=29,US) | updated by KD Block was inactive. Reactivated on 20211004 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=29,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=29,US) SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=29,US)
107.155.160.195	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
107.155.89.69	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=69,US)
107.155.89.69	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=69,US)
107.155.89.69	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=69,US)
107.161.114.226	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=226,US)
107.161.176.122	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
107.161.188.162	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.161.24.46	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=46,US)
107.167.64.4	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:54	HIVE Case #7546 CTO 22-127 (IP=4,US)
107.167.75.114	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:07	HIVE Case #7894 CTO 22-187 (IP=114,US)
107.167.80.195	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.170.69.93	32	RR	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44229 (IP=93,US)
107.172.190.10	32	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:28	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=10,US)
107.172.191.127	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=127,US)
107.172.195.113	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:51	ZmEu phpMyAdmin Vulnerability Scanner - IPS Events(IP=113,US)
107.172.197.101	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 13:59:29	HIVE Case #7147 COLS-NA-TIP 22-0076 (IP=101,US)
107.172.210.69	32	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:33	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=69,US)
107.172.214.23	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:15	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=23,US) | updated by RB Block was inactive. Reactivated on 20211227 with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=23,US) HIVE Case #7904 CTO 22-189 (IP=23,US)
107.172.214.23	32	RB	None	2021-12-27 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:15	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=23,US) | updated by RB Block was inactive. Reactivated on 20211227 with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=23,US) HIVE Case #7904 CTO 22-189 (IP=23,US)
107.172.214.23	32	NAB	None	2021-03-26 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:15	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=23,US) | updated by RB Block was inactive. Reactivated on 20211227 with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=23,US) HIVE Case #7904 CTO 22-189 (IP=23,US)
107.172.248.184	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=184,US)
107.172.29.194	32	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 17:05:49	HIVE Case #7873 CTO 22-180 (IP=194,US)
107.172.30.215	32	EE	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HIVE Case #6556 BotenaGo (IP=215,US)
107.172.39.25	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.172.39.25	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.172.39.25	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.172.39.25	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
107.172.92.132	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=132,US)
107.172.97.238	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=238,US)
107.173.111.105	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
107.173.159.114	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=114,US)
107.173.181.138	32	AS	None	2022-02-24 00:00:00	2022-08-25 00:00:00	2022-02-25 19:16:18	HIVE Case #7025 COLS-NA TIP 0055 (IP=138,US)
107.173.204.202	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=202,US)
107.173.28.8	32	TLM	None	2021-10-15 00:00:00	2022-04-15 00:00:00	None	HIVE Case #6367 CTO 21-281 (IP=8,US)
107.173.40.211	32	SW	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:23	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=211,US)
107.173.85.135	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:23	HIVE Case #8395 TO-S-2022-0233 (IP=135,US)
107.174.138.172	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:18	SQL injection - 6Hr Web Attacks (IP=172,US)
107.174.138.181	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:19	HIVE Case #7894 CTO 22-187 (IP=181,US)
107.174.144.201	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=201,US)
107.174.144.201	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=201,US)
107.174.218.172	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:42	HIVE Case #7704 TO-S-2022-0190 (IP=172,US)
107.174.85.183	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=183,US)
107.174.93.73	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:42	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01491 (IP=73,US)
107.175.214.69	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
107.175.215.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
107.175.215.218	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:46	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=218,US)
107.175.242.226	32	TH	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-09 13:47:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=226,US)
107.175.247.189	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=189,US)
107.175.34.212	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.175.94.10	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:00	HIVE Case #7874 CTO 22-181 (IP=10,US)
107.178.109.19	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
107.178.12.18	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malware Activity
107.178.206.218	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:30	22622 HTTP ThinkPHP Framework Code Injection Vulnerability - IR# 22C01660 (IP=218,US)
107.178.207.211	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:35	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=211,US)
107.178.207.217	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:36	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=217,US)
107.178.207.5	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:36	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=5,US)
107.178.207.53	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:37	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=53,US)
107.178.235.193	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:37	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=193,US)
107.178.71.211	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:15	HIVE Case #7282 CTO 22-085 (IP=211,US)
107.179.108.33	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:08	HIVE Case #7894 CTO 22-187 (IP=33,US)
107.179.66.151	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:01	HIVE Case #7104 TO-S-2022-0138 (IP=151,US)
107.179.66.160	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:01	HIVE Case #7104 TO-S-2022-0138 (IP=160,US)
107.180.0.213	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.180.1.238	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=238,US)
107.180.101.239	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
107.180.12.166	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
107.180.12.39	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=39,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=39,US) HIVE Case #5969 TO-S-2021-1289 (IP=39,US)
107.180.12.39	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=39,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=39,US) HIVE Case #5969 TO-S-2021-1289 (IP=39,US)
107.180.2.82	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:47:32	HIVE Case #8037 COLS-NA TIP 21-0402 (IP=82,US)
107.180.21.52	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.180.26.72	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
107.180.33.236	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=236,US)
107.180.4.122	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=122,US)
107.180.40.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
107.180.46.160	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=160,US)
107.180.46.187	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
107.180.48.129	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=129,US)
107.180.50.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.180.50.238	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.180.51.30	32	RR	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:35	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01708 (IP=30,US)
107.180.77.130	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=130,US)
107.180.78.5	32	RB	None	2020-01-06 00:00:00	2022-02-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=5,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity | updated by RW Block was inactive. Reactivated on 20211116 with reason Hello Peppa Scan - Fireeye IPS (IP=5,US) Hello Peppa Scan - Fireeye IPS (IP=5,US)
107.180.78.5	32	RW	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=5,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity | updated by RW Block was inactive. Reactivated on 20211116 with reason Hello Peppa Scan - Fireeye IPS (IP=5,US) Hello Peppa Scan - Fireeye IPS (IP=5,US)
107.180.88.208	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.180.95.177	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.181.187.0	24	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:38	HIVE Case #7840 CTO 22-175 (IP=0,CA)
107.181.187.182	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:39	HIVE Case #7813 CTO 22-173 (IP=182,CA)
107.181.187.201	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=201,US)
107.182.188.184	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=184,US)
107.182.233.161	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=161,US)
107.182.233.161	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=161,US)
107.183.149.51	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:17	HIVE Case #7816 TO-S-2022-0202 (IP=51,ES)
107.187.124.7	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:41	HIVE Case #7652 CTO 22-141 (IP=7,US)
107.189.1.160	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=160,LU)
107.189.1.178	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=178,LU)
107.189.10.196	24	WR	None	2022-02-13 00:00:00	2022-05-14 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=196,LU)
107.189.12.178	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAP Action header command injection attempt - WebAttacks (IP=178,US)
107.189.12.178	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAP Action header command injection attempt - WebAttacks (IP=178,US) SERVER-WEBAPP D-Link multiple products HNAP SOAP Action header command injection attempt - WebAttacks (IP=178,US)
107.189.12.238	24	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=238,LU)
107.189.13.151	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Source Fire (IP=151,LU)
107.189.14.205	24	RB	None	2022-01-16 00:00:00	2022-04-16 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Sourcefire (IP=205,LU)
107.189.14.98	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=98,LU)
107.189.161.186	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=186,US)
107.189.161.186	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=186,US)
107.189.28.186	24	RS	None	2022-07-03 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:44	HIVE Case #6651 - Exploit.CVE-2021-44244 (IP=186,LU) | updated by RS Block was inactive. Reactivated on 20220703 with reason SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=186,LU) SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=186,LU) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=186,LX) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=186,LX)
107.189.28.186	24	KH	None	2021-12-16 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:44	HIVE Case #6651 - Exploit.CVE-2021-44244 (IP=186,LU) | updated by RS Block was inactive. Reactivated on 20220703 with reason SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=186,LU) SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=186,LU) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=186,LX) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=186,LX)
107.189.28.186	24	RR	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:44	HIVE Case #6651 - Exploit.CVE-2021-44244 (IP=186,LU) | updated by RS Block was inactive. Reactivated on 20220703 with reason SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=186,LU) SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=186,LU) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=186,LX) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=186,LX)
107.189.28.51	24	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt- 6hr Web Attacks (IP=51,LU)
107.189.28.51	24	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt- 6hr Web Attacks (IP=51,LU) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt- 6hr Web Attacks (IP=51,LU)
107.189.28.51	32	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=51,US)
107.189.28.51	32	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=51,US) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=51,US)
107.189.29.181	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=181,LU)
107.189.3.209	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LU TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
107.189.4.253	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=253,LU)
107.189.4.253	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=253,LU) HIVE Case #5775 TO-S-2021-1390 (IP=253,LU)
107.189.4.253	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=253,LU)
107.189.5.249	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:32	HIVE Case #7342 CTO 22-092 FRAGO (IP=249,LU)
107.189.6.200	24	AR	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - 6 Hr Web Attacks (IP=200,LU)
107.189.7.243	24	ZH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=243,LU)
107.189.8.201	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:33	HIVE Case #7342 CTO 22-092 FRAGO (IP=201,LU)
107.191.112.211	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:23	HIVE Case #7227 CTO 22-076 (IP=211,US)
107.191.126.17	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=17,US)
107.191.43.86	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:12	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=86,US)
107.191.98.104	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:44	HIVE Case #7676 CTO 22-147 (IP=104,US)
107.20.23.44	32	AR	None	2021-10-30 00:00:00	2022-01-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=44,US)
107.20.35.185	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire(IP=185,US)
107.20.35.185	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire(IP=185,US)
107.20.64.60	32	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=60,US)
107.21.84.232	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:10	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=232,US)
107.22.12.6	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 16:36:17	HIVE Case #8047 COLS-NA TIP 21-0394 (IP=6,US)
107.23.232.73	32	ZH	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=73,US)
107.23.235.76	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:25	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=76,US)
107.23.57.187	32	TLM	None	2022-05-12 00:00:00	2022-11-11 00:00:00	2022-05-12 15:45:25	HIVE Case #7545 COLS-NA-TIP 22-0162 (IP=187,US)
107.241.125.73	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5734 CTO-21-173 (IP=73,US)
107.5.70.99	32	RR	None	2022-07-04 00:00:00	2022-10-03 00:00:00	2022-07-05 14:02:58	Apache Log4j CVE-2021-44228 Remote Code Execution (IP=99,US)
107.6.74.76	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:34	HIVE Case #7404 CTO 22-105 (IP=76,US)
108.138.246.76	32	RT	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=76,US)
108.139.1.122	32	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Rpt (IP=122,US)
108.156.83.8	32	ZH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) Sourcefire Rpt (IP=8,US)
108.157.150.43	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:22	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - Sourcefire (IP=43,US)
108.160.143.31	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:24:57	HIVE Case #7608 CTO 22-137 (IP=31,JP)
108.160.143.43	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=43,JP)
108.160.95.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
108.162.229.14	32	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:36	HIVE Case #7840 CTO 22-175 (IP=14,FR)
108.166.195.87	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=87,US)
108.166.218.120	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
108.166.223.244	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
108.167.132.137	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=137,US)
108.167.132.21	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=21,US)
108.167.132.244	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=244,US)
108.167.137.27	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=27,US)
108.167.139.175	32	TLM	None	2022-03-10 00:00:00	2022-09-10 00:00:00	2022-03-10 13:14:24	HIVE Case #7179 COLS-NA-TIP 22-0082 (IP=175,US)
108.167.143.74	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=74,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=74,US)
108.167.165.196	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=196,US)
108.167.165.28	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=28,US)
108.167.169.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
108.167.180.198	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=198,US)
108.167.180.224	32	NHL	None	2020-10-20 00:00:00	2022-10-20 00:00:00	None	Case # 4002 - IOC_ QakBot (IP=224,US)
108.167.181.204	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-03 18:23:26	HIVE Case #8399 COLS-NA TIP 22-0339 (IP=204,US)
108.167.182.4	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
108.167.188.23	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=23,US)
108.167.195.87	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=87,US)
108.170.13.91	32	TLM	None	2021-10-15 00:00:00	2022-04-15 00:00:00	None	HIVE Case #6367 CTO 21-281 (IP=91,US)
108.170.62.50	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=50,US)
108.171.93.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
108.174.158.102	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=102,US)
108.175.48.70	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 18:10:00	HIVE Case #7921 CTO 22-193 (IP=70,US)
108.176.122.253	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=253,US)
108.177.235.115	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=115,US)
108.177.235.13	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=13,US)
108.177.235.15	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=15,US)
108.177.235.17	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=17,US)
108.177.235.180	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=180,US)
108.177.235.186	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=186,US)
108.177.235.212	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=212,US)
108.177.235.214	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=214,US)
108.177.235.216	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=216,US)
108.177.235.218	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=218,US)
108.177.235.5	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=5,US)
108.179.192.113	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=113,US)
108.179.192.18	32	EE	None	2021-11-29 00:00:00	2022-03-09 00:00:00	None	HIVE Case #6580 IOC_Squirrelwaffle Exploits (IP=18,US)
108.179.192.19	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=19,US)
108.179.192.58	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=58,US)
108.179.193.199	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=199,US)
108.179.193.34	32	EE	None	2021-11-29 00:00:00	2022-12-05 00:00:00	2022-09-09 18:53:32	HIVE Case #6580 IOC_Squirrelwaffle Exploits (IP=34,US) | updated by TLM Block was inactive. Reactivated on 20220906 with reason HIVE Case #8250 COLS-NA-TIP 22-0310 (IP=34,US)
108.179.194.88	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=88,US)
108.179.232.157	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=157,US)
108.179.232.52	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=52,US)
108.179.232.54	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=54,US)
108.179.232.57	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=57,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=57,US)
108.179.232.58	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=58,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=58,US)
108.179.232.80	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=80,US)
108.179.232.82	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=82,US)
108.179.232.83	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=83,US)
108.179.234.139	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=139,US)
108.179.242.56	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=56,US)
108.179.252.150	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=150,US)
108.179.253.178	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=178,US)
108.179.253.185	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=185,US)
108.179.253.37	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=37,US)
108.21.70.196	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:15	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=196,US)
108.26.193.165	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:39	HIVE Case #7189 CTO 22-068.1 (IP=165,US)
108.27.54.116	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:47	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=116,US)
108.4.67.252	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:41	HIVE Case #7199 CTO 22-074 (IP=252,US)
108.56.142.135	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:39	HIVE Case #7189 CTO 22-068.1 (IP=135,US)
108.58.111.26	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:08	HIVE Case #7894 CTO 22-187 (IP=26,US)
108.61.163.91	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:23	HIVE Case #7653 CTO 22-144 (IP=91,JP)
108.61.169.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
108.61.174.133	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:30	HIVE Case #7458 CTO 22-113 (IP=133,GB)
108.61.177.211	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=211,FR)
108.61.177.25	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:04	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire Report (IP=25,FR)
108.61.183.100	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=100,JP)
108.61.186.143	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=143,JP)
108.61.187.87	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:51	HIVE Case #7768 CTO 22-161 (IP=87,JP)
108.61.201.54	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=54,JP)
108.61.210.160	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=160,DE)
108.61.212.72	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=72,AU)
108.61.219.25	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:05	SQL injection (IP=25,DE)
108.61.246.56	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	JP TO-S-2021-1158 Malware Activity
108.62.118.121	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=121,US)
108.62.118.127	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=127,US)
108.62.118.131	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=131,US)
108.62.118.149	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=149,US)
108.62.118.15	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=15,US)
108.62.118.150	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6411 CTO 21-294 (IP=150,US)
108.62.118.156	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=156,US)
108.62.118.169	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=169,US)
108.62.118.182	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=182,US)
108.62.118.185	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=185,US)
108.62.118.192	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=192,US)
108.62.118.193	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6410 CTO 21-293 (IP=193,US)
108.62.118.201	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:16	HIVE Case #7115 CTO 22-060 (IP=201,US)
108.62.118.206	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=206,US)
108.62.118.218	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=218,US)
108.62.118.233	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6162 CTO 21-245 (IP=233,US)
108.62.118.236	32	TLM	None	2021-09-24 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:03	HIVE Case #6252 CTO 21-265 (IP=236,US) | updated by TLM Block was inactive. Reactivated on 20220526 with reason HIVE Case #7669 TO-S-2022-0187 (IP=236,US)
108.62.118.250	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=250,US)
108.62.118.29	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=29,US)
108.62.118.38	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:17	HIVE Case #7115 CTO 22-060 (IP=38,US)
108.62.118.4	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=4,US)
108.62.118.51	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=51,US)
108.62.118.56	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:03	HIVE Case #7669 TO-S-2022-0187 (IP=56,US)
108.62.118.60	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=60,US)
108.62.118.61	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:04	HIVE Case #7669 TO-S-2022-0187 (IP=61,US)
108.62.118.62	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:04	HIVE Case #7669 TO-S-2022-0187 (IP=62,US)
108.62.118.63	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=63,US)
108.62.118.69	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=69,US)
108.62.118.76	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=76,US)
108.62.118.89	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=89,US)
108.62.12.100	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=100,US)
108.62.12.114	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=114,US)
108.62.12.12	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:05	HIVE Case #7669 TO-S-2022-0187 (IP=12,US)
108.62.12.122	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=122,US)
108.62.12.14	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=14,US)
108.62.12.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
108.62.12.145	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=145,US)
108.62.12.186	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=186,US)
108.62.12.189	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=189,US)
108.62.12.190	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=190,US)
108.62.12.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,US)
108.62.12.80	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=80,US)
108.62.141.108	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=108,US)
108.62.141.121	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=121,US)
108.62.141.155	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=155,US)
108.62.141.158	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=158,US)
108.62.141.170	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=170,US)
108.62.141.174	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=174,US)
108.62.141.200	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=200,US)
108.62.141.202	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6631 CTO 21-329 (IP=202,US)
108.62.141.44	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=44,US)
108.62.141.5	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=5,US)
108.62.141.55	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=55,US)
108.62.141.62	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=62,US)
108.62.141.63	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=63,US)
108.62.141.7	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=7,US)
108.62.141.82	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=82,US)
108.62.141.90	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=90,US)
108.62.141.98	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:10	HIVE Case #8328 TO-S-2022-0230 (IP=98,US)
108.64.8.180	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:30	HIVE Case #7198 CTO 22-071 (IP=180,US)
109.1.107.249	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
109.1.123.194	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
109.1.181.235	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
109.105.49.9	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
109.105.8.60	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
109.106.250.117	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=117,DE)
109.106.251.85	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=85,DE)
109.108.129.21	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	GB TO-S-2021-1143 Malicious Email Activity
109.108.153.109	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:40	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=109,GB)
109.110.145.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
109.111.128.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
109.115.141.53	24	BB	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - SourceFire (IP=53,IT)
109.116.51.215	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
109.117.165.52	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
109.12.111.14	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:41	HIVE Case #7199 CTO 22-074 (IP=14,FR)
109.120.240.210	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
109.122.114.4	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RS TO-S-2021-1050 Hive Case 4821 Malware Activity
109.122.9.234	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
109.124.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
109.124.224.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
109.126.39.245	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:48	Suspicious Scan Activity (IP=245,RU)
109.167.90.177	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=177,ES)
109.168.31.162	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
109.169.245.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
109.173.22.228	24	KH	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=228,RU)
109.174.28.29	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
109.182.177.104	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SI TO-S-2021-1050 Hive Case 4821 Malware Activity
109.182.54.148	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SI TO-S-2021-1050 Hive Case 4821 Malware Activity
109.182.54.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SI TO-S-2021-1050 Hive Case 4821 Malware Activity
109.183.11.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
109.192.30.125	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=125,DE)
109.200.159.45	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=45,UA)
109.201.133.100	32	RR	None	2021-03-09 00:00:00	2022-06-15 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00599 (IP=100,NL) | updated by TLM Block was inactive. Reactivated on 20211215 with reason HIVE Case #6665 CTO 21-349 (IP=100,NL) HIVE Case #6665 CTO 21-349 (IP=100,NL)
109.201.133.100	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00599 (IP=100,NL) | updated by TLM Block was inactive. Reactivated on 20211215 with reason HIVE Case #6665 CTO 21-349 (IP=100,NL) HIVE Case #6665 CTO 21-349 (IP=100,NL)
109.201.133.100	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=100,NL)
109.201.8.60	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:49	HIVE Case #7356 CTO 22-096 (IP=60,IR)
109.201.99.131	24	TC	None	2022-09-04 00:00:00	2022-12-03 00:00:00	2022-09-05 12:31:06	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=131,RU)
109.202.202.202	32	AS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 17:31:13	HIVE Case #8052 TO-S-2022-0216 (IP=202,CH)
109.205.181.222	32	BB	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00111 (IP=222,DE)
109.206.252.0	22	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,IR)
109.225.118.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
109.227.208.226	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:12	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=226,RU)
109.227.96.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
109.228.38.89	24	KH	None	2021-11-04 00:00:00	2022-06-15 00:00:00	2022-03-17 22:25:58	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - Sourcefire (IP=89,GB) | updated by RT Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Report (IP=89,GB) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=89,GB) | updated by ZH Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Rpt (IP=89,GB)
109.228.40.199	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:19	HIVE Case #7495 CTO 22-120 (IP=199,GB)
109.228.64.134	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ME TO-S-2021-1037 Hive Case 4785 Malware Activity
109.230.21.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SK TO-S-2021-1050 Hive Case 4821 Malware Activity
109.230.215.89	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
109.232.216.71	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=71,TR)
109.232.217.128	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=128,TR)
109.232.217.143	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=143,TR)
109.232.223.83	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	TR TO-S-2021-1102 Malicious Email Activity
109.233.192.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MD TO-S-2021-1037 Hive Case 4785 Malware Activity
109.234.109.82	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=82,DE)
109.234.36.65	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=65,NL)
109.234.37.86	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6312 CTO 21-271 (IP=86,NL)
109.234.38.152	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6312 CTO 21-271 (IP=152,NL)
109.234.38.232	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=232,NL)
109.234.38.232	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=232,NL)
109.234.38.232	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=232,NL)
109.235.24.0	21	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	RU TO-S-2021-1102 Malware Activity
109.236.122.51	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SK TO-S-2021-1050 Hive Case 4821 Malware Activity
109.236.47.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
109.236.60.2	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=2,US)
109.237.111.251	32	TLM	None	2022-02-08 00:00:00	2022-08-09 00:00:00	None	HIVE Case #6947 CTO 22-039 (IP=251,RU)
109.237.132.18	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=18,DE)
109.237.138.15	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
109.237.138.24	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
109.237.96.0	22	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,RU)
109.237.96.124	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=124,RU)
109.239.51.146	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
109.242.194.115	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
109.242.212.113	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
109.242.218.105	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
109.242.240.12	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
109.242.251.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
109.248.144.136	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:46	HIVE Case #7676 CTO 22-147 (IP=136,SE)
109.248.144.155	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:46	HIVE Case #7676 CTO 22-147 (IP=155,SE)
109.248.149.152	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:16	SIPVicious Security Scanner - IPS Events (IP=152,LV)
109.248.15.13	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:49	HIVE Case #7779 CTO 22-162 (IP=13,RU)
109.248.150.13	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:00	HIVE Case #7881 CTO 22-182 (IP=13,NL)
109.248.175.18	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:19	HIVE Case #7894 CTO 22-187 (IP=18,RU)
109.248.175.64	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:20	HIVE Case #7894 CTO 22-187 (IP=64,RU)
109.248.175.90	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:20	HIVE Case #7894 CTO 22-187 (IP=90,RU)
109.248.19.172	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:25	HIVE Case #7714 CTO 22-154 (IP=172,PH)
109.248.6.36	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:21	HIVE Case #7894 CTO 22-187 (IP=36,RU)
109.250.92.213	24	RR	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 16:36:33	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=213,DE)
109.251.144.10	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:24	SERVER-WEBAPP Multiple products invalid HTTP request attempt (1:40880:8) - SourceFire (IP=10, UA)
109.252.160.169	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:49	Suspicious Scan Activity (IP=169,RU)
109.252.173.30	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:49	Suspicious Scan Activity (IP=30,RU)
109.45.29.202	32	JEB	None	2022-06-06 00:00:00	2022-09-06 00:00:00	2022-06-08 16:55:32	REV Malicious Bumblebee Hardcoded C2 (IP=202,DE)
109.48.158.211	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=211,PT)
109.60.17.47	24	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:47:00	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=47,HR)
109.63.178.140	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:50	Suspicious Scan Activity (IP=140,RU)
109.64.92.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IL TO-S-2021-1037 Hive Case 4785 Malware Activity
109.68.33.64	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
109.69.1.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
109.69.2.194	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
109.69.67.17	24	YM	None	2017-09-28 05:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=17,DE) | updated by RB Block was inactive. Reactivated on 20200716 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6h failed logon (IP=17,DE) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=17,DE)
109.70.100.22	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:30	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=22,AT)
109.70.100.23	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:43	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=23,DK)
109.70.100.25	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:39	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=25,AT)
109.70.100.27	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:33	HIVE Case #7342 CTO 22-092 FRAGO (IP=27,AT)
109.70.100.30	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:37	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=30,AT)
109.70.100.34	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=34,AT) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=34,AT) HIVE Case #6652 CTO 21-345 F1 (IP=34,AT)
109.70.100.34	32	RW	None	2021-03-10 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=34,AT) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=34,AT) HIVE Case #6652 CTO 21-345 F1 (IP=34,AT)
109.70.100.81	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:30	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01459 (IP=81,AT)
109.70.100.83	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:31	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=83,AT)
109.70.100.87	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:31	SQL injection - Web Attacks (IP=87,AT)
109.70.100.91	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:41	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=91,DK)
109.70.100.94	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:42	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=94,DK)
109.70.26.37	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=37,RU)
109.71.254.169	24	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:2) - SourceFire (IP=169,DE)
109.73.173.66	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=66,IN)
109.73.180.73	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
109.74.15.197	24	KF	None	2020-06-27 00:00:00	2022-02-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03293 (IP=197,SE) | updated by RR Block was inactive. Reactivated on 20210520 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) | updated by RW Block was inactive. Reactivated on 20211116 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE)
109.74.15.197	24	RR	None	2021-05-24 00:00:00	2022-02-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03293 (IP=197,SE) | updated by RR Block was inactive. Reactivated on 20210520 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) | updated by RW Block was inactive. Reactivated on 20211116 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE)
109.74.15.197	24	RR	None	2021-05-20 00:00:00	2022-02-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03293 (IP=197,SE) | updated by RR Block was inactive. Reactivated on 20210520 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) | updated by RW Block was inactive. Reactivated on 20211116 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE)
109.74.15.197	24	RW	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C03293 (IP=197,SE) | updated by RR Block was inactive. Reactivated on 20210520 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) | updated by RW Block was inactive. Reactivated on 20211116 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,SE)
109.74.204.123	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:06	Exploit.Spring4Shell.CVE-2022-22965 - FE NX (IP=123,GB)
109.80.100.134	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
109.87.143.67	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:29	HIVE Case #7904 CTO 22-189 (IP=67,UA)
109.87.205.77	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:33	HIVE Case #7296 CTO 22-088 (IP=77,UA)
109.92.6.232	24	KH	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:34	Nmap Scanner Traffic Detected - FE IPS (IP=232,RS)
109.94.172.189	32	RB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=189,US)
109.94.172.30	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=30,US)
109.94.174.91	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=91,US)
109.94.223.102	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=102,US)
109.94.223.161	32	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=161,US)
109.95.157.80	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=80,PL)
109.95.198.12	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:11	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=12,RU)
1091957472.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
11.92.80.0	23	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,US)
110.10.176.56	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:12	HIVE Case #7881 CTO 22-182 (IP=56,KR)
110.10.176.68	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:05	HIVE Case #7881 CTO 22-182 (IP=68,KR)
110.138.90.169	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:48:07	HTTP: PHPUnit Remote Code Execution Vulnerability - TT#22C01005
110.14.121.123	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=123,KR)
110.14.121.125	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=125,KR)
110.142.237.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
110.153.71.17	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:52	SIPVicious Security Scanner - FE IPS Events (IP=17,CN)
110.153.75.109	24	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:12	SIPVicious Security Scanner - IPS Events (IP=109,CN)
110.154.180.167	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:25	Generic URI Injection wget Attempt - FE CMS IPS alert (IP=167,CN)
110.159.225.254	32	TH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-10 13:46:04	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01344 (IP=254,MY)
110.168.49.155	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:28	HIVE Case #7904 CTO 22-189 (IP=155,TH)
110.170.126.13	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:57	HIVE Case #7874 CTO 22-181 (IP=13,TH)
110.172.104.229	32	TLM	None	2022-01-10 00:00:00	2022-07-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=229,KR)
110.172.104.237	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=237,KR)
110.172.137.20	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=20,IN)
110.172.141.237	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
110.172.144.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
110.19.243.69	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:45	SIPVicious Security Scanner - IPS Events (IP=69,CN)
110.232.117.186	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:28	HIVE Case #7535 TO-S-2022-0176 (IP=186,AU)
110.232.252.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
110.232.67.126	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
110.232.72.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
110.232.80.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
110.232.84.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
110.232.94.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1081 Hive Case 4872 Malware Activity
110.235.234.63	24	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-04 00:19:31	SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (1:21073:7) - Sourcefire (IP=63,IN)
110.235.239.214	24	TH	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 13:27:18	SQL injection - 6 Hr Web Report (IP=214,IN)
110.238.117.98	32	RB	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# CDO-Paper-Ticket-0002 (IP=98,TH)
110.244.71.183	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:56	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=183,CN)
110.42.168.15	24	KH	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00315 (IP=15,CN)
110.42.175.75	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:49	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=75,CN)
110.42.195.118	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:47	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=118,CN)
110.42.200.96	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=96,CN)
110.42.202.189	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=189,CN)
110.44.115.228	24	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 17:29:40	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) - SourceFire (IP=228,NP)
110.44.125.131	24	RR	None	2022-07-21 00:00:00	2022-10-20 00:00:00	2022-07-21 13:54:33	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=131,NE)
110.46.13.132	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
110.49.169.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.49.53.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TH TO-S-2021-1092 Hive Case 4875 Malware Activity
110.50.84.5	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:13	HIVE Case #7894 CTO 22-187 (IP=5,ID)
110.50.85.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
110.51.195.129	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:49	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=129,CN)
110.54.192.115	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:14	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=115,PH)
110.77.195.159	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.77.200.30	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.77.228.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.77.232.236	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
110.77.248.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.78.112.38	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	TH TO-S-2021-1156 Malware Activity
110.78.138.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.78.139.161	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.78.151.183	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
110.78.159.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.78.175.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
110.82.90.11	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:39	Generic URI Injection wget Attempt - IPS Events (IP=11,CN)
110.86.180.51	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:58	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=51,CN)
110.87.81.43	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote codeexecution attempt- Web Attacks (IP=43,CN)
110.93.12.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
111.102.185.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
111.132.6.119	24	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=119,CN)
111.170.124.92	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:32	SSLv2 Client Hello Request Detected - IPS Events (IP=92,CN)
111.182.234.93	24	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:12	SIPVicious Security Scanner - IPS Events (IP=93,CN)
111.2.75.128	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=128,CN)
111.200.216.55	24	KD	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=55,CN)
111.204.16.4	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 22C00482 (IP=4,CN)
111.207.107.74	32	KH	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:12	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01905 (IP=74,CN)
111.220.133.219	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
111.221.46.0	24	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,SG)
111.224.145.65	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:53	SIPVicious Security Scanner - IPS Events (IP=65,CN)
111.229.204.148	24	RW	None	2021-01-03 00:00:00	2022-03-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=148,CN) | updated by SW Block was inactive. Reactivated on 20211211 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=148,CN)
111.229.248.56	24	EE	None	2021-02-07 00:00:00	2022-05-20 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6 HR Web Attack (IP=56,CN) | updated by WR Block was inactive. Reactivated on 20220220 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=86,HK)
111.230.240.111	24	AR	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=111,CN)
111.231.86.179	24	KF	None	2018-09-07 05:00:00	2022-06-19 00:00:00	2022-03-22 13:43:30	Illegal user (IP=179,CN) | updated by DT Block was inactive. Reactivated on 20220321 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=179,CN)
111.239.190.134	32	CR	None	2021-08-25 00:00:00	2022-08-25 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=134,JP)
111.252.173.195	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:00	muieblackcat PHP Vulnerability Scanner - FE IPS Events (IP=195,TW)
111.38.192.252	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=252,CN )
111.44.210.114	24	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,CN)
111.59.85.209	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=209,CN)
111.62.228.198	32	wmp	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=198,CN)
111.62.81.70	24	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=70,CN)
111.67.192.241	24	TH	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6 Hr Web Report (IP=241,CN)
111.67.192.241	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 22:45:02	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR#22C01371 (IP=241,ZZ)
111.67.194.48	24	WR	None	2022-02-19 00:00:00	2022-05-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (48,CN)
111.67.199.229	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:17	HIVE Case #7495 CTO 22-120 (IP=229,CN)
111.68.96.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,PK)
111.68.97.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	PK TO-S-2021-1102 Malware Activity
111.73.46.102	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=102,CN)
111.8.127.133	24	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=133,CN)
111.90.151.180	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=180,MY)
111.90.181.30	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:32	HIVE Case #6585 CTO 21-323 (IP=30,KH) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=30,KH)
111.90.187.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KH TO-S-2021-1037 Hive Case 4785 Malware Activity
111.91.49.173	24	SW	None	2022-02-24 00:00:00	2022-05-25 00:00:00	2022-02-24 23:33:36	SQL injection - Web Attacks (IP=173,IN)
111.92.109.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
111.92.75.227	24	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=227,IN)
111.92.77.113	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:50	SIPVicious Security Scanner - IPS Events (IP=113,IN)
111.92.81.149	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:10	SIPVicious Security Scanner - IPS Events (IP=149,IN)
111.93.85.26	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:50:59	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01635 (IP=26,IN)
111.95.94.42	24	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SQL injection - 6 Hr Web Report (IP=42,ID)
112.105.128.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TW TO-S-2021-1081 Hive Case 4872 Malware Activity
112.118.49.109	24	RB	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=109,HK)
112.119.160.228	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:30	SIPVicious Security Scanner - IPS Events (IP=228,HK)
112.133.199.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
112.133.209.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN) HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
112.133.209.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN) HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
112.133.224.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
112.133.232.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
112.15.51.216	24	AR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=216,CN)
112.169.6.247	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:08	HIVE Case #7133 CTO 22-062 (IP=247,KR)
112.175.20.3	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:15	HIVE Case #7816 TO-S-2022-0202 (IP=3,KR)
112.175.85.236	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
112.196.204.141	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=141,KR)
112.196.204.141	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:06	HIVE Case #7705 CTO 22-153 (IP=141,KR)
112.205.140.152	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
112.207.47.140	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
112.211.7.6	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PH TO-S-2021-1037 Hive Case 4785 Malware Activity
112.213.35.153	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=153,AU)
112.221.224.91	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
112.248.101.245	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:02	SIPVicious Security Scanner - IPS Events (IP=245,CN)
112.248.105.40	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:42	Generic URI Injection wget Attempt - FE CMS IPS Events (IP=40,CN)
112.248.114.172	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:53	SIPVicious Security Scanner - IPS Events (IP=172,CN)
112.248.124.219	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:06	Generic URI Injection wget Attempt - CMS IPS Events (IP=219,CN)
112.248.80.60	24	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:52	File /etc/passwd Access Attempt Detect - IPS Events (IP=60,CN)
112.25.170.82	24	AR	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=82,CN)
112.27.89.152	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:02	SERVER-WEBAPP rConfig snippets SQL injection attempt (1:59329:1) - SourceFire (IP=152,CN)
112.28.248.5	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:45	HIVE Case #7380 CTO 22-099 (IP=5,CN)
112.31.166.96	24	RS	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:26	Exploit.IoT.Generic - FE NX (IP=96,CN)
112.64.133.158	24	RR	None	2019-11-14 00:00:00	2022-02-26 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=158,CN) | updated by ZH Block was inactive. Reactivated on 20211128 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1)- SourceFire Rpt (IP=158,CN)
112.72.10.98	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:09	HIVE Case #7894 CTO 22-187 (IP=98,MN)
112.72.153.192	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:00	SIPVicious Security Scanner - IPS Events (IP=192,KR)
112.78.32.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
112.86.227.216	24	RT	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 22:46:53	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=216,CN)
112.94.100.253	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:03	SIPVicious Security Scanner - IPS Events (IP=253,CN)
112.94.102.235	24	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=235,CN)
112.94.103.135	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:36	SIPVicious Security Scanner - IPS Events (IP=135,CN)
112.94.96.3	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:29	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=3,CN)
113.116.193.237	24	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 22:48:27	SIPVicious Security Scanner - SourceFire (IP=237,CN)
113.116.91.36	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:42	Generic URI Injection wget Attempt - FE IPS Events (IP=36,CN)
113.128.218.146	32	DT	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00233 (IP=146,CN)
113.130.126.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KH TO-S-2021-1037 Hive Case 4785 Malware Activity
113.131.125.141	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
113.131.125.144	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
113.131.169.57	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
113.131.183.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
113.131.200.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
113.131.201.3	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
113.131.224.197	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
113.132.237.44	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:09	HIVE Case #7894 CTO 22-187 (IP=44,CN)
113.141.64.14	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=14,CN)
113.161.30.189	24	KH	None	2022-08-06 00:00:00	2022-11-04 00:00:00	2022-08-06 13:52:18	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=189,VN)
113.163.202.111	32	wmp	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=111,VN)
113.172.29.102	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:51	SERVER-WEBAPP Drupal 8 remote code execution attempt - WebAttacks (IP=102,VN)
113.172.93.91	24	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-13 13:47:54	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6HR Web Attacks (IP=91,VN) | updated by RB Block expiration extended with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=91,VN) SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=91,VN)
113.172.93.91	24	JP	None	2022-08-05 00:00:00	2022-12-12 00:00:00	2022-09-13 13:47:54	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6HR Web Attacks (IP=91,VN) | updated by RB Block expiration extended with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=91,VN) SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=91,VN)
113.173.236.13	32	AR	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-28 13:41:31	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01093 (IP=13,VN)
113.185.0.244	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:20	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=244,VN)
113.199.248.150	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:36	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=150,NP)
113.199.250.167	24	ZH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:24	Elastic Log4J CVE-2021-44228 - FE NX (IP=167,NP)
113.199.251.249	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:49	SQL injection - 6Hr Web Attacks (IP=249,IN)
113.199.251.77	24	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:27	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt - SourceFire (IP=77,NP)
113.199.253.164	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:20	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Sourcefire (IP=164,NP)
113.199.254.179	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:21	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=179,NP)
113.199.255.183	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:20	SERVER-WEBAPP Apache Struts remote code execution attempt - Sourcefire (IP=183,NP)
113.199.255.68	24	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:38	SQL injection - WebAttacks (IP=68,NP)
113.20.30.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	country TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
113.203.234.122	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:57	HIVE Case #7874 CTO 22-181 (IP=122,PK)
113.208.81.33	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=33,HK)
113.208.81.48	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=48,HK)
113.208.81.55	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=55,HK)
113.22.16.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	VN TO-S-2021-1081 Hive Case 4872 Malware Activity
113.220.112.185	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:43	SIPVicious Security Scanner - IPS Events (IP=185,CN)
113.220.18.64	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:00	Generic URI Injection wget Attempt - CMS IPS Events (IP=64,CN)
113.23.112.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	VN TO-S-2021-1092 Hive Case 4875 Malware Activity
113.23.169.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
113.23.25.97	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=97,VN)
113.23.26.222	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:10	SERVER-WEBAPP F5 iControl REST interface ssrf attempt - SourceFire (IP=222,VN)
113.232.67.12	24	RS	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:24	Exploit.IoT.Generic - FE NX (IP=13,CN)
113.247.221.2	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=2,CN)
113.28.211.70	24	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=70,HK)
113.28.97.209	24	RW	None	2021-04-18 00:00:00	2022-02-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=209,HK) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=209,HK) | updated by RB Block exp | updated by WR Block was inactive. Reactivated on 20211111 with reason Attempted Access - Inbound Brute Force - TT# 22C00334 (IP=209,BZ)
113.31.114.59	24	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=59, CN)
113.31.162.174	24	RR	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 13:48:13	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=174,CN)
113.31.163.84	24	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:10	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=84,CN)
113.52.194.61	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:40	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=61,KR)
113.53.193.87	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=87,TH)
113.53.231.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
113.53.32.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
113.59.180.40	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=40,KR)
113.61.199.193	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:29	SIPVicious Security Scanner - IPS Events (IP=193,TW)
113.69.129.24	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:44	SIPVicious Security Scanner - IPS Events (IP=24,CN)
113.77.144.171	24	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:11	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=171,CN )
113.92.75.56	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:57	Possible SQL Injection Attempt - IPS Events (IP=56,CN)
113.96.219.105	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:02	HIVE Case #7874 CTO 22-181 (IP=105,CN)
113.96.221.178	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:56	HIVE Case #7874 CTO 22-181 (IP=178,CN)
113.98.224.68	24	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 68, CN)
113.98.98.67	24	BB	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=67,CN)
114.105.18.45	32	AR	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:21	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01912 (IP=45,CN)
114.108.135.149	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=149,KR) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=149,KR)
114.108.177.118	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:31	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01402 (IP=118,KR)
114.115.171.171	24	BB	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=171,CN)
114.116.1.51	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:04	SERVER-WEBAPP LG N1A1 NAS command injection attempt (1:59809:1) - SourceFire (IP=51,CN)
114.116.109.114	24	DT	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,CN)
114.116.205.28	24	BB	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - SourceFire (IP=28,CN)
114.116.242.38	24	AR	None	2021-11-15 00:00:00	2022-02-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=38,CN)
114.116.254.17	24	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=17,CN)
114.119.136.221	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-18 13:23:53	HIVE Case #7595 CTO 22-134 (IP=221,SG)
114.119.136.224	32	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:36	HIVE Case #7840 CTO 22-175 (IP=224,SG)
114.119.136.234	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:20	HIVE Case #7705 CTO 22-153 (IP=234,SG)
114.119.136.238	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:16	HIVE Case #7696 CTO 22-152 (IP=238,SG)
114.119.136.24	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:25	HIVE Case #7705 CTO 22-153 (IP=24,SG)
114.119.136.243	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:26	HIVE Case #7705 CTO 22-153 (IP=243,SG)
114.119.139.112	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:57	HIVE Case #7913 CTO 22-190 (IP=112,SG)
114.119.151.165	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:16	HIVE Case #7696 CTO 22-152 (IP=165,SG)
114.119.151.168	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:11	HIVE Case #7696 CTO 22-152 (IP=168,SG)
114.119.151.17	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:21	HIVE Case #7705 CTO 22-153 (IP=17,SG)
114.119.151.170	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:17	HIVE Case #7696 CTO 22-152 (IP=170,SG)
114.119.151.171	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:12	HIVE Case #7696 CTO 22-152 (IP=171,SG)
114.119.151.172	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:17	HIVE Case #7696 CTO 22-152 (IP=172,SG)
114.119.151.174	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:12	HIVE Case #7696 CTO 22-152 (IP=174,SG)
114.119.157.196	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=196,SG)
114.129.23.110	24	ZH	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:23	Attempted Access - Inbound Brute Force IR#22C01215 (IP=110,ID)
114.132.245.32	24	AR	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=32,CN)
114.132.44.200	24	RR	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=200,CN)
114.143.73.60	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:16	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01404 (IP=60,IN)
114.199.52.199	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
114.199.58.158	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
114.207.246.201	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
114.207.246.201	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
114.207.246.201	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
114.207.246.201	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
114.217.19.60	24	AR	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=60,CN)
114.255.101.71	24	KH	None	2022-01-29 00:00:00	2022-04-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=71,CN)
114.255.88.84	24	KH	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=84,CN)
114.30.50.108	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
114.30.80.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
114.31.3.98	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
114.31.8.22	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
114.32.21.128	24	RR	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=128,TW)
114.34.129.79	24	KH	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=79,TW)
114.34.247.114	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:59	rConfig CVE-2019-16662 install Command Execution - IPS Events (IP=114,TW)
114.34.61.230	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:52	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=230,TW)
114.35.105.79	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:01	HIVE Case #7894 CTO 22-187 (IP=79,TW)
114.35.174.8	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:37	HIVE Case #7458 CTO 22-113 (IP=8,TW)
114.35.232.237	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=237,TW)
114.35.47.146	24	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:24	FTP Login Failed - Failed Logons (IP=146,TW)
114.36.177.68	24	RS	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-06 13:52:17	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=68,TW)
114.36.216.181	24	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:58	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=181,TW)
114.5.208.103	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malware Activity
114.5.24.0	22	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	ID TO-S-2021-1156 Malware Activity
114.5.252.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1081 Hive Case 4872 Malware Activity
114.5.81.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
114.55.60.171	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:14	HIVE Case #7341 CTO 22-092 (IP=171,CN)
114.67.105.32	24	RR	None	2022-07-04 00:00:00	2022-10-03 00:00:00	2022-07-05 14:02:38	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01551 (IP=32,CN)
114.7.195.185	24	RR	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 13:49:10	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Source Fire (IP=185,ID)
114.84.196.62	24	WR	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 14:39:47	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=62,CN)
114.84.197.10	24	AR	None	2022-03-08 00:00:00	2022-06-06 00:00:00	2022-03-08 18:08:49	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6Hr Web Attack (IP=10,CN)
114.98.239.128	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=128,CN)
115.124.77.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
115.126.6.66	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=66,HK)
115.127.24.184	24	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=184,BG)
115.132.55.225	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
115.135.15.236	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
115.135.9.252	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
115.144.122.8	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=8,KR)
115.144.69.41	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=41,KR)
115.167.53.141	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:15	HIVE Case #7668 CTO 22-146 (IP=141,US)
115.204.188.141	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:33	SIPVicious Security Scanner - IPS Events (IP=141,CN)
115.227.209.37	24	WR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=37,CN)
115.230.64.152	24	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 22:48:27	SIPVicious Security Scanner - SourceFire (IP=152,CN)
115.238.38.10	32	KH	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00404 (IP=10,CN)
115.238.97.2	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00356 (IP=2,CN)
115.28.134.231	24	NAB	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:43:07	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=231,CN)
115.31.138.104	24	DT	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-25 13:46:17	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=104,TH)
115.42.121.22	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
115.50.241.171	24	WR	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=226,CN)
115.54.67.206	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:57	SIPVicious Security Scanner - IPS Events (IP=206,CN)
115.55.191.127	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:32	Generic URI Injection wget Attempt - FE CMS IPS alert (IP=127,CN)
115.56.138.61	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:02	Generic URI Injection wget Attempt - CMS IPS Events (IP=61,CN)
115.58.110.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,CN)
115.58.88.194	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:54	SIPVicious Security Scanner - IPS Events (IP=194,CN)
115.59.196.119	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:51	SIPVicious Security Scanner - IPS Events (IP=119,CN)
115.60.80.194	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:16	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - IPS Events (IP=194,CN)
115.68.102.237	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=237,KR)
115.68.45.169	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=169,KR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=169,KR) HIVE Case #5968 TO-S-2021-1276 (IP=169,KR)
115.68.45.169	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=169,KR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=169,KR) HIVE Case #5968 TO-S-2021-1276 (IP=169,KR)
115.69.214.164	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
115.72.183.16	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
115.73.109.147	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
115.73.232.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
115.74.214.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malware Activity
115.74.224.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
115.78.132.45	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	VN TO-S-2021-1102 Malware Activity
115.79.116.186	24	GM	None	2021-01-03 00:00:00	2022-05-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=186,VN) | updated by TH Block was inactive. Reactivated on 20220203 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire Report (IP=186,VN)
115.85.65.171	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
115.85.69.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
115.86.164.63	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:47	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=63,KR)
115.88.24.202	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=202,KR)
115.88.24.203	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=203,KR)
115.91.217.231	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=231,KR)
116.0.23.221	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=221,AU)
116.0.56.98	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=98,PK) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=98,PK)
116.0.61.202	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:30	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=202,PK)
116.102.152.0	21	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,VN)
116.102.72.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malware Activity
116.105.212.31	24	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 22:37:50	Attempted Access - Inbound Brute Force-TT# 22C01070 (IP=31,VN)
116.105.77.214	32	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00581 (IP=214,VN)
116.106.136.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malware Activity
116.110.17.178	32	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00710 (IP=178,VN)
116.110.87.225	32	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00580 (IP=225,VN)
116.110.92.78	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:47	Attempted Access - Inbound Brute Force IR#: 22C01258 (IP=78,VN)
116.118.104.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	VN TO-S-2021-1092 Hive Case 4875 Malware Activity
116.118.7.239	24	NAB	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:55	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=239,VN)
116.121.62.237	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=237,KR)
116.131.212.20	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:51	SIPVicious Security Scanner - IPS Events (IP=20,CN)
116.15.227.182	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SG TO-S-2021-1081 Hive Case 4872 Malware Activity
116.193.135.66	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:43	Generic URI Injection wget Attempt - FE CMS IPS Events (IP=66,IN)
116.196.117.213	32	BB	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	116.196.117.213HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00238 (IP=213,CN)
116.196.117.213	32	BB	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	116.196.117.213HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00238 (IP=213,CN)
116.196.117.213	32	BB	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	116.196.117.213HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00238 (IP=213,CN)
116.196.73.141	32	KH	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00762 (IP=141,CN)
116.196.79.120	32	AR	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00039 (IP=120,CN)
116.197.129.114	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
116.202.127.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,DE)
116.202.158.2	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=2,DE)
116.202.158.2	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=2,DE)
116.202.158.2	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=2,DE)
116.202.251.3	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:05	HIVE Case #7669 TO-S-2022-0187 (IP=3,DE)
116.202.36.170	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=170,DE)
116.202.95.225	32	wmp	None	2020-07-29 00:00:00	2022-02-05 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=225,DE) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=225,DE) HIVE Case #5 TO-S-2021-1447 (IP=225,DE)
116.202.95.225	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=225,DE) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=225,DE) HIVE Case #5 TO-S-2021-1447 (IP=225,DE)
116.203.118.191	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=191,DE)
116.203.128.0	20	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:38	HIVE Case #7840 CTO 22-175 (IP=0,CA)
116.203.132.32	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:35	HIVE Case #7189 CTO 22-068.1 (IP=32,DE)
116.203.134.117	24	KD	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=117,DE)
116.203.134.221	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:07	HIVE Case #7458 CTO 22-113 (IP=221,DE)
116.203.165.250	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
116.203.20.63	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=63,DE)
116.203.219.38	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=38,DE)
116.203.252.63	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=63,DE)
116.203.53.133	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=133,DE)
116.203.66.222	24	DT	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=222,DE)
116.203.95.203	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:02	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Sourcefire (IP=203,DE)
116.205.242.129	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:06	HIVE Case #7874 CTO 22-181 (IP=129,CN)
116.206.154.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
116.206.253.102	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
116.206.92.83	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=83,CN)
116.212.142.188	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:36:57	HIVE Case #7449 CTO 22-112 (IP=188,KH)
116.213.36.226	32	SW	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:21	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01438 (IP=226,HK)
116.213.40.229	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:08	HIVE Case #7774 CTO 22-166 (IP=229,HK)
116.23.96.65	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - SourceFire (IP=65,CN)
116.233.204.198	24	DT	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-02 14:47:51	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=198,CN)
116.235.128.76	24	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-05 14:46:49	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire(IP=76,CN)
116.235.131.101	24	WR	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 Hr Web Attacks (IP=101,CN)
116.235.132.198	24	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:46:51	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=198,CN)
116.235.134.82	24	DT	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-30 13:47:02	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=82,CN)
116.24.67.213	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=213,CN)
116.240.206.197	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	AU TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
116.247.118.146	24	RT	None	2022-02-08 00:00:00	2022-05-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attacks (IP=146,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=146,CN)
116.253.208.239	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:03	HIVE Case #7874 CTO 22-181 (IP=239,CN)
116.27.213.111	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:38	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=111,CN)
116.48.110.159	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-18 13:23:52	HIVE Case #7595 CTO 22-134 (IP=159,HK)
116.58.10.58	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=58,PK)
116.58.229.88	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
116.58.239.60	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
116.63.173.156	32	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00306 (IP=156,US)
116.63.57.161	32	DT	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00234 (IP=161,CN)
116.66.160.38	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
116.68.96.119	32	wmp	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=119,IN)
116.71.133.117	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1081 Hive Case 4872 Malware Activity
116.72.136.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
116.75.195.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,IN)
116.85.6.115	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=115,CN)
116.86.24.105	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
116.88.133.53	24	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:45	SQL injection - WebAttacks (IP=53,SG)
116.88.137.225	24	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 17:29:41	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=225,SG)
116.88.174.17	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:26	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=17,SG)
116.88.203.183	24	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 13:55:28	SQL injection - WebAttacks (IP=183,SG)
116.88.216.196	24	ZH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 22:32:23	FIREEYE Web: Infection Match - FE CMS (IP=196,SG)
116.88.223.70	32	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 00:38:22	Multiple IP Blocks - IR#22C01932 (IP=70,SG)
116.90.234.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,NP)
116.90.234.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,NP)
116.90.234.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,NP)
116.90.234.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,NP)
116.90.234.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,NP)
116.90.61.189	32	wmp	None	2020-08-17 00:00:00	2022-01-20 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=189,AU) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=189,AU) | updated by dbc Block was inactive. Reactivated on 20210120 with reason AU TO-S-2021-1037 Hive Case
116.90.96.0	19	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,PK)
116.91.152.15	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:58	HIVE Case #7820 CTO 22-174 (IP=15,JP)
116.91.152.16	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:59	HIVE Case #7820 CTO 22-174 (IP=16,JP)
116.91.152.21	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:20	HIVE Case #7807 CTO 22-169 (IP=21,JP)
116.93.253.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
116.99.65.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
116.99.9.120	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=120,VN)
117.102.84.142	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:02	HIVE Case #7881 CTO 22-182 (IP=142,ID)
117.103.69.134	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:49	HIVE Case #7356 CTO 22-096 (IP=134,ID)
117.107.143.110	24	RT	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=110,CN)
117.111.1.108	24	SW	None	2022-01-22 00:00:00	2022-04-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - SourceFire (IP=108,KR)
117.122.212.95	24	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=95,CN)
117.151.97.94	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:55	Possible Cross-site Scripting Attack - FE IPS Events (IP=94,CN)
117.157.74.128	24	TC	None	2022-09-17 00:00:00	2022-12-17 00:00:00	2022-09-18 13:33:56	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128,CN) | updated by TC Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128,CN) SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128,CN)
117.157.74.128	24	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 13:33:56	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128,CN) | updated by TC Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128,CN) SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128,CN)
117.16.142.35	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:49	HIVE Case #7104 TO-S-2022-0138 (IP=35,KR)
117.16.142.69	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:07	HIVE Case #7104 TO-S-2022-0138 (IP=69,KR)
117.16.44.111	24	KH	None	2022-09-26 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:31	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=111,KR) | updated by JY Block expiration extended with reason SERVER-WEBAPP Apache Log4j logging remote code execution attempt - 6hr web attacks (IP=178,KR)
117.16.44.111	24	KH	None	2022-09-26 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:31	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=111,KR) | updated by JY Block expiration extended with reason SERVER-WEBAPP Apache Log4j logging remote code execution attempt - 6hr web attacks (IP=178,KR)
117.18.237.29	32	AS	None	2022-04-08 00:00:00	2022-10-04 00:00:00	2022-04-08 17:37:02	HIVE Case #7363 CTO 22-097 (IP=29,TW)
117.191.152.165	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	FTP Login Failed - Failed Logons (IP=165,CN)
117.191.152.165	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	FTP Login Failed - Failed Logons (IP=165,CN)
117.195.129.31	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=31,IN)
117.195.129.31	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=31,IN)
117.195.129.31	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=31,IN)
117.195.129.31	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=31,IN)
117.195.129.31	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=31,IN)
117.195.87.89	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:42	Generic URI Injection wget Attempt - FE IPS Events (IP=89,IN)
117.195.87.89	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:19	Generic URI Injection wget Attempt - FE IPS Events (IP=89,IN)
117.196.25.249	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:34	VMWare View Planner RCE CVE-2021-1499 exploit attempt - IPS Events (IP=249,IN)
117.196.52.26	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:30	Possible Cross-site Scripting Attack - IPS Events (IP=26,IN)
117.197.40.88	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:41	SQL injection - Web Attacks (IP=88,IN)
117.198.157.232	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:42	HIVE Case #7199 CTO 22-074 (IP=232,IN)
117.198.157.232	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:43	HIVE Case #7199 CTO 22-074 (IP=232,IN)
117.199.218.246	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:56:03	Webshell.Binary.php.FEC2 - FE NX (IP=246,IN)
117.199.219.106	32	KH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:53	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=106,IN)
117.199.221.70	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:56:02	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=70,IN)
117.204.128.251	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:04	Generic URI Injection wget Attempt - IPS Events (IP=251,IN)
117.204.141.100	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:57	Generic URI Injection wget Attempt - IPS Events (IP=100,IN)
117.208.65.97	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:00	SQL injection - WebAttacks (IP=97,IN)
117.212.244.122	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=122,IN)
117.215.242.236	24	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:47	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=236,IN)
117.216.117.146	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:52	HIVE Case #7913 CTO 22-190 (IP=146,IN)
117.216.23.66	24	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:52	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=66,IN)
117.216.28.77	24	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:53:00	SIPVicious Security Scanner - IPS Events (IP=77,IN)
117.216.30.214	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:31	Possible Cross-site Scripting Attack - IPS Events (IP=214,IN)
117.217.152.24	24	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=24,IN)
117.217.229.144	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:43	Generic URI Injection wget Attempt - FE IPS Events (IP=144,IN)
117.221.188.97	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:50	SIPVicious Security Scanner - FE IPS Events (IP=97,IN)
117.239.150.66	32	KH	None	2021-12-06 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:50	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00488 (IP=66,IN) | updated by SW Block was inactive. Reactivated on 20220703 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01513(IP=66,IN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01513(IP=66,IN)
117.239.150.66	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:50	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00488 (IP=66,IN) | updated by SW Block was inactive. Reactivated on 20220703 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01513(IP=66,IN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01513(IP=66,IN)
117.248.109.38	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:43	HIVE Case #7199 CTO 22-074 (IP=38,IN)
117.252.219.146	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:02	SIPVicious Security Scanner - IPS Events (IP=146,IN)
117.33.157.243	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:53	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=243,CH)
117.36.196.122	32	RT	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00845 (IP=122,CN)
117.40.128.112	32	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00579 (IP=112,CN)
117.40.128.114	32	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00703 (IP=114,CN)
117.50.107.194	24	WR	None	2022-02-22 00:00:00	2022-05-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=194,CN)
117.50.63.227	24	DBC	None	2022-03-20 00:00:00	2022-06-20 00:00:00	2022-03-20 23:01:43	Corelight ET Scan (IP=227,CN)
117.52.89.197	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=197,KR)
117.54.148.2	32	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00340 (IP=2,US)
117.54.254.74	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
117.55.240.0	21	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,IN)
117.7.122.163	24	KD	None	2021-10-30 00:00:00	2022-01-28 00:00:00	None	Attempted Access - Inbound Brute Force / SSH Login - TT# 22C00262 (IP=163,VN)
117.7.122.163	24	KD	None	2021-10-30 00:00:00	2022-01-28 00:00:00	None	Attempted Access - Inbound Brute Force / SSH Login - TT# 22C00262 (IP=163,VN)
117.74.135.35	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:49	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00424 (IP=35,CN) | updated by RT Block was inactive. Reactivated on 20220408 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01157 (IP=35,CN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01157 (IP=35,CN) | updated by KH Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR#22C01412 (IP=35,CN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR#22C01412 (IP=35,CN)
117.74.135.35	32	RT	None	2022-04-08 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:49	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00424 (IP=35,CN) | updated by RT Block was inactive. Reactivated on 20220408 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01157 (IP=35,CN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01157 (IP=35,CN) | updated by KH Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR#22C01412 (IP=35,CN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR#22C01412 (IP=35,CN)
117.74.135.35	32	RW	None	2021-11-26 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:49	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00424 (IP=35,CN) | updated by RT Block was inactive. Reactivated on 20220408 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01157 (IP=35,CN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01157 (IP=35,CN) | updated by KH Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR#22C01412 (IP=35,CN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR#22C01412 (IP=35,CN)
117.80.115.219	24	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=219,CN)
117.80.212.33	24	NAB	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:48:59	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=33,CN)
117.97.197.85	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:00	SQL injection - WebAttacks (IP=85,IN)
118.100.126.116	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
118.100.68.47	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
118.101.254.92	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
118.103.212.3	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
118.103.238.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PK TO-S-2021-1037 Hive Case 4785 Malware Activity
118.121.27.103	24	KH	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=103,CN))
118.126.82.170	24	RR	None	None	2022-04-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=170,CN) | updated by DT Block was inactive. Reactivated on 20220115 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=170,CN) SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=170,CN)
118.126.82.170	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=170,CN) | updated by DT Block was inactive. Reactivated on 20220115 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=170,CN) SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=170,CN)
118.126.82.170	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - Source Fire (IP=170,CN)
118.136.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
118.140.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
118.140.32.0	19	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,HK)
118.141.224.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
118.144.11.15	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:02	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=15,CN)
118.161.215.67	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=67,TW)
118.161.80.21	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=21,TW)
118.163.199.186	24	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:21	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=186,TW)
118.166.133.237	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=237,TW)
118.167.197.103	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TW TO-S-2021-1037 Hive Case 4785 Malware Activity
118.167.22.202	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=202,TW)
118.172.176.41	24	GM	None	2020-10-31 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:08	Generic URI Injection wget Attempt - FireEye CMS (IP=41,TH) | updated by RS Block was inactive. Reactivated on 20220620 with reason SIPVicious Security Scanner - IPS Events (IP=41,TH)
118.173.13.254	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=254,TH) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=254,TH)
118.175.82.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
118.175.88.46	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
118.175.92.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
118.178.138.167	24	BB	None	2021-10-17 00:00:00	2022-01-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=167,CN)
118.179.118.252	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BD TO-S-2021-1081 Hive Case 4872 Malware Activity
118.179.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
118.179.163.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
118.179.96.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
118.190.203.95	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:20	HIVE Case #7714 CTO 22-154 (IP=95,CN)
118.190.216.82	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:41	HIVE Case #7769 CTO 22-165 (IP=82,CN)
118.192.48.48	32	AS	None	2022-03-10 00:00:00	2022-09-10 00:00:00	2022-03-11 00:50:56	HIVE Case #7187 CTO 22-069 (IP=48,CN)
118.193.56.130	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:42	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=130,TH)
118.193.62.232	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:43	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=232,TW)
118.193.72.107	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:46	HIVE Case #7458 CTO 22-113 (IP=107,PH)
118.194.251.91	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:06	FireEye High Attacker (IP (IP=91,CN)
118.200.3.146	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:10	HIVE Case #7894 CTO 22-187 (IP=146,SG)
118.201.132.88	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
118.21.115.138	24	KH	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=138,JP)
118.232.160.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TW TO-S-2021-1081 Hive Case 4872 Malware Activity
118.233.164.166	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TW TO-S-2021-1037 Hive Case 4785 Malware Activity
118.233.36.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TW TO-S-2021-1037 Hive Case 4785 Malware Activity
118.25.188.43	24	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:41	: HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - IR#22C01006(IP=43,CN)
118.25.188.43	24	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:48	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - IR#22C01006(IP=43,CN)
118.25.188.43	32	RW	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C00425 (IP=43,CN)
118.26.104.39	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:05	FireEye High Attacker (IP=39,CN)
118.27.108.83	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:22	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01620 (IP=83,JP)
118.27.19.223	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
118.27.19.223	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
118.27.19.223	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
118.27.19.223	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
118.27.95.218	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	JP TO-S-2021-1143 Malicious Email Activity
118.27.95.92	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	JP TO-S-2021-1156 Malicious Email Activity
118.31.76.164	24	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=164,CN)
118.33.109.122	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=122,KR)
118.33.224.29	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:10:01	HIVE Case #7563 CTO 22-131 (IP=29,KR)
118.46.137.24	24	ZH	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 23:01:48	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=24,KR)
118.68.107.70	24	BB	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58741:4) - Sourcefire (IP=70,VN)
118.68.201.14	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=14,VN)
118.69.16.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	VN TO-S-2021-1102 Malware Activity
118.69.162.241	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
118.69.208.0	20	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	VN TO-S-2021-1143 Malware Activity
118.70.109.164	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=164,VN)
118.71.128.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,VN)
118.71.190.75	24	AR	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 13:46:47	SQL 1 = 1 - possible sql injection attempt (1:19439:10) - SourceFire (IP=75,VN)
118.74.90.83	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:10	HIVE Case #7894 CTO 22-187 (IP=83,CN)
118.77.100.96	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:25	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=96,CN)
118.79.84.229	24	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:40	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=229,CN)
118.89.114.149	24	ZH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=149,CN)
118.96.133.78	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
118.96.138.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
118.96.33.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
118.97.217.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
118.97.64.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malware Activity
118.97.74.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
118.99.100.27	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
118.99.176.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TW TO-S-2021-1037 Hive Case 4785 Malware Activity
118.99.78.3	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
118.99.9.248	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:27	HIVE Case #7458 CTO 22-113 (IP=248,HK)
119.10.179.232	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=232,ID)
119.102.61.138	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:34	File /etc/passwd Access Attempt Detect - IPS Events (IP=138,CN)
119.11.0.250	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=250,AU)
119.110.232.197	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:26	HIVE Case #7881 CTO 22-182 (IP=197,TH)
119.119.22.141	24	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:58	SIPVicious Security Scanner - IPS Events (IP=141,CN)
119.13.89.28	32	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00684 (IP=28,CN)
119.148.33.141	32	AR	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:22	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01439 (IP=141,BD)
119.15.153.235	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
119.15.83.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KH TO-S-2021-1037 Hive Case 4785 Malware Activity
119.160.234.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
119.17.214.81	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=81,VN)
119.183.80.2	24	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:41	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=2,CN)
119.190.213.204	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:01	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=204,CN)
119.192.150.128	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=128,KR)
119.192.150.23	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=23,KR)
119.192.150.41	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=41,KR)
119.192.150.43	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=43,KR)
119.192.150.51	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=51,KR)
119.192.150.56	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=56,KR)
119.192.150.89	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=89,KR)
119.199.35.33	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 22:45:00	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01369 (IP=33,KR)
119.2.54.39	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:58	F5 BIG-IP TMUI CVE-2020-5902 Directory Traversal and File Upload RCE - IPS Events (IP=39,ID)
119.2.7.34	24	RT	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attacks (IP=34,CN)
119.235.54.0	24	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	IN TO-S-2021-1156 Malware Activity
119.235.71.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FJ TO-S-2021-1050 Hive Case 4821 Malware Activity
119.245.208.99	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	JP TO-S-2021-1102 Malicious Email Activity
119.252.144.0	20	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,IN)
119.252.148.27	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=27,IN)
119.252.16.224	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=224,AU) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=224,AU) HIVE Case #5969 TO-S-2021-1289 (IP=224,AU)
119.252.16.224	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=224,AU) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=224,AU) HIVE Case #5969 TO-S-2021-1289 (IP=224,AU)
119.252.16.224	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=224,AU) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=224,AU) HIVE Case #5969 TO-S-2021-1289 (IP=224,AU)
119.253.65.138	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:41	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=138,CN)
119.28.114.171	24	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=171,SG)
119.28.16.239	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=239,HK)
119.29.89.174	24	AR	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 13:47:56	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=174,CN)
119.3.124.78	32	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00888 (IP=78,CN)
119.3.245.174	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:18	HIVE Case #7881 CTO 22-182 (IP=174,CN)
119.3.87.158	24	SW	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=158, CN)
119.40.85.58	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
119.42.112.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
119.42.67.48	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
119.42.78.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,TH) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,TH) HIVE Case #5968 TO-S-2021-1276 (IP=0,TH)
119.42.78.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,TH) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,TH) HIVE Case #5968 TO-S-2021-1276 (IP=0,TH)
119.42.86.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
119.45.122.108	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:04	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR # 22C01189 (IP=108,CN)
119.59.124.54	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-03 18:23:25	HIVE Case #8399 COLS-NA TIP 22-0339 (IP=54,TH)
119.6.54.137	24	TC	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:43	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=137,CN)
119.64.121.13	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
119.81.153.10	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:44	HIVE Case #7662 CTO 22-145 (IP=10,HK)
119.81.61.11	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=11,SG)
119.81.61.12	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=12,SG)
119.81.76.186	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:20	HIVE Case #7928 CTO 22-194 (IP=186,SG)
119.81.76.187	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:03	HIVE Case #7696 CTO 22-152 (IP=187,SG)
119.9.9.224	24	RT	None	2022-02-08 00:00:00	2022-05-10 00:00:00	None	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch - Sourcefire Report (IP=224,AU) | updated by RR Block expiration extended with reason EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch - SourceFire (IP=224,AU)
119.91.195.31	24	KH	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=31,CN)
119.91.205.80	32	BB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00730 (IP=80,CN)
119.91.76.121	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=121,CN)
119.92.153.213	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PH TO-S-2021-1081 Hive Case 4872 Malware Activity
119.92.169.233	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
119.93.173.120	32	RB	None	2021-02-22 00:00:00	2022-03-04 00:00:00	None	TO-S-2021-1136 / SHARKSEER-TIP-21-3006 - TT# 21C00525 (IP=120,PH) | updated by dbc Block expiration extended with reason PH TO-S-2021-1143 Malware Activity PH TO-S-2021-1143 Malware Activity
119.93.173.120	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	TO-S-2021-1136 / SHARKSEER-TIP-21-3006 - TT# 21C00525 (IP=120,PH) | updated by dbc Block expiration extended with reason PH TO-S-2021-1143 Malware Activity PH TO-S-2021-1143 Malware Activity
119.97.67.217	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:26	SIPVicious Security Scanner - IPS Events (IP=217,CN)
119.98.189.151	32	KD	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00447 (IP=151,US)
1199094840.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:39	HIVE Case #5940 TO-S-2021-1447
12.157.192.177	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:43	HIVE Case #7342 CTO 22-092 FRAGO (IP=177,US)
12.157.38.28	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
12.163.208.58	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
12.191.39.162	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:28	HIVE Case #7199 CTO 22-074 (IP=162,US)
12.191.39.163	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:28	HIVE Case #7199 CTO 22-074 (IP=163,US)
12.191.39.164	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:29	HIVE Case #7199 CTO 22-074 (IP=164,US)
12.191.39.165	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:29	HIVE Case #7199 CTO 22-074 (IP=165,US)
12.191.39.166	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:30	HIVE Case #7199 CTO 22-074 (IP=166,US)
12.21.122.66	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:17	HIVE Case #8100 CTO 22-211 (IP=66,US)
12.224.121.84	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=84,US)
12.228.78.133	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=133,US)
12.34.226.34	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:30	HIVE Case #7199 CTO 22-074 (IP=34,US)
12.71.169.162	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:53:47	SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (1:32997:6) - SourceFire (IP=162,US)
120.10.59.250	24	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:41	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=250,CN)
120.11.150.82	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:56	WordPress CVE-2022-1609 Weblizar Backdoor - IPS Events (IP=82,CN)
120.132.33.182	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:48	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=182,CN)
120.136.14.7	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	JP TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
120.136.26.201	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KH TO-S-2021-1050 Hive Case 4821 Malware Activity
120.138.9.0	24	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=0,IN)
120.150.218.241	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:43	HIVE Case #7199 CTO 22-074 (IP=241,AU)
120.150.60.189	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	AU TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
120.195.30.152	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=152,CN)
120.201.144.70	24	NAB	None	2022-06-23 00:00:00	2022-12-20 00:00:00	2022-09-21 22:53:49	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=70,CN) | updated by RS Block was inactive. Reactivated on 20220921 with reason Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=70,CN)
120.209.140.62	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=62,CN)
120.224.120.89	24	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:05	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=89,CN)
120.224.34.31	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:52	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=31,CN)
120.224.86.100	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 14:46:04	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=100,CN)
120.236.74.234	24	AR	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-15 13:56:55	Apache Log4j CVE-2021-44228 Remote Code Execution - FE NX (IP=234,CN)
120.24.66.28	24	WR	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00254 (IP=28,CN)
120.244.162.189	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:11	HIVE Case #7894 CTO 22-187 (IP=189,CN)
120.25.202.190	32	KH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:40	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01335 (IP=190,CN)
120.253.79.235	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:05	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=235,CN)
120.29.158.174	24	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=174,ID)
120.31.133.162	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:15	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=162,CN)
120.36.224.93	24	BB	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=93,CN)
120.40.105.70	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:55	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=70,CN)
120.41.215.160	24	TH	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Report (IP=160,CN)
120.48.118.194	24	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 22:53:24	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Sourcefire (IP=194,CN)
120.48.25.90	24	KH	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	Hello Peppa Scan - FE IPS (IP=90,CN)
120.48.83.197	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:18	F5 BIG-IP CVE-2022-1388 Remote Code Execution - FE IPS (IP=197,CN)
120.53.226.111	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:06	HIVE Case #7881 CTO 22-182 (IP=111,CN)
120.53.243.154	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=154,CN)
120.69.189.120	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:56	Atlassian Confluence CVE-2022-26134 RCE - IPS Events (IP=120,CN)
120.77.209.35	24	BB	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=35,CN)
120.79.41.29	24	RR	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=29,CN)
120.83.92.184	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:23	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=184,CN)
120.84.110.166	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:43	Generic URI Injection wget Attempt - FE IPS Events (IP=166,CN)
120.85.115.12	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:44	Generic URI Injection wget Attempt - FE IPS Events (IP=12,CN)
120.85.116.156	24	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 22:48:28	SIPVicious Security Scanner - SourceFire (IP=156,CN)
120.85.118.196	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:17	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=196,CN)
120.85.119.219	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:44	SIPVicious Security Scanner - IPS Events (IP=219,CN)
120.85.182.223	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:26	Generic URI Injection wget Attempt - FE CMS IPS alert (IP=223,CN)
120.85.42.27	24	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:53:00	SIPVicious Security Scanner - IPS Events (IP=27,CN)
120.85.91.140	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=140,CN)
120.85.94.142	24	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:58	SIPVicious Security Scanner - IPS Events (IP=142,CN)
120.86.237.81	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:26	SIPVicious Security Scanner - IPS Events (IP=81,CN)
120.86.252.24	24	RS	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:49	SIPVicious Security Scanner - IPS Events (IP=24,CN)
120.86.253.37	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:51	SIPVicious Security Scanner - IPS Events (IP=37,CN)
120.86.254.119	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:45	Generic URI Injection wget Attempt - FE IPS Events (IP=119,CN)
120.86.255.97	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:03	SIPVicious Security Scanner - IPS Events (IP=97,CN)
120.87.49.141	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:59	muieblackcat PHP Vulnerability Scanner - FE IPS Events (IP=141,CN)
120.89.94.0	23	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
120.92.147.164	24	AR	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Alerts (IP=164,CN)
1202217990.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:39	HIVE Case #5940 TO-S-2021-1447
121.1.171.215	24	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 13:58:42	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Report (IP=215,JP)
121.1.235.61	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malware Activity
121.1.38.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
121.100.17.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
121.101.128.0	21	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	ID TO-S-2021-1156 Malware Activity
121.101.190.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
121.101.191.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
121.101.246.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
121.122.120.184	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
121.122.166.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
121.123.25.106	24	KD	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability- TT# 22C00906 (IP=106,MY)
121.123.25.106	32	GM	None	2020-08-19 00:00:00	2022-03-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 20C03746 (IP=106,MY) | updated by ZH Block was inactive. Reactivated on 20211205 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 22C00483 (IP=106,MY)
121.126.206.200	24	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=200,KR)
121.140.99.236	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=236,KR)
121.152.80.206	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01594 (IP= 206, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=206,KR)
121.154.204.65	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:29	HIVE Case #7387 CTO 22-103(IP=65,KR)
121.156.109.108	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:51	HIVE Case #7874 CTO 22-181 (IP=108,KR)
121.170.193.209	24	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=209,KR)
121.176.16.144	24	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-07 15:00:00	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=144,KR)
121.19.134.78	24	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=78,CN)
121.196.104.235	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=235,CN)
121.196.121.126	24	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=126,CN)
121.196.192.178	24	WR	None	2022-02-10 00:00:00	2022-05-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=178,CN)
121.200.252.206	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:21	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=206,SG)
121.200.48.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,IN)
121.200.48.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,IN)
121.200.48.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,IN)
121.200.48.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,IN)
121.200.48.82	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=82,IN)
121.200.53.148	24	RR	None	2022-07-07 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:27	Apache Log4j CVE-2021-44228 Remote Code Execution - FE NX (IP=148, IN)
121.204.172.14	24	AR	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr Web Attacks (IP=14,CN)
121.206.165.199	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:32	Possible Cross-site Scripting Attack - IPS Events (IP=199,CN)
121.22.43.182	24	RR	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 14:56:21	SSH: SSH Login Bruteforce Detected - Failed Logons (IP=182,CN)
121.227.152.92	32	SW	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:46	HTTP: PHPUnit Remote Code Execution - IR# 22C00972(IP=92,CN)
121.29.111.13	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:58	Directory Traversal Attempt - IPS Events (IP=13,CN)
121.36.255.161	24	BB	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=161,CN)
121.36.37.29	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=29,CN)
121.37.174.111	24	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=111,CN)
121.37.219.68	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:49	HIVE Case #7380 CTO 22-099 (IP=68,CN)
121.4.127.233	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=233,CN)
121.4.251.135	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:50:47	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=135,CN)
121.4.30.121	32	RT	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 22:46:53	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01090 (IP=121,CN)
121.41.36.54	32	RR	None	2021-10-09 00:00:00	2022-01-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00108 (IP=54,CN)
121.43.141.142	32	KH	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00405 (IP=142,CN)
121.46.142.244	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:33	HIVE Case #7088 CTO 22-056 (IP=244,CN)
121.52.146.0	24	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,PK)
121.62.22.124	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:37	Attempted Access - Inbound Brute Force - IR# 22C01562 (IP=124,CN)
121.66.90.134	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:10	HIVE Case #7774 CTO 22-166 (IP=134,KR)
121.7.228.12	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:46	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=12,SG)
121.7.24.128	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
121.7.24.129	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
121.7.24.138	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
121.7.24.224	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
121.7.25.109	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
121.7.25.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
121.7.25.151	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
121.7.25.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
121.7.25.242	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
121.7.25.245	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
121.78.156.134	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:12	HIVE Case #7894 CTO 22-187 (IP=134,KR)
121.89.199.170	24	SW	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=170, CN)
121.89.234.61	24	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=167,CN)
121.9.200.22	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:51:58	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=22,CN)
122.10.45.207	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:25	HIVE Case #7495 CTO 22-120 (IP=207,HK)
122.10.45.217	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:26	HIVE Case #7495 CTO 22-120 (IP=217,HK)
122.10.82.91	24	djs	None	2015-06-23 05:00:00	2022-10-18 00:00:00	2022-04-18 13:41:41	Webapp setup.php access (ip=91,HK) | updated by TLM Block was inactive. Reactivated on 20220418 with reason HIVE Case #7416 CTO 22-106 (IP=91,HK)
122.104.109.234	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:47	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=234,AU)
122.11.147.71	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:21	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=71,SG)
122.114.37.27	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=27,CN)
122.116.137.190	24	JP	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:56	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=190,TW)
122.116.44.189	24	ZH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability- 6hr Web Attacks (IP=189,IN)
122.117.202.167	24	EDBT	None	2017-01-22 06:00:00	2022-03-30 00:00:00	None	SERVER-WEBAPP Setup.php access (IP=167,TW) | updated by KF Block was inactive. Reactivated on 20191223 with reason HTTP: SQL Injection Attempt Detected (IP=167,TW) | updated by DT Block was inactive. Reactivated on 20211230 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - Source Fire (IP=167,TW)
122.117.90.133	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=133,TW)
122.117.90.133	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=133,TW)
122.117.90.133	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=133,TW)
122.117.90.133	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=133,TW)
122.117.90.133	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=133,TW)
122.121.189.136	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01595 (IP= 136, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=136,TW)
122.14.218.28	24	RR	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=28,CN)
122.141.231.212	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:19	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01504 (IP=212,CN)
122.147.5.177	32	UA	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) (IP=177,TW)
122.147.5.177	32	UA	None	2021-10-10 00:00:00	2022-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00122 (IP=177,TW)
122.147.5.177	32	UA	None	2021-10-10 00:00:00	2022-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00122 (IP=177,TW)
122.152.219.144	24	KH	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	Hello Peppa Scan - FE IPS (IP=144,CN)
122.152.48.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
122.155.202.118	24	WR	None	2022-02-12 00:00:00	2022-05-12 00:00:00	None	Malware.Parent.DUAL - Hive Case # 6955 (IP=57,TH)
122.160.147.164	24	KH	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:19	SIPVicious Security Scanner - FE IPS (IP=164,IN)
122.161.50.23	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=23,IN)
122.171.21.142	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:39	SQL injection - 6Hr Web Attacks (IP=142,IN)
122.176.0.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
122.180.188.167	24	DT	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection Web attacks (IP=167,IN)
122.180.195.202	24	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:08	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=202,IN)
122.180.84.0	22	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
122.185.42.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
122.2.104.112	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	PH TO-S-2021-1143 Malware Activity
122.223.213.171	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery (1:1700010:1) - Source Fire (IP=171,JP)
122.225.242.254	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:14	HIVE Case #7894 CTO 22-187 (IP=254,CN)
122.226.168.101	32	RT	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:31	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) -IR# 22C01082 (IP=101,CN)
122.252.255.117	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:17	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR #22C01597 (IP=117,IN)
122.254.96.201	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:45	HIVE Case #7380 CTO 22-099 (IP=201,MN)
122.3.65.168	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
122.50.195.172	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:33	SQL injection - Web Attacks (IP=172,IN)
122.51.100.123	24	RR	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=123,CN)
122.51.159.184	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:30	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=184,CN)
122.51.232.37	32	KH	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00589 (IP=37,CN)
122.51.238.122	24	BB	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00172 (IP=122,CN)
122.51.53.50	24	KH	None	2021-10-15 00:00:00	2022-01-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=50,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=50,CN) SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=50,CN)
122.51.53.50	24	RR	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=50,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=50,CN) SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=50,CN)
122.52.123.29	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=29,PH)
122.52.168.226	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=226,PH)
122.54.147.17	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PH TO-S-2021-1092 Hive Case 4875 Malware Activity
122.54.62.235	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=235,PH)
122.54.66.73	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
122.54.71.98	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:43	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attacks (IP=98,CN)
122.55.245.170	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	PH TO-S-2021-1102 Malware Activity
122.55.53.206	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:34	SQL Attempts - IR# 22C01627 (IP=206,PH)
122.9.163.30	24	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:47	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=30,CN)
122.96.112.8	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:03	SIPVicious Security Scanner - IPS Events (IP=8,CN)
123.10.138.170	24	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:47	PHP PHP-CGI Query String Argument Injection - IPS Events (IP=170,CN)
123.108.50.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
123.11.15.210	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:57	Generic URI Injection wget Attempt - IPS Events (IP=210,CN)
123.110.123.98	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
123.112.16.108	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:12	HIVE Case #7894 CTO 22-187 (IP=108,CN)
123.118.77.178	32	AR	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 13:46:48	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C01113 (IP=178,CN)
123.123.123.123	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:45	HIVE Case #7704 TO-S-2022-0190 (IP=123,CN)
123.125.194.154	32	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:17	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01499 (IP=154,CN)
123.129.133.118	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:43	Generic URI Injection wget Attempt - FE CMS IPS Events (IP=118,CN)
123.14.3.57	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:01	SIPVicious Security Scanner - IPS Events (IP=57,CN)
123.160.221.6	24	SW	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 22:26:01	Network Scanning - ECE(IP=6,CN)
123.168.0.206	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:15	HIVE Case #7894 CTO 22-187 (IP=206,CN)
123.176.36.146	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
123.176.6.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MV TO-S-2021-1037 Hive Case 4785 Malware Activity
123.176.96.157	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:01	HIVE Case #7705 CTO 22-153 (IP=157,HK)
123.18.206.22	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:12	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 22C00452 (IP=22,VN) | updated by SW Block was inactive. Reactivated on 20220812 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# IR#22C01799(IP=22,VN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# IR#22C01799(IP=22,VN)
123.18.206.22	32	WR	None	2021-12-01 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:12	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 22C00452 (IP=22,VN) | updated by SW Block was inactive. Reactivated on 20220812 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# IR#22C01799(IP=22,VN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# IR#22C01799(IP=22,VN)
123.180.189.141	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:23	SQL injection - 6Hr Web Attacks (IP=141,CN)
123.183.161.165	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:47	WordPress Contact Form 7 CVE-2020-35489 File Upload Vulnerability - IPS Events (IP=165,CN)
123.192.212.120	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
123.193.32.0	19	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	TW TO-S-2021-1156 Malware Activity
123.195.84.191	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
123.206.22.29	24	RB	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logons (IP=29,CN)
123.206.88.110	24	TH	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=110,CN)
123.206.88.110	24	TH	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 Hr Web Report (IP=110,CN)
123.207.206.28	32	BB	None	2021-10-09 00:00:00	2022-01-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00107 (IP=28,US)
123.213.233.194	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:47	HIVE Case #7356 CTO 22-096 (IP=194,KR)
123.231.149.122	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=122,ID)
123.231.186.0	24	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,ID)
123.231.192.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
123.233.113.100	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=100,CN)
123.240.79.54	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:41	Generic URI Injection wget Attempt - FE CMS IPS alert (IP=54,TW)
123.243.101.162	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
123.25.204.233	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=233,VN)
123.25.218.73	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=73,VN)
123.252.201.206	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
123.4.66.155	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:16	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (Outbound) (CVE-2021-44228) - Source Fire (IP=155,CN)
123.56.175.31	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:52	HIVE Case #7898 CTO 22-188 (IP=31,CN)
123.56.222.11	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:56	HIVE Case #7282 CTO 22-085 (IP=11,CN)
123.56.70.64	24	TH	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=64,CN)
123.58.196.208	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:43	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=208,TW)
123.58.198.205	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:44	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=205,VN)
123.58.203.19	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:45	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=19,IN)
123.58.5.49	24	RR	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:03	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=49,CN) | updated by TH Block was inactive. Reactivated on 20220721 with reason PHP PHP-CGI Query String Argument Injection - FE CMS IPS Events (IP=49,CN) PHP PHP-CGI Query String Argument Injection - FE CMS IPS Events (IP=49,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=49,CH) SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=49,CH)
123.58.5.49	24	TH	None	2022-07-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:03	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=49,CN) | updated by TH Block was inactive. Reactivated on 20220721 with reason PHP PHP-CGI Query String Argument Injection - FE CMS IPS Events (IP=49,CN) PHP PHP-CGI Query String Argument Injection - FE CMS IPS Events (IP=49,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=49,CH) SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=49,CH)
123.58.5.49	24	GM	None	2019-03-27 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:03	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=49,CN) | updated by TH Block was inactive. Reactivated on 20220721 with reason PHP PHP-CGI Query String Argument Injection - FE CMS IPS Events (IP=49,CN) PHP PHP-CGI Query String Argument Injection - FE CMS IPS Events (IP=49,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=49,CH) SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=49,CH)
123.59.120.252	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=252,CN)
123.60.106.98	24	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:33	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=98,CN)
123.60.17.131	24	KD	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=131,CN)
123.60.68.90	24	BB	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=90,HK)
123bonsai.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:34	HIVE Case #5775 TO-S-2021-1390
124.104.17.148	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PH TO-S-2021-1050 Hive Case 4821 Malware Activity
124.105.206.103	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=103,PH)
124.107.91.229	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	PH TO-S-2021-1102 Malware Activity
124.109.61.160	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=160,PK)
124.11.240.188	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:23	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=188,TW)
124.117.243.222	24	RT	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attacks (IP=222,CN)
124.120.122.62	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
124.121.20.236	24	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=236,TH)
124.121.25.111	24	RT	None	2022-03-09 00:00:00	2022-06-08 00:00:00	2022-03-10 14:47:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attack (IP=111,TH) | updated by RR Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=111,TH) INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=111,TH)
124.121.25.111	24	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:47:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attack (IP=111,TH) | updated by RR Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=111,TH) INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=111,TH)
124.123.122.140	24	SW	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	SQL injection - WebAttacks (IP=140, IN)
124.13.118.147	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
124.13.118.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
124.13.139.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
124.14.224.120	24	ZH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-01 22:35:15	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=120, CN)
124.15.125.1	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=1,CN)
124.158.183.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1081 Hive Case 4872 Malware Activity
124.160.75.202	24	KD	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-31 13:46:47	SERVER-OTHER SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire(IP=202,CN)
124.169.17.166	24	KH	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 23:42:53	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=166,AU)
124.17.124.40	24	AR	None	2022-03-08 00:00:00	2022-06-06 00:00:00	2022-03-08 18:08:50	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6Hr Web Attack (IP=40,CN)
124.193.120.136	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability TT# 22C00432 (IP=136,CN)
124.205.213.111	24	WR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=111,CN)
124.216.16.3	32	TLM	None	2022-05-06 00:00:00	2022-11-05 00:00:00	2022-05-06 18:07:12	HIVE Case #7533 CTO 22-126 (IP=3,KR)
124.221.107.73	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:13	HIVE Case #7894 CTO 22-187 (IP=73,CN)
124.221.208.237	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:47	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR#: 22C01257 (IP=237,CN)
124.221.224.97	24	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:50:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=97,CN)
124.221.231.229	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:11	HIVE Case #7341 CTO 22-092 (IP=229,CN)
124.221.42.53	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:16	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01498 (IP=53,CN)
124.223.138.228	24	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=228,CN)
124.223.49.179	24	RR	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:55	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=179,CN)
124.223.52.172	24	RT	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-15 13:43:51	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attack (IP=172,CN)
124.223.72.11	24	RR	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:54	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=11,CN)
124.224.87.11	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=11,CN)
124.227.88.122	24	KD	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-11 23:14:33	FTP Login Failed- 6 hour failed Login(IP=122,CN)
124.228.203.199	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:50	SIPVicious Security Scanner - FE IPS Events (IP=199,CN)
124.248.207.50	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=50,HK)
124.40.250.124	24	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	Masscan TCP Port Scanner - IPS Events(IP=124,ID)
124.40.250.124	24	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	Masscan TCP Port Scanner - IPS Events(IP=124,ID)
124.43.10.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LK TO-S-2021-1050 Hive Case 4821 Malware Activity
124.65.133.162	24	KH	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=162,CN)
124.65.193.50	24	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:46	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=50,CN)
124.70.28.207	24	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=207,CN)
124.70.86.191	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00395 (IP=191,CN)
124.82.26.195	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
124.82.71.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
124.83.116.173	32	CR	None	2021-08-25 00:00:00	2022-08-25 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=173,PH)
124.88.76.210	24	RT	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=210,CN)
124.95.187.93	24	WR	None	2022-02-22 00:00:00	2022-05-22 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=93,CN)
125.105.92.138	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:52	Generic URI Injection wget Attempt - FE IPS Events (IP=138,CN)
125.105.97.48	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:07	SIPVicious Security Scanner - IPS Events (IP=48,CN)
125.106.185.205	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:26	SIPVicious Security Scanner - IPS Events (IP=205,CN)
125.120.30.3	24	WR	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00816 (IP=3,CN)
125.127.138.252	24	RS	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:47	SIPVicious Security Scanner - IPS Events (IP=252,CN)
125.161.108.253	32	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:54	HTTP: PHPUnit Remote Code Execution Vulnerability IR#: 22C00978 (IP=253,ID)
125.161.108.253	24	RR	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 14:47:53	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=253,ID)
125.164.171.59	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
125.164.232.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
125.164.246.126	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
125.165.216.217	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	ID TO-S-2021-1156 Malware Activity
125.165.248.127	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
125.212.224.0	21	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,VN)
125.227.146.67	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01596 (IP= 67, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=67,TW) HIVE Case #6129 CTO 21-237 (IP=67,TW)
125.227.146.67	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01596 (IP= 67, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=67,TW) HIVE Case #6129 CTO 21-237 (IP=67,TW)
125.227.209.117	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:58	HIVE Case #7904 CTO 22-189 (IP=117,TW)
125.227.215.237	24	KH	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:34	Shenzhen TVT DVR Remote Code Execution Vulnerability - FE IPS (IP=237,TW)
125.25.200.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
125.25.214.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
125.25.32.0	19	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,TH) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,TH)
125.254.66.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
125.27.17.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
125.27.200.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
125.31.49.84	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MO TO-S-2021-1050 Hive Case 4821 Malware Activity
125.35.71.34	24	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Report (IP=34,CN)
125.4.53.181	24	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:48	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=181,JP)
125.41.170.94	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:32	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=94,CN)
125.43.75.60	24	KH	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=60,CN)
125.59.9.35	24	RR	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=35,HK)
125.77.159.174	24	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (1:49376:3) - Sourcefire Rpt (IP=174,CN)
1251093292.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:19	HIVE Case #5940 TO-S-2021-1447
126.163.124.255	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:25:58	HIVE Case #7881 CTO 22-182 (IP=255,JP)
126.24.170.227	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	JP TO-S-2021-1081 Hive Case 4872 Malware Activity
128.1.248.37	32	KH	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=37,US)
128.1.44.238	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=238,TH)
128.1.91.92	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:58	SIPVicious Security Scanner - IPS Events (IP=92,US)
128.106.16.174	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=174,SG)
128.119.4.89	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00358 (IP=89,US)
128.127.16.230	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:52	HIVE Case #7282 CTO 22-085 (IP=230,FR)
128.14.133.50	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:24	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=50,US)
128.14.141.43	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:55	SIPVicious Security Scanner - IPS Events (IP=43,US)
128.14.209.148	32	KH	None	2022-01-10 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:15	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=148,US) | updated by RS Block was inactive. Reactivated on 20220620 with reason Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US) Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US)
128.14.209.148	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:15	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=148,US) | updated by RS Block was inactive. Reactivated on 20220620 with reason Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US) Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US)
128.14.209.148	32	KH	None	2022-01-10 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:15	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=148,US) | updated by RS Block was inactive. Reactivated on 20220620 with reason Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US) Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US)
128.14.209.148	32	KH	None	2022-01-10 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:15	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=148,US) | updated by RS Block was inactive. Reactivated on 20220620 with reason Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US) Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=148,US)
128.14.209.149	32	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:54:02	SIPVicious Security Scanner - IPS Events (IP=149,US)
128.14.209.150	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:04	SIPVicious Security Scanner - IPS Events (IP=150,US)
128.14.209.156	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:22	Possible Cross-site Scripting Attack - FE IPS Events (IP-156,US)
128.14.209.158	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:21	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=158,US)
128.14.209.181	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:38	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=181,US)
128.14.209.228	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:42	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=228,US)
128.14.209.230	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:28	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=230,US)
128.14.209.243	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:04	Generic URI Injection wget Attempt - IPS Events (IP=243,US)
128.14.209.252	32	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:41	SIPVicious Security Scanner - IPS Events (IP=252,US)
128.14.232.56	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:45	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=56,US)
128.14.239.146	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=146,US)
128.177.142.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,US)
128.194.135.12	32	RR	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=12,US)
128.199.0.104	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:48	SQL injection - Web Attacks (IP=104,SG)
128.199.0.209	32	BB	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=209,US)
128.199.0.231	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:01	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=231,US)
128.199.1.221	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:17	SQL injection - 6 HR WebAttack (IP=221,SG)
128.199.10.172	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:19	SQL injection - Web Attacks (IP=172,SG)
128.199.10.172	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:19	SQL injection - Web Attacks (IP=172,SG) SQL injection - Web Attacks (IP=172,SG)
128.199.10.214	24	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:05	SQL injection - WebAttacks (IP=214,SG)
128.199.10.52	32	NAB	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=52,US)
128.199.100.255	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:08	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=255,SG)
128.199.101.107	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:56:56	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=107,SG)
128.199.102.118	24	ZH	None	2022-04-04 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:19	SQL injection- 6hr Web Attacks (IP=118,SG) | updated by RR Block expiration extended with reason SQL union select - possible sql injection attempt - GET parameter - Source Fire (IP=118,SG) SQL union select - possible sql injection attempt - GET parameter - Source Fire (IP=118,SG)
128.199.102.118	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:19	SQL injection- 6hr Web Attacks (IP=118,SG) | updated by RR Block expiration extended with reason SQL union select - possible sql injection attempt - GET parameter - Source Fire (IP=118,SG) SQL union select - possible sql injection attempt - GET parameter - Source Fire (IP=118,SG)
128.199.104.235	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:47:25	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt - Source Fire (IP=235,SG)
128.199.105.71	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:03	SQL injection- 6hr Web Attacks (IP=71,SG)
128.199.106.244	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=244,SG)
128.199.107.230	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:43	HTTP SQL Injection Attempt- 6hr Web Attacks (IP=230,SG)
128.199.109.143	24	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 13:55:51	SQL injection - 6hr Web Attacks (IP=143,SG)
128.199.11.23	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:02	SQL injection - 6 HR WebAttack (IP=23,SG)
128.199.110.100	24	DT	None	2022-02-04 00:00:00	2022-05-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=100,SG)
128.199.113.234	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:17	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=234,SG)
128.199.114.98	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:06	SQL injection - WebAttacks (IP=98,SG)
128.199.115.121	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:07	rConfig SQL Injection Vulnerability - Web Attacks (IP=121,SG)
128.199.116.24	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:10	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - Sourcefire Rpt (IP=24,SG)
128.199.117.165	24	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:50	SQL injection - 6 HR WebAttack (IP=165,SG)
128.199.118.44	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:19	SQL injection - 6hr web attacks (IP=44,SG)
128.199.119.162	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:51	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=162,SG)
128.199.120.32	24	NAB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:05	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=32,SG)
128.199.121.174	24	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:57:58	SQL injection - WebAttacks (IP=174,SG)
128.199.121.185	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:36	HIVE Case #7380 CTO 22-099 (IP=185,SG)
128.199.123.172	24	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:34	SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2) - SourceFire (IP=172,SG)
128.199.124.96	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:22	FIREEYE Web: Infection Match (IP=96,SG)
128.199.125.110	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:22	SERVER-WEBAPP Facade Ignition remote code execution attempt - Sourcefire (IP=110,SG)
128.199.125.78	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:08	SERVER-WEBAPP Dicoogle directory traversal attempt (1:47664:1) - SourceFire (IP=78,SG)
128.199.127.231	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:23	SQL injection - Web Attacks (IP=231,SG)
128.199.127.250	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:44	SQL injection - Web Attacks (IP=250,SG)
128.199.128.110	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:33	SQL injection - Web Attacks (IP=110,SG)
128.199.129.172	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:50	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=172,SG)
128.199.13.187	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:10	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - Sourcefire Rpt (IP=187,US)
128.199.13.211	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:55	SQL injection - Web Attacks (IP=211,SG)
128.199.133.121	24	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:19	SQL injection - WebAttacks (IP=121,SG)
128.199.135.27	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:45	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=124,SG)
128.199.135.27	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:21	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=124,SG)
128.199.136.78	24	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:23:57	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt - SourceFire Report (IP=78,SG)
128.199.138.23	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:12	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttacks (IP=23,SG)
128.199.140.45	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:08	SERVER-WEBAPP Harbor Project Harbor admin account creation attempt - SourceFire (IP=45,SG)
128.199.142.93	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:18	SQL injection - 6Hr Web Attacks (IP=93,SG)
128.199.143.2	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:54:54	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=2,SG)
128.199.145.24	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:43	HTTP SQL Injection Attempt- 6hr Web Attacks (IP=24,SG)
128.199.146.43	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:56	SQL injection - 6 Hr Web Report (IP=43,SG)
128.199.148.191	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:33	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire (IP=191,SG)
128.199.149.13	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:05	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=13,SG)
128.199.15.21	32	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=21,US)
128.199.15.27	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:09	SQL injection - Web Attacks (IP=27,US)
128.199.150.81	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:52	SQL injection - WebAttacks (IP=81,SG)
128.199.153.82	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:12	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Sourcefire (IP=82,SG)
128.199.154.162	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:11	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Sourcefire (IP=162,SG)
128.199.154.162	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:41	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=162,SG)
128.199.154.162	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:41:28	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=162,SG)
128.199.155.162	24	KH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:17	Possible Cross-site Scripting Attack - FE IPS (IP=162,SG)
128.199.156.199	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:13	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=199,SG)
128.199.158.101	24	AR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:43	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - SourceFire (IP=101,SG)
128.199.159.60	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:25	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - Source Fire (IP=60,SG)
128.199.16.5	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:03	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=5,IN)
128.199.162.37	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:48	SQL injection - 6HR Web Attacks (IP=37,SG)
128.199.163.132	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:17	SQL injection - Web Attacks (IP=132,SG)
128.199.164.137	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:43	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability (1:58555:1) - SourceFire (IP=SG)
128.199.165.94	24	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:47	SQL injection - Web Attacks (IP=94,SG)
128.199.167.39	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:25	SQL injection - Web Attacks (IP=39,SG)
128.199.168.209	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:34	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttack (IP=209,SG)
128.199.17.15	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:12	SQL injection - Web Attacks (IP=15,SG)
128.199.171.241	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:07	HTTP SQL Injection Attempt - Web Attacks (IP=241,SG)
128.199.172.31	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:44	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=31,US)
128.199.173.240	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:47:59	SQL injection - Web Attacks (IP=240,SG)
128.199.174.173	24	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:01	SQL injection - WebAttacks (IP=173,SG)
128.199.175.173	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:03	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=173,SG)
128.199.179.243	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:51	SQL injection - 6 Hr Web Report (IP=243,SG)
128.199.180.28	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:42	SERVER-WEBAPP System Information Library for node.js command injection attempt (1:58980:1) - SourceFire (IP=28,SG)
128.199.182.74	24	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:10	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (1:47831:1) - SourceFire (IP=74,SG)
128.199.182.74	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:18	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=74,SG)
128.199.184.178	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:50	Joomla
128.199.185.232	24	SW	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:04	File /etc/passwd Access Attempt Detect - IPS Events (IP=232,SG)
128.199.187.173	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:47:02	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=173,SG)
128.199.189.178	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:28	SQL injection - 6Hr Web Attacks (IP=178,SG)
128.199.192.146	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:18	SQL injection - 6hr web attacks (IP=146,SG)
128.199.193.146	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=146,SG)
128.199.193.91	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:34	SQL injection - 6 HR WebAttack (IP=91,SG)
128.199.194.245	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:22	SERVER-WEBAPP Cisco ASA cross site scripting attempt - SourceFire (IP=245,SG)
128.199.195.125	24	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:35	SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt - WebAttacks (IP=125,SG)
128.199.196.131	24	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:18	SQL injection - 6Hr Web Attacks (IP=131,SG)
128.199.197.170	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:46	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=170,SG)
128.199.197.170	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:22	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=170,SG)
128.199.198.179	32	AR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 13:27:13	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01617 (IP=179,US)
128.199.198.217	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:17	HTTP: PHP File InclusionVulnerability - Web Attacks (IP=217,SG)
128.199.2.246	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:31	SQL injection - Web Attacks (IP=246,SG)
128.199.20.17	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:08	SQL injection - Web Attacks (IP=17,SG)
128.199.200.190	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:07	SQL injection - Web Attacks (IP=190,SG)
128.199.208.21	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:31	SQL injection - Web Attacks (IP=21,SG)
128.199.209.243	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00891 (IP=243,US)
128.199.212.249	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:05	SQL injection - Web Attacks (IP=249,SG)
128.199.213.46	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=46,SG)
128.199.213.46	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:22	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=46,SG)
128.199.214.93	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:20	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=93,SG)
128.199.215.255	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:15	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=255,SG)
128.199.216.0	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:38	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=0,SG)
128.199.217.153	24	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:45	SQL injection - WebAttacks (IP=153,SG)
128.199.219.94	24	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:50	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=94,SG)
128.199.220.49	24	RS	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:55	File /etc/passwd Access Attempt Detect - IPS Events (IP=49,SG)
128.199.221.178	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:33	Exploit.Log4Shell.CVE-2021-44228 - Case 6651 - SourceFire (IP=178,CN)
128.199.221.178	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:46	Exploit.Log4Shell.CVE-2021-44228 - Case 6651 - (IP=178,CN)
128.199.222.221	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=221,SG)
128.199.223.49	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:24	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=49,SG)
128.199.224.49	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:49	SQL injection - Web Attacks (IP=49,SG)
128.199.226.149	24	RS	None	2022-08-30 00:00:00	2022-11-29 00:00:00	2022-08-31 17:20:49	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=149,SG) | updated by KH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=149,SG) HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=149,SG)
128.199.226.149	24	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 17:20:49	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=149,SG) | updated by KH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=149,SG) HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=149,SG)
128.199.226.97	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:11	SQL injection - 6Hr Web Attacks (IP=97,SG)
128.199.227.104	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:41	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - Sourcefire Report (IP=104,SG)
128.199.228.171	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:42	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=171,SG)
128.199.228.171	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:41:29	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=171,SG)
128.199.229.241	24	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:48	SQL injection - WebAttacks (IP=241,SG)
128.199.230.247	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:35	SQL injection - 6HR WebAttack (IP=247,SG)
128.199.231.107	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:50	SQL injection - Web Attacks (IP=107,SG)
128.199.232.162	24	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:07	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=162,SG)
128.199.232.19	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:40	SQL injection - WebAttacks (IP=19,SG)
128.199.233.118	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:10	SQL injection - Web Attacks (IP=118,SG)
128.199.234.210	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:21	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=210,SG)
128.199.236.141	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:34	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (1:58069:1) - Sourcefire (IP=141,SG)
128.199.238.96	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:47:26	HTTP SQL Injection Attempt - Web Attacks (IP=96,SG)
128.199.239.211	24	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:24	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=211,SG)
128.199.24.31	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:12	SQL injection - 6HR WebAttacks (IP=31,SG)
128.199.241.30	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:43	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=30,SG)
128.199.243.158	24	DT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:01	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - FireEye CMS (IP=158,SG)
128.199.244.242	24	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:33	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=242,SG)
128.199.245.181	24	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:49	SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt (1:58857:1) - SourceFire (IP=181, SG)
128.199.246.233	24	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-03 14:03:27	SQL injection - 6 hr Web attacks (IP=233,SG)
128.199.247.13	24	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:01	SQL injection - WebAttacks (IP=13,SG)
128.199.249.186	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:45	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - Sourcefire Rpt (IP=186,SG)
128.199.249.186	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:10	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - Sourcefire Rpt (IP=186,SG)
128.199.25.1	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:29	SQL injection - 6Hr Web Attacks (IP=1,IN)
128.199.25.119	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=119,IN)
128.199.250.137	24	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:06	SQL injection - WebAttacks (IP=137,SG)
128.199.251.28	24	KD	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-16 14:40:52	SQL injection- Web Attacks (IP=28,SG)
128.199.252.6	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:04	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=6,SG)
128.199.253.246	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:33	SQL injection - Web Attacks (IP=246,SG)
128.199.254.178	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:14	SERVER-WEBAPP Grafana getPluginAssets path traversal attempt (1:58721:1) - Source Fire (IP=178,SG)
128.199.26.121	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:41	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=121,SG)
128.199.3.187	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:41	SQL injection - 6HR Web Attacks (IP=187,SG)
128.199.3.89	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:48	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - SourceFire (IP=89,US)
128.199.32.27	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:31	SERVER-WEBAPP Zimbra remote code execution attempt (1:29027:6) - SourceFire (IP=27,NL)
128.199.35.99	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:46	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - Sourcefire Rpt (IP=99,NL)
128.199.35.99	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:11	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - Sourcefire Rpt (IP=99,NL)
128.199.36.161	24	TC	None	2022-09-17 00:00:00	2022-12-17 00:00:00	2022-09-18 13:33:57	SQL injection - WebAttacks (IP=161,NL) | updated by TC Block expiration extended with reason SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (1:59541:1) - SourceFire (IP=161,NL)
128.199.37.95	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:43	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=95,NL)
128.199.38.231	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:04	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=231,NL)
128.199.39.168	24	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:44	SQL injection - Web Attacks (IP=168,NL)
128.199.4.95	24	JP	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:09	SQL injection - 6HR Web Attacks (IP=95, SG)
128.199.40.66	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:09	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - SourceFire (IP=66,NL)
128.199.41.73	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:41	SQL injection - Web Attacks (IP=73,NL)
128.199.42.6	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:06	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt - SourceFire (IP=6,NL)
128.199.43.144	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:30	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=144, NL)
128.199.44.125	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:03	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (1:47831:1) - Sourcefire (IP=125,NL)
128.199.45.111	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:40	SQL injection - Web Attacks (IP=111,NL)
128.199.46.236	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:33	HTTP: ThinkPHP CMS Getshell Vulnerability - 6Hr Web Attacks (IP=236,NL)
128.199.47.129	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:05	SQL injection- 6hr Web Attacks (IP=129,NL)
128.199.49.180	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:06	SQL injection - 6Hr Web Attacks (IP=180,NL)
128.199.5.100	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:57	SQL injection - 6 Hr Web Report (IP=100,US)
128.199.5.100	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:59	SQL injection - Web Attacks (IP=100,SG)
128.199.5.167	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:56	SQL injection - WebAttacks (IP=167,SG)
128.199.5.167	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:56	SQL injection - WebAttacks (IP=167,SG) SQL injection - WebAttacks (IP=167,SG)
128.199.5.199	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:13	SQL injection - 6hr Web Attacks (IP=199,US)
128.199.5.199	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:13	SQL injection - 6hr Web Attacks (IP=199,US) SQL injection - 6hr Web Attacks (IP=199,US)
128.199.51.176	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:05	HTTP: PHP File Inclusion Vulnerability - 6HR web Attacks (IP=176,NL)
128.199.52.29	24	AR	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:38	SQL injection - Web Attacks (IP=29,NL)
128.199.53.249	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:56	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - WebAttacks (IP=249,NL)
128.199.54.118	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:09	SQL injection- WebAttacks(IP=118,NL)
128.199.55.173	24	TH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:42	HTTP SQL Injection Attempt - Web Attacks (IP=173,NL)
128.199.57.127	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:22	SQL injection (IP=127,NL)
128.199.57.13	24	DT	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:10	SQLinjection - Web Attacks (IP=13,NL)
128.199.58.144	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:44	SQL injection- 6hr Web Attacks (IP=144,NL)
128.199.58.149	24	TC	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:34	SQL injection - WebAttacks (IP=149,NL)
128.199.60.154	24	RB	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:11	SQL injection - WebAttacks (IP=154,NL)
128.199.61.217	24	RT	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-21 13:44:39	SQL injection - 6 HR WebAttack (IP=217,NL)
128.199.62.15	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:49	SQL injection - WebAttacks (IP=15,NL)
128.199.63.168	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:24	SQL injection - Web Attacks (IP=168,NL)
128.199.64.179	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:51	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - SourceFire (IP=179,SG)
128.199.65.64	24	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:55	SQL injection - 6 Hr Web Report (IP=64,SG)
128.199.66.87	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:23	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt - SourceFire (IP=87,SG)
128.199.67.160	24	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:15	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=160,SG)
128.199.68.170	24	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:53	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=170,SG)
128.199.69.138	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:40	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=138,SG)
128.199.70.1	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=1,SG)
128.199.70.178	24	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:06	SQL injection - Web Attacks (IP=178,SG)
128.199.72.103	32	KH	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:17	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01927 (IP=103,SG)
128.199.72.65	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:44	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=65,SG)
128.199.73.166	24	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:54	SQL injection - WebAttacks (IP=166,SG)
128.199.75.135	24	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:09	SQL injection - Web Attacks (IP=135,SG)
128.199.75.201	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=201,SG)
128.199.77.210	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:30	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=210,SG)
128.199.78.244	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:44	SQL injection - WebAttacks (IP=244,SG)
128.199.79.83	24	RT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:57	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=83,SG)
128.199.8.104	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:20	SQL injection - Web Attacks (IP=104,SG)
128.199.8.50	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=50,US)
128.199.84.200	24	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:01	SQL injection - Web Attacks (IP=200,SG)
128.199.85.160	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:51	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - SourceFire (IP=160,SG)
128.199.86.151	24	WR	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:29	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - 22C01061 (IP=151,BR)
128.199.87.80	24	TH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-29 13:57:17	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire Report (IP=80,SG)
128.199.9.232	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:14	SQL injection - 6hr Web Attacks (IP=232,SG)
128.199.91.131	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:45	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=131,SG)
128.199.92.109	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:21	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=109,SG)
128.199.93.198	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:43	HIVE Case #7227 CTO 22-076 (IP=198,SG)
128.199.94.186	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:04	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - Sourcefire (IP=186,SG)
128.199.95.14	24	RT	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-26 13:47:37	HTTP SQL Injection Attempt - Web Attacks (IP=14,SG)
128.199.96.110	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:11	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=110,SG)
128.199.99.16	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:47:27	SQL injection - Web Attacks (IP=16,SG)
128.201.16.20	24	DT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=20,BR)
128.201.176.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
128.201.2.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
128.201.52.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
128.201.76.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
128.204.216.222	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=222,PL)
128.31.0.13	32	GM	None	2021-03-09 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00607 (IP=13,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=13,US)
128.39.65.230	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NO TO-S-2021-1037 Hive Case 4785 Malware Activity
128.61.111.7	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:18	HIVE Case #8395 TO-S-2022-0233 (IP=7,US)
128.70.170.140	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=140,RU)
128.73.192.51	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:50	HIVE Case #7356 CTO 22-096 (IP=51,RU)
128.90.59.60	24	NAB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=60,IL)
128.90.61.199	24	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=199,SA)
129.123.17.147	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=147,US)
129.146.108.145	32	TH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:47	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01250 (IP=145,US)
129.146.133.62	32	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:08:54	SQL injection - Web Attacks (IP=62,US)
129.146.164.184	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:31	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - SourceFire (IP=184,US)
129.146.242.7	32	RS	None	2022-07-27 00:00:00	2022-11-09 00:00:00	2022-08-11 22:52:19	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=7,US) | updated by JP Block expiration extended with reason SQL injection - 6HR Web Attacks (IP=7,US)
129.146.250.177	32	AR	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:02	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=177,US)
129.146.65.82	32	KH	None	2022-05-26 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:26	HIVE Case #6651 Exploit.CVE-2021-44228 - ECE (IP=82,US) | updated by RR Block expiration extended with reason ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=82,US)
129.146.70.211	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:47:45	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01697 (IP=211,US)
129.146.87.12	32	RR	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:43	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=12,US)
129.150.84.22	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:13	HIVE Case #7894 CTO 22-187 (IP=22,US)
129.151.129.188	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:31	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01519 (IP=188,AE)
129.151.35.240	24	NAB	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:27	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=240,BR)
129.153.137.51	32	AR	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-24 13:49:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=51,US)
129.154.42.37	32	TH	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-22 13:52:30	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01722 (IP=37,US)
129.187.19.183	24	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire Report (IP=183,DE)
129.205.102.242	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 22:46:07	Inbound Brute Force - IR#22C01363 (IP=242,NG)
129.208.139.229	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:44	HIVE Case #7199 CTO 22-074 (IP=229,SA)
129.211.122.50	24	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00428 (IP=50,CN)
129.211.122.50	32	AR	None	2022-03-06 00:00:00	2022-10-16 00:00:00	2022-07-18 13:49:55	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C01017 (IP=50,CN) | updated by AR Block was inactive. Reactivated on 20220718 with reason HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01690 (IP=50,CN) HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01690 (IP=50,CN)
129.211.122.50	32	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:49:55	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C01017 (IP=50,CN) | updated by AR Block was inactive. Reactivated on 20220718 with reason HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01690 (IP=50,CN) HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01690 (IP=50,CN)
129.211.4.81	24	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	HTTP: SQL Injection Attempt Detected – 6HR Web Attacks (IP=81,CN)
129.213.146.149	32	BMP	None	2021-07-03 00:00:00	2022-06-21 00:00:00	2022-03-23 22:21:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=149,US) | Unblocked - IP is owned by Oracle and the overall risk is low since we have other mitigations. | updated by KD Block was inactive. Reactivated on 20220323 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)-TT#22C01069 (IP=149,US)
129.213.215.122	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:46	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR#: 22C01256 (IP=122,US)
129.215.32.111	24	DT	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW (125:6:2) - Sourcefire (IP=111,GB)
129.226.144.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
129.226.227.246	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:19	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=246,HK)
129.226.29.143	24	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=143,IN)
129.226.36.132	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:45	HIVE Case #7458 CTO 22-113 (IP=132,IN)
129.226.62.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
129.226.64.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
129.78.110.128	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
1297375686.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:19	HIVE Case #5940 TO-S-2021-1447
13.107.42.16	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	2022-05-20 21:33:08	HIVE Case #6996 CTO 22-043 (IP=16,US) | Remove block per INC0317392 - Business impacting IP blocked by RBB
13.111.134.137	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
13.111.135.139	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
13.111.148.216	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
13.111.42.172	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=172,US)
13.111.43.171	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=171,US)
13.115.250.75	32	SW	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:45	Attempted Access - Inbound Brute Force - IR# 22C00975(IP=75,JP)
13.116.118.49	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=49,US)
13.127.242.131	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:04	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=131,IN)
13.211.180.212	32	RB	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00781 (IP=212,US)
13.212.241.167	24	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:30	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=167,SG)
13.215.172.17	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 19:45:38	HIVE Case #7902 COLS-NA TIP 22-0238 (IP=17,SG)
13.225.38.71	32	TLM	None	2022-05-12 00:00:00	2022-11-11 00:00:00	2022-05-12 15:45:26	HIVE Case #7545 COLS-NA-TIP 22-0162 (IP=71,US)
13.225.51.7	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=7,US)
13.229.143.213	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=213,SG)
13.234.238.179	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 22:45:00	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01368 (IP=179,US)
13.235.79.249	32	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:09	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=249,IN)
13.239.112.36	24	KH	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	SQL use of concat function with select - likely SQL injection (1:24172:2) - Sourcefire (IP=36,AU)
13.246.24.145	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:48	HIVE Case #7731 CTO 22-158 (IP=145,ZA)
13.248.148.254	32	SW	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:09	Web Infection Match - Hive Case 8156 (IP=254,US)
13.32.208.41	32	RR	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01916 (IP=41,US)
13.40.122.102	24	KH	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=102,GB)
13.40.122.102	24	KH	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=102,GB)
13.40.122.102	24	KH	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=102,GB)
13.40.197.174	32	SW	None	2022-02-04 00:00:00	2022-05-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=174,US)
13.40.2.248	24	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=248,GB)
13.40.29.89	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=89,GB)
13.40.5.61	24	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=61,GB)
13.51.192.149	32	RR	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00119 (IP=149,NL)
13.53.245.111	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=111,SW)
13.53.250.45	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=45,SE)
13.57.184.217	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=217,US)
13.58.211.240	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=240,US)
13.59.126.83	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=83,US)
13.64.19.233	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=233,US)
13.64.70.236	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=236,US)
13.67.239.91	32	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:58	HIVE Case #7532 IOC_SOLARDEFLECTION C2 (IP=91,US)
13.69.109.130	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:12	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=130,NL)
13.69.109.131	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:12	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=131,NL)
13.69.116.104	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:13	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=104,NL)
13.69.239.72	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:14	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=72,IE)
13.69.239.73	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:14	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=73,IE)
13.69.239.74	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:15	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=74,IE)
13.71.120.203	24	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=203,IN)
13.72.102.159	32	ZH	None	2021-12-15 00:00:00	2022-03-13 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=159,US) | updated by ZH Block was inactive. Reactivated on 20211215 with reason HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=159,US) HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=159,US)
13.72.102.159	32	GM	None	2020-12-08 00:00:00	2022-03-13 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=159,US) | updated by ZH Block was inactive. Reactivated on 20211215 with reason HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=159,US) HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=159,US)
13.72.109.227	32	jkc	None	2021-05-19 00:00:00	2022-05-18 00:00:00	None	Case #5480 - Multiple scans campaign (IP=227,US)
13.76.46.162	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-08-02 21:00:35	HIVE Case #7281 COLS-NA TIP 22-0103 (IP=162,SG)
13.77.82.242	32	SW	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=242, US)
13.78.111.198	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:16	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=198,JP)
13.79.28.122	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:28	HIVE Case #7813 CTO 22-173 (IP=122,IE)
13.81.200.200	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:40	HIVE Case #7380 CTO 22-099 (IP=200,NL)
13.82.214.111	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:15	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=111,US)
13.84.180.244	32	AR	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	SQL injection - 6hr Web Attack (IP=244,US)
13.84.200.46	32	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	T1190 - Command Injection,SQL Injection - Automated Block Calculations (IP=46,US)
13.89.48.118	32	TH	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 13:49:10	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX Alerts (IP=118,US)
13.90.131.107	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=107,US)
13.90.131.107	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=107,US)
13.90.22.222	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:51	SIPVicious Security Scanner - FE CMS IPS Events (IP=222,US)
13.90.22.222	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:57	SIPVicious Security Scanner - FE CMS IPS Events (IP=222,US)
13.90.73.236	32	ZH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt (1:48263:1) - Sourcefire Rpt (IP=236,US)
13.92.30.10	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-08-01 13:55:57	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=10,US)
13.93.229.182	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=182,US)
13.94.136.121	24	RR	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt Web Attacks (IP=121,NL)
130.0.30.77	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
130.102.159.180	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=180,AU)
130.149.80.199	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=199,DE)
130.162.146.2	32	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:43	HTTP: ThinkPHP CMS Getshell Vulnerability IR 22C01875 (IP=2,US)
130.162.56.51	24	ZH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:50:03	Elastic Log4J CVE-2021-44228 - FE NX (IP=51,DE)
130.167.84.138	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=138,US)
130.185.77.34	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 19:11:22	HIVE Case #7259 COLS-NA TIP 22-0099 (IP=34,IR)
130.208.206.118	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IS TO-S-2021-1050 Hive Case 4821 Malware Activity
130.211.29.77	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=77,US)
130.211.54.158	24	WR	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	FTP Login Failedk - 6 hr Failed Logon (IP=158,BE)
130.226.138.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,DK)
130.226.213.138	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=138,DK)
130.234.6.65	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=65,FI)
130.25.53.24	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:35	HIVE Case #7769 CTO 22-165 (IP=24,IT)
130.255.68.79	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PS TO-S-2021-1050 Hive Case 4821 Malware Activity
130.44.171.99	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=99,US)
130.56.64.126	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=126,AU)
130.59.31.20	24	RR	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-04-12 18:46:06	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=20,CH) by RR | IP will not be blocked - please remove from being "blocked" in Finder by BP
130.61.102.8	32	RT	None	2021-09-25 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:58	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01948 (IP=8,US) | updated by SW Block was inactive. Reactivated on 20220715 with reason HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01680 (IP=8,US)
130.61.178.219	32	UA	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01915 (IP=219,US)
130.61.33.62	32	ZH	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-18 13:49:56	Attempted Access - Inbound Brute Force IR# 22C01689 (IP=62,US)
130.61.38.56	32	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:37	Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01826 (IP=56,DE)
131.0.176.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.0.248.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.100.44.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
131.100.62.160	32	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:52	HTTP: PHP File Inclusion Vulnerability - IR# 22C01450 (IP=160,BR)
131.100.84.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
131.108.164.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
131.108.164.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.117.212.14	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:09	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=14,CZ)
131.161.41.194	24	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Report (IP=194,BR)
131.161.83.246	24	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=246,HN)
131.196.184.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
131.196.212.0	23	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,CO)
131.196.216.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.221.148.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.221.66.76	32	AR	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:06	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01445 (IP=76,AR)
131.221.72.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.246.9.116	24	DT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=116,DE)
131.255.100.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BR TO-S-2021-1081 Hive Case 4872 Malware Activity
131.255.132.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.255.8.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
131.72.217.1	24	DT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=1,BR)
131.72.236.28	32	TLM	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-05 14:31:22	HIVE Case #7312 COLS-NA-TIP 22-0110 (IP=28,CL)
132.145.52.70	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:48	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=70,GB)
132.148.103.40	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
132.148.217.174	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=174,US)
132.148.234.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
132.148.29.143	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=143,US)
132.148.35.29	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=29,US)
132.155.58.10	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:51	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,FI)
132.226.242.230	32	AR	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:18	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01502 (IP=230,US)
132.232.40.82	24	TH	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability- Web Attacks (IP=82,CN) | updated by TH Block was inactive. Reactivated on 20211222 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (1:51620:4) - SourceFire (IP=82,CN) SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (1:51620:4) - SourceFire (IP=82,CN)
132.232.40.82	24	KD	None	2021-06-02 00:00:00	2022-03-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability- Web Attacks (IP=82,CN) | updated by TH Block was inactive. Reactivated on 20211222 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (1:51620:4) - SourceFire (IP=82,CN) SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (1:51620:4) - SourceFire (IP=82,CN)
132.255.149.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
132.255.154.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
132.255.219.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
132.255.24.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
132.255.66.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
132.255.80.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
133.130.109.142	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
133.130.113.138	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=138,JP)
133.232.89.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
133.242.249.44	24	RR	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	Phish.URL.Emotet - Case 6917 - IPS Eevents (IP=44,JP)
133.34.149.5	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
134.0.10.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
134.0.112.117	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=117,RU)
134.0.115.15	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6443 CTO 21-300 (IP=15,RU)
134.0.117.16	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:34	HIVE Case #7404 CTO 22-105 (IP=16,RU)
134.119.176.69	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=69,FR)
134.119.176.69	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=69,FR)
134.119.176.69	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=69,FR)
134.119.177.107	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:50	HIVE Case #7779 CTO 22-162 (IP=107,FR)
134.119.178.61	32	RB	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	Unauthorized Access-Probe - TT# 22C00209 (IP=61,FR)
134.119.178.63	24	BB	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Unauthorized Access-Probe - TT# 22C00225 (IP=63,IL)
134.119.184.118	24	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:05	SIPVicious Security Scanner - FE CMS IPS Events (IP=118,FR)
134.119.216.187	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	FR TO-S-2021-1143 Malicious Email Activity
134.119.36.135	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:50	HIVE Case #7356 CTO 22-096 (IP=135,DE)
134.122.0.204	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:22	SQL injection - 6hr web attacks (IP=204,US)
134.122.1.27	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:15	SQL injection - 6hr Web Attacks (IP=27,US)
134.122.100.107	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:11	SQL injection - Web Attacks (IP=107,US)
134.122.100.165	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:08	HTTP: SQL Injection - Exploit- WebAttacks (IP=165,SG)
134.122.100.225	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:06	SQL injection - Web Attacks (IP=225,US)
134.122.103.183	24	AR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:52	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - SourceFire (IP=183,GB)
134.122.104.196	32	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:28	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=196,US)
134.122.104.229	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:20	SQL injection - 6 Hr Web Report (IP=229,GB)
134.122.106.150	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:42	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=150,GB)
134.122.107.189	24	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:53	SERVER-WEBAPP Terramaster TOS command injection attempt (1:57442:1) - SourceFire (IP=189,GB)
134.122.109.61	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:59	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=61,GB)
134.122.11.82	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:45	SQL injection - WebAttacks (IP=82,US)
134.122.11.97	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:46	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire (IP=97,US)
134.122.110.26	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:43	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=26,GB)
134.122.111.115	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:54	SQL Injection- Web Attacks (IP=115,US)
134.122.112.12	32	KH	None	2021-11-10 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:01	Directory Traversal Attempt - FE IPS (IP=12,US) | updated by TH Block was inactive. Reactivated on 20220817 with reason Threat Request // DT / SQLi attempts - IR#22C01820 (IP=12,US)
134.122.112.183	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:08	HTTP: SQL Injection - Exploit II - Web Attacks (IP=183,US)
134.122.114.26	32	TH	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:53	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=160,US)
134.122.116.196	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:24	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=196,US)
134.122.116.236	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:05	SQL injection - 6Hr Web Attacks (IP=236,US)
134.122.118.198	32	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:33	SQL injection- Web Attacks (IP=198,US)
134.122.12.169	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:57	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=169,US)
134.122.12.7	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00899 (IP=7,US)
134.122.122.235	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:22	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire (IP=235,US)
134.122.122.92	32	AR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 13:55:34	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=92,US)
134.122.123.79	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:15	SQL injection - Web Attacks (IP=79,US)
134.122.123.93	32	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:49	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=93,US)
134.122.124.12	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:44	SQL injection - WebAttacks (IP=12,US)
134.122.125.107	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:43	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=107,US)
134.122.125.60	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:18	SQL injection - 6 Hr Web Report (IP=60,US)
134.122.126.99	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:22	SQL injection - 6Hr Web Attacks (IP=99,US)
134.122.13.253	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:50	SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt - SourceFire (IP=253,US)
134.122.14.101	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:28	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=101,US)
134.122.14.185	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:40	SQL injection - WebAttacks (IP=185,US)
134.122.16.107	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:20	SQL injection - Web Attacks (IP=107,US)
134.122.18.139	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:07	SQL injection - Web Attacks (IP=139,US)
134.122.2.245	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:46	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - Sourcefire Rpt (IP=245,US)
134.122.2.53	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:23	SQL injection - WebAttacks (IP=53,US)
134.122.20.196	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:18	SQL injection - WebAttacks (IP=196,US)
134.122.21.193	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:07	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire Report (IP=193,US)
134.122.22.108	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:17	SQL injection - Web Attacks (IP=108,US)
134.122.23.209	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:25	SQL injection - Web Attacks (IP=209,US)
134.122.23.249	32	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:52	SQL injection - Web Attacks (IP=249,US)
134.122.24.64	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:44	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=64,US)
134.122.25.222	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:46	SQL injection - 6Hr Web Attacks (IP=222,US)
134.122.25.45	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:56	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=45,US)
134.122.25.97	32	DT	None	2021-03-30 00:00:00	2022-05-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=97,US) | updated by TLM Block was inactive. Reactivated on 20211130 with reason HIVE Case #6595 CTO 21-327 (IP=97,US)
134.122.26.26	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:18	SQL injection - Web Attacks (IP=26,US)
134.122.27.169	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:50	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=169,US)
134.122.27.225	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:49	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=225, US)
134.122.27.81	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:35	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - SourceFire (IP=81,US)
134.122.28.26	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:06	SQL injection - 6hr Web Attacks (IP=26,US)
134.122.29.163	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:09	SQL injection - Web Attacks (IP=163,US)
134.122.29.32	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:40	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=32,US)
134.122.3.207	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:08	SQL injection - Web Attacks (IP=207,US)
134.122.3.222	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:03	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=222,US)
134.122.30.11	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:43	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=11,US)
134.122.30.118	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:56:57	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=118,US)
134.122.30.203	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:32	SQL injection - Web Attacks (IP=203,US)
134.122.30.67	32	SW	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - SourceFire (IP=67, US)
134.122.31.151	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:37	SQL injection - 6hr Web Attacks (IP=151,US)
134.122.32.102	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=102,CA)
134.122.32.227	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:06	SQL injection - WebAttacks (IP=227,US)
134.122.32.55	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:41	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=55,US)
134.122.33.177	24	NAB	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:03	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=177,CA)
134.122.34.28	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=28,CA)
134.122.35.73	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:27	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (1:50304:2) - SourceFire (IP=73,CA)
134.122.36.109	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:55	POLICY-OTHER CA ARCserve Axis2 default credential login attempt - SourceFire (IP=109,CA)
134.122.36.216	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=216,US)
134.122.36.236	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:08	SQL injection - Web Attacks (IP=236,US)
134.122.36.9	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:29	SQL injection - Web Attacks (IP=9,US)
134.122.37.10	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:19	SQL injection - 6 HR WebAttacks (IP=10,US)
134.122.37.180	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:10	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire Report (IP=180,CA)
134.122.38.252	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:21	SQL injection- 6hr Web Attacks (IP=252,CA)
134.122.4.118	32	BB	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	SQL injection - Web Attacks (IP=118,US)
134.122.40.125	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-27 13:46:39	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=125,CA)
134.122.41.44	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:03	SQL injection - Web Attacks (IP=44,CA)
134.122.42.214	24	TH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:44	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - SourceFire Report (IP=214,CA)
134.122.42.49	32	JP	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:22	Multiple IPs Block - IR# 22C01923 (IP=49,CA)
134.122.43.121	24	NAB	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-25 13:46:17	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=121,CA) | updated by DT Block expiration extended with reason SQL injection - Web Attacks (IP=121,CA) CA
134.122.44.110	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-27 13:46:39	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=110,CA)
134.122.47.208	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:03	SQL injection - 6 Hr Web Report (IP=208,CA)
134.122.51.15	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:07	HIVE Case #7627 CTO 22-140 (IP=15,NL)
134.122.52.104	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:44	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - SourceFire (IP=104,NL)
134.122.54.194	32	RR	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 14:47:50	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00980 (IP=194,US)
134.122.55.68	24	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:04	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - SourceFire (IP=68, NL)
134.122.56.105	32	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:07	SQL injection - Web Attacks (IP=105,US)
134.122.57.17	24	AR	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:35:42	FEC_Webshell_PHP_Generic_43 - FireEye CMS (IP=17,NL)
134.122.58.32	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:43	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=32,NL)
134.122.58.32	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:12	SQL injection - Web Attacks (IP=32,US)
134.122.59.83	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:49	SQL injection - 6Hr Web Attacks (IP=83,NL)
134.122.6.197	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:13	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability (1:58555:1) - SourceFire (IP=197, US)
134.122.6.67	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:57	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=67,US)
134.122.6.83	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:32	HTTP: Firefuzzer SQL Injection Scanning II - 6Hr Web Attacks (IP=83,US)
134.122.61.7	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:10	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=7,NL)
134.122.63.247	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:45	SQL injection - Web Attacks (IP=247,US)
134.122.64.163	24	KD	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	SQL injection - 6hr web attacks (IP=163,DE)
134.122.65.78	24	AR	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:46	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire (IP=78,DE)
134.122.68.254	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:50:48	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - Source Fire (IP=254,DE)
134.122.69.101	32	RB	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 22:44:38	HTTP: PHP File Inclusion Vulnerability - IR# 22C01962 (IP=101,US)
134.122.69.238	32	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:52	SQL injection - Web Attacks (IP=238,US)
134.122.70.90	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:57	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=90,US)
134.122.71.186	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=186,DE)
134.122.71.186	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=186,DE)
134.122.73.223	32	RT	None	2021-10-09 00:00:00	2022-01-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00103
134.122.74.119	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:50:48	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=119,DE)
134.122.75.253	24	DT	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	QL injection - Web attacks (IP=253,DE)
134.122.8.190	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:38	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=190,US)
134.122.80.208	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=208,DE)
134.122.80.76	32	RT	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:32	HTTP: PHP File Inclusion Vulnerability - IR#22C01079 (IP=76,DE)
134.122.83.160	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=160,DE)
134.122.83.78	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=78,DE)
134.122.84.152	24	KH	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=152,DE)
134.122.88.110	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:40	SQL injection- Web Attacks (IP=110,DE)
134.122.9.21	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:14	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=21, US)
134.122.9.5	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:18	SQL injection - Web Attacks (IP=5,US)
134.122.91.204	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=204,DE)
134.122.92.63	24	KD	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	SERVER-WEBAPP Dicoogle directory traversal attempt- Sourcefire (IP=63,DE)
134.122.93.29	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=29,DE)
134.122.95.224	24	ZH	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability IR#22C00931 (IP=DE)
134.122.96.133	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:44:59	SQL injection - WebAttacks (IP=133,US)
134.122.98.153	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:11	SQL injection - 6hr Web Attacks (IP=153,US)
134.122.98.187	24	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:16:00	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=187,GB)
134.122.99.215	24	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:49	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=215,GB)
134.122.99.72	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:03	SQL injection - Web Attacks (IP=72,US)
134.122.99.72	24	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:14	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=72,GB)
134.130.4.9	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=9,DE)
134.130.5.9	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=9,DE)
134.155.96.51	24	DT	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=51,DE)
134.159.225.94	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
134.169.10.20	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:52	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=20,DE)
134.17.26.62	32	TH	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:30:39	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C1604 (IP=62,BY)
134.19.144.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
134.19.179.187	24	SW	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	SQL injection - WebAttacks (IP=187, NL)
134.19.224.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GE TO-S-2021-1050 Hive Case 4821 Malware Activity
134.195.208.174	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:44	HIVE Case #7458 CTO 22-113 (IP=174,US)
134.195.209.101	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
134.195.209.84	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
134.195.212.50	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:16	HIVE Case #7535 TO-S-2022-0176 (IP=50,US)
134.209.100.23	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:41	SQL injection - 6Hr Web Attacks (IP=23,SG)
134.209.102.175	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:49	SQL injection - Web Attacks (IP=175,SG)
134.209.104.122	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:00	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=122,SG)
134.209.105.29	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:10	CVE-2020-10148 SolarWinds Orion Authentication Bypass attempt - SourceFire (IP=29,SG)
134.209.106.24	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:34	rConfig SQL Injection Vulnerability- Web Attacks (IP=24,SG)
134.209.106.85	24	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:48	SQL injection - WebAttacks (IP=85,SG)
134.209.107.92	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:09	SQL injection- WebAttacks(IP=92,SG)
134.209.108.174	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=174,SG)
134.209.109.69	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:47:28	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt - Source Fire (IP=69,SG)
134.209.144.135	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:10	SQL injection - Web Attacks (IP=135,IN)
134.209.145.44	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=44,IN)
134.209.146.196	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:16	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=196,IN)
134.209.146.196	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:41	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=196,IN)
134.209.147.219	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:11	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - Sourcefire Rpt (IP=219,IN)
134.209.148.229	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:49	SQL injection - Web Attacks (IP=229,DE)
134.209.149.1	24	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:38	SQL injection - Web Attacks (IP=1,IN)
134.209.149.1	24	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:38	SQL injection - Web Attacks (IP=1,IN) SQL injection - Web Attacks (IP=1,IN)
134.209.149.34	24	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:19	SQL injection - WebAttacks (IP=34,IN)
134.209.149.56	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:40:57	SQL injection - Web Attacks (IP=56,IN)
134.209.150.252	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:47	SQL injection - 6Hr Web Attacks (IP=252,IN)
134.209.151.154	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:18	SQL injection - WebAttacks (IP=154,IN)
134.209.152.152	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:30	SQL injection - WebAttacks (IP=152,IN)
134.209.152.22	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:50	SQL injection - Web Attacks (IP=22,IN)
134.209.152.22	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:50	SQL injection - Web Attacks (IP=22,IN) SQL injection - Web Attacks (IP=22,IN)
134.209.152.32	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:29	SQL injection - WebAttacks (IP=32,IN)
134.209.153.97	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:29	SQL injection - 6Hr Web Attacks (IP=97,IN)
134.209.154.164	24	DT	None	2022-04-07 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:39	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Source Fire (IP=169,IN) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=164,IN) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=164,IN)
134.209.154.164	24	NAB	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:39	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Source Fire (IP=169,IN) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=164,IN) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=164,IN)
134.209.156.254	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:56	SQL injection - Web Attacks (IP=254,IN)
134.209.157.42	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:48	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=42,IN)
134.209.158.73	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:47	SQL injection - 6Hr Web Attacks (IP=72,IN)
134.209.158.73	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:23	SQL injection - 6Hr Web Attacks (IP=72,IN)
134.209.159.126	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:17	SQL injection - Web Attacks (IP=126,IN)
134.209.16.100	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:02	HIVE Case #7381 CTO 22-102 v2 (IP=100,GB)
134.209.16.44	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:17	SQL union select - possible sql injection attempt - GET parameter - Source Fire (IP=44,GB)
134.209.161.150	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:27	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=150,US)
134.209.161.23	32	ZH	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - SourceFire Rpt (IP=23,US)
134.209.163.248	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=248,US)
134.209.163.59	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:22	SQL injection - Web Attacks (IP=59,US)
134.209.164.175	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:30	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=175,US)
134.209.164.180	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:37	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44329:2) - SourceFire (IP=180,US)
134.209.165.168	32	RS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 13:54:04	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - Web Attacks (IP=168,US)
134.209.166.130	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:12	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=130,US)
134.209.166.161	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:07	HIVE Case #7668 CTO 22-146 (IP=161,US)
134.209.167.179	32	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:35	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=179,US)
134.209.167.195	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:41	SERVER-WEBAPP Grafana getPluginAssets path traversal attempt - SourceFire (IP=195,US)
134.209.167.63	32	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:08	SQL injection - Web Attacks (IP=63,US)
134.209.167.87	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-08-01 13:55:58	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=87,US)
134.209.168.242	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:37	SQL injection - 6 Hr Web Report (IP=242,US)
134.209.169.199	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:18	SQL injection - 6Hr Web Attacks (IP= 199,US)
134.209.169.37	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:33	SQL injection - Web Attacks (IP=37,US)
134.209.17.71	24	ZH	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:26	Known Attack Tool IR#: 22C01289 (IP=71,GB)
134.209.170.130	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:41	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=130,US)
134.209.171.151	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:04	SQL injection - 6Hr Web Attacks (IP=151,US)
134.209.171.155	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:27	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) - SourceFire (IP=155,US)
134.209.171.171	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:12	SQL injection - 6hr Web Attacks (IP=171,US)
134.209.172.25	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:34	SQL injection - Web Attacks (IP=25,US)
134.209.173.196	32	NAB	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:04	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=196,US)
134.209.174.114	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:07	File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=114,US)
134.209.175.238	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:51	SQL injection - 6 HR WebAttack (IP=238,US)
134.209.176.213	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:03	HTTP: PHP File Inclusion Vulnerability - IR#23C01984 (IP=213,GB)
134.209.176.99	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:18	SQL injection - 6HR Web Attacks (IP=99,GB)
134.209.177.202	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:31	HTTP SQL Injection Attempt- Web Attacks (IP=202,GB)
134.209.178.245	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:10	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=245,GB)
134.209.179.149	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=149,GB)
134.209.18.163	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:03	Adobe ColdFusion Administrator Access Restriction - 6 HR WebAttack (IP=163,GB)
134.209.180.157	24	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:34	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=157,GB)
134.209.181.227	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:43	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt - Source Fire (IP=227,GB)
134.209.182.67	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:18	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attacks (IP=67,GB)
134.209.183.208	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:20	SQL injection - Web Attacks (IP=208,GB)
134.209.185.78	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=78,GB)
134.209.186.4	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:52	SQL injection - 6Hr Web Attacks (IP=4,GB)
134.209.187.71	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:42	SQL injection - Web Attacks (IP=71,GB)
134.209.188.160	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:33	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=160,GB)
134.209.189.64	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:33	SQL injection - Web Attacks (IP=64,GB)
134.209.19.18	24	RR	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:56	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt - SourceFire (IP=18,GB)
134.209.191.73	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:07	SQL Injection - 6hr Web Attacks (IP=73,GB)
134.209.193.123	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:47	SQL injection - 6Hr Web Attacks (IP=123,NL)
134.209.194.199	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:29	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt - SourceFire (IP=199,NL)
134.209.195.20	24	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 13:54:43	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=20,NL)
134.209.196.8	24	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:02	SQL injection - Web Attacks (IP=8,NL)
134.209.197.236	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=236,NL)
134.209.197.79	24	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:18	SQL injection - Web Attacks (IP=79,NL)
134.209.199.5	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:38	SQL injection - 6hr Web Attacks (IP=5,NL)
134.209.20.53	24	KH	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 23:43:41	HTTP SQL Injection Attempt - Web Attacks (IP=53,GB)
134.209.200.100	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:06	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=100,NL)
134.209.201.161	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:51	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=161,NL)
134.209.203.148	24	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 22:48:25	SQL injection - Web Attacks (IP=148,NL)
134.209.204.73	24	NAB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:23	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=73,NL)
134.209.206.218	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:12	SQL injection - Web Attacks (IP=218,NL)
134.209.207.145	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:49	SQL injection - Web Attacks (IP=145,NL)
134.209.21.31	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:05	HIVE Case #7381 CTO 22-102 v2 (IP=31,GB)
134.209.21.44	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:22	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) - Source Fire (IP=44,GB)
134.209.214.19	32	AR	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 22C00301 (IP=19,US)
134.209.218.195	32	AR	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 22C00297 (IP=195,US)
134.209.218.200	32	AR	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00298 (IP=200,US)
134.209.218.203	32	AR	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 22C00303 (IP=203,US)
134.209.218.221	32	AR	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection- TT# 22C00299 (IP=221,US)
134.209.218.255	32	AR	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C00294 (IP=255,US)
134.209.22.33	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:22	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire (IP=33,GB)
134.209.226.147	24	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:53:50	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=147, DE)
134.209.228.200	24	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:08	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=200,DE)
134.209.229.255	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:23	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=255,DE)
134.209.23.153	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:33	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=153,GB)
134.209.234.207	24	DT	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=207,DE)
134.209.236.80	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:44	SERVER-WEBAPP Buffalo WSR router configuration injection attempt - Source Fire (IP=80,DE)
134.209.237.159	24	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:36	SQL injection - WebAttacks (IP=159,DE)
134.209.239.103	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:32	SQL injection- Web Attacks (IP=103,DE)
134.209.239.179	24	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:13	SIPVicious Security Scanner - IPS Events (IP=179,DE)
134.209.241.93	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:42	SQL injection - Web Attacks (IP=93,DE)
134.209.243.116	24	TH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-18 13:49:18	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=116,DE)
134.209.244.207	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:07	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (1:58594:1) - SourceFire Report (IP=207,DE)
134.209.245.132	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:12	SQL injection - 6hr Web Attacks (IP=132,DE)
134.209.25.192	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:09	SQL injection - Web Attacks (IP=192,GB)
134.209.251.76	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=76,DE)
134.209.253.191	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:13	SQL injection - Web Attacks (IP=191,NL)
134.209.254.121	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:35	SERVER-WEBAPP Webmin password_change command injection attempt (1:51488:1) - Sourcefire (IP=121,DE)
134.209.26.17	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:09	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=17,GB)
134.209.28.38	24	RT	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 14:15:45	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=38,GB)
134.209.29.235	24	RR	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:56	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt - SourceFire (IP=235,GB)
134.209.30.154	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:27	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - SourceFire (IP=154,GB)
134.209.31.151	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:19	SQL injection - 6hr web attacks (IP=151,GB)
134.209.32.110	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:43	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire (IP=110,US)
134.209.32.114	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:22	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=114,US)
134.209.32.152	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:11	SQL injection - Web Attacks (IP=152,US)
134.209.32.178	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:34	SQL use of concat function with select - likely SQL injection - SourceFire (IP=178,US)
134.209.32.20	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:42	SQL injection - 6Hr Web Attacks (IP=20,US)
134.209.32.241	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:00	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=241,US)
134.209.32.30	32	AR	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 13:49:51	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=30,US)
134.209.32.92	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:00	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - Web Attacks (IP=92,US)
134.209.33.224	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:42	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=224,US)
134.209.33.45	32	JP	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:58	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=45,US)
134.209.34.143	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:19	SQL injection - Web Attacks (IP=143,US)
134.209.35.153	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:29	SQL injection - WebAttacks (IP=153,US)
134.209.35.91	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:16	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=91,US)
134.209.36.175	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:31	SQL injection - Web Attacks (IP=175,US)
134.209.36.191	32	AR	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 13:39:19	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Web Attacks (IP=191,US)
134.209.37.56	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:22	SQL injection- 6hr Web Attacks (IP=56,US)
134.209.39.47	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 13:53:00	SQL injection - 6hr Web Attacks (IP=47,US)
134.209.40.217	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:39	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=217,US)
134.209.41.59	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:16	SQL injection - 6hr Web Attacks (IP=59,US)
134.209.41.93	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:23	SQL injection - 6Hr Web Attacks (IP=93,US)
134.209.42.135	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:05	SQL injection - 6Hr Web Attacks (IP=135,US)
134.209.42.155	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=155,US)
134.209.42.171	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:13	SQL injection - 6hr Web Attacks (IP=171,US)
134.209.43.136	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:37	SQL injection - 6hr Web Attacks (IP=136,US)
134.209.43.221	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:12	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) - SourceFire (IP=221, US)
134.209.44.125	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:12	SERVER-WEBAPP rConfig compliance policies SQL injection attempt (1:59326:1) - Sourcefire Rpt (IP=125,US)
134.209.44.195	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:42	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=195,US)
134.209.44.38	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:24	SQL injection - 6 Hr Web Report (IP=38,US)
134.209.45.144	32	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00429 (IP=144,US)
134.209.45.26	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:38	SQL injection - 6hr Web Attacks (IP=26,US)
134.209.45.96	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:01	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=96,US)
134.209.46.88	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:49	SQL injection - 6 Hr Web Report (IP=88,US)
134.209.47.33	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:29	SQL injection - 6Hr Web Attacks (IP=33,US)
134.209.80.164	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:06	Adobe ColdFusion Administrator Access Restriction (IP=164,NL)
134.209.82.60	24	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:34	SQL injection - 6Hr Web Attacks (IP=60,NL)
134.209.83.132	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:54	HIVE Case #7898 CTO 22-188 (IP=132,NL)
134.209.86.251	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:20	SQL injection - 6 HR WebAttack (IP=251,NL)
134.209.87.153	24	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:33	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56162:2) - SourceFire (IP=153,NL)
134.209.89.11	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:42	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6Hr Web Attacks (IP=11,NL)
134.209.90.124	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:38	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=124,NL)
134.209.93.101	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:43	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=101,NL)
134.209.94.103	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:47	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=103,NL)
134.209.95.226	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:01	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - Web Attacks (IP=226,NL)
134.209.96.164	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:39	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - SourceFire Report (IP=164,SG)
134.209.97.133	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:43	SQL injection - WebAttacks (IP=133,SG)
134.209.97.239	32	wmp	None	2020-07-09 00:00:00	2022-05-29 00:00:00	2022-02-28 14:50:38	HIVE Case #3284 CTO-20-189 (IP=239,SG) | updated by srm Block was inactive. Reactivated on 20220228 with reason HIVE Case #NA FP Security (IP=239,SG)
134.209.98.22	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:27	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=22,SG)
134.213.160.4	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:13	HIVE Case #7668 CTO 22-146 (IP=4,GB)
134.213.27.84	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=84,GB)
134.213.29.14	32	TLM	None	2022-06-08 00:00:00	2022-12-08 00:00:00	2022-06-09 14:48:04	HIVE Case #7739 CTO 22-159 (IP=14,GB) | updated by TLM Block expiration extended with reason HIVE Case #7747 TO-S-2022-0194 (IP=14,GB)
134.236.150.60	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
134.236.160.22	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
134.236.160.25	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
134.236.162.140	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
134.236.32.113	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=113,TH)
134.236.53.112	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
134.255.219.8	32	TH	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 23:14:32	ColdFusion error - IR#22C01032 (IP=8,DE)
134.255.225.161	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:12	HIVE Case #7458 CTO 22-113 (IP=161,DE)
134.255.235.156	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=156,DE)
134.255.237.49	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=49,DE)
134.35.56.145	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	YE TO-S-2021-1050 Hive Case 4821 Malware Activity
134.75.115.48	24	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:48	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=48,KR)
134.90.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
134.90.232.193	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
134.90.250.238	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
135.125.10.54	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=54,FR)
135.125.190.144	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:05	SQL injection - 6Hr Web Attacks (IP=144,FR)
135.125.241.4	32	TLM	None	2022-05-18 00:00:00	2022-11-17 00:00:00	2022-05-19 13:24:08	HIVE Case #7616 CTO 22-138 (IP=4,FR) | Please remove from active block. Incorrect CTO was attached in **CIRT T1** - Block Request - Hive Case #7595 CTO 22-134 at 9:02 AM EST 5/18/22 From Tauren Miller: Sorry I sent the wrong list. CND hasn't approved CTO 22-138 Block list yet. Attached is the correct blocklist by RS | updated by TLM Block was inactive. Reactivated on 20220518 with reason HIVE Case #7616 CTO 22-138 (IP=4,FR)
135.125.30.129	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=129,FR)
135.125.52.199	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
135.125.55.235	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:47	HIVE Case #7325 CTO 22-091 (IP=235,FR)
135.148.130.60	32	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=60,US)
135.148.132.224	32	NAB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=224,US)
135.148.143.217	32	BMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=217,US)
135.148.34.175	32	RR	None	2022-07-09 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:48	SQL injection - Web Attacks (IP=175,US) | updated by TH Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=175,US)
135.148.91.146	32	NAB	None	2022-01-31 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:13	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=146,US) | updated by EE Block was inactive. Reactivated on 20220525 with reason HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=146,US)
135.181.0.0	16	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=0,FI)
135.181.127.67	32	TLM	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-09 18:53:32	HIVE Case #8250 COLS-NA-TIP 22-0310 (IP=67,FI)
135.181.187.30	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	DE TO-S-2021-1102 Malicious Email Activity
135.181.243.142	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=142,FI)
135.181.79.106	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:29	HIVE Case #7623 CTO 22-139 (IP=106,FI)
135.181.99.24	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=24,FI)
135.181.99.243	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=243,FI)
135.23.151.24	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:53	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=24,CA)
136.143.11.232	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:44	HIVE Case #7199 CTO 22-074 (IP=232,NL)
136.144.202.205	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=205,NL)
136.144.41.16	24	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:48	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=16,NL)
136.144.41.163	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=163,US)
136.144.41.22	32	RR	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt Web Attacks (IP=22,US)
136.144.41.27	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=27,US)
136.144.41.47	32	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:34	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=47,US)
136.144.41.83	32	KD	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=83,US)
136.144.41.84	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=84,US)
136.144.41.97	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=97,US)
136.144.42.204	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:16	SERVER-WEBAPP D-Link Routers command injection attempt (1:59072:1) - SourceFire (IP=204, NL)
136.169.168.164	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:50	Suspicious Scan Activity (IP=164,RU)
136.176.200.104	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:38	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=104,US)
136.176.200.105	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:39	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=105,US)
136.226.32.237	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:53	HIVE Case #7898 CTO 22-188 (IP=237,US)
136.226.32.241	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:53	HIVE Case #7874 CTO 22-181 (IP=241,US)
136.226.32.243	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:48	HIVE Case #7898 CTO 22-188 (IP=243,US)
136.226.33.105	24	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:08	HIVE Case #7874 CTO 22-181 (IP=105,US)
136.232.122.178	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=178,IN)
136.232.177.94	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=94,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=94,IN)
136.232.208.146	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
136.232.217.102	32	KD	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00147 (IP=102,IN)
136.232.34.70	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:45	HIVE Case #7199 CTO 22-074 (IP=70,IN)
136.232.99.146	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=146,IN)
136.243.145.149	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=149,DE)
136.243.18.95	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
136.243.187.29	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=29,DE)
136.243.239.164	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=164,DE)
136.243.242.57	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=57,DE)
136.243.75.136	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:38	HIVE Case #7704 TO-S-2022-0190 (IP=136,DE)
136.243.75.214	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=214,DE)
136.244.100.127	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=127,NL)
136.244.103.29	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:19	HIVE Case #7341 CTO 22-092 (IP=29,GB)
136.244.105.170	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=170,NL)
136.244.111.3	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=3,NL)
136.244.111.46	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=46,NL)
136.244.116.12	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=12,FR)
136.244.77.145	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=145,GB)
136.244.80.114	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=114,DE)
136.244.82.183	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=183,DE)
136.244.84.141	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=141,DE)
136.244.93.191	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00359 (IP=191,US)
137.135.12.27	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=27,US)
137.161.159.13	32	JKC	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	Non compliant system - INC0148563 (IP=13,US)
137.175.51.19	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:17	HIVE Case #7816 TO-S-2022-0202 (IP=19,US)
137.175.66.204	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:02	HIVE Case #7104 TO-S-2022-0138 (IP=204,US)
137.184.0.127	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:11	SERVER-WEBAPP Java ClassLoader access attempt - SourceFire (IP=127,US)
137.184.1.2	32	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:39	SQL injection - Web Attacks (IP=2,US)
137.184.1.245	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:50	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=245, US)
137.184.1.32	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:44	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - SourceFire (IP=32,US)
137.184.1.90	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:00	HIVE Case #7282 CTO 22-085 (IP=90,US)
137.184.10.229	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:47	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=229,DE)
137.184.100.100	32	KD	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# PAPER TICKET 1(IP=100,US)
137.184.100.20	32	NAB	None	2022-03-28 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:20	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=20,US) | updated by SW Block was inactive. Reactivated on 20220804 with reason SQL injection - WebAttacks (IP=20,US)
137.184.100.247	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:09	SQL injection - Web Attacks (IP=247,US)
137.184.100.37	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:09	HTTP SQL Injection Attempt - Web Attacks (IP=37,US)
137.184.101.248	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:40:58	HTTP: SQL Injection - Exploit - Web Attacks (IP=248,US)
137.184.102.152	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:44	SQL injection - 6Hr Web Attacks (IP=152,US)
137.184.102.161	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:08	Exploit.Log4Shell.CVE-2021-44228 (IP=161,US)
137.184.102.38	32	TH	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:30:39	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C1605 (IP=38,US)
137.184.102.82	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=82,US)
137.184.103.141	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	SQL injection - Web Attacks (IP=141,US)
137.184.103.143	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:24	SQL injection - 6 Hr Web Report (IP=143,US)
137.184.103.203	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=203,US)
137.184.103.241	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:16	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt - SourceFire (IP=241,US)
137.184.103.29	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	SQL injection - Web Attacks (IP=29,US)
137.184.104.229	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:29	HTTP SQL Injection Attempt - Web Attacks (IP=229,US)
137.184.104.237	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00061 (IP=237,US)
137.184.104.248	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:10	SQL injection - Web Attacks (IP=248,US)
137.184.104.73	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=73,US)
137.184.105.240	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:43	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=240,US)
137.184.106.105	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:43	HTTP: PHP File Inclusion Vulnerability - IR# 22C01527(IP=105,US)
137.184.106.11	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=11,US)
137.184.106.119	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=119,US)
137.184.106.127	32	DT	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	Possible SQL Injection - Generic detection for SQLMap Advanced SQL Injection Tool - IPS Events (IP=127,US)
137.184.106.62	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:26	SQL injection - 6 Hr Web Report (IP=62,US)
137.184.107.22	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	SQL injection - Web Attacks (IP=22,US)
137.184.108.232	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:02	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - Web Attacks (IP=232,US)
137.184.108.98	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:25	SQL injection - 6 Hr Web Report (IP=98,US)
137.184.109.114	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:41	Artica Web Proxy SQL Injection Vulnerability - 6Hr Web Attacks (IP=114,US)
137.184.109.196	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:19	SQL injection - 6 Hr Web Report (IP=196,US)
137.184.109.198	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=198,US)
137.184.109.218	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:45	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=218,US)
137.184.11.36	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:30	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=36,US)
137.184.110.161	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:07	SIPVicious Security Scanner - IPS Events (IP=161,US)
137.184.111.24	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:40	SQL injection - 6HR Web Attacks (IP=24, US)
137.184.111.244	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:08	SQL injection - 6 Hr Web Report (IP=244,US)
137.184.111.68	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:44	SQL injection - 6Hr Web Attacks (IP=68,US)
137.184.112.12	32	AR	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 13:49:50	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=12,US)
137.184.112.174	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:51	SQL injection - Web Attacks (IP=174,US)
137.184.112.179	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:42	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - SourceFire (IP=179, US)
137.184.112.238	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:14	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire Report (IP=238,US)
137.184.112.38	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:11	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=38,US)
137.184.112.49	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:54	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (1:58594:1) - SourceFire (IP=49,US)
137.184.112.52	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:06	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=52,US)
137.184.113.149	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=149,US)
137.184.113.150	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:30	SQL injection - 6Hr Web Attacks (IP=150,US)
137.184.113.19	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:13	SQL injection - 6hr Web Attacks (IP=19,US)
137.184.113.199	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:05	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=199,US)
137.184.114.115	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:10	SQL injection - 6Hr Web Attacks (IP=115,US)
137.184.114.152	32	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:19	HTTP SQL Injection Attempt - Web Attcks (IP=152,US)
137.184.114.185	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:28	SQL injection - 6hr Web Attacks (IP=185,US)
137.184.114.201	32	AR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:48	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attack (IP=201,US)
137.184.115.108	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:00	SQL injection - Web Attacks (IP=108,US)
137.184.115.181	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:19	SQL injection - Web Attacks (IP=181,US)
137.184.115.252	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:55	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01692 (IP=252,US)
137.184.115.49	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:13	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=49,US)
137.184.115.97	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:29	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=97,US)
137.184.116.105	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:48	Artica Web Proxy SQL Injection Vulnerability - 6Hr Web Attacks (IP=105,US)
137.184.116.107	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:31	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21656:6) - SourceFire (IP=107,US)
137.184.116.137	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:44	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=137,US)
137.184.116.77	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:46	SIPVicious Security Scanner - IPS Events (IP=77,US)
137.184.117.189	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:24	HIVE Case #7227 CTO 22-076 (IP=189,US)
137.184.117.249	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:04	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - Sourcefire (IP=249,US)
137.184.117.6	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:09	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=6,US)
137.184.118.101	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:45	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=101,US)
137.184.118.110	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:42	SQL injection - Web Attacks (IP=110,US)
137.184.118.144	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:03	SQL injection - Web Attacks (IP=144,US)
137.184.118.205	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:17	HIVE Case #7495 CTO 22-120 (IP=205,US)
137.184.118.231	32	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:24	SQL injection - 6 HR Web Attacks (IP=231,US)
137.184.118.89	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:13	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=89, US)
137.184.119.120	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:22	SQL injection- 6hr Web Attacks (IP=120,US)
137.184.119.210	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:03	SQL injection - 6Hr Web Attacks (IP=210,US)
137.184.119.81	32	RR	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:43	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - SourceFire (IP=81,US)
137.184.12.146	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:28	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (1:49499:1) - SourceFire (IP=146, US)
137.184.12.20	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:57	SQL injection - Web Attacks (IP=20,US)
137.184.12.232	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:45	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt - SourceFire (IP=232,US)
137.184.12.62	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:45	SQL injection - Web Attacks (IP=62,US)
137.184.120.14	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:01	SQL injection - Web Attacks (IP=14,US)
137.184.120.157	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:46	SQL injection - 6Hr Web Attacks (IP=157,US)
137.184.120.250	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=250,US)
137.184.120.43	32	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:01	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) - SourceFire (IP=43,US)
137.184.120.66	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:51	Joomla
137.184.121.250	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:06	SQL injection- 6hr Web Attacks (IP=250,US)
137.184.122.218	32	RB	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:09	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=218,US)
137.184.123.123	32	SW	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:46	Attempted Access - Inbound Brute Force - IR# 22C00976(IP=123,US)
137.184.123.127	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:28	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (1:47634:1) - Source Fire (IP=127,US)
137.184.123.13	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:00	SQL injection - WebAttacks (IP=13,US)
137.184.123.237	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:07	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=237,US)
137.184.123.238	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:46	SQL injection - WebAttacks (IP=238,US)
137.184.123.253	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:01	HIVE Case #7282 CTO 22-085 (IP=253,US)
137.184.123.32	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:04	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=32,US)
137.184.123.67	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:24	SQL injection - 6Hr Web Attacks (IP=67,US)
137.184.124.116	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:30	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=116,US)
137.184.124.184	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:24	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=183,US)
137.184.124.196	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:43	SQL injection - WebAttacks (IP=196,US)
137.184.124.255	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:54	SQL Injection - Web Attacks (IP=255,US)
137.184.124.32	32	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:43	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=32,US)
137.184.124.64	32	RB	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:48	SQL injection - WebAttacks (IP=64,US)
137.184.124.97	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:40	SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (1:58834:1) - SourceFire (IP=97,US)
137.184.125.118	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:41	SQL injection - 6HR Web Attacks (IP=118, US)
137.184.125.159	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:49	SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (3:56220:1) - SourceFire (IP=159,US)
137.184.125.221	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:52	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=221,US)
137.184.125.61	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:14	HIVE Case #7894 CTO 22-187 (IP=61,US)
137.184.126.100	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:43	SQL injection - Web Attacks (IP=100,US)
137.184.126.12	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:08	SQL injection - Web Attacks (IP=12,US)
137.184.126.155	32	NAB	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-28 13:41:34	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=155,US)
137.184.126.16	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:23	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=16,US)
137.184.126.162	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:23	SQL injection- 6hr Web Attacks (IP=162,US)
137.184.126.189	24	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:37	SQL injection - Web Attacks (IP=189,NL)
137.184.126.25	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:17	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=25,US)
137.184.127.225	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:58	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=225,US)
137.184.127.41	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:39	SQL injection - Web Attacks (IP=41,US)
137.184.128.191	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:54	SQL injection - 6hr Web Attacks (IP=191,US)
137.184.128.57	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:44	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt (1:58863:1) - SourceFire (IP=57,US)
137.184.128.92	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:46	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=92,US)
137.184.128.93	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:32	SQL injection - 6hr Web Attacks (IP=93,US)
137.184.13.10	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:08	SQL injection - 6hr Web Attacks (IP=10,US)
137.184.13.202	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:31	SQL injection - Web Attacks (IP=202,US)
137.184.13.253	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:31	SQL injection - Web Attacks (IP=253,US)
137.184.13.30	32	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:39	SQL injection - 6Hr Web Attack (IP=30,US)
137.184.130.163	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=163,US)
137.184.130.17	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:55	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=17,US)
137.184.130.203	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:02	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54598:2) - SourceFire (IP=203,US)
137.184.130.32	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	SQL injection - Web Attacks (IP=32,US)
137.184.130.46	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:53	SQL injection - 6 Hr Web Report (IP=46,US)
137.184.131.118	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=118,US)
137.184.132.198	32	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:49	Automattic WooCommerce Blocks WordPress Plugin Store API SQL Injection Vulnerability - 6HR Web Attacks (IP=198,US)
137.184.135.11	32	AR	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:46	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=11,US)
137.184.135.130	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:30	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - Source Fire (IP=130,US)
137.184.135.137	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:07	Joomla
137.184.135.194	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:05	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=194,US)
137.184.135.72	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:22	SQL injection - Web Attacks (IP=72,US)
137.184.136.181	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=181,US)
137.184.138.76	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:50	SQL injection - 6hr Web Attacks (IP=76,US)
137.184.138.98	32	TH	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case# 6970 (IP=98,US)
137.184.139.13	32	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:42	SQL injection - Web Attacks (IP=13,US)
137.184.139.143	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:46	SQL injection - Web Attacks (IP=143,US)
137.184.139.179	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:30	SQL injection - Web Attacks (IP=179,US)
137.184.139.212	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:46	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01533 (IP=212,US)
137.184.139.65	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:35	Threat Request // DT / SQLi attempts - IR# 22C01641 (IP=65,US)
137.184.139.75	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:21	SQL injection - Web Attacks (IP=75,US)
137.184.14.141	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:09	SQL injection - Web Attacks (IP=141,US)
137.184.14.208	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:54	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=208,US)
137.184.14.30	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:15:12	SQL injection - Web Attacks (IP=30,US)
137.184.140.13	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:19	SQL injection - 6 Hr Web Report (IP=13,US)
137.184.141.223	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:47	SIPVicious Security Scanner - FE IPS Events (IP=223,US)
137.184.142.114	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=114,US)
137.184.142.151	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:25	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Sourcefire (IP=151,US)
137.184.142.249	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:36	SQL injection - 6Hr Web Attacks (IP=249,US)
137.184.142.46	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:51	SQL injection - 6hr Web Attacks (IP=46,US)
137.184.143.234	32	KD	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=234,US)
137.184.143.29	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:09	SQL injection - 6hr Web Attacks (IP=29,US)
137.184.143.61	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:09	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=61,US)
137.184.143.71	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:32	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - Sourcefire (IP=71,US)
137.184.145.171	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:33	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2)- Sourcefire Rpt (IP=171,US)
137.184.145.97	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:27	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=97, US)
137.184.146.125	32	KH	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 22:02:30	Webshell.Binary.php.FEC2 - FE CMS (IP=125,US)
137.184.146.148	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:25	SQL injection - WebAttacks (IP=148,US)
137.184.147.28	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:56	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=28,US)
137.184.148.157	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:32	HTTP: SQL Injection - Exploit II - 6Hr Web Attacks (IP=157,US)
137.184.149.147	32	KD	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00144(IP=147,US)
137.184.149.41	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:53	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=41,US)
137.184.149.63	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:59	SQL injection - 6Hr Web Attacks (IP=63,US)
137.184.15.128	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:05	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=128,US)
137.184.15.16	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:09	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire (IP=16,US)
137.184.15.25	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:10	Apache APISIX CVE-2022-24112 Remote Code Execution Attempt - IPS Events (IP=25,US)
137.184.150.60	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:06	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - SourceFire (IP=60,US)
137.184.151.108	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:51	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=108,US)
137.184.151.212	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:26	SQL injection - WebAttacks (IP=212,US)
137.184.152.138	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:51	SQL injection - Web Attacks (IP=138,US)
137.184.153.232	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=232,US)
137.184.153.236	32	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:17	SQL injection - Web Attacks (IP=236,US)
137.184.154.148	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:39	SQL injection - Web Attacks (IP=148,US)
137.184.154.186	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:08	SQL injection - Web Attacks (IP=186,US)
137.184.154.69	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:02	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - Sourcefire (IP=69,US)
137.184.155.117	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:20	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01436 (IP=117,US)
137.184.155.173	32	TH	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 13:27:19	SQL injection - 6 Hr Web Report (IP=173,US)
137.184.156.181	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:26	SQL injection - WebAttacks (IP=181,US)
137.184.157.125	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:55	SQL injection - Web Attacks (IP=125,US)
137.184.157.21	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:09	SQL injection - Web Attacks (IP=21,US)
137.184.157.21	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:09	SQL injection - Web Attacks (IP=21,US)
137.184.158.158	32	KD	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00146(IP=158,US)
137.184.158.173	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:55	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=173,US)
137.184.158.255	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:02	SQL injection - Web Attacks (IP=255,US)
137.184.159.135	32	RS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 13:54:04	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - Web Attacks (IP=135,US)
137.184.159.42	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:38	NullMixer Malware - IR# 23C02034 (IP=42,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=42,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=42,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=42,US) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=42,US)
137.184.159.8	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:34	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Source Fire (IP=8,US)
137.184.16.63	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:44	SERVER-WEBAPP Apache Struts remote code execution attempt - SourceFire (IP=63,US)
137.184.16.98	32	DT	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 13:31:15	SQL injection - Web Attacks (IP=98,US)
137.184.160.19	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:31	HIVE Case #7198 CTO 22-071 (IP=19,CA)
137.184.160.211	24	TH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:43	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SourceFire Report (IP=211,CA)
137.184.161.14	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:16	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=14,CA)
137.184.162.115	24	WR	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:25	SQL injection - 6HR Web Attack (IP=115,CA)
137.184.164.23	24	WR	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:27	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=23,CA) | updated by RR Block expiration extended with reason SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt - SourceFire (IP=23,CA)
137.184.165.4	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-27 13:46:40	SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt - SourceFire (IP=4,CA)
137.184.168.11	24	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:47	SQL injection- Web Attacks (IP=11,CA)
137.184.169.168	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:27	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=168,CA)
137.184.169.172	24	RR	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 13:47:04	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt - SourceFire (IP=172,CA)
137.184.17.223	32	AR	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - IR# 22C00295 (IP=223,US)
137.184.174.176	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:28	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=176,CA)
137.184.174.184	24	NAB	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:28	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=184,CA)
137.184.176.164	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:14	SQL injection - 6hr Web Attacks (IP=164,US)
137.184.176.40	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:39	HTTP SQL Injection Attempt - Web Attacks (IP=40,US)
137.184.176.79	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:04	SQL injection - 6Hr Web Attacks (IP=79,US)
137.184.177.103	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:40:59	HTTP SQL Injection Attempt - Web Attacks (IP=103,US)
137.184.177.109	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:47	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=109,US)
137.184.177.111	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:19	SQL injection - Web Attacks (IP=111,US)
137.184.177.162	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:09	HIVE Case #7862 CTO 22-176 (IP=162,US)
137.184.177.193	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:35	SQL injection - 6Hr Web Attacks (IP=193,US)
137.184.177.245	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:40:59	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=245,US)
137.184.177.53	32	RS	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:47	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=53,US)
137.184.178.0	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:28	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Source Fire (IP=0,US)
137.184.178.10	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:26	SQL injection - WebAttack (IP=10,US)
137.184.178.128	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:18	SQL injection - Web Attacks (IP=128,US)
137.184.178.130	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:13	SQL injection - Web Attacks (IP=130,US)
137.184.178.194	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:17	SQL injection - WebAttacks (IP=194,US)
137.184.178.195	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:34	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=195,US)
137.184.178.221	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:45	SQL injection - WebAttacks (IP=221,US)
137.184.179.117	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:07	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt - SourceFire (IP=117,US)
137.184.179.136	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:38	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=136,US)
137.184.179.211	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:25	HIVE Case #7227 CTO 22-076 (IP=211,US)
137.184.179.225	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:19	SQL injection - Web Attacks (IP=225,US)
137.184.18.138	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:51:58	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attacks (IP=138,US)
137.184.18.245	32	JP	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:56	- 6HR Web Attacks (IP=245, US)
137.184.180.136	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:35	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - Source Fire (IP=136,US)
137.184.180.158	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:45	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=158,US)
137.184.181.111	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:41	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=111,US)
137.184.181.150	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:29	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=150,US)
137.184.181.162	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:45	SQL injection - 6Hr Web Attacks (IP=162,US)
137.184.181.179	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:01	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=179,US)
137.184.181.245	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:40	SQL injection - WebAttacks (IP=245,US)
137.184.181.29	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:05	SQL injection - WebAttacks (IP=29,US)
137.184.181.72	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:41	SQL injection - Web Attacks (IP=72,US)
137.184.181.94	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:22	SQL injection - Web Attacks (IP=94,US)
137.184.182.236	32	AR	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-18 13:50:00	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=236,US)
137.184.182.44	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:53:51	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=44, US)
137.184.182.45	32	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:50:19	SQL Injection - Web Attacks(IP=45,US)
137.184.182.69	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:41	SQL injection - 6hr Web Attacks (IP=69,US)
137.184.182.79	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:46	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=79,US)
137.184.183.100	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:18	SQL injection - WebAttacks (IP=100,US)
137.184.183.150	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:44:59	SQL injection - WebAttacks (IP=150,US)
137.184.183.194	32	TH	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:20	Possible Cross-site Scripting Attack - FE CMS IPS Events (IP=194,US)
137.184.184.109	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:17	SQL injection - Web Attacks (IP=109,US)
137.184.184.170	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:46	SQL injection - 6Hr Web Attacks (IP=170,US)
137.184.184.8	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:56	SQL injection - 6Hr Web Attacks (IP=8,US)
137.184.185.122	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:10	SQL injection - Web Attacks (IP=122,US)
137.184.185.250	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:08	SQL injection - Web Attacks (IP=250,US)
137.184.185.39	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:23	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=39,US)
137.184.186.103	32	TH	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 13:52:58	SQL injection - 6 Hr Web Report (IP=103,US)
137.184.186.132	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:46	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=132,US)
137.184.186.163	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:19	SQL injection - WebAttacks (IP=163,US)
137.184.186.173	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:44	SQL injection - Web Attacks (IP=173,US)
137.184.186.182	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=182,US)
137.184.186.185	32	RS	None	2022-05-05 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:52	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=185,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=185,US)
137.184.186.188	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:05	Django SQL Injection Vulnerability - Web Attacks (IP=188,US)
137.184.186.31	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:47	SQL injection - WebAttacks (IP=31,US)
137.184.186.50	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:18	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=50,US)
137.184.187.101	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:34	SQL injection - 6Hr Web Attacks (IP=101,US)
137.184.187.64	32	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:46:58	SQL injection - 6Hr Web Attack (IP=64,US)
137.184.188.10	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:47	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - SourceFire (IP=10,US)
137.184.188.106	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:58	SQL injection - Web Attacks (IP=106,US)
137.184.188.127	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:50	SQL injection - 6hr Web Attacks (IP=127,US)
137.184.188.147	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:20	SQL injection - Web Attacks (IP=147,US)
137.184.188.15	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:51	SQL injection - WebAttacks (IP=15,US)
137.184.188.169	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:03	SQL injection - Web Attacks (IP=169,US)
137.184.188.223	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:15	HIVE Case #7653 CTO 22-144 (IP=223,US)
137.184.188.34	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:58	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=34,US)
137.184.188.96	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:49	SQL injection - WebAttacks (IP=96,US)
137.184.189.113	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:24	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=113,US)
137.184.189.13	32	TH	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:42	Webshell.Binary.php.FEC2 - FE Web Alerts (IP=13,US)
137.184.189.14	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:10	SQL injection - Web Attacks (IP=14,US)
137.184.189.153	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:23	SQL injection - 6hr Web Attacks (IP=153,US)
137.184.189.225	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:29	Exploit.Log4Shell.CVE-2021-44228 - FE CMS Alerts (IP=225,US)
137.184.189.48	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:06	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=48,US)
137.184.189.60	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:45	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=60,US)
137.184.19.10	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:36	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=10,US)
137.184.19.173	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:31	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=173,US)
137.184.190.100	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:19	SQL injection - Web Attacks (IP=100,US)
137.184.190.118	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:29	SQL injection - 6hr Web Attacks (IP=118,US)
137.184.190.144	32	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:36	SQL injection - WebAttacks (IP=144,US)
137.184.190.214	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:56	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=214,US)
137.184.190.86	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:01	SQL injection - WebAttacks (IP=86,US)
137.184.191.133	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:30	HP Performance Manager Apache Tomcat Policy Bypass - FE NX (IP=133,US)
137.184.191.14	32	TH	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:55	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt (1:48263:1) - SourceFire Report (IP=14,US)
137.184.191.160	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:34	SQL injection - 6Hr Web Attacks (IP=160,US)
137.184.191.30	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:02	SQL injection - Web Attacks (IP=30,US)
137.184.191.76	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:59	SQL injection - 6hr Web Attacks (IP=76,US)
137.184.192.219	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:06	SQL injection - WebAttacks (IP=219,US)
137.184.193.137	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:24	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=137,US)
137.184.193.163	32	KH	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 22C00137 (IP=163,US)
137.184.193.168	32	KH	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00136 (IP=168,US)
137.184.193.169	32	KH	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 22C00138 (IP=169,US)
137.184.193.186	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:40	SQL injection - Web Attacks (IP=186,US)
137.184.193.215	32	KH	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00135 (IP=215,US)
137.184.193.4	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:34	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=4,US)
137.184.193.45	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00159 (IP=45,US)
137.184.193.76	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00158 (IP=76,US)
137.184.194.18	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:41	SQL injection - Web Attacks (IP=18,US)
137.184.195.242	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:22	SQL injection - Web Attacks (IP=242,US)
137.184.196.99	32	KH	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=99,US)
137.184.197.103	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=103,US)
137.184.197.28	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00160 (IP=28,US)
137.184.197.68	32	WR	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=68,US)
137.184.198.105	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=105,US)
137.184.198.135	32	KH	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00139 (IP=135,US)
137.184.199.100	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:03	SQL injection - Web Attacks (IP=100,US)
137.184.199.17	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:48	HIVE Case #7904 CTO 22-189 (IP=17,US)
137.184.2.192	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:45	SQL injection - 6Hr Web Attacks (IP=192,US
137.184.2.208	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:08	SQL injection - Web Attacks (IP=208,US)
137.184.2.84	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:59	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=84,US)
137.184.200.177	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:36	SQL injection - Web Attacks (IP=177,US)
137.184.200.191	32	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:46	SQL injection - 6hr Web Attacks (IP=191,US)
137.184.200.63	32	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:20	SQL injection - Web Attacks (IP=63,US)
137.184.201.112	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00164 (IP=112,US)
137.184.201.140	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00157 (IP=140,US)
137.184.201.148	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:46	SQL injection - Web Attacks (IP=148,US)
137.184.201.160	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:30	SQL injection - 6hr Web Attacks (IP=160,US)
137.184.201.164	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:01	SQL injection - WebAttacks (IP=164,US)
137.184.201.67	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:54	SQL injection - 6 Hr Web Report (IP=67,US)
137.184.201.80	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00163 (IP=80,US)
137.184.202.222	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:11	SQL injection - Web Attacks (IP=222,US)
137.184.203.143	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:23	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=143,US)
137.184.203.194	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:56:57	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=194,US)
137.184.204.173	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:42	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=173,US)
137.184.205.143	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:36	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Source Fire (IP=143,US)
137.184.205.84	32	AR	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=84,US)
137.184.206.155	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:07	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56162:2) - SourceFire (IP=155,US)
137.184.206.16	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00162 (IP=16,US)
137.184.206.163	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00161 (IP=163,US)
137.184.206.18	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00156 (IP=18,US)
137.184.206.182	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:29	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - Source Fire (IP=182,US)
137.184.206.235	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:22	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=235,US)
137.184.206.255	32	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:40	SQL injection - WebAttacks (IP=255,US)
137.184.206.54	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:23	SQL injection - Web Attacks (IP=54,US)
137.184.207.140	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:02	SQL injection - WebAttacks (IP=140,US)
137.184.207.176	32	KH	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:24	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire (IP=176,US)
137.184.207.98	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:24	SQL injection - Web Attacks (IP=98,US)
137.184.208.103	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:55	SQL injection - 6hr Web Attacks (IP=103,US)
137.184.208.49	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:47	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=49,US)
137.184.209.1	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:49	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=1,US)
137.184.209.153	32	RB	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:54	Hive Case #6651 (IP=153,US)
137.184.210.128	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:10	SQL injection - Web Attacks (IP=128,US)
137.184.210.56	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:11	SQL injection - Web Attacks (IP=56,US)
137.184.211.157	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:48:57	SQL injection - 6hr Web Attacks (IP=157,US)
137.184.211.173	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=173,US)
137.184.212.169	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:17	SQL injection - 6 Hr Web Report (IP=169,US)
137.184.213.17	32	TH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-18 13:49:16	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - SourceFire Report (IP=17,US)
137.184.213.234	32	AR	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-05-01 13:52:39	SQL injection - 6Hr Web Attacks (IP=234,US)
137.184.213.4	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:52	SERVER-WEBAPP Java ClassLoader access attempt (1:30790:8) - SourceFire (IP=4, US)
137.184.214.120	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:52	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=120, US)
137.184.214.155	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:09	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=155,US)
137.184.215.206	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=206,US)
137.184.215.230	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=230,US)
137.184.215.65	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=65,US)
137.184.215.66	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=66,US)
137.184.215.93	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=93,US)
137.184.216.125	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:07	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=125,US)
137.184.216.78	32	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:19	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=78,US)
137.184.219.30	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:40	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=30,US)
137.184.219.31	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:45	SQL injection - 6hr Web Attacks (IP=31,US)
137.184.219.34	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:06	SERVER-APACHE Apache Struts remote code execution attempt (1:39191:3) - SourceFire (IP=34,US)
137.184.219.50	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:40:48	HTTP: PHP File Inclusion Vulnerability - IR # 22C01183 (IP=50,US)
137.184.219.80	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=80,US)
137.184.22.197	32	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 17:20:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=197,US)
137.184.22.63	32	JY	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 22:55:49	SQL injection- 6 hr web attacks (IP=63,US)
137.184.220.204	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:20	SQL injection - WebAttacks (IP=204,US)
137.184.220.230	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:00	SQL injection - Web Attacks (IP=230,US)
137.184.220.78	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:48	SQL injection - 6HR Web Attacks (IP=78, US)
137.184.221.47	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:18	SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (1:58487:1) - SourceFire (IP=4,US)
137.184.221.69	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:47	SQL injection - WebAttacks (IP=69,US)
137.184.222.54	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:09	SQL injection - Web Attacks (IP=54,US)
137.184.223.228	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 13:44:16	SQL injection - WebAttacks (IP=228,US)
137.184.223.63	32	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:38	excessive "Custon Violation" attacks - FIREEYE IPS(63,US)
137.184.224.105	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=105,US)
137.184.224.154	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:42	SQL injection - Web Attacks (IP=154,US)
137.184.224.75	32	RT	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:08	Exploit.CVE-2021-44228 - Apache Log4j2 (IP=75,US) | updated by RR Block expiration extended with reason SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=75,US)
137.184.225.12	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:44	SQL injection - 6Hr Web Attacks (IP=12,US)
137.184.225.169	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:47	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=169,US)
137.184.225.183	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:07	SQL injection - WebAttacks (IP=183,US)
137.184.225.186	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:48	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=186,US)
137.184.225.228	32	SW	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:48	Possible Cross-site Scripting Attack - IPS Events (IP=228,US)
137.184.225.79	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:02	SQL injection - WebAttacks (IP=79,US)
137.184.225.90	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:05	SQL injection - Web Attacks (IP=90,US)
137.184.226.114	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:47	SQL injection - Web Attacks (IP=114,US)
137.184.226.127	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:05	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=127,US)
137.184.226.162	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:48	SQL injection - 6Hr Web Attacks (IP=162,US)
137.184.226.70	32	ZH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:05	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=70,US)
137.184.227.185	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:44	SQL injection - 6Hr Web Attacks (IP=185,US)
137.184.227.201	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:48	SQL injection - WebAttacks (IP=201,US)
137.184.227.226	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:42	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=226,US)
137.184.227.28	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:41	rConfig SQL Injection Vulnerability - 6Hr Web Attacks (IP=28,US)
137.184.227.69	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:29	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=69,US)
137.184.228.114	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:24	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=114,US)
137.184.229.202	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:42	SQL injection - Web Attacks (IP=202,US)
137.184.229.43	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:11	HTTP SQL Injection Attempt - Web Attacks (IP=43,US)
137.184.229.61	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:34	SQL injection - 6Hr Web Attacks (IP=61,US)
137.184.229.74	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:19	SQL injection - 6hr Web Attacks (IP=74,US)
137.184.23.18	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=18,US)
137.184.23.6	32	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 13:48:27	SQL Injection - 6HR Web Attacks (IP=6,US)
137.184.230.75	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:11	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=75,US)
137.184.231.107	32	DT	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 13:31:15	SQL injection - Web Attacks (IP=107,US)
137.184.231.115	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:34	SQL injection - Web Attacks (IP=115,US)
137.184.231.176	32	KD	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:47	FEC_Webshell_PHP_Generic_43 - FireEye CMS (IP=176,US)
137.184.231.194	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:40	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability (1:58555:1) - SourceFire (IP=194,US)
137.184.231.205	32	SW	None	2022-03-04 00:00:00	2022-06-03 00:00:00	2022-03-05 14:46:01	SSH User Authentication Brute Force Attempt - Failed Logons (IP=205,US) | updated by RR Block expiration extended with reason Attempted Access - Inbound Brute Force - IR#: 22C01008 (IP=205,US)
137.184.231.62	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:58	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=62,US)
137.184.232.65	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:03	SQL injection - Web Attacks (IP=65,US)
137.184.233.204	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:32	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=204,US)
137.184.234.233	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:34	SQL injection - Web Attacks (IP=233,US)
137.184.234.39	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:30	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - Source Fire (IP=39,US)
137.184.234.74	32	RR	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 18:08:55	SQL injection - Web Attacks (IP=74,US)
137.184.235.113	32	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:18	SQL injection - Web Attacks (IP=113,US)
137.184.235.3	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:47	SERVER-WEBAPP Apache Airflow command injection attempt (1:58966:1) - SourceFire (IP=3,US)
137.184.235.79	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:35	SQL injection - 6 Hr Web Report (IP=79,US)
137.184.236.107	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:42	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=107,US)
137.184.236.178	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:27	SQL injection - 6 Hr Web Report (IP=178,US)
137.184.236.192	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:15	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - Sourcefire Rpt (IP=192,US)
137.184.236.50	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:00	SQL injection - WebAttacks (IP=50,US)
137.184.237.157	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:09	SQL injection - 6 Hr Web Report (IP=157,US)
137.184.237.200	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:01	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=200,US)
137.184.237.227	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:19	SQL injection - 6Hr Web Attacks (IP=227,US)
137.184.237.98	32	DT	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 13:31:16	SQL injection - Web Attacks (IP=98,US)
137.184.238.213	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:49	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=213,US)
137.184.238.62	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:00	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=62,US)
137.184.239.104	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:25	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=104,US)
137.184.239.136	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:51	SERVER-WEBAPP Webmin password_change command injection attempt (1:51488:1) - SourceFire (IP=136,US)
137.184.239.252	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 13:55:52	SQL injection - 6hr Web Attacks (IP=252,US)
137.184.239.38	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:02	SQL injection - Web Attacks (IP=38,US)
137.184.24.103	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:48	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=103,US)
137.184.24.177	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:45	SQL injection - WebAttacks (IP=177,US)
137.184.24.24	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:52	SQL injection Web Attacks (IP=24,SG)
137.184.24.250	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:21	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt - SourceFire (IP=250,US)
137.184.24.47	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:01	SQL injection - Web Attacks (IP=47,US)
137.184.25.39	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:56	SQL injection - 6 Hr Web Report (IP=39,US)
137.184.25.74	32	SW	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:23	SERVER-WEBAPP D-Link command injection attempt (1:59960:1) - SourceFire (IP=74,US)
137.184.26.3	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:16	SQL injection - WebAttacks (IP=3,US)
137.184.27.109	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:03	SQL injection - Web Attacks (IP=109,US)
137.184.27.124	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	SQL injection - 6hr Web Attacks (IP=124,US)
137.184.27.181	32	KH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:36	SQL injection - Web Attacks (IP=181,US)
137.184.27.41	32	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:20	SQL injection - Web Attacks (IP=41,US)
137.184.28.29	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:19	SQL injection - 6Hr Web Attacks (IP=29,US)
137.184.29.59	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:32	SQL injection - Web Attacks (IP=59,US)
137.184.3.134	32	RR	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-15 14:09:29	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=134,US)
137.184.3.146	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:13	SQL injection - 6hr Web Attacks (IP=146,US)
137.184.3.208	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:23	HTTP: SQL Injection - Exploit - WebAttacks (IP=208,US)
137.184.3.208	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:23	HTTP: SQL Injection - Exploit - WebAttacks (IP=208,US)
137.184.30.176	32	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:54	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=176,US)
137.184.31.174	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:47	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - SourceFire (IP=174,US)
137.184.31.205	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:37	HIVE Case #7198 CTO 22-071 (IP=205,US)
137.184.31.209	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 22:27:56	SQL injection - WebAttacks (IP=209,US)
137.184.31.30	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:49	SQL injection - 6hr Web Attacks (IP=30,US)
137.184.31.78	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:49	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=78,US)
137.184.31.83	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:07	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=83,US)
137.184.32.112	32	RR	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:05	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=112,US)
137.184.32.129	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:22	SQL injection - 6 Hr Web Report (IP=129,US)
137.184.32.239	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:51:59	GeoServer CVE-2021-40822 SSRF - IPS Events (IP=239,US)
137.184.32.47	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:10	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=47,US)
137.184.33.190	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:36	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Source Fire (IP=190,US)
137.184.33.23	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US)
137.184.33.234	32	WMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=234,US)
137.184.33.250	32	WMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=250,US)
137.184.33.96	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:56	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (1:47634:1) - SourceFire (IP=96,US)
137.184.34.180	32	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:40	SQL injection - Web Attacks (IP=180,US)
137.184.34.190	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:33	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56917:1) - Sourcefire (IP=190,US)
137.184.34.230	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:48	SQL injection - 6HR Web Attacks (IP=230, US)
137.184.34.32	32	KH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:13	SQL injection - Web Attacks (IP=32,US)
137.184.34.41	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:08	SQL injection - Web Attacks (IP=41,US)
137.184.34.72	32	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:16	HTTP: SQL Injection - Exploit - WebAttacks (IP=72,US)
137.184.35.247	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:03	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - Sourcefire (IP=247,US)
137.184.35.49	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:45	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability - SourceFire (IP=49,US)
137.184.35.55	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:49	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (1:55778:1) - SourceFire (IP=55,US)
137.184.36.106	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:45	SERVER-WEBAPP Harbor Project Harbor admin account creation attempt - SourceFire (IP=106,US)
137.184.36.116	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:33	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - SourceFire (IP=116, US)
137.184.36.128	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:03	SQL injection - Web Attacks (IP=128,US)
137.184.36.204	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:23	SQL injection - Web Attacks (IP=204,US)
137.184.38.10	32	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:08	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=10,US)
137.184.38.158	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:39	SQL injection - 6Hr Web Attacks (IP=158,US)
137.184.38.183	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:55	SQL injection - 6hr Web Attacks (IP=183,US)
137.184.38.24	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:24	FE_Webshell_PHP_Generic_1 - FE NX (IP=24,US)
137.184.38.251	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:49	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=251,US)
137.184.39.109	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:37	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Source Fire (IP=109,US)
137.184.39.120	32	AR	None	2022-05-13 00:00:00	2022-08-13 00:00:00	2022-05-16 15:21:21	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=120,US)
137.184.39.239	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:24	SQL injection - 6Hr Web Attacks (IP=239,US)
137.184.39.87	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:42	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=87,US)
137.184.4.198	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:50	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire Report (IP=198,US)
137.184.4.6	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:24	SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt - SourceFire (IP=6,US)
137.184.40.48	32	NAB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=48,US)
137.184.41.119	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:06	SQL injection - Web Attacks (IP=119,US)
137.184.41.135	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:49	SQL injection - 6hr Web Attacks (IP=135,US)
137.184.41.14	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=14,US)
137.184.41.174	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:37	SERVER-WEBAPP Terramaster TOS command injection attempt (1:57442:1) - Source Fire (IP=174,US)
137.184.41.44	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=44,US)
137.184.41.46	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:12	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - SourceFire (IP=46,US)
137.184.41.78	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:48	SQL injection - 6Hr Web Attacks (IP=78,US)
137.184.42.137	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:47	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Rpt (IP=137,US)
137.184.42.47	32	JY	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 13:52:00	HTTP: PHP File Inclusion Vulnerability- 6 hour web attack (IP=47,US)
137.184.43.106	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:30	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) - Source Fire (IP=106,US)
137.184.43.128	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:44	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=128,US)
137.184.43.150	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:10	SQL injection - Web Attacks (IP=150,US)
137.184.43.95	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:10	SQL injection - 6hr Web Attacks (IP=95,US)
137.184.44.103	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:44	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=103,US)
137.184.44.136	32	KH	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:41	SQL injection - Web Attacks (IP=136,US)
137.184.44.201	32	AR	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:49	SQL injection - Web Attacks (IP=201,US)
137.184.44.217	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:50	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=217,US)
137.184.44.219	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:20	SQL injection - Web Attacks (IP=219,US)
137.184.44.28	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:29	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=28,US)
137.184.44.90	32	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:47	SQL injection - 6hr Web Attacks (IP=90,US)
137.184.45.170	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:58	SQL injection - Web Attacks (IP=170,US)
137.184.46.179	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:21	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=179,US)
137.184.46.179	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:21	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=179,US)
137.184.47.137	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:53	HIVE Case #7820 CTO 22-174 (IP=137,US)
137.184.47.193	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:47	SERVER-WEBAPP F5 iControl REST interface ssrf attempt (1:57337:1) - SourceFire (IP=193,US)
137.184.47.208	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:55	SERVER-WEBAPP D-Link Routers command injection attempt (1:59072:1) - SourceFire (IP=208,US)
137.184.47.69	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:52	SQL injection - Web Attacks (IP=69,US)
137.184.47.77	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:10	SERVER-WEBAPP D-Link Routers command injection attempt (1:59072:1) - SourceFire Report (IP=77,US)
137.184.48.60	32	KH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:45	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=60,US)
137.184.49.129	32	KH	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 22C00616 (IP=129,US)
137.184.49.142	32	KH	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00615 (IP=142,US)
137.184.49.252	32	KH	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00615 (IP=252,US)
137.184.5.151	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 00:00:32	SQL injection - WebAttacks (IP=151,US)
137.184.5.232	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:05	SQL injection - 6Hr Web Attacks (IP=232,US)
137.184.5.68	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:47	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=68,US)
137.184.5.91	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:02	SQL injection - Web Attacks (IP=91,US)
137.184.50.215	32	AR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	FTKNOX_HRC_IPS - TT# 22C00204 (IP=215,US)
137.184.50.248	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:11	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (3:49987:3) - SourceFire (IP=248,US)
137.184.51.255	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:15	SQL injection - 6Hr Web Attacks (IP=255,US)
137.184.51.37	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:14	SQL injection - Web Attacks (IP=37,US)
137.184.51.39	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58722:3) - Sourcefire (IP=39,US)
137.184.52.129	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:48	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=129,US)
137.184.52.140	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=140,US)
137.184.52.18	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:22	SQL injection - WebAttacks (IP=18,US)
137.184.52.226	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:01	SQL injection - WebAttacks (IP=226,US)
137.184.53.5	32	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:16	SQL injection - Web Attacks (IP=5,US)
137.184.53.55	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:53	SQL injection - Web Attacks (IP=55,US)
137.184.53.94	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:45	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=94,US)
137.184.55.1	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:28	SQL injection - 6 Hr Web Report (IP=1,US)
137.184.55.122	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=122,US)
137.184.56.172	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:08	SQL injection - 6Hr Web Attacks (IP=172,US)
137.184.56.190	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:51	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt (1:38988:2) - SourceFire (IP=190, US)
137.184.56.202	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:11	SQL injection - 6 Hr Web Report (IP=202,US)
137.184.57.136	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:07	Exploit.Log4Shell.CVE-2021-44228 (IP=136,US)
137.184.57.14	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	SQL injection - Web Attacks (IP=14,US)
137.184.57.164	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=164,US)
137.184.57.203	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=203,US)
137.184.57.206	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=206,US)
137.184.57.222	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58722:3) - Sourcefire (IP=222,US)
137.184.57.42	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 13:55:51	SQL injection - 6hr Web Attacks (IP=42,US)
137.184.58.173	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:56	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (1:41504:3) - SourceFire (IP=173,US)
137.184.58.20	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	SQL injection - 6hr Web Attacks (IP=20,US)
137.184.58.21	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=21,US)
137.184.58.75	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:43	SQL injection - 6hr Web Attacks (IP=75,US)
137.184.59.152	32	RB	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 22:45:56	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=152,US)
137.184.59.207	32	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:22	SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt (1:60074:1) - SourceFire (IP=207,US)
137.184.59.48	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:38	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=48,US)
137.184.59.8	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:58	SQL injection - Web Attacks (IP=8,US)
137.184.6.101	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:49	SQL injection - WebAttacks (IP=101,US)
137.184.6.182	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:09	HTTP SQL Injection Attempt - Web Attacks (IP=182,US)
137.184.6.77	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:49	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=77,US)
137.184.60.185	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SQL injection - Web Attacks (IP=185,US)
137.184.60.243	32	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability - 6hr web attacks (IP=24,US)
137.184.61.238	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:39	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 22C01525 (IP=238,US)
137.184.61.74	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:33	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=74,US)
137.184.62.152	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:23	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58743:6) - SourceFire Report (IP=152,US)
137.184.62.99	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:19	SQL injection - 6Hr Web Attacks (IP=99,US)
137.184.63.154	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:40	SQL injection - 6HR Web Attacks (IP=154, US)
137.184.64.140	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:51	SQL injection - Web Attacks (IP=140,US)
137.184.64.206	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:06	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=206,US)
137.184.65.106	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:39	SQL injection - Web Attacks (IP=106,US)
137.184.65.188	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:47:01	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=188,US)
137.184.66.182	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:54	SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt (1:49899:1) - SourceFire (IP=182, US)
137.184.66.40	32	AR	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 13:50:52	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=40,US)
137.184.67.232	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:38	SERVER-WEBAPP Terramaster TOS command injection attempt (1:57442:1) - Source Fire (IP=232,US)
137.184.69.202	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:02	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58722:5) - SourceFire (IP=202,US)
137.184.69.61	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:23	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=61,US)
137.184.7.108	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:20	SQL injection - Web Attacks (IP=108,US)
137.184.7.114	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:11	SQL injection - 6hr Web Attacks (IP=114,US)
137.184.7.33	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:08	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=33,US)
137.184.7.58	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:15	SERVER-WEBAPP Grafana getPluginAssets path traversal attempt (1:58721:1) - Sourcefire Rpt (IP=58,US)
137.184.7.93	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:12	SQL injection - Web Attacks (IP=93,US)
137.184.70.3	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:31	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Source Fire (IP=3,US)
137.184.70.94	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:19	SQL injection - Web Attacks (IP=94,US)
137.184.71.138	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:27	SQL injection - WebAttacks (IP=138,US)
137.184.71.47	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:01	SQL injection - WebAttacks (IP=47,US)
137.184.72.134	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:50	SQL injection - 6Hr Web Attacks (IP=134,US)
137.184.72.214	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:49	Adobe ColdFusion CKeditor Unrestricted File Upload Vulnerability - 6Hr Web Attacks (IP=214,US)
137.184.72.77	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:50	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=77,US)
137.184.73.103	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:21	SQL injection - Web Attacks (IP=103,US)
137.184.73.173	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:35	SQL injection - 6hr Web Attacks (IP=173,US)
137.184.73.175	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:42	SQL injection - WebAttacks (IP=175,US)
137.184.73.213	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:06	File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=213,US)
137.184.75.81	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:39	SQL injection - 6 Hr Web Report (IP=81,US)
137.184.75.85	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:59	SQL injection - Web Attacks (IP=85,US)
137.184.76.129	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:22	SQL injection - Web Attacks (IP=129,US)
137.184.76.234	32	RS	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:54:58	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=234,US)
137.184.76.252	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:09	Malicious activity IR#: 22C01951 (IP=252,US)
137.184.76.6	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:22	SQL injection - Web Attacks (IP=6,US)
137.184.79.68	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:34	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=68,US)
137.184.79.74	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:18	SQL injection - Web Attacks (IP=74,US)
137.184.8.80	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:51	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=80,US)
137.184.80.244	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:12	SQL injection - 6hr Web Attacks (IP=244,US)
137.184.80.250	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:10	SQL injection - Web Attacks (IP=250,US)
137.184.81.206	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:28	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - SourceFire (IP=206,US)
137.184.82.14	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:46	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=14,US)
137.184.82.146	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:39	SERVER-OTHER Supervisord remote code execution attempt (1:44483:3) - Source Fire (IP=146,US)
137.184.82.17	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:53	SQL injection - Web Attacks (IP=17,US)
137.184.82.203	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:44	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - Source Fire (IP=203,US)
137.184.82.212	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:45	SERVER-WEBAPP WebSVN search command injection attempt - Source Fire (IP=212,US)
137.184.82.91	32	TH	None	2022-06-07 00:00:00	2022-09-05 00:00:00	2022-06-08 13:48:12	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire Report (IP=91,US)
137.184.83.105	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:18	SQL injection - Web Attacks (IP=105,US)
137.184.83.229	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:42	SQL injection - Web Attacks (IP=229,US)
137.184.83.7	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:56	POLICY-OTHER CA ARCserve Axis2 default credential login attempt - SourceFire (IP=7,US)
137.184.84.110	32	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:17	SQL injection - Web Attacks (IP=110,US)
137.184.84.221	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:10	SQL injection - Web Attacks (IP=221,US)
137.184.84.4	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:52	SQL generic sql with comments injection attempt - GET parameter (1:16431:6) - SourceFire (IP=4, US)
137.184.84.6	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:42	SQL injection - 6Hr Web Attacks (IP=6,US)
137.184.85.114	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:20	SQL injection - Web Attacks (IP=114,US)
137.184.85.172	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:23	SQL injection - Web Attacks (IP=172,US)
137.184.85.180	32	TH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-16 13:51:59	SQL injection - 6 Hr Web Report (IP=180,US)
137.184.85.33	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:06	File /etc/passwd Access Attempt Detect - IPS Events (IP=33,US)
137.184.86.100	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:35	SQL injection - Web Attacks (IP=100,US)
137.184.86.190	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:13	SQL injection - Web Attacks (IP=190,US)
137.184.86.194	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:48	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=194,US)
137.184.86.195	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:03	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (1:58594:1) - SourceFire Report (IP=195,US)
137.184.86.53	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:50	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=53,US)
137.184.86.55	32	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:56	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=55,US)
137.184.86.70	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:43	SQL injection - Web Attacks (IP=70,US)
137.184.86.87	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:43	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=87,US)
137.184.87.177	32	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 22:45:07	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=177,US)
137.184.87.37	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:17	SQL injection - 6hr Web Attacks (IP=37,US)
137.184.88.157	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:48:56	SQL injection - 6hr Web Attacks (IP=157,US)
137.184.88.205	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:04	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt - SourceFire (IP=205,US)
137.184.89.65	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=65,US)
137.184.9.253	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:24	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=253,US)
137.184.90.72	32	AR	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-22 13:38:37	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=72,US)
137.184.91.46	32	RT	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	Self-Report / LogRhythm Alert for Log4j - TT# 22C00778 (IP=46,US)
137.184.92.205	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:07	SERVER-WEBAPP System Information Library for node.js command injection attempt - SourceFire (IP=205,US)
137.184.92.6	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:17	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=6,US)
137.184.93.104	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:09	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=104,US)
137.184.93.115	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:52	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=115,US)
137.184.93.197	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:13	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=197,US)
137.184.93.241	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:39	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=241,US)
137.184.93.73	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:09	SQL injection - Web Attacks (IP=73,US)
137.184.94.180	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:51	POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (1:52561:2) - SourceFire (IP=180,US)
137.184.94.219	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:13	SQL injection - Web Attacks (IP=219,US)
137.184.94.59	32	AR	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 13:40:49	SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (1:48256:1) - SourceFire (IP=59,US)
137.184.94.89	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:28	SQL injection - 6hr Web Attacks (IP=89,US)
137.184.95.150	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:03	SQL injection - Web Attacks (IP=150,US)
137.184.95.161	32	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:47	SQL injection - Web Attacks (IP=161,US)
137.184.95.167	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:46	SQL injection - WebAttacks (IP=167,US)
137.184.95.76	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:00	SQL injection - 6Hr Web Attacks (IP=76,US)
137.184.96.125	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:16	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - Sourcefire (IP=125,US)
137.184.97.130	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:10	SQL injection - Web Attacks (IP=130,US)
137.184.97.203	32	RB	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:18	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=203,US)
137.184.98.102	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:09	SQL injection - Web Attacks (IP=102,US)
137.184.98.147	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:47	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=147,US)
137.184.98.193	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:58	SQL injection - Web Attacks (IP=193,US)
137.184.99.27	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:53	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=27,US)
137.220.176.165	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:14	HIVE Case #7881 CTO 22-182 (IP=165,JP)
137.220.209.111	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=111,JP)
137.220.43.51	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=51,US)
137.220.55.38	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:46	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=38,CA)
137.59.161.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
137.59.50.226	24	EE	None	2021-03-27 00:00:00	2022-07-20 00:00:00	2022-04-21 13:49:52	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attacks (IP=226,BD) | updated by AR Block was inactive. Reactivated on 20220421 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=226,BD)
137.74.180.110	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
137.74.253.43	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=43,FR)
138.0.84.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.0.89.112	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
138.0.89.80	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
138.117.181.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.117.85.213	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
138.118.15.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.118.226.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.118.240.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.118.64.101	24	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=101,BR)
138.121.110.211	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
138.121.32.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.121.71.37	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:11	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=37,BR)
138.122.140.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.122.31.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.124.180.119	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
138.124.180.127	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
138.124.180.151	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
138.124.180.152	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
138.124.180.153	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
138.124.180.154	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
138.124.183.175	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
138.124.184.220	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:44	HIVE Case #7704 TO-S-2022-0190 (IP=220,US)
138.124.187.103	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:18	HIVE Case #7714 CTO 22-154 (IP=103,US)
138.124.187.128	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:42	HIVE Case #7557 CTO 22-130 (IP=128,US)
138.124.187.17	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:42	HIVE Case #7894 CTO 22-187 (IP=17,US)
138.124.187.194	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:43	HIVE Case #7557 CTO 22-130 (IP=194,US)
138.124.187.195	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:43	HIVE Case #7557 CTO 22-130 (IP=195,US)
138.124.187.2	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:42	HIVE Case #7894 CTO 22-187 (IP=2,US)
138.124.187.203	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:43	HIVE Case #7769 CTO 22-165 (IP=203,US)
138.124.187.32	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:34	HIVE Case #7853 CTO 22-179 (IP=32,US)
138.128.160.162	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
138.128.160.162	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
138.128.161.26	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
138.128.164.66	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
138.128.170.10	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:39	HIVE Case #7338 COLS-NA TIP 22-0116 (IP=10,US)
138.128.170.210	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=210,US)
138.128.171.170	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
138.128.182.90	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=90,US)
138.128.182.90	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=90,US)
138.128.182.90	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=90,US)
138.185.152.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.185.22.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.185.72.26	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:29	HIVE Case #7535 TO-S-2022-0176 (IP=26,BR)
138.185.84.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.186.107.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.186.151.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.197.1.77	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:54	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=77,US)
138.197.10.109	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:52	SQL injection - 6 HR WebAttack (IP=109,US)
138.197.10.119	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:11	SQL injection - Web Attacks (IP=119,US)
138.197.10.188	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 13:55:52	SQL injection - 6hr Web Attacks (IP=188,US)
138.197.10.255	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:43	SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (1:51289:1) - SourceFire (IP=255,US)
138.197.10.45	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:17	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - Sourcefire (IP=45,US)
138.197.100.1	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:43	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=1,US)
138.197.100.198	32	JP	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:56	- 6HR Web Attacks (IP=198, US)
138.197.101.0	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:24	SQL injection - Web Attacks (IP=0,US)
138.197.101.107	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:02	SQL injection - Web Attacks (IP=107,US)
138.197.101.4	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:37	SQL injection - Web Attacks (IP=4,US)
138.197.102.149	32	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:37	SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt - WebAttacks (IP=149,US)
138.197.102.189	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:41	SQL injection - WebAttacks (IP=189,US)
138.197.102.232	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:08	SQL injection - 6 Hr Web Report (IP=232,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - SourceFire (IP=232,US) SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - SourceFire (IP=232,US)
138.197.102.232	32	TH	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:08	SQL injection - 6 Hr Web Report (IP=232,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - SourceFire (IP=232,US) SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - SourceFire (IP=232,US)
138.197.102.242	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:59	SQL injection - 6hr Web Attacks (IP=242,US)
138.197.102.49	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:10	SQL injection - Web Attacks (IP=49,US)
138.197.103.197	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:31	SQL injection- 6 hour Web Attacks (IP=197,US)
138.197.104.150	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:35	SQL injection - Web Attacks (IP=150,US)
138.197.104.172	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:53	SIPVicious Security Scanner - IPS Events (IP=172,US)
138.197.107.162	32	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:05	SQL injection - 6hr Web Attacks (IP=162,US)
138.197.108.154	32	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=154,US)
138.197.108.231	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:14	SQL injection - 6hr Web Attacks (IP=231,US)
138.197.110.128	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:23	SQL injection - 6hr Web Attacks (IP=128,US)
138.197.110.81	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:17:59	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt - SourceFire (IP=81,US)
138.197.110.99	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:22	SQL injection - 6Hr Web Attacks (IP=99,US)
138.197.12.66	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:14	SERVER-WEBAPP rConfig compliance policies SQL injection attempt (1:59326:1) - Sourcefire Rpt (IP=66,US)
138.197.128.21	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:35	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - Source Fire (IP=21,CA)
138.197.129.224	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:02	SQL injection - Web Attacks (IP=224,CA)
138.197.13.218	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=218,US)
138.197.13.218	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:26	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=218,US)
138.197.13.235	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:46	SQL injection - 6Hr Web Attacks (IP=235,US)
138.197.130.33	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:23	Joomla
138.197.131.200	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:00	SQL injection - Web Attacks (IP=200,CA)
138.197.133.133	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:13	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=133,CA)
138.197.133.49	24	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:07	SQL injection - WebAttacks (IP=49,CA)
138.197.134.254	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:08	SQL injection- 6hr Web Attacks (IP=254,CA)
138.197.136.41	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:44	SERVER-WEBAPP Arcadyan routers path traversal attempt (1:58538:1) - SourceFire (IP=41,CA)
138.197.137.137	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:07	SQL injection (IP=137,CA)
138.197.138.103	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:08	SQL injection (IP=103,CA)
138.197.139.57	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:17	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Source Fire (IP=57,CA)
138.197.14.21	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:15	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=21,US)
138.197.14.21	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=21,US)
138.197.14.249	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:13	SQL injection - 6hr Web Attacks (IP=249,US)
138.197.140.2	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:33	SQL injection - Web Attacks (IP=2,CA)
138.197.141.52	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:16	SQL injection - Web Attacks (IP=52,CA)
138.197.141.52	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:05	SQL injection - Web Attacks (IP=52,CA)
138.197.142.193	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:48	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - Sourcefire Rpt (IP=193,CA)
138.197.142.193	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:13	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - Sourcefire Rpt (IP=193,CA)
138.197.143.227	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2)- Sourcefire Rpt (IP=227,CA)
138.197.144.234	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:13	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttacks (IP=234,CA)
138.197.145.195	24	RB	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:11	SQL injection - WebAttacks (IP=195,CA)
138.197.146.2	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:48	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire Rpt (IP=2,CA)
138.197.146.2	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:13	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire Rpt (IP=2,CA)
138.197.147.101	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:16	HIVE Case #7535 TO-S-2022-0176 (IP=101,CA)
138.197.147.92	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:43	SQL injection - 6HR Web Attacks (IP=92,CA)
138.197.148.120	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:09	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=120,CA)
138.197.149.123	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:10	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=123,CA)
138.197.150.195	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:43	SQL injection - WebAttacks (IP=195,CA)
138.197.151.83	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:03	HTTP: SQL Injection - Exploit - Web Attacks (IP=83,CA)
138.197.152.159	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:18	SQL injection - Web Attacks (IP=159,CA)
138.197.153.180	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:34	SQL 1 =1 - possible sql injection attempt (1:27287:5)- Sourcefire Rpt (IP=180,CA)
138.197.154.235	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:39	SQL injection - 6Hr Web Attacks (IP=235,CA)
138.197.155.186	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:35	SQL injection - Web Attacks (IP=186,CA)
138.197.155.186	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:35	SQL injection - Web Attacks (IP=186,CA) SQL injection - Web Attacks (IP=186,CA)
138.197.155.3	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:39	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type)- Sourcefire(IP=3,CA)
138.197.156.19	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:20	SQL injection - Web Attacks (IP=19,CA)
138.197.157.62	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:11	SQL injection - 6Hr Web Attack (IP=62,CA)
138.197.158.145	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:37	vBulletin SQL Injection Vulnerability - 6 Hr Web Report (IP=145,CA)
138.197.159.220	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:16	SQL injection - Web Attacks (IP=220,CA)
138.197.159.220	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:06	SQL injection - Web Attacks (IP=220,CA)
138.197.160.237	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:48	SQL injection - 6Hr Web Attacks (IP=237,CA)
138.197.160.237	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:24	SQL injection - 6Hr Web Attacks (IP=237,CA)
138.197.161.239	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-10-11 18:54:01	SQL injection - 6hr Web Attacks (IP=239,CA) | Mask changed from /24 to /32 because /24 is too broad and has been found to block sites such as ijc.org (see ticket INC0446251).
138.197.161.5	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-07-10 11:15:52	SQL injection - 6Hr Web Attacks (IP=5,CA)
138.197.162.186	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:01	HTTP PHP File InclusionVulnerability- Web Attacks (IP=186,US)
138.197.162.31	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:15	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - SourceFire Report (IP=31,CA)
138.197.163.182	24	AR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:44	SERVER-WEBAPP WSO2 multiple products directory traversal attempt (1:59652:1) - SourceFire (IP=182,CA)
138.197.164.55	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:35	HTTP SQL Injection Attempt - Web Attacks (IP=55,CA)
138.197.165.197	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:00	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=197,CA)
138.197.165.197	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:00	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=197,CA) SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=197,CA)
138.197.165.74	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:31	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=74,CA)
138.197.166.111	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:53	SQL injection Web Attacks (IP=111,CA)
138.197.167.106	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:34	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=106,CA)
138.197.168.110	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:44	SQL injection - Web Attacks (IP=110,CA)
138.197.168.110	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:05	SQL injection - Web Attacks (IP=110,CA)
138.197.169.13	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:12	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=13,CA)
138.197.170.85	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:52	SQL injection - 6Hr Web Attacks (IP=85,CA)
138.197.171.98	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:17	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=98,CA)
138.197.172.83	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:00	SQL injection - 6hr Web Attacks (IP=83,CA)
138.197.173.181	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:13	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=181,CA)
138.197.173.181	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:13	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=181,CA) SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=181,CA)
138.197.173.94	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:49	SERVER-WEBAPP Multiple PACS Server directory traversal attempt - SourceFire (IP=94,CA)
138.197.173.94	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:28	SERVER-WEBAPP Multiple PACS Server directory traversal attempt - SourceFire (IP=94,CA)
138.197.174.67	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:10	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=67,CA)
138.197.175.41	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:42	SQL injection - WebAttacks (IP=41,CA)
138.197.176.123	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:38	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=123,DE)
138.197.177.130	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:42	SQL injection - WebAttacks (IP=130,DE)
138.197.179.195	24	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:53:53	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=195, DE)
138.197.180.169	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:50	SQL injection - 6HR Web Attacks (IP=169,DE)
138.197.180.177	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=177,DE)
138.197.181.183	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:54	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=183,DE)
138.197.182.79	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:10	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - SourceFire (IP=79,DE)
138.197.184.34	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:36	WordPress Perfect Survey Plugin SQL Injection Vulnerability - Web Attacks (IP=34,DE)
138.197.185.110	24	RR	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 13:56:12	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=110,DE)
138.197.186.159	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:04	HTTP SQL Injection Attempt - Web Attacks (IP=159,DE)
138.197.187.39	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:01	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt - SourceFire (IP=39,DE)
138.197.188.54	24	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:01	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=54,DE)
138.197.189.2	24	AR	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - 6HR Web Attacks (IP=2,DE)
138.197.189.2	24	RR	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - SourceFire (IP=2,DE)
138.197.190.95	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:13	SQL injection - 6 Hr Web Report (IP=95,DE)
138.197.191.91	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:54	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=91,DE)
138.197.194.139	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:08	HIVE Case #7668 CTO 22-146 (IP=139,US)
138.197.204.166	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:51	SERVER-WEBAPP Grafana getPluginAssets path traversal attempt - SourceFire (IP=166,US)
138.197.210.37	32	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:49	Masscan TCP Port Scanner - FE CMS (IP=37,US)
138.197.3.127	32	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:57:59	Django SQL Injection Vulnerability - WebAttacks (IP=127,US)
138.197.3.243	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:54	SQL injection - WebAttacks (IP=243,US)
138.197.3.95	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:05	File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=95,US)
138.197.3.96	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:43	SQL injection - Web Attacks (IP=96,US)
138.197.4.120	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:22	SQL injection - 6Hr Web Attacks (IP=120,US)
138.197.4.14	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:42	SQL injection - Web Attacks (IP=14,US)
138.197.4.147	32	NAB	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=147,US)
138.197.4.176	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:01	SQL injection - 6Hr Web Attacks (IP=176,US)
138.197.4.203	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:18	SQL injection - 6Hr Web Attacks (IP=203,US)
138.197.4.98	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:52	SQL injection - WebAttacks (IP=98,US)
138.197.5.158	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:40	SQL injection - WebAttacks (IP=158,US)
138.197.5.241	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:23	SQL injection - Web Attacks (IP=241,US)
138.197.5.32	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:19	SQL injection - Web Attacks (IP=32,US)
138.197.5.35	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:48	SQL injection - WebAttacks (IP=35,US)
138.197.6.33	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:03	SQL injection - Web Attacks (IP=33,US)
138.197.64.157	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:11	SQL injection - WebAttacks (IP=157,US)
138.197.64.80	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	SQL injection - Web Attacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US)
138.197.64.80	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	SQL injection - Web Attacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US)
138.197.64.80	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	SQL injection - Web Attacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US)
138.197.64.80	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	SQL injection - Web Attacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) | updated by RB Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US) SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=80,US)
138.197.65.112	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:09	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=112,US)
138.197.65.135	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:25	SQL injection - Web Attacks (IP=135,US)
138.197.66.108	32	RS	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:07	Exploit.Log4Shell.CVE-2021-44228 - FE CMS Alerts (IP=108,US)
138.197.67.115	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:37	CVE-2020-10148 SolarWinds Orion Authentication Bypass attempt - SourceFire (IP=115,US)
138.197.69.236	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:43	HTTP: PHP File Inclusion Vulnerability - IR# 22C01545 (IP=236,US)
138.197.7.109	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:13	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=109, US)
138.197.7.129	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:08	SQL injection - 6Hr Web Attacks (IP=129,US)
138.197.7.210	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:52	SQL injection - 6 Hr Web Report (IP=210,US)
138.197.70.132	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:24	SQL injection - Web Attacks (IP=132,US)
138.197.72.160	32	TH	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-16 18:12:39	SQL injection - 6 Hr Web Report (IP=160,US)
138.197.72.179	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 22:52:30	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=179, US)
138.197.72.231	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:42	SERVER-WEBAPP Zimbra remote code execution attempt (1:29027:6) - Sourcefire Rpt (IP=231,US)
138.197.73.198	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:45	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=198,US)
138.197.73.39	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:46	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=39,US)
138.197.74.178	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:04	SQL injection - Web Attacks (IP=178,US)
138.197.75.204	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:42	SQL injection - 6HR Web Attacks (IP=204,US)
138.197.75.227	32	KH	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 22:55:19	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=227,US)
138.197.76.11	32	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:07	SQL injection - Web Attacks (IP=11,US)
138.197.76.13	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:37	SQL injection - 6 Hr Web Report (IP=13,US)
138.197.76.149	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:44	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - SourceFire (IP=149,US)
138.197.76.246	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:08	SQL injection - Web Attacks (IP=246,US)
138.197.77.79	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:10	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=79,US)
138.197.78.202	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:22	POLICY-OSAER PHP uri tag injection attempt (1:23111:14) - SourceFire Report (IP=202,US)
138.197.78.202	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:29	Possible Cross-site Scripting Attack - FE CMS IPS alert (IP=202,US)
138.197.78.202	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:35	SQL injection - 6Hr Web Attacks (IP=202,US)
138.197.8.198	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:29	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=198,US)
138.197.9.61	32	DT	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 13:31:16	SQL injection - Web Attacks (IP=61,US)
138.197.98.252	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:20	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=252,US)
138.197.98.99	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:44	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=99,US)
138.197.99.129	32	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:18	SQL injection - Web Attacks (IP=129,US)
138.199.18.79	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:44	HIVE Case #7652 CTO 22-141 (IP=79,DE)
138.199.30.198	24	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:10	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=98,GB)
138.199.31.9	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:17	SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=9, GB)
138.199.35.103	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:17	Self Report/ColdFusion Error reporting - IR# 22C01576 (IP=103,US)
138.199.39.4	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:12	HIVE Case #7894 CTO 22-187 (IP=4,JP)
138.199.59.58	32	DT	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 22:23:21	Known Attack Tool - IR# 22C01058 (IP=58,PL)
138.2.18.160	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:17	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=160,JP)
138.201.122.57	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=57,DE)
138.201.142.73	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:29	HIVE Case #7535 TO-S-2022-0176 (IP=73,DE)
138.201.190.52	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:06	HIVE Case #7669 TO-S-2022-0187 (IP=52,DE)
138.201.209.229	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=229,DE)
138.201.228.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
138.201.31.212	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
138.201.44.59	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
138.201.51.48	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:49	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=48,DE)
138.201.56.111	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
138.204.180.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HN TO-S-2021-1050 Hive Case 4821 Malware Activity
138.204.182.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.204.200.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.204.48.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.229.236.137	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:37	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=137,US)
138.255.100.0	22	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,CL)
138.255.184.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.255.220.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.255.72.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.34.28.219	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=219,CA)
138.34.28.35	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=35,CA)
138.36.0.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.36.20.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.36.94.8	32	WR	None	2022-02-20 00:00:00	2022-05-20 00:00:00	None	SQL injection - Web Attacks (IP=8,US)
138.59.16.101	32	TLM	None	2022-05-05 00:00:00	2022-11-04 00:00:00	2022-05-06 18:32:49	HIVE Case #7525 TO-S-2022-0175 (IP=101,CR)
138.59.40.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.59.72.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.68.100.60	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:15	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - Sourcefire Rpt (IP=60,DE)
138.68.102.39	24	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:20	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=39,DE)
138.68.103.145	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:38	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=145,DE)
138.68.104.51	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:49	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=51,DE)
138.68.104.51	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:29	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=51,DE)
138.68.105.251	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:27	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt - SourceFire (IP=251,DE)
138.68.106.177	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:48	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - Sourcefire (IP=177,DE)
138.68.107.45	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:03	SQL injection- 6hr Web Attacks (IP=45,DE)
138.68.108.179	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:25	SQL injection - Web Attcks (IP=179,DE)
138.68.109.220	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:13	SQL injection - 6HR WebAttacks (IP=220,DE)
138.68.111.142	24	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:53	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=142,DE)
138.68.129.32	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:52	SQL injection - WebAttacks (IP=32,GB)
138.68.131.227	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:26	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=227,GB)
138.68.132.217	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:16	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - Sourcefire Rpt (IP=217,GB)
138.68.134.192	24	RS	None	2022-05-19 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:19	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=192,GB) | updated by KH Block was inactive. Reactivated on 20220915 with reason File /etc/passwd Access Attempt Detect - FE IPS (IP=192,GB) File /etc/passwd Access Attempt Detect - FE IPS (IP=192,GB)
138.68.134.192	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:19	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=192,GB) | updated by KH Block was inactive. Reactivated on 20220915 with reason File /etc/passwd Access Attempt Detect - FE IPS (IP=192,GB) File /etc/passwd Access Attempt Detect - FE IPS (IP=192,GB)
138.68.134.192	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:22	File /etc/passwd Access Attempt Detect - FE IPS (IP=192,GB)
138.68.135.148	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:28	SQL injection - 6 Hr Web Report (IP=148,GB)
138.68.136.0	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:49	HIVE Case #7820 CTO 22-174 (IP=0,GB)
138.68.137.10	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:38	SQL injection - Web Attacks (IP=10,GB)
138.68.139.37	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:54	SQL injection - Web Attacks (IP=37,GB)
138.68.140.176	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:49	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - Sourcefire Rpt (IP=176,GB)
138.68.140.176	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:14	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - Sourcefire Rpt (IP=176,GB)
138.68.141.250	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:55	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=250,GB)
138.68.142.100	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:35	SQL injection - Web Attacks (IP=100,GB)
138.68.144.146	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:53	SQL injection - WebAttacks (IP=146,GB)
138.68.146.32	24	SW	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events(IP=32,GB)
138.68.147.51	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:11	SQL injection - Web Attacks (IP=51,GB)
138.68.147.51	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:11	SQL injection - Web Attacks (IP=51,GB) SQL injection - Web Attacks (IP=51,GB)
138.68.147.65	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:05	SQL injection - Web Attacks (IP=65,GB)
138.68.150.197	24	RR	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 13:47:04	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=197,GB)
138.68.151.59	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:31	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=59,GB)
138.68.152.81	24	TH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:23	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=81,GB)
138.68.157.27	24	RR	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:52	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - Web Attacks (IP=27,GB)
138.68.158.12	24	RR	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-15 14:09:20	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=12,GB)
138.68.159.18	24	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:53	SQL generic sql with comments injection attempt - GET parameter (1:16431:6) - SourceFire (IP=18, GB)
138.68.162.186	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:01	SQL injection - Web Attacks (IP=186,GB)
138.68.163.166	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:09	SQL injection- 6hr Web Attacks (IP=166,GB)
138.68.164.4	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:27	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01717(IP=4,GB)
138.68.166.143	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:26	HIVE Case #7189 CTO 22-068.1 (IP=143,GB)
138.68.166.85	24	RR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:08	Exploit.Log4Shell.CVE-2021-44228 - FireEye CMS (IP=85,GB)
138.68.167.217	24	KH	None	2021-11-24 00:00:00	2022-02-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=217,GB)
138.68.168.61	24	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:23:58	SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt - SourceFire Report (IP=61,GB)
138.68.169.110	32	RR	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 13:46:48	Generic URI Injection wGet Attempt - FE CMS (IP=110,US)
138.68.169.174	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:26	SQL injection - Web Attacks (IP=174,GB)
138.68.170.243	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:18	Django SQL Injection Vulnerability - Web Attacks (IP=243,GB)
138.68.171.151	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:35	SQL injection- Web Attacks (IP=151,GB)
138.68.172.230	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:27	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=230,GB)
138.68.173.2	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:53	SQL injection - 6Hr Web Attacks (IP=2,GB)
138.68.174.67	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:10	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=67,GB)
138.68.177.20	24	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:36	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=20,GB)
138.68.178.57	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:48	Apache Log4j CVE-2021-44228 Remote Code Execution - FE NX (IP=57,GB)
138.68.179.15	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:26	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=15,GB)
138.68.180.160	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:46:58	SQL injection - 6Hr Web Attack (IP=160,GB)
138.68.181.69	24	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:28	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=69,GB)
138.68.182.35	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:13	SQL injection - 6hr Web Attacks (IP=35,GB)
138.68.183.112	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:04	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51466:1) - SourceFire (IP=112,GB)
138.68.186.22	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:24	SQL injection - Web Attacks (IP=22,GB)
138.68.186.22	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:24	SQL injection - Web Attacks (IP=22,GB) SQL injection - Web Attacks (IP=22,GB)
138.68.186.22	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:38	SQL injection - Web Attacks (IP=22,GB)
138.68.186.252	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:22	SERVER-WEBAPP Facade Ignition remote code execution attempt - Sourcefire (IP=252,GB)
138.68.187.31	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:34	SQL injection - 6 Hr Web Report (IP=31,GB)
138.68.188.17	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:54	SQL injection - 6 Hr Web Report (IP=17,GB)
138.68.189.140	24	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:04	SQL injection - Web Attacks (IP=140,GB)
138.68.190.197	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:09	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=197,GB)
138.68.191.139	24	KH	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=139,GB)
138.68.191.139	24	RB	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - Sourcefire (IP=139,GB)
138.68.191.15	32	RB	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:11	Threat Team Submission / IP Block - IR#: 22C01780 (IP=15,US)
138.68.191.15	32	RB	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 22:12:50	Threat Team Submission / IP Block - IR#: 22C01780 (IP=15,US)
138.68.191.29	32	RB	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:11	Threat Team Submission / IP Block - IR#: 22C01780 (IP=29,US)
138.68.191.29	32	RB	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 22:12:50	Threat Team Submission / IP Block - IR#: 22C01780 (IP=29,US)
138.68.225.209	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=209,US)
138.68.24.61	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:40	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=61, US)
138.68.25.174	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:15	HIVE Case #7881 CTO 22-182 (IP=174,US)
138.68.29.112	32	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:49	Masscan TCP Port Scanner - FE CMS (IP=112,US)
138.68.3.13	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:06	HIVE Case #7774 CTO 22-166 (IP=13,US)
138.68.39.158	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:53	HIVE Case #7282 CTO 22-085 (IP=158,US)
138.68.46.97	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:51	SERVER-WEBAPP Grafana getPluginAssets path traversal attempt - SourceFire (IP=97,US)
138.68.50.218	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:49	HIVE Case #7904 CTO 22-189 (IP=218,US)
138.68.58.43	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:49	HIVE Case #7904 CTO 22-189 (IP=43,US)
138.68.61.82	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:13	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=82,US)
138.68.62.80	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=80,US)
138.68.65.97	24	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:59	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=97,DE)
138.68.66.177	24	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:22	SQL injection - 6Hr Web Attacks (IP=177,DE)
138.68.67.133	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:45	SQL injection - 6hr Web Attacks (IP=133,DE)
138.68.68.210	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection - WebAttacks (IP=210,DE)
138.68.68.210	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection - WebAttacks (IP=210,DE)
138.68.70.165	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:50	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=165,DE)
138.68.70.165	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:30	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=165,DE)
138.68.71.9	24	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:27	SQL injection - WebAttack (IP=9,DE)
138.68.73.95	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:06	SQL injection - WebAttacks (IP=95,DE)
138.68.74.242	24	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:06	SQL injection - Web Attacks (IP=242,DE)
138.68.75.83	24	TC	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 22:29:35	SQL injection - 6hr Web Attacks (IP=83,DE)
138.68.78.119	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:53	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=119,DE)
138.68.79.61	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:16	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - Sourcefire Rpt (IP=61,DE)
138.68.82.243	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:32	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=243,DE)
138.68.83.189	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:33	SQL injection- Web Attacks (IP=189,DE)
138.68.84.81	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:03	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58723:5) - Sourcefire (IP=81,DE)
138.68.85.0	24	RR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:50	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=0,DE)
138.68.86.12	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:06	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=12,DE)
138.68.88.207	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:39	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt - SourceFire (IP=207,DE)
138.68.89.156	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:01	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=156,DE)
138.68.90.128	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:46	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=128,DE)
138.68.91.107	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:19	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=107,DE) | updated by DT Block was inactive. Reactivated on 20220428 with reason SQL injection - Web Attacks (IP=107,DE) SQL injection - Web Attacks (IP=107,DE)
138.68.91.107	24	BMP	None	2021-03-25 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:19	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=107,DE) | updated by DT Block was inactive. Reactivated on 20220428 with reason SQL injection - Web Attacks (IP=107,DE) SQL injection - Web Attacks (IP=107,DE)
138.68.92.202	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:55	SQL injection - Web Attacks (IP=202,DE)
138.68.93.248	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:33	SERVER-WEBAPP VMware vCenter Server file upload attempt (1:58219:1) - SourceFire (IP=248,DE)
138.68.94.54	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:14	SQL injection - 6hr Web Attacks (IP=54,DE)
138.68.96.223	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:44	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=223,DE)
138.68.98.164	24	WR	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:31	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=164,DE)
138.68.99.199	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:27	SQL injection - Web Attcks (IP=199,DE)
138.75.127.185	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
138.94.188.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.94.28.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.94.84.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.97.118.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.97.124.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.97.181.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
138.97.20.0	22	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,BR)
138.97.31.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
138.99.216.122	24	SW	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:49	Masscan TCP Port Scanner - IPS Events (IP=122,BZ)
138.99.76.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
139.0.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
139.144.34.72	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:45	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=72,US)
139.144.55.135	32	TH	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=135,US)
139.155.236.65	32	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:47	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01482 (IP=65,CN)
139.155.91.134	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=134,CN)
139.155.94.181	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=181,CN)
139.159.240.7	32	AR	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00338 (IP=7,CN)
139.159.244.22	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:40	HIVE Case #7380 CTO 22-099 (IP=22,CN)
139.159.249.99	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:59	HIVE Case #7904 CTO 22-189 (IP=99,CN)
139.161.100.149	32	srm	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 12:17:31	HIVE Case #CVE-2022-26134 CVE-2022-26134 (IP=149,US)
139.162.106.144	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:28	SIPVicious Security Scanner - IPS Events (IP=144,JP)
139.162.125.72	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:45	HIVE Case #7416 CTO 22-106 (IP=72,JP)
139.162.134.242	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:21	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=242,DE)
139.162.157.125	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=125,DE)
139.162.159.128	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:26	SQL injection - WebAttacks (IP=128,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=128,DE) SQL injection - Web Attacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE)
139.162.159.128	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:26	SQL injection - WebAttacks (IP=128,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=128,DE) SQL injection - Web Attacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE)
139.162.159.128	32	KH	None	2022-09-22 00:00:00	2022-12-26 00:00:00	2022-09-27 13:52:01	Hunt IP Block - IR# 22C01949 (IP=128,US) | updated by JY Block expiration extended with reason SQL injection- 6 hour web attack (IP=128,DE) SQL injection- 6 hour web attack (IP=128,DE)
139.162.159.128	32	KH	None	2022-09-22 00:00:00	2022-12-26 00:00:00	2022-09-27 13:52:01	Hunt IP Block - IR# 22C01949 (IP=128,US) | updated by JY Block expiration extended with reason SQL injection- 6 hour web attack (IP=128,DE) SQL injection- 6 hour web attack (IP=128,DE)
139.162.159.128	24	RB	None	2022-07-31 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:26	SQL injection - WebAttacks (IP=128,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=128,DE) SQL injection - Web Attacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE)
139.162.159.128	32	JY	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 13:52:01	Hunt IP Block - IR# 22C01949 (IP=128,US) | updated by JY Block expiration extended with reason SQL injection- 6 hour web attack (IP=128,DE) SQL injection- 6 hour web attack (IP=128,DE)
139.162.159.128	24	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:26	SQL injection - WebAttacks (IP=128,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=128,DE) SQL injection - Web Attacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=128,DE) SQL injection - WebAttacks (IP=128,DE)
139.162.164.39	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=39,DE)
139.162.172.111	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:56	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=111,DE)
139.162.184.185	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
139.162.19.20	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:50	HIVE Case #7380 CTO 22-099 (IP=20,SG)
139.162.195.169	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:50	HIVE Case #7904 CTO 22-189 (IP=169,GB)
139.162.196.18	24	RR	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 16:36:34	SERVER-WEBAPP Atlassian Confluence information disclosure attempt - Web Attacks (IP=18,GB)
139.162.209.251	24	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 13:55:29	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=251,GB)
139.162.220.172	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=172,GB)
139.162.229.202	24	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:28	SERVER-WEBAPP Multiple products invalid HTTP request attempt (1:40880:8) - SourceFire (IP=202,GB)
139.162.253.179	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=179,GB)
139.162.42.56	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:41	HIVE Case #7458 CTO 22-113 (IP=56,SG)
139.162.6.138	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=138,SG)
139.162.6.138	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=138,SG)
139.162.6.138	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=138,SG)
139.162.60.157	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=157,SG)
139.162.72.208	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=208,JP)
139.162.83.27	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
139.162.96.227	24	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=227,JP)
139.177.180.120	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=120,RU)
139.177.195.192	24	EE	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:23	HIVE Case #7418 IOC_Fodcha Botnet (IP=192,CA)
139.177.196.148	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:57	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=148,CA)
139.177.198.55	24	WR	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:24	FTP Login Failed - Failed Logons (IP=55,CA)
139.177.204.72	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=72,US)
139.180.131.241	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=241,SG)
139.180.137.103	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=103,SG)
139.180.137.103	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=103,SG)
139.180.137.103	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=103,SG)
139.180.137.11	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=11,SG)
139.180.147.87	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=87,SG)
139.180.175.147	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=147,AU)
139.180.181.43	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=43,AU)
139.180.187.101	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:13	HIVE Case #7341 CTO 22-092 (IP=101,SG)
139.180.187.179	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:50	HIVE Case #7904 CTO 22-189 (IP=179,SG)
139.180.188.45	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:31	HIVE Case #7769 CTO 22-165 (IP=45,JP)
139.180.206.92	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=92,JP)
139.180.206.92	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=92,JP)
139.180.206.92	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=92,JP)
139.180.212.92	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:40	HIVE Case #7416 CTO 22-106 (IP=92,SG)
139.180.214.178	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:16	HIVE Case #7894 CTO 22-187 (IP=178,SG)
139.180.214.192	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:20	HIVE Case #7341 CTO 22-092 (IP=192,SG)
139.180.216.136	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=136,SG)
139.180.216.65	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:31	HIVE Case #8395 TO-S-2022-0233 (IP=65,SG)
139.180.217.156	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-23 18:38:56	HIVE Case #7807 CTO 22-169 (IP=156,SG) | Correct block entry should be 139.180.217.156/32 ! 20220621 20221220 TLM HIVE Case #7807 CTO 22-169 (IP=156,SG) ..ZH
139.180.217.94	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
139.180.218.69	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:29	HIVE Case #7813 CTO 22-173 (IP=69,SG)
139.180.218.69	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:29	HIVE Case #7813 CTO 22-173 (IP=69,SG) HIVE Case #7813 CTO 22-173 (IP=69,SG)
139.180.223.123	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:31	HIVE Case #7458 CTO 22-113 (IP=123,SG)
139.19.117.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
139.19.117.195	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:03	FireEye High Attacker (IP=195,DE)
139.19.117.8	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
139.194.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
139.196.237.231	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=231,CN)
139.196.237.231	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=231,CN)
139.196.237.231	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=231,CN)
139.196.237.231	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=231,CN)
139.196.237.231	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=231,CN)
139.196.237.231	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=231,CN)
139.196.237.231	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=231,CN)
139.196.32.113	32	RT	None	2021-10-03 00:00:00	2022-01-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00030
139.196.83.64	32	BB	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00113 (IP=64,)
139.198.163.35	32	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00680 (IP=35,US)
139.198.177.73	32	RB	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00904 (IP=73,CN)
139.198.177.73	24	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire Report (IP=73,CN)
139.217.96.128	32	SW	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00371 (IP=128, CN)
139.218.44.230	24	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:33	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=230,AU)
139.224.101.218	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=218,CN)
139.224.49.157	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=157,CN)
139.224.57.98	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=98,CN)
139.242.6.1	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=1,US)
139.242.6.2	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=2,US)
139.242.6.3	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=3,US)
139.255.112.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
139.255.250.23	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
139.255.65.170	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:21	HIVE Case #6585 CTO 21-323 (IP=170,ID) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=170,ID) HIVE Case #7904 CTO 22-189 (IP=170,ID)
139.255.65.170	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:21	HIVE Case #6585 CTO 21-323 (IP=170,ID) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=170,ID) HIVE Case #7904 CTO 22-189 (IP=170,ID)
139.28.235.249	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=249,US)
139.28.235.249	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=249,US)
139.28.235.249	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=249,US)
139.28.59.7	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
139.45.197.250	24	RR	None	2021-08-26 00:00:00	2022-08-26 00:00:00	None	MALICIOUS .URL.LIVE - Case 6055 (IP=250,GB)
139.5.200.26	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:54:51	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01474 (IP=26,HK)
139.5.250.201	24	TC	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 13:57:41	SQL injection - 6HR Web Attacks (IP=201,IN)
139.59.0.183	24	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:35	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=183,IN)
139.59.1.181	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:19	SQL injection - WebAttacks (IP=181,IN)
139.59.10.215	24	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:19	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=215,IN)
139.59.100.143	24	AR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:20	SQL injection - WebAttacks (IP=143,SG)
139.59.102.79	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:49	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - Sourcefire Rpt (IP=79,SG)
139.59.102.79	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:14	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - Sourcefire Rpt (IP=79,SG)
139.59.103.254	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=254,SG)
139.59.105.71	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:38	Possible Cross-site Scripting Attack - IPS Events(IP=71,SG)
139.59.108.31	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=31,SG)
139.59.110.193	24	KH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:11	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=193,SG)
139.59.111.113	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:07	SQL injection - Web Attacks (IP=113,SG)
139.59.112.141	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:12	SQL injection - Web Attacks (IP=141,SG)
139.59.113.198	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:15	SQL injection - 6hr Web Attacks (IP=198,SG)
139.59.115.157	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:44	SQL injection- 6hr Web Attacks (IP=157,SG)
139.59.116.194	24	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 13:54:43	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=194,SG)
139.59.117.207	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:49	SERVER-WEBAPP Yealink Device Management server side request forgery attempt (1:57367:1) - Sourcefire (IP=207,SG)
139.59.12.190	24	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:09	SQL injection - Web Attacks (IP=190,IN)
139.59.122.240	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:45	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58723:5) - SourceFire (IP=240,SG)
139.59.123.86	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:07	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=86,SG)
139.59.124.188	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:52	SQL injection - WebAttacks (IP=188,SG)
139.59.125.96	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:46	SQL injection - 6hr Web Attacks (IP=96,SG)
139.59.127.69	24	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:43	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - Sourcefire Rpt (IP=69,SG)
139.59.13.95	24	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:26	SQL injection - 6 HR WebAttacks (IP=95,IN)
139.59.131.50	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:27	SQL injection - Web Attcks (IP=50,DE)
139.59.132.144	24	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:05	SQL injection - Web Attacks (IP=144,DE)
139.59.135.230	24	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:43	SQL injection - 6 Hr Web Report (IP=230,DE)
139.59.135.230	24	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:49	SQL injection - 6 Hr Web Report (IP=230,DE)
139.59.136.152	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:15	SQL injection - 6hr Web Attacks (IP=152,DE)
139.59.138.197	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=197,DE)
139.59.138.197	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=197,DE) HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=197,DE)
139.59.138.197	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=197,DE)
139.59.138.197	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:25	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=197,DE) HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=197,DE)
139.59.138.45	24	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:21	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=45,DE)
139.59.144.24	24	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:21	SQL injection - Web Attacks (IP=24,DE)
139.59.145.19	24	BB	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=19,DE)
139.59.146.171	32	KH	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-02 22:54:31	Threat Request // DT / SQLi attempts - 22C01767 (IP=171,DE)
139.59.149.78	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:35	SQL injection - 6 HR WebAttack (IP=78,DE)
139.59.15.164	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:06	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=164,IN)
139.59.15.164	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:26	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=164,IN)
139.59.150.29	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:19	4640 HTTP PHP Code Injection IR# 22C01649 (IP=29,DE)
139.59.151.141	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:34	SQL injection - Web Attacks (IP=141,DE)
139.59.152.89	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:07	SQL injection - Web Attacks (IP=89,DE)
139.59.155.149	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:28	INDICATOR-OBFUSCATION select concat statement - possible sql injection - Source Fire (IP=149,DE)
139.59.156.177	24	AR	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-02 13:50:49	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=177,DE)
139.59.158.60	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:28	HTTP: SQL Injection - Exploit - Web Attcks (IP=60,DE)
139.59.16.100	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:51	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=100,IN)
139.59.160.106	24	KH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:37	SQL injection - Web Attacks (IP=106,GB)
139.59.161.153	24	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:46	SQL injection - WebAttacks (IP=153,GB)
139.59.162.124	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=124,GB)
139.59.162.124	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=124,GB)
139.59.162.164	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:45	WordPress Plugin Duplicator CVE-2022-2551 Unauthenticated Backup Download - FE CMS IPS Events (IP=164,US)
139.59.162.198	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:29	SQL injection - Web Attcks (IP=198,GB)
139.59.163.74	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=74,GB)
139.59.164.37	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:46	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=37,GB)
139.59.165.206	24	RB	None	2022-04-16 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:14	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=206,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=206,GB) SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=206,GB)
139.59.165.206	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:14	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=206,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=206,GB) SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=206,GB)
139.59.168.109	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:41	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=109,GB)
139.59.169.178	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:47	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=178,GB)
139.59.169.34	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:24	SQL injection - 6hr web attacks (IP=34,GB)
139.59.17.103	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:34	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=103,IN)
139.59.171.165	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:08:59	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=165,GB)
139.59.172.64	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:19	SQL injection - 6hr web attacks (IP=64,GB)
139.59.173.84	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:46	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - SourceFire Report (IP=84,GB)
139.59.175.247	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=247,GB)
139.59.176.146	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=146,GB)
139.59.176.146	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=146,GB)
139.59.176.201	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:51	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=201,GB)
139.59.176.201	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:51	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=201,GB) SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=201,GB)
139.59.176.247	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:26	SQL injection - Web Attacks (IP=247,GB)
139.59.176.56	24	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:11	SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt - SourceFire (IP=56,GB)
139.59.176.56	24	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:11	SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt - SourceFire (IP=56,GB) SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt - SourceFire (IP=56,GB)
139.59.177.187	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:58	SQL injection - 6 Hr Web Report (IP=187,GB)
139.59.18.36	24	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:52	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=36,IN)
139.59.180.58	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:17	SQL injection - Web Attacks (IP=58,GB)
139.59.180.58	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:06	SQL injection - Web Attacks (IP=58,GB)
139.59.182.104	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=104,GB)
139.59.183.134	24	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:07	SQL injection - WebAttacks (IP=134,GB)
139.59.187.122	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:46	SQL injection - 6hr Web Attacks (IP=122,GB)
139.59.19.17	24	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:07	SQL injection - WebAttacks (IP=17,IN)
139.59.190.166	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=166,GB)
139.59.191.89	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:37	rConfig CVE-2019-16662 install Command Execution - FE IPS (IP=89,GB)
139.59.20.248	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:00	SQL injection - 6 Hr Web Report (IP=248,IN)
139.59.210.21	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:36	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=21,DE)
139.59.212.178	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:09	Adobe ColdFusion CKeditor Unrestricted File Upload Vulnerability - Web Attacks (IP=178,DE)
139.59.213.184	24	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:54	SQL injection - WebAttacks (IP=184,DE)
139.59.22.15	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:35	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2)- Sourcefire Rpt (IP=15,IN)
139.59.225.73	24	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:07	SQL injection - Web Attacks (IP=73,SG)
139.59.226.170	24	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:50	SQL injection - 6 Hr Web Report (IP=170,SG)
139.59.227.24	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:30	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SourceFire (IP=24,SG)
139.59.228.78	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:50	HTTP SQL Injection Attempt - 6HR Web Attacks (IP=78,SG)
139.59.229.27	24	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:04	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=27, SG)
139.59.23.168	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:17	SQL injection - 6hr Web Attacks (IP=168,IN)
139.59.23.168	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:43	SQL injection - 6hr Web Attacks (IP=168,IN)
139.59.230.104	24	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:57	SQL injection - Web Attacks (IP=104,SG)
139.59.230.132	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:52	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=132,SG)
139.59.231.131	24	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:00	SQL injection - Web Attacks (IP=131,SG)
139.59.232.68	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:11	SERVER-WEBAPP generic SQL select statement possible sql injection - SourceFire (IP=68,SG)
139.59.233.83	24	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:43	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - Sourcefire Rpt (IP=83,SG)
139.59.235.191	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:37	DoctorAppointmentSystem SQL Injection Vulnerability- Web Attacks (IP=191,SG)
139.59.237.221	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:24	SQL injection- 6hr Web Attacks (IP=221,SG)
139.59.24.135	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:29	SQL injection - Web Attcks (IP=135,IN)
139.59.241.107	32	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:48	DT/SQLI Attempts - IR# 22C01823 (IP=107,SG)
139.59.241.176	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:52	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=176,SG)
139.59.245.254	24	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:09	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - WebAttacks (IP=254,SG)
139.59.247.237	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:35	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt - SourceFire (IP=237,SG)
139.59.249.42	24	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:50	SQL injection - 6hr Web Attacks (IP=42,SG)
139.59.25.178	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:45	SQL injection- 6hr Web Attacks (IP=178,IN)
139.59.252.175	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:47	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=175,SG)
139.59.254.216	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:51:59	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=216,SG)
139.59.255.149	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:44	SQL injection - Web Attacks (IP=149,SG)
139.59.255.149	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:06	SQL injection - Web Attacks (IP=149,SG)
139.59.26.80	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:30	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - Source Fire (IP=80,IN)
139.59.27.106	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:08	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=106,IN)
139.59.30.71	24	JP	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 13:53:24	SQL injection - 6HR Web Attacks (IP=71, IN)
139.59.33.7	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:35	SQL injection - Web Attacks (IP=7,IN)
139.59.34.247	24	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:42	SQL injection - Web Attacks (IP=247,IN)
139.59.35.41	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:52	SQL injection - 6 Hr Web Report (IP=41,IN)
139.59.36.85	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:48	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=85,IN)
139.59.37.235	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:31	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attcks (IP=235,IN)
139.59.38.82	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:45	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire Report (IP=82,IN)
139.59.39.86	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:31	SQL injection - WebAttacks (IP=86,IN)
139.59.40.223	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:45	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - SourceFire (IP=223,IN)
139.59.44.197	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:47	SQL injection - 6hr Web Attacks (IP=197,IN)
139.59.45.232	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:16	SQL injection - 6hr Web Attacks (IP=232,IN)
139.59.47.94	24	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:39	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=94,IN)
139.59.5.41	24	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=41,IN)
139.59.56.36	24	AR	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-13 13:54:44	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=36,IN)
139.59.58.227	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:18	SQL injection - Web Attacks (IP=227,IN)
139.59.58.227	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:07	SQL injection - Web Attacks (IP=227,IN)
139.59.60.108	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:31	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=108,IN)
139.59.62.159	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:08	HTTP: PHP File Inclusion Vulnerability (IP=159,IN)
139.59.64.74	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:00	SQL injection - 6 Hr Web Report (IP=74,IN)
139.59.65.4	24	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:09	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=4,IN)
139.59.67.210	24	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:07	SQL injection - WebAttacks (IP=210,IN)
139.59.68.168	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:19	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=168,IN)
139.59.69.168	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:59	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=168,IN)
139.59.7.46	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:25	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=46,IN)
139.59.70.139	24	RR	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=139,IN)
139.59.71.101	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:25	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=101,IN)
139.59.71.203	24	TH	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:27	FireEye CMS Alerts - Web Attacks (IP=203,IN)
139.59.71.203	24	KH	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:50	File /etc/passwd Access Attempt Detect - FE CMS (IP=203,IN)
139.59.72.63	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:20	SQL injection - 6 Hr Web Report (IP=63,IN)
139.59.73.184	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:08	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=184,IN)
139.59.74.131	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:52	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01359 (IP=131,IN)
139.59.75.15	24	JP	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:38	SQL injection - 6HR Web Attacks (IP=15,IN)
139.59.76.134	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:16	SQL injection - 6hr Web Attacks (IP=134,IN)
139.59.77.43	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:04	SQL injection - 6 Hr Web Report (IP=43,IN)
139.59.78.39	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:31	SERVER-APACHE Apache Struts2 blacklisted method redirect - Source Fire (IP=39,IN)
139.59.79.60	24	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:32	SQL injection - 6hr Web Attacks (IP=60,IN)
139.59.80.58	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:35	HTTP: SQL Injection - Exploit - Web Attacks (IP=58,IN)
139.59.83.77	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:04	SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (1:58834:1) - Sourcefire (IP=77,IN)
139.59.86.39	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=39,IN)
139.59.87.77	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=77,IN)
139.59.88.38	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:45	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=38,IN)
139.59.88.38	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:07	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=38,IN)
139.59.89.28	24	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:26	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttacks (IP=28,IN)
139.59.9.199	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:28	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (1:52637:1) - SourceFire (IP=199,IN)
139.59.9.22	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:39	HUNT IP Block Request - IR# 22C01756 (IP=22 ,IN)
139.59.90.223	24	TC	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 13:55:15	SQL injection - 6hr Web Attacks (IP=223,IN)
139.59.90.225	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:44	SERVER-OTHER PHP webshell upload attempt (1:49457:2) - SourceFire Report (IP=225,IN)
139.59.92.10	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:34	SQL injection - Web Attacks (IP=10,IN)
139.59.93.223	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=223,IN)
139.59.94.3	24	RR	None	2018-12-15 06:00:00	2022-07-21 00:00:00	2022-04-22 13:40:55	Failed password for invalid user (IP=3,AU) | updated by GM with reason Invalid user - Failed Logons (IP=22,IN) | updated by TH Block was inactive. Reactivated on 20220422 with reason SQL injection - 6 Hr Web Report (IP=3,IN) SQL injection - 6 Hr Web Report (IP=3,IN)
139.59.94.3	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:55	Failed password for invalid user (IP=3,AU) | updated by GM with reason Invalid user - Failed Logons (IP=22,IN) | updated by TH Block was inactive. Reactivated on 20220422 with reason SQL injection - 6 Hr Web Report (IP=3,IN) SQL injection - 6 Hr Web Report (IP=3,IN)
139.59.95.23	24	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:07	SQL injection - Web Attacks (IP=23,IN)
139.59.96.42	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=42,SG)
139.59.97.205	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=205,SG)
139.59.99.80	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=80,SG)
139.60.160.200	32	EE	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=200,US) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=200,US) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=200,US)
139.60.160.200	32	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=200,US) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=200,US) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=200,US)
139.60.160.200	32	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=200,US) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=200,US) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=200,US)
139.60.161.161	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:09	HIVE Case #7441 CTO 22-111 (IP=161,US)
139.60.161.222	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=222,US)
139.60.161.56	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:08:17	HIVE Case #7929 TO-S-2022-0208 (IP=56,US)
139.60.161.74	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
139.60.161.74	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
139.64.135.22	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=22,US)
139.64.165.114	32	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:50	SIPVicious Security Scanner - FE CMS IPS Events (IP=114,US)
139.64.165.120	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=120,US)
139.64.165.38	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=38,US)
139.64.244.93	24	DT	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SQL injection - Web Attack (IP=93,CA) | updated by DT Block was inactive. Reactivated on 20211028 with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Source Fire (IP=93,CA) SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Source Fire (IP=93,CA)
139.64.244.93	24	EE	None	2021-04-04 00:00:00	2022-01-26 00:00:00	None	SQL injection - Web Attack (IP=93,CA) | updated by DT Block was inactive. Reactivated on 20211028 with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Source Fire (IP=93,CA) SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Source Fire (IP=93,CA)
139.9.115.136	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:49	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=136, CN)
139.9.5.158	32	RT	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00343 (IP=158,CN)
139.9.80.49	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00367 (IP=49,CN)
139.99.112.105	32	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:45	HIVE Case #7840 CTO 22-175 (IP=105,SG)
139.99.112.94	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:14	HIVE Case #7894 CTO 22-187 (IP=94,SG)
139.99.122.154	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=154,SG)
139.99.122.154	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=154,SG) HIVE Case #5 TO-S-2021-1447 (IP=154,SG)
139.99.131.72	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=72,AU)
139.99.160.5	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6513 CTO 21-309 (IP=5,AU)
139.99.178.56	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=56,AU)
139.99.69.34	24	SW	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 22:39:50	Apache Struts ActionForm ClassLoader Security Bypass - IPS Events (IP=34,SG)
139.99.70.210	32	CW	None	2019-10-06 00:00:00	2022-01-20 00:00:00	None	CW Unauthorized Access Attempt-TT# 20C00181 (IP=10,SG) | updated by dbc Block was inactive. Reactivated on 20210120 with reason ID TO-S-2021-1037 Hive Case 4785 Malware Activity
139.99.70.210	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
139.99.89.153	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:48	HIVE Case #7894 CTO 22-187 (IP=153,SG)
14.0.101.46	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
14.102.148.43	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=43,MY)
14.102.154.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
14.102.19.28	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.102.40.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
14.102.46.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.102.72.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.102.75.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
14.139.185.99	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.141.116.102	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:18	HIVE Case #7733 CTO 22-155 (IP=102,IN)
14.142.215.74	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=74,IN)
14.142.35.218	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:19	HIVE Case #7733 CTO 22-155 (IP=218,IN)
14.164.51.23	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=23,VN)
14.18.35.139	24	ZH	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 23:23:07	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - Sourcefire (IP=139,CN)
14.182.2.13	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:02	Confluence Widget Unauthorized CVE-2019-3396 Remote Code Execution - FE IPS (IP=13,VN)
14.186.103.206	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt Web Attacks (IP=206,VN)
14.186.126.217	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:05	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire Report (IP=217,VN) | updated by KD Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN)
14.186.126.217	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:40:37	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN)
14.186.126.217	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 15:25:55	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN)
14.186.126.217	24	TH	None	2022-03-03 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:05	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire Report (IP=217,VN) | updated by KD Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN)
14.186.126.217	24	TH	None	2022-03-03 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:05	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire Report (IP=217,VN) | updated by KD Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN)
14.186.126.217	24	KH	None	2022-03-03 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:05	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire Report (IP=217,VN) | updated by KD Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01012 (IP=217,VN)
14.187.141.84	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:36	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (1:47634:1) - SourceFire (IP=84,VN)
14.187.239.75	24	AR	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	SQL injection - Web Attack (IP=75,VN)
14.192.143.194	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:18	SQL injection - WebAttacks (IP=194,PK)
14.192.151.237	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:19	SQL injection - 6HR Web Attacks (IP=237,PK)
14.192.193.237	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
14.192.214.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MY TO-S-2021-1092 Hive Case 4875 Malware Activity
14.192.25.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
14.198.111.102	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
14.198.184.119	24	WR	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:46:38	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - 6HR Web Attack (IP=114,HK)
14.201.2.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
14.207.120.123	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TH TO-S-2021-1081 Hive Case 4872 Malware Activity
14.225.238.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,VN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,VN)
14.225.254.3	32	ZH	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:17	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) IR 22C01867 (IP=3,VN)
14.225.6.82	24	AR	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=82,VN)
14.226.160.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	VN TO-S-2021-1081 Hive Case 4872 Malware Activity
14.226.224.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
14.227.194.221	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.230.160.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malware Activity
14.230.208.0	20	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	VN TO-S-2021-1156 Malware Activity
14.231.55.221	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	VN TO-S-2021-1102 Malware Activity
14.232.160.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
14.232.168.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malware Activity
14.236.112.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,VN)
14.236.160.0	20	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,VN) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,VN)
14.237.206.214	24	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:49	SQL injection - WebAttacks (IP=214,VN)
14.237.227.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.237.34.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.240.128.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,VN)
14.240.42.217	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.241.144.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
14.246.15.8	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.248.154.161	24	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:1) - Sourcefire Rpt (IP=161,VN)
14.248.220.58	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:43	SIPVicious Security Scanner - IPS Events (IP=58,VN)
14.248.80.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
14.249.32.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 Malware Activity
14.251.176.120	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.252.32.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malware Activity
14.254.32.0	19	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,VN)
14.29.98.35	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 18:09:58	HIVE Case #7921 CTO 22-193 (IP=35,CN)
14.45.218.228	24	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 22:32:22	SERVER-WEBAPP RevSlider information disclosure attempt (1:34194:4) - Sourcefire (IP=228,KR)
14.51.96.70	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=70,KR)
14.52.33.239	24	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability – 6HR Web Attacks (IP=239,KR)
14.63.225.124	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-03 18:23:24	HIVE Case #8399 COLS-NA TIP 22-0339 (IP=124,KR)
14.98.200.162	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
14.99.136.0	21	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
14.99.96.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
140.109.1.5	24	DT	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=5,TW)
140.109.13.5	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=5,TW)
140.16.248.13	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:26	HIVE Case #8100 CTO 22-211 (IP=13,US)
140.18.16.202	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:52	HIVE Case #7662 CTO 22-145 (IP=202,US)
140.18.16.204	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:53	HIVE Case #7662 CTO 22-145 (IP=204,US)
140.18.16.205	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:54	HIVE Case #7662 CTO 22-145 (IP=205,US)
140.18.165.8	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:16	HIVE Case #8100 CTO 22-211 (IP=8,US)
140.18.188.11	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-10 13:28:00	HIVE Case #7750 TO-S-2022-0195 (IP=11,US)
140.18.249.141	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:13	HIVE Case #8100 CTO 22-211 (IP=141,US)
140.194.170.237	32	JKC	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	Non compliant system - INC0149397 (IP=237,US)
140.207.154.54	24	KH	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00244 (IP=54,CN)
140.207.91.235	24	AR	None	2021-11-23 00:00:00	2022-02-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - web Attacks (IP=235,CN)
140.238.180.34	24	NAB	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:27	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=34,BR)
140.238.38.114	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	JP TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
140.246.171.141	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=141,CN)
140.32.131.142	32	SA	None	2022-06-09 00:00:00	2022-06-09 00:00:00	2022-06-09 15:32:56	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=142,US) | DoD Network Information Center IP was blocked by mistake. DoD owned IP by TH
140.32.61.226	32	SA	None	2022-06-09 00:00:00	2022-06-09 00:00:00	2022-06-09 15:26:17	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=226,US) | Nathan.T.Pederson@usace.army.mil Network Operations Security Center NOSC Battle Captain States this block is interfering with *.erdc.dren.mil and needs to be unblocked due to mission impact. Priority level 1 [Active] 140.32.61.226/32 is blocked as of 2022-06-02 00:00:00 by SA, expiring on 2022-08-30 00:00:00 with comments PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=226,US) by TH
140.82.16.117	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=117,US)
140.82.18.71	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:24:57	HIVE Case #7608 CTO 22-137 (IP=71,US)
140.82.24.128	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:12	HIVE Case #7807 CTO 22-169 (IP=128,US)
140.82.34.178	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:08	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=178,DE)
140.82.34.208	32	RR	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638)- TT# 22C00121 (IP=208,DE)
140.82.35.40	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:37	HIVE Case #7662 CTO 22-145 (IP=40,DE)
140.82.38.177	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=177,DE)
140.82.41.202	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=202,US)
140.82.43.181	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:41	HIVE Case #7768 CTO 22-161 (IP=181,US)
140.82.46.65	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=65,US)
140.82.49.12	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:45	HIVE Case #7199 CTO 22-074 (IP=12,US)
140.82.53.194	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=194,FR)
140.82.62.204	32	AR	None	2022-01-08 00:00:00	2022-04-08 00:00:00	None	SERVER-WEBAPP Multiple products invalid HTTP request attempt (1:40880:8) - Sourcefire (IP=204,US)
141.1.27.248	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:27	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - SourceFire (IP=248,DE)
141.101.148.59	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Command and Control Exploit
141.101.150.24	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Command and Control Exploit
141.101.150.89	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Command and Control Exploit
141.101.204.94	24	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:50:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=94,RU)
141.105.102.165	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
141.105.126.0	23	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,NL)
141.105.65.149	24	EE	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:47	HIVE Case #7697 IOC_CVE-2022-30190_Follina_Zero-Day (IP=149,RU)
141.105.65.94	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=94,RU)
141.105.65.94	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=94,RU)
141.105.66.212	24	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:57	Exploit.Spring4Shell.CVE-2022-22965 - FireEye NX Alerts (IP=212,RU)
141.105.99.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
141.11.28.13	24	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:54:58	SQL injection - 6HR Web Attacks (IP=13,FR)
141.136.39.102	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=102,LT)
141.136.42.43	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:30	HIVE Case #7387 CTO 22-103(IP=43,GB)
141.147.46.91	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:07	HIVE Case #7874 CTO 22-181 (IP=91,DE)
141.161.61.101	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:35	HIVE Case #7258 CTO 22-082 (IP=101,US)
141.164.32.0	19	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6586 TO-S-2022-0085 (IP=0,KR)
141.164.34.38	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=38,KR)
141.164.37.122	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=122,KR)
141.164.38.223	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=223,KR)
141.164.38.46	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=46,KR)
141.164.39.117	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=117,KR)
141.164.39.200	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=200,KR)
141.164.41.231	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=231,KR)
141.164.45.200	32	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 17:05:48	HIVE Case #7873 CTO 22-180 (IP=200,KR)
141.164.48.103	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=103,KR)
141.164.48.2	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:16	HIVE Case #7894 CTO 22-187 (IP=2,KR)
141.164.50.181	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6513 CTO 21-309 (IP=181,KR)
141.164.50.184	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6443 CTO 21-300 (IP=184,KR)
141.164.52.94	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 18:09:59	HIVE Case #7921 CTO 22-193 (IP=94,KR)
141.164.55.74	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=74,KR)
141.164.57.216	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=216,KR)
141.164.59.13	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6037 CTO 21-226 (IP=13,KR)
141.164.62.108	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:06	HIVE Case #7881 CTO 22-182 (IP=108,KR)
141.223.107.133	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
141.237.71.207	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
141.255.146.4	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:04	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=4,FR)
141.255.162.201	24	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:28	SERVER-WEBAPP VMware Workspace ONE Access server side template injection attempt - Sourcefire (IP=201,CH)
141.255.162.5	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:47	HIVE Case #7904 CTO 22-189 (IP=5,CH)
141.255.164.50	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=50,CH)
141.255.164.53	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:47	HIVE Case #7325 CTO 22-091 (IP=53,CH)
141.38.2.9	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=9,DE)
141.40.9.211	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=211,DE)
141.94.15.242	24	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:11	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire (IP=242,FR)
141.94.176.118	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:46	HIVE Case #7325 CTO 22-091 (IP=118,FR)
141.94.176.124	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:23	HIVE Case #7115 CTO 22-060 (IP=124,FR)
141.94.18.190	24	AR	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 13:32:50	SERVER-WEBAPP Multiple products invalid HTTP request attempt - 6Hr Web Attacks (IP=190,DE)
141.94.19.113	24	AR	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 13:32:50	SERVER-WEBAPP Multiple products invalid HTTP request attempt - 6Hr Web Attacks (IP=113, DE)
141.94.194.162	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:37	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01375 (IP=162,FR)
141.94.54.253	24	RT	None	2021-11-14 00:00:00	2022-02-11 00:00:00	None	SQL injection - 6HR Web Attacks (IP=253,FR) | updated by AR Block expiration extended with reason SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - 6Hr Web Attacks (IP=253,DE)
141.94.78.17	32	RB	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:42	HTTP: PHPUnit Remote Code Execution Vulnerability - IR# 22C01244 (IP=17,FR)
141.95.141.196	32	DT	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:31	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01353 (IP=196,FR)
141.95.177.128	24	KD	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	SQL injection- Web Attacks (IP=128,DE)
141.95.18.135	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=135,FR)
141.95.64.100	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:22	HTTP: PHPUnit Remote Code Execution - IR# 22C01624 (IP=100,FR)
141.98.10.122	24	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 22:51:13	SIPVicious Security Scanner - IPS Events (IP=122,LT)
141.98.212.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
141.98.215.99	24	EE	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:49	HIVE Case #7697 IOC_CVE-2022-30190_Follina_Zero-Day (IP=99,PH)
141.98.6.162	24	RR	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-01 13:56:00	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=162,NL)
141.98.6.32	24	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:54	WordPress Contact Form 7 CVE-2020-35489 File Upload Vulnerability - IPS Events (IP=32,BG)
141.98.81.125	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:03	FireEye High Attacker (IP=125,PA)
141.98.83.77	24	AR	None	2021-11-15 00:00:00	2022-02-11 00:00:00	None	SQL injection - 6Hr Web Attacks (IP=77,PA)
141.98.85.170	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=170,RU)
142.103.1.1	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:55	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=1,CA)
142.11.194.144	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
142.11.204.121	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=121,US)
142.11.205.237	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=237,US)
142.11.216.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,US)
142.11.217.165	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=165,US)
142.11.217.60	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=60,US)
142.11.219.61	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=61,US)
142.11.219.81	32	AS	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 20:25:05	HIVE Case #8087 COLS-NA TIP 21-0366 (IP=81,US)
142.11.222.79	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:06	HIVE Case #7669 TO-S-2022-0187 (IP=79,US)
142.11.229.130	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=130,US)
142.11.234.209	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=209,US)
142.11.245.54	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
142.120.181.213	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:38	SQL injection - 6Hr Web Attacks (IP=213,CA)
142.132.213.143	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:02	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=143,DE)
142.176.164.68	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
142.202.205.59	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=59,US)
142.202.205.89	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=89,US)
142.234.157.105	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=105,US)
142.234.157.125	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=125,US)
142.234.157.155	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=155,US)
142.234.157.156	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=156,US)
142.234.157.160	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=160,US)
142.234.157.164	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=164,US)
142.234.157.184	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=184,US)
142.234.157.186	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=186,US)
142.234.157.206	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=206,US)
142.234.157.246	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:00	HIVE Case #7441 CTO 22-111 (IP=246,US)
142.234.157.93	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:07	HIVE Case #7669 TO-S-2022-0187 (IP=93,US)
142.250.179.110	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 16:36:16	HIVE Case #8047 COLS-NA TIP 21-0394 (IP=110,US)
142.251.35.193	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:56	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=193,US)
142.34.194.118	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields- Sourcefire (IP=118,CA)
142.4.105.147	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:18	HIVE Case #7816 TO-S-2022-0202 (IP=147,US)
142.4.123.180	32	WR	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	MALWARE-CNC Win.Backdoor.Chopper web shell connection (1:37245:4) - Sourcefire (IP=180,US)
142.4.19.202	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=202,US)
142.4.219.173	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=173,CA)
142.4.46.203	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:18	HIVE Case #7816 TO-S-2022-0202 (IP=203,US)
142.4.6.144	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=144,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=144,US)
142.4.7.118	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=118,US)
142.44.157.176	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:29	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01659 (IP=176,CA)
142.44.162.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
142.44.188.150	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CA TO-S-2021-1081 Hive Case 4872 Malware Activity
142.44.198.145	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:15	HIVE Case #7894 CTO 22-187 (IP=145,CA)
142.44.203.85	24	WR	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=85,CA)
142.44.212.169	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	CA TO-S-2021-1102 Malicious Email Activity
142.44.236.38	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:32	HIVE Case #7189 CTO 22-068.1 (IP=38,CA)
142.44.246.226	32	KH	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00775 (IP=226,CA)
142.59.66.66	24	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:40	FTP Login Failed - Failed Logons (IP=66,CA)
142.91.3.109	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:08	HIVE Case #7669 TO-S-2022-0187 (IP=109,US)
142.91.3.11	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:08	HIVE Case #7669 TO-S-2022-0187 (IP=11,US)
142.93.0.58	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:27	SQL injection - WebAttacks (IP=58,US)
142.93.10.187	32	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-13 13:47:54	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=187,US)
142.93.10.64	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:49	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - Sourcefire (IP=64,US)
142.93.101.26	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:36	SQL injection - 6HR WebAttack (IP=26,DE)
142.93.103.196	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:10	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=196,DE)
142.93.104.234	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:02	SQL injection - 6Hr Web Attacks (IP=234,DE)
142.93.106.39	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:35	SQL injection - 6 Hr Web Report (IP=39,DE)
142.93.11.195	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:51	SERVER-WEBAPP Java ClassLoader access attempt - SourceFire (IP=195,US)
142.93.113.41	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:40	SQL injection - Web Attacks (IP=41,US)
142.93.115.13	32	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:56	SQL injection - 6 Hr Web Report (IP=13,US)
142.93.116.38	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:38	POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (1:52561:2) - SourceFire (IP=38,US)
142.93.119.170	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:20	SQL injection - 6 Hr Web Report (IP=170,US)
142.93.119.173	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=173,US)
142.93.12.192	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:41	HTTP SQL Injection Attempt - Web Attacks (IP=192,US)
142.93.120.79	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:57	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=79,US)
142.93.122.4	32	KD	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-18 13:56:57	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt- Sourcefire (IP=4,US)
142.93.123.250	32	dbc	None	2019-05-06 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:45	Unaffiliated TO-S-2019-0640.01 Malware Activity | updated by ZH Block was inactive. Reactivated on 20220514 with reason SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - SourceFire (IP=250,US)
142.93.125.101	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 13:55:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=101,US)
142.93.125.30	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:57	POLICY-OTHER CA ARCserve Axis2 default credential login attempt - SourceFire (IP=30,US)
142.93.128.31	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:52	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=31,NL)
142.93.132.124	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:18	SQL injection - Web Attacks (IP=124,NL)
142.93.133.12	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:42	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=12,NL)
142.93.134.43	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:57	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=43,NL)
142.93.137.164	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:18	SQL injection - Web Attacks (IP=164,NL)
142.93.137.96	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:30	HIVE Case #7623 CTO 22-139 (IP=96,NL)
142.93.138.10	24	NAB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:11	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=10,NL)
142.93.143.145	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:20	SQL injection - WebAttacks (IP=145,NL)
142.93.144.59	24	DT	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:08	HTTP:SQLInjection-Exploit - Web Attacks (IP=59,CA
142.93.146.198	32	wmp	None	2021-06-15 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:07	Imperva Nuclei Vulnerability Scanner (IP=198,CA) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=198,CA) ArcSight ESM High Attacker Suspicious Scan Activity (IP=198,CA) | updated by SW Block was inactive. Reactivated on 20220816 with reason Hunt IP Block- ReputationDV Malware Event - IR# 22C01812 (IP=198,CA) Hunt IP Block- ReputationDV Malware Event - IR# 22C01812 (IP=198,CA)
142.93.146.198	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:07	Imperva Nuclei Vulnerability Scanner (IP=198,CA) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=198,CA) ArcSight ESM High Attacker Suspicious Scan Activity (IP=198,CA) | updated by SW Block was inactive. Reactivated on 20220816 with reason Hunt IP Block- ReputationDV Malware Event - IR# 22C01812 (IP=198,CA) Hunt IP Block- ReputationDV Malware Event - IR# 22C01812 (IP=198,CA)
142.93.146.198	32	wmp	None	2021-02-18 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:07	Imperva Nuclei Vulnerability Scanner (IP=198,CA) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=198,CA) ArcSight ESM High Attacker Suspicious Scan Activity (IP=198,CA) | updated by SW Block was inactive. Reactivated on 20220816 with reason Hunt IP Block- ReputationDV Malware Event - IR# 22C01812 (IP=198,CA) Hunt IP Block- ReputationDV Malware Event - IR# 22C01812 (IP=198,CA)
142.93.147.105	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:36	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttack (IP=105,CA)
142.93.147.85	24	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:09	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=85,CA)
142.93.149.154	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:46	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=154,CA)
142.93.15.179	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:23	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=179,US)
142.93.15.225	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:49	SQL injection - WebAttacks (IP=225,US)
142.93.150.83	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:19	SQL injection - Web Attacks (IP=83,CA)
142.93.151.76	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=76,CA)
142.93.151.76	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=76,CA)
142.93.152.40	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:54	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=40,CA)
142.93.153.27	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:54	SQL injection - WebAttacks (IP=27,CA)
142.93.154.2	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:28	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=2,CA)
142.93.155.252	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:46:59	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=252,CA)
142.93.156.14	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:51	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=14,CA)
142.93.158.215	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:42	SQL injection - Web Attacks (IP=215,CA)
142.93.159.209	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:29	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=209,CA)
142.93.160.67	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:48	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=67,DE)
142.93.160.67	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:25	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=67,DE)
142.93.161.152	24	WR	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 14:30:09	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=152,DE)
142.93.162.165	24	JP	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:10	SQL injection - 6HR Web Attacks (IP=165, DE)
142.93.168.91	24	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:02	SQL injection - WebAttacks (IP=91,DE)
142.93.169.11	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:40	SQL injection- Web Attacks (IP=11,DE)
142.93.170.140	24	WR	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 14:30:10	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=140,DE)
142.93.171.230	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:20	SQL injection - 6hr web attacks (IP=230,DE)
142.93.175.181	24	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:26	SQL injection - 6 Hr Web Report (IP=181,DE)
142.93.176.169	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:29	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=169,US)
142.93.176.178	32	NAB	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:39:59	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=178,US)
142.93.176.235	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:03	SQL injection - Web Attacks (IP=235,US)
142.93.177.157	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:25	HIVE Case #7227 CTO 22-076 (IP=157,US)
142.93.177.209	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:35	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - Source Fire (IP=209,US)
142.93.177.219	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:12	SERVER-WEBAPP Unraid Operating System PHP code injection attempt - SourceFire (IP=219,US)
142.93.177.61	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:17	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - Sourcefire Rpt (IP=61,US)
142.93.178.117	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 22:46:08	SQL injection - 6hr web attacks (IP=117,US)
142.93.178.124	32	BMP	None	2021-03-27 00:00:00	2022-03-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=124,US) | updated by AR Block was inactive. Reactivated on 20211201 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=124,US)
142.93.179.107	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:43	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=107,US)
142.93.179.41	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:28	SQL injection - 6 hr Web Attacks (IP=41,US)
142.93.179.53	32	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:36	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=53,US)
142.93.18.229	32	BB	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=229,US)
142.93.181.120	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:49	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=120,US)
142.93.181.187	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:09	SQL injection - Web Attacks (IP=187,US)
142.93.181.230	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:56	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=230,US)
142.93.181.252	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:44	SQL injection - Web Attacks (IP=252,US)
142.93.181.34	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:46	SQL injection - Web Attacks (IP=34,US)
142.93.182.200	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:25	SERVER-WEBAPP Terramaster TOS command injection attempt - SourceFire (IP=200,US)
142.93.183.144	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:17	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=144, US)
142.93.183.209	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:48	SQL injection - 6Hr Web Attacks (IP=209,US)
142.93.183.66	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:45	SERVER-WEBAPP Arcadyan routers path traversal attempt (1:58538:1) - SourceFire (IP=66,US)
142.93.184.123	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:51	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=123,US)
142.93.184.35	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:56	SQL injection - Web Attacks (IP=35,US)
142.93.185.161	32	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:54	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=161,US)
142.93.185.38	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:03	SQL injection - Web Attacks (IP=38,US)
142.93.186.151	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:25	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=151, US)
142.93.186.243	32	AR	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 13:39:19	SQL injection - Web Attacks (IP=243,US)
142.93.187.118	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:14	SQL injection - Web Attacks (IP=118,US)
142.93.187.46	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:19	HTTP: Apache mod_cgi Bash Environment Variable Code Injection- 6Hr Web Attacks(IP=46,US)
142.93.187.47	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:24	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=47,US)
142.93.187.83	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 13:54:19	SQL injection - WebAttacks (IP=83,US)
142.93.188.128	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:44	SQL injection - Web Attacks (IP=128,US)
142.93.189.115	32	KH	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:10	SQL injection - Web Attacks (IP=115,US)
142.93.189.198	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:08	SQL injection - WebAttacks (IP=198,US)
142.93.189.25	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:59	SQL injection - 6hr Web Attacks (IP=25,US)
142.93.189.62	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:32	SQL injection - Web Attacks (IP=62,US)
142.93.191.237	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:39	SQL injection - Web Attacks (IP=237,US)
142.93.191.78	32	SW	None	2022-01-24 00:00:00	2022-04-24 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - SourceFire (IP=78,US)
142.93.192.118	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:14	HIVE Case #8328 TO-S-2022-0230 (IP=118,US)
142.93.193.136	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:09	SERVER-WEBAPP rConfig compliance policies SQL injection attempt - SourceFire (IP=136,US)
142.93.193.9	32	AR	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:13	SQL injection - 6HR Web Attacks (IP=9,US)
142.93.195.152	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:49	SQL injection - WebAttacks (IP=152,US)
142.93.197.237	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:07	SQL injection - Web Attacks (IP=237,US)
142.93.198.11	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:48	SQL injection - 6hr Web Attacks (IP=11,US)
142.93.199.1	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:46	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=1,US)
142.93.199.28	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:53	HTTP SQL Injection Attempt - Web Attacks (IP=28,US)
142.93.2.155	32	KH	None	2022-01-24 00:00:00	2022-04-24 00:00:00	None	Case #6651 Exploit.Log4Shell.CVE-2021-44228 (IP=155,US)
142.93.2.160	32	SW	None	2022-01-24 00:00:00	2022-04-24 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (1:19439:10) - SourceFire (IP=160,US)
142.93.2.37	32	RS	None	2022-05-27 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:13	SQL injection - 6Hr Web Attacks (IP=37,US) | updated by SW Block expiration extended with reason vBulletin 5.x Remote Code Execution Attempt - IPS Events(IP=,37,US)
142.93.200.227	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:04	SQL injection - Web Attacks (IP=227,US)
142.93.201.102	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:09	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=102,US)
142.93.201.77	32	TLM	None	2022-04-27 00:00:00	2022-10-25 00:00:00	2022-04-27 20:54:08	HIVE Case #7480 CTO 22-117 (IP=77,US)
142.93.201.88	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:50	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=88,US)
142.93.204.150	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:19	HIVE Case #8395 TO-S-2022-0233 (IP=150,US)
142.93.208.133	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:43	SQL injection - WebAttacks (IP=133,IN)
142.93.209.117	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:21	SQL injection - Web Attacks (IP=117,IN)
142.93.210.115	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:25	SQL injection- 6hr Web Attacks (IP=115,IN)
142.93.212.153	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:35	SQL injection - 6 HR WebAttack (IP=153,IN)
142.93.214.233	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:04	SQL injection - 6Hr Web Attacks (IP=233,IN)
142.93.215.156	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:20	SQL injection - WebAttacks (IP=156,IN)
142.93.216.175	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:28	SQL injection - Web Attacks (IP=175,IN)
142.93.217.101	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:50	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Sourcefire (IP=101,IN)
142.93.218.87	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:21	SQL injection - WebAttacks (IP=87,IN)
142.93.219.3	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:33	SQL injection- Web Attacks (IP=3,IN)
142.93.220.97	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:46:59	SQL injection - 6Hr Web Attack (IP=97,IN)
142.93.221.3	24	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-04 00:19:34	SQL injection - 6hr Web Attacks (IP=3,IN)
142.93.222.189	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:08	SQL injection - Web Attacks (IP=189,IN)
142.93.223.233	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:42	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire Report (IP=233,IN)
142.93.224.147	24	TC	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:35	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - WebAttacks (IP=147,NL)
142.93.225.190	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:38	SQL injection - 6Hr Web Attacks (IP=190,NL)
142.93.225.27	32	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:40	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01489 (IP=27,US)
142.93.226.75	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:45	SERVER-WEBAPP Aviatrix Controller directory traversal attempt - SourceFire (IP=75,NL)
142.93.227.171	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:51	HTTP SQL Injection Attempt - 6HR Web Attacks (IP=171,NL)
142.93.228.51	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:09	SQL injection - Web Attacks (IP=51,NL)
142.93.230.189	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:32	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=189,NL)
142.93.231.236	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:07	SQL injection - WebAttacks (IP=236,NL)
142.93.232.177	24	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:07	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt - SourceFire (IP=177,NL)
142.93.233.12	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:20	SQL injection - Web Attacks (IP=12,NL)
142.93.234.2	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:57	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=2,NL)
142.93.237.231	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:42	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=231,NL)
142.93.238.98	24	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:30	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56162:2) - SourceFire (IP=98,NL)
142.93.239.113	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:40	SQL injection - 6hr web attacks (IP=113,NL)
142.93.240.103	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:31	SQL injection - WebAttacks (IP=103,US)
142.93.243.133	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=133,US)
142.93.243.200	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:14	SQL injection - WebAttacks (IP=200,US)
142.93.246.187	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:05	HTTP SQL Injection Attempt - Web Attacks (IP=187,US)
142.93.246.42	32	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:50:49	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Source Fire (IP=42,US)
142.93.247.124	32	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:52	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt- Sourcefire(IP=124,US)
142.93.253.177	32	JP	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 22:41:07	SQL Injection - 6HR Web Attacks (IP=177,US)
142.93.255.162	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:58	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=162,US)
142.93.32.171	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:17	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=171,GB)
142.93.33.132	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:40	SERVER-WEBAPP DrayTek multiple products command injection attempt(IP=132,CA)
142.93.34.250	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=250,GB)
142.93.35.157	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:17	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=157,GB)
142.93.38.85	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:46	SQL injection - Web Attacks (IP=85,GB)
142.93.39.5	24	RR	None	2018-12-13 06:00:00	2022-08-08 00:00:00	2022-05-11 00:05:01	Failed password for invalid user (IP=5,CA) | updated by RR with reason Illegal user - Failed Logons (IP=29,CA) | updated by ZH Block was inactive. Reactivated on 20220510 with reason SQL injection - 6hr Web Attacks (IP=5,GB)
142.93.40.156	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:46	SQL injection - Web Attacks (IP=156,GB)
142.93.41.11	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:05	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=11,GB)
142.93.42.207	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:44	SQL injection - 6Hr Web Attacks (IP=207,GB)
142.93.43.163	24	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:42:55	HTTP SQL Injection Attempt - 6HR Web Attack (IP=163,GB)
142.93.44.232	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:25	SQL injection - Web Attacks (IP=232,GB)
142.93.45.42	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=42,US)
142.93.46.210	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:37	SQL injection - 6HR WebAttack (IP=210,GB)
142.93.47.14	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:02	HTTP: Adobe ColdFusion File Upload Vulnerability (CVE-2018-15961) - 6Hr Web Attacks (IP=14,GB)
142.93.48.16	32	RR	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:29	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=16,US)
142.93.51.154	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:29	SQL injection - WebAttacks (IP=154,US)
142.93.52.238	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:56	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=238,US)
142.93.53.150	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:43	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=150,US)
142.93.56.50	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:27	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=50,US)
142.93.59.156	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:24	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=156,US)
142.93.59.222	32	TH	None	2022-09-04 00:00:00	2022-12-03 00:00:00	2022-09-05 13:56:21	SQL injection - 6 Hr Web Report (IP=222,US)
142.93.6.149	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:18	SQL injection - Web Attacks (IP=149,US)
142.93.61.216	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:24	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=216,US)
142.93.64.128	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:17	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:8) - Sourcefire Rpt (IP=128,US)
142.93.64.16	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:18	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - Sourcefire Rpt (IP=16,US)
142.93.65.196	32	AR	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-02 13:32:48	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=196,US)
142.93.65.47	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:03	SQL injection - Web Attacks (IP=47,US)
142.93.65.81	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:05	SQL injection - Web Attacks (IP=81,US)
142.93.66.135	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:56	SQL injection - Web Attacks (IP=135,US)
142.93.66.237	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:18	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=237,US)
142.93.67.182	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:47	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - SourceFire (IP=182,US)
142.93.67.254	32	TH	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-05 12:32:29	SQL injection - 6 Hr Web Report (IP=254,US)
142.93.69.151	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:06	SQL injection - Web Attacks (IP=151,US)
142.93.69.35	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:03	SQL injection - Web Attacks (IP=35,US)
142.93.70.209	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:51	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=209,US)
142.93.71.184	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:32	SQL injection - Web Attacks (IP=184,US)
142.93.71.77	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:56	SQL injection - 6hr Web Attacks (IP=77,US)
142.93.73.150	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:35	SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (1:52355:1) - SourceFire (IP=150, US)
142.93.73.236	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:29	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=236,US)
142.93.73.90	32	DT	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	SERVER-WEBAPP Atvise denial of service attempt - Web Attacks (IP=90,US)
142.93.75.209	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:33	SQL injection - Web Attacks (IP=209,US)
142.93.75.41	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:36	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=41,US)
142.93.76.174	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:36	Threat Request // DT / SQLi attempts - IR# 22C01641 (IP=174,US)
142.93.77.40	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:25	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59299:1) - SourceFire Report (IP=40,US)
142.93.78.7	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:54	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=7,US)
142.93.79.241	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=241, US)
142.93.8.153	32	NAB	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=153,US)
142.93.8.161	32	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (1:30040:5) - Source Fire (IP=161,US)
142.93.8.164	32	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - Source Fire (IP=164,US)
142.93.8.207	32	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:32	SQL injection - 6hr Web Attack (IP=,US)
142.93.97.62	24	ZH	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 23:42:52	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=62,DE)
142.93.98.193	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:04	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6 HR WebAttack (IP=193
143.0.252.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
143.100.53.160	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:26	FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (1:24154:7) - SourceFire (IP=160,US)
143.110.144.207	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:50	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SourceFire (IP=207,US)
143.110.144.224	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:47	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=224,US)
143.110.145.0	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:39	SQL injection - Web Attacks (IP=0,US)
143.110.145.218	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:03	SQL injection - WebAttacks (IP=218,US)
143.110.145.33	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:03	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=33,US)
143.110.146.221	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:55	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - Sourcefire (IP=221,US)
143.110.148.130	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:32	SQL injection - WebAttacks (IP=130,US)
143.110.148.147	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:15	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - SourceFire (IP=147,US)
143.110.148.217	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:46	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=217,US)
143.110.149.15	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:56	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt - SourceFire (IP=15,US)
143.110.149.96	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:52	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=96,US)
143.110.150.151	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:20	SQL injection - 6Hr Web Attacks (IP=151,US)
143.110.150.21	32	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-13 22:55:46	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt - WebAttacks (IP=21,US)
143.110.151.216	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-30 14:04:43	SQL injection - WebAttacks (IP=216,US)
143.110.152.97	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:10	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt - SourceFire (IP=97,US)
143.110.153.115	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:14	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=115,US)
143.110.153.170	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:06	SQL Injection - 6hr Web Attacks (IP=170,US)
143.110.153.60	32	AR	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:26	SQL injection - WebAttacks (IP=60,US)
143.110.154.102	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:34	HTTP SQL Injection Attempt - Web Attacks (IP=102,US)
143.110.154.184	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:23	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=184,US)
143.110.154.73	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:10	SQL injection - Web Attacks (IP=73,US)
143.110.154.73	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:10	SQL injection - Web Attacks (IP=73,US)
143.110.155.204	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:56	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (1:45421:2) - SourceFire (IP=204,US)
143.110.155.79	32	TC	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:15	SQL injection - Web Attacks (IP=79,US)
143.110.156.22	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:01	SQL injection - WebAttacks (IP=22,US)
143.110.156.244	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:10	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=244,US)
143.110.156.29	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:17	SIPVicious Security Scanner - FE IPS Events (IP=29,US)
143.110.156.70	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:50	SQL injection - 6Hr Web Attacks (IP=70,US)
143.110.156.73	32	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:41	SQL injection - Web Attacks (IP=73,US)
143.110.156.73	32	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:45	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=73,US)
143.110.157.132	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:04	SQL injection - Web Attacks (IP=132,US)
143.110.157.149	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:29	SQL injection - WebAttack (IP=149,US)
143.110.157.159	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:14	SQL injection - Web Attacks (IP=159,US)
143.110.157.64	32	AR	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:25	SQL injection - WebAttacks (IP=64,US)
143.110.158.17	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:13	SQL injection - 6Hr Web Attacks (IP=17,US)
143.110.158.207	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:26	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - SourceFire (IP=207,US)
143.110.158.59	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:36	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt (1:54162:1) - Source Fire (IP=59,US)
143.110.159.129	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:46	SQL injection - WebAttacks (IP=129,US)
143.110.176.236	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=236, IN)
143.110.178.184	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:38	SQL injection - 6Hr Web Attacks (IP=184,IN)
143.110.180.153	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:33	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire (IP=153,IN)
143.110.181.198	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:18	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=198,IN)
143.110.182.209	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:13	SQL injection - Web Attacks (IP=209,US)
143.110.182.53	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:20	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire Report (IP=,IN)
143.110.185.36	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:37	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=36,IN)
143.110.189.103	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=103, IN)
143.110.208.104	32	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:41	SQL injection - Web Attacks (IP=104,US)
143.110.208.60	32	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:20	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=60,US)
143.110.208.90	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:16	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=90,CA)
143.110.210.54	24	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:11	SQL injection - Web Attacks (IP=54,CA)
143.110.211.139	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:35	SQL injection - Web Attacks (IP=139,US)
143.110.212.224	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:21	SQL injection - Web Attacks (IP=224,US)
143.110.212.224	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:46	SERVER-WEBAPP rConfig snippets SQL injection attempt - SourceFire (IP=224,CA)
143.110.214.190	24	DT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:02	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - FireEye CMS (IP=190,CA)
143.110.215.176	24	WR	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 13:50:53	SQL injection- Web Attacks (IP=176,CA)
143.110.216.190	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:58	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=190,CA)
143.110.217.107	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:57	SQL injection - Web Attacks (IP=107,US)
143.110.217.124	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:34	SQL injection - Web Attacks (IP=124,US)
143.110.217.140	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:08	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=140,CA)
143.110.217.49	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:03	SQL injection - Web Attacks (IP=49,US)
143.110.218.159	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:18	SQL injection - 6hr Web Attacks (IP=159,CA)
143.110.219.147	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:48:01	HIVE Case #7356 CTO 22-096 (IP=147,CA)
143.110.219.215	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=215,CA)
143.110.220.25	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:35	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - SourceFire (IP=25,CA)
143.110.221.204	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=204,CA)
143.110.222.167	24	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:46:54	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire (IP=167,CA)
143.110.223.33	24	AR	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-28 13:57:31	SERVER-WEBAPP Facade Ignition remote code execution attempt - SourceFire (IP=33,CA)
143.110.223.40	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:54	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=40,CA)
143.110.224.37	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=37,US)
143.110.224.65	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 13:55:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=65,US)
143.110.224.91	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:25	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=91,US)
143.110.225.63	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:12	HTTP SQL Injection Attempt - Web Attacks (IP=63,US)
143.110.226.148	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:46	SQL injection - WebAttacks (IP=148,US)
143.110.226.20	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:08	SQL injection - 6 Hr Web Report (IP=20,US)
143.110.226.35	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:20	SQL injection - 6Hr Web Attacks (IP=35,US)
143.110.227.96	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:04	SQL injection - Web Attacks (IP=96,US)
143.110.228.131	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:46	SQL injection - WebAttacks (IP=131,US)
143.110.228.49	32	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:05	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt - SourceFire Report (IP=49,US)
143.110.228.84	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:01	SQL injection - Web Attacks (IP=84,US)
143.110.229.188	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:59	SQL injection - 6 Hr Web Report (IP=188,US)
143.110.230.126	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:33	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=126, US)
143.110.230.149	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:50	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire Rpt (IP=149,US)
143.110.230.149	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:15	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire Rpt (IP=149,US)
143.110.230.179	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:50	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Sourcefire Rpt (IP=179,US)
143.110.230.179	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:15	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Sourcefire Rpt (IP=179,US)
143.110.230.3	32	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:46	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=3,US)
143.110.231.121	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:03	SQL injection - 6Hr Web Attacks (IP=121,US)
143.110.231.30	32	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:44	SQL injection - 6HR Web Attacks (IP=30,US)
143.110.231.62	32	KH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:46	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=62,US)
143.110.232.100	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:28	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=100,US)
143.110.232.131	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:55	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - SourceFire (IP=131,US)
143.110.232.138	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:24	SQL injection - Web Attacks (IP=138,US)
143.110.233.73	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:24	SQL injection - Web Attacks (IP=73,US)
143.110.234.100	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:43	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=100,US)
143.110.234.203	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:12	ZyXEL NAS CVE-2020-9054 Remote Code Execution - FE CMS IPS Events (IP=203,US)
143.110.234.230	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:13	HTTP SQL Injection Attempt - Web Attacks (IP=230,US)
143.110.235.14	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:32	SERVER-APACHE Apache HTTP server SSRF attempt - Source Fire (IP=14,US)
143.110.235.244	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:04	SQL injection - Web Attacks (IP=244,US)
143.110.235.73	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:32	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=73,US)
143.110.235.84	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:14	File /etc/passwd Access Attempt Detect - IPS Events (IP=84,US)
143.110.236.248	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:19	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=248,US)
143.110.236.48	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:46	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=48,US)
143.110.237.106	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:56	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (3:57769:1) - SourceFire (IP=106,US)
143.110.237.226	32	ZH	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 22:47:32	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=226,US)
143.110.237.78	32	KH	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:27	File /etc/passwd Access Attempt Detect - FE CMS (IP=78,US)
143.110.237.81	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:53	SQL injection - 6 Hr Web Report (IP=81,US)
143.110.238.166	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:11	SQL injection - Web Attacks (IP=166,US)
143.110.238.166	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:11	SQL injection - Web Attacks (IP=166,US)
143.110.239.189	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:25	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=189,US)
143.110.239.192	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:51	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - Sourcefire Rpt (IP=192,US)
143.110.239.2	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:36	Possible Cross-site Scripting Attack - IPS Events (IP=2,US)
143.110.239.21	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:13	SQL injection - 6HR Web Attacks (IP=21,US)
143.110.240.113	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:55	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=113,IN)
143.110.241.104	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:43	HIVE Case #7416 CTO 22-106 (IP=104,IN)
143.110.242.139	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:08	HIVE Case #7564 TO-S-2022-0180 (IP=139,IN)
143.110.243.224	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:11	HTTP SQL Injection Attempt - Web Attacks (IP=224,US)
143.110.243.35	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:16	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire Report (IP=35,IN)
143.110.245.238	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:16	SERVER-OTHER PHP webshell upload attempt - SourceFire (IP=238,IN)
143.110.247.167	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:32	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Source Fire (IP=167,IN)
143.110.249.52	24	KH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:11	File /etc/passwd Access Attempt Detect - FE CMS (IP=52,IN)
143.110.249.87	32	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:20	HTTP SQL Injection Attempt - Web Attcks (IP=87,US)
143.110.250.149	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:08	HIVE Case #7564 TO-S-2022-0180 (IP=149,IN)
143.110.251.220	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:54	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=220, IN)
143.110.251.249	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:55	SQL injection - Web Attacks (IP=249,US)
143.110.252.184	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:12	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=184,IN)
143.110.253.47	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:10	SQL injection- 6hr Web Attacks (IP=47,IN)
143.110.254.121	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:10	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=121,US)
143.110.254.144	32	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:47	SQL injection - Web Attacks (IP=144,US)
143.110.254.161	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:10	SQL injection - Web Attacks (IP=161,US)
143.110.254.55	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:47	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=55,US)
143.110.254.86	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:50	SQL injection - 6Hr Web Attacks (IP=86,IN)
143.137.30.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
143.198.0.240	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:13	SQL injection - Web Attacks (IP=240,US)
143.198.1.7	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:04	SQL injection - 6 Hr Web Report (IP=7,US)
143.198.10.166	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:43	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) - SourceFire (IP=166,US)
143.198.10.221	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=221,US)
143.198.100.102	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:13	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=102,US)
143.198.100.123	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:08	SQL injection - 6Hr Web Attacks (IP=123,US)
143.198.100.143	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:50	FILE-OTHER Jackson databind deserialization remote code execution attempt (1:45015:3) - Sourcefire (IP=143,US)
143.198.100.240	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:46	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=240,US)
143.198.100.85	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:20	SQL injection - Web Attacks (IP=85,US)
143.198.101.130	32	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:11	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=130,US)
143.198.101.200	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:56:58	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt - SourceFire (IP=200,US)
143.198.101.45	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:38:42	SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt - SourceFire Report (IP=45,US)
143.198.102.207	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=207,US)
143.198.102.231	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:36	SQL injection - WebAttacks (IP=231,US)
143.198.102.255	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=102,US)
143.198.102.73	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:48	SQL injection - WebAttacks (IP=73,US)
143.198.103.123	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:07	SQL injection - 6hr Web Attacks (IP=123,US)
143.198.103.137	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:33	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21656:6) - SourceFire (IP=137,US)
143.198.103.40	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:51	SERVER-WEBAPP WordPress get_post authentication bypass attempt - SourceFire (IP=40,US)
143.198.104.144	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:11	SQL injection - Web Attacks (IP=144,US)
143.198.104.159	32	DT	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection - TT# 22C00462 (IP=159,US)
143.198.104.234	32	KH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:55:01	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=234,US)
143.198.105.164	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:19	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=164,US)
143.198.105.190	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:12	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=190,US)
143.198.105.20	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:33	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=20,US)
143.198.105.250	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:51	SQL injection - 6hr Web Attacks (IP=250,US)
143.198.106.205	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:32	SQL injection- 6 hour Web Attacks (IP=205,US)
143.198.106.98	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:25	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=98,US)
143.198.107.100	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:48	HTTP SQL Injection Attempt - Web Attacks (IP=100,US)
143.198.107.113	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:13	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (3:49987:3) - SourceFire (IP=113,US)
143.198.107.222	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:26	SQL injection - Web Attacks (IP=222,US)
143.198.108.130	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:48	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=130,US)
143.198.108.144	32	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:49	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=144,US)
143.198.108.217	32	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:00	SQL injection - Web Attack (IP=217,US)
143.198.108.221	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:09	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=221,US)
143.198.108.32	32	RS	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:08	Exploit.Log4Shell.CVE-2021-44228 - FE CMS Alerts (IP=32,US)
143.198.109.240	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:11	SQL injection- 6hr Web Attacks (IP=240,US)
143.198.111.120	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:53	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=120,US)
143.198.111.43	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:45	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=43,US)
143.198.112.130	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:05	SQL injection - Web Attacks (IP=130,US)
143.198.112.133	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:29	SQL injection - WebAttacks (IP=133,US)
143.198.112.231	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:05	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=231,US)
143.198.113.102	32	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:58	SIPVicious Security Scanner - FE CMS IPS Events (IP=102,US)
143.198.113.163	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:10	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=163,US)
143.198.113.34	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:30	SQL injection - 6 Hr Web Report (IP=34,US)
143.198.113.77	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:49	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - SourceFire (IP=77,US)
143.198.114.192	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:52:00	SQL injection - 6HR Web Attacks (IP=192,US)
143.198.115.89	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:14	SQL injection - Web Attacks (IP=89,US)
143.198.116.119	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:55	SERVER-WEBAPP Zimbra remote code execution attempt (1:29027:6) - SourceFire (IP=119,US)
143.198.116.26	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:00	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=26,US)
143.198.117.146	32	RS	None	2022-08-13 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:24	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=146,US) | updated by ZH Block expiration extended with reason SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=146,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=146,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=146,US)
143.198.117.200	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:36	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44329:2) - Source Fire (IP=200,US)
143.198.117.79	32	AR	None	2022-03-06 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:05	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire (IP=79,US) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=79,US)
143.198.118.19	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:48	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01574 (IP=19 ,US)
143.198.118.214	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:30	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt - Source Fire (IP=214,US)
143.198.119.117	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:56:58	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=117,US)
143.198.119.19	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - Web Attacks (IP=19,US)
143.198.119.27	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:20	SQL injection - Web Attacks (IP=27,US)
143.198.119.85	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:57	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=85,US)
143.198.12.60	32	AR	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 13:59:33	SQL injection - Web Attack (IP=60,US)
143.198.120.132	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:04	SQL injection - 6Hr Web Attacks (IP=132,US)
143.198.120.15	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:10	File /etc/passwd Access Attempt Detect - FE IPS (IP=15,US)
143.198.120.151	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:25	SQL injection - 6 Hr Web Report (IP=151,US)
143.198.120.159	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:24	SQL injection - 6hr Web Attacks (IP=159,US)
143.198.120.23	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:52	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=23,US)
143.198.121.167	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:48	SQL injection - 6hr Web Attacks (IP=167,US)
143.198.121.31	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:21	SQL injection - Web Attacks (IP=31,US)
143.198.122.33	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:14	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability (1:58555:1) - SourceFire Report (IP=33,US)
143.198.123.118	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:02	SQL injection - WebAttacks (IP=118,US)
143.198.123.150	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:30	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - SourceFire (IP=150,US)
143.198.123.219	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:26	SQL injection- 6hr Web Attacks (IP=219,US)
143.198.123.41	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:49	SQL injection - 6hr Web Attacks (IP=41,US)
143.198.124.205	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:56	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=205,US)
143.198.124.209	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:34	SQL injection- Web Attacks(IP=209,US)
143.198.126.250	32	TH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-26 13:48:04	SQL injection - 6 Hr Web Report (IP=250,US)
143.198.128.15	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:09	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - Sourcefire (IP=15,US)
143.198.128.159	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:20	SERVER-WEBAPP Unraid Operating System PHP code injection attempt (1:58550:1) - Sourcefire (IP=159,US)
143.198.128.32	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:21	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=32,US)
143.198.129.185	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:49	OpenSSL SSL_get_shared_ciphers Function Buffer Overflow (SSLv3) - FE IPS Events (IP=185,US)
143.198.129.237	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=237,US)
143.198.129.4	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:56:59	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=4,US)
143.198.13.247	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:34	SQL injection - 6 Hr Web Report (IP=247,US)
143.198.130.146	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:47	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=146,US)
143.198.130.171	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:27	SQL injection - Web Attacks (IP=171,US)
143.198.130.35	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:48	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=35,US)
143.198.130.70	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:00	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=70,US)
143.198.131.127	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:08	SQL injection - WebAttacks (IP=127,US)
143.198.131.157	32	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 13:50:53	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attacks (IP=157,US)
143.198.131.169	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:19	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=169,US)
143.198.131.217	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:21	SQL injection - 6Hr Web Attacks (IP=217,US)
143.198.131.245	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:19	SQL injection - 6hr Web Attacks (IP=245,US)
143.198.131.5	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:04	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=5,US)
143.198.132.171	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:58	SQL injection - 6Hr Web Attacks (IP=171,US)
143.198.132.235	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:21	SQL injection - Web Attacks (IP=235,US)
143.198.133.228	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:08	SQL injection - WebAttacks (IP=228,US)
143.198.133.94	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:30	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire Report (IP=94,US)
143.198.134.147	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:24	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=147,US)
143.198.134.181	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:08	SQL injection - Web Attacks (IP=181,US)
143.198.134.206	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:51	SERVER-WEBAPP Yealink Device Management server side request forgery attempt (1:57367:1) - Sourcefire (IP=206,US)
143.198.134.77	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:43	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire Report (IP=77,US)
143.198.134.94	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:17	SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt - SourceFire (IP=94,US)
143.198.135.100	32	DT	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-08 13:46:29	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - Source Fire (IP=59,US)
143.198.135.102	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=102,US)
143.198.135.20	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:51	SQL injection - 6Hr Web Attacks (IP=20,US)
143.198.135.238	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:32	SQL injection - Web Attacks (IP=238,US)
143.198.135.3	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:19	SQL injection - 6hr Web Attacks (IP=3,US)
143.198.136.123	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:22	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire (IP=123,US)
143.198.136.17	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:09	SQL injection - WebAttacks (IP=17,US)
143.198.136.61	32	RS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 13:54:05	SQL injection - Web Attacks (IP=61,US)
143.198.136.64	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:11	SQL injection - Web Attacks (IP=64,US)
143.198.136.88	32	KH	None	2021-10-26 00:00:00	2022-11-02 00:00:00	2022-08-04 22:59:39	Directory Traversal Attempt - FE IPS (IP=88,US) | updated by JP Block was inactive. Reactivated on 20220804 with reason HUNT IP Block Request - IR#: 22C01772 (IP=88,US)
143.198.137.117	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:04	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt - SourceFire (IP=117,US)
143.198.137.130	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:14	HIVE Case #7904 CTO 22-189 (IP=130,US)
143.198.137.20	32	RS	None	2022-11-03 00:00:00	2022-02-01 00:00:00	2022-12-14 22:51:23	FE_Webshell_PHP_Generic_1 - FE NX (IP=20,US)
143.198.137.205	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:27	SQL injection - Web Attacks (IP=205,US)
143.198.137.235	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:51	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire Rpt (IP=235,US)
143.198.137.249	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:48	SQL injection - WebAttacks (IP=249,US)
143.198.138.153	32	TC	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:59	SQL url ending in comment characters - possible sql injection attempt - WebAttacks (IP=153,US)
143.198.138.219	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:22	SQL injection - Web Attacks (IP=219,US)
143.198.138.221	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:33	SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt (1:48065:2) - SourceFire (IP=221,US)
143.198.138.87	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:05	SQL injection - 6Hr Web Attacks (IP=87,US)
143.198.139.167	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:56	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=167,US)
143.198.139.62	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:26	SQL injection- 6hr Web Attacks (IP=62,US)
143.198.14.177	32	TH	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 22:41:28	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR#22C01064 - (IP=177,US)
143.198.140.132	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:57	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=132,US)
143.198.140.52	32	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:25	SQL injection - 6 HR Web Attacks (IP=52,US)
143.198.140.77	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:09	SQL injection - Web Attacks (IP=77,US)
143.198.141.244	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:21	SQL injection - WebAttacks (IP=244,US)
143.198.141.36	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:10	HTTP SQL Injection Attempt - Web Attacks (IP=36,US)
143.198.141.63	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:21	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=63,US)
143.198.141.96	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:01	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=96,US)
143.198.142.221	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 13:44:17	SQL injection - WebAttacks (IP=221,US)
143.198.142.247	32	TC	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:59:00	SQL injection - WebAttacks (IP=247,US)
143.198.144.105	32	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:09	HTTP SQL Injection Attempt (IP=105,US)
143.198.144.141	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:48	SQL injection - Web Attacks (IP=141,US)
143.198.144.165	32	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:10	SQL injection- WebAttack(IP=165,US)
143.198.144.224	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:31	SERVER-WEBAPP Webmin password_change command injection attempt (1:51488:1) - SourceFire Report (IP=224,US)
143.198.144.63	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:53	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=63, US)
143.198.145.163	32	ZH	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 13:55:06	Webshell.Binary.php.FEC2 (IP=163,US)
143.198.145.195	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:36	SQL injection - 6Hr Web Attacks (IP=195,US)
143.198.145.48	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:39	SQL injection - WebAttacks (IP=48,US)
143.198.145.97	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:28	SQL injection - Web Attacks (IP=97,US)
143.198.146.119	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:43	SQL injection - 6 Hr Web Report (IP=119,US)
143.198.146.131	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:27	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917)- 6hr Web Attacks (IP=131,US)
143.198.146.165	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:00	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt - SourceFire (IP=165,US)
143.198.147.152	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:20	SQL injection - 6hr Web Attacks (IP=152,US)
143.198.147.170	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=170,US)
143.198.147.215	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:21	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=215,US)
143.198.147.241	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:20	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - Sourcefire Rpt (IP=241,US)
143.198.148.114	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:09	SQL injection - 6 Hr Web Report (IP=114,US)
143.198.148.125	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:12	SQL injection - Web Attacks (IP=125,US)
143.198.148.177	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:05	SQL injection - 6HR Web Attacks (IP=177,US)
143.198.148.210	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:07	SQL injection - Web Attacks (IP=210,US)
143.198.148.87	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:49	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=87,US)
143.198.148.97	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:54	SQL injection - 6 Hr Web Report (IP=97,US)
143.198.149.178	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:04	SQL injection - Web Attacks (IP=178,US)
143.198.149.215	32	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 13:59:35	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=215,US)
143.198.149.217	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:26	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - SourceFire (IP=217,US)
143.198.149.59	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:08	SQL injection - WebAttacks (IP=59,US)
143.198.149.87	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:08	SQL injection - Web Attacks (IP=87,US)
143.198.15.234	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:57	SQL injection - 6hr Web Attacks (IP=234,US)
143.198.15.27	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:05	SQL injection - Web Attacks (IP=27,US)
143.198.150.177	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:53	SQL injection - 6 HR WebAttack (IP=177,US)
143.198.150.188	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:20	SQL injection - 6hr web attacks (IP=188,US)
143.198.151.162	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:11	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=162,US)
143.198.153.179	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:06	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=179,US)
143.198.153.196	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:02	SQL injection - 6Hr Web Attacks (IP=196,US)
143.198.153.234	32	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:28	SQL Injection - 6Hr Web Attacks (IP=234,US)
143.198.153.30	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:20	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=30,US)
143.198.153.99	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:15	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=99,US)
143.198.154.5	32	TH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-26 13:48:06	SQL injection - 6 Hr Web Report (IP=5,US)
143.198.155.246	32	TH	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-05 12:32:29	SQL injection - 6 Hr Web Report (IP=246,US)
143.198.156.150	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:21	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Sourcefire Rpt (IP=150,US)
143.198.156.176	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:41	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=176, US)
143.198.156.223	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:18	SERVER-WEBAPP CGit cgit_clone_objects function directory traversal attempt - SourceFire (IP=223,US)
143.198.156.71	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:36	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58722:5) - SourceFire (IP=71,US)
143.198.157.65	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:51	SQL injection - 6hr Web Attacks (IP=65,US)
143.198.157.74	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:21	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - Sourcefire Rpt (IP=74,US)
143.198.157.88	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:34	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - Sourcefire (IP=88,US)
143.198.158.179	32	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:26	SQL injection - 6 HR Web Attacks (IP=179,US)
143.198.158.192	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:21	SQL injection - 6hr Web Attacks (IP=192,US)
143.198.158.66	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:01	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=66,US)
143.198.159.124	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:37	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt (1:57438:1) - SourceFire (IP=124,US)
143.198.16.132	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:18	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58726:6) - SourceFire (IP=132, US)
143.198.16.133	32	TH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:14	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=133,US)
143.198.16.158	32	RB	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:15	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=158,US)
143.198.16.179	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:20	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=179, US)
143.198.16.226	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:20	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=226,US)
143.198.16.251	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:38	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=251,US)
143.198.160.227	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:12	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=227,US)
143.198.160.59	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:27	Adobe ColdFusion Administrator Access Restriction - 6 HR WebAttacks (IP=59,US)
143.198.161.120	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:54	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=120, US)
143.198.161.207	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:11	SQL injection - Web Attacks (IP=207,US)
143.198.163.122	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:49	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=122,US)
143.198.163.66	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:27	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58723:5) - SourceFire (IP=66,US)
143.198.164.105	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:52	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=105,US)
143.198.164.158	32	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:00	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=158,US)
143.198.164.179	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:22	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - Sourcefire Rpt (IP=179,US)
143.198.164.90	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:02	SQL injection - WebAttacks (IP=90,US)
143.198.165.123	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 13:54:20	SQL injection - WebAttacks (IP=123,US)
143.198.165.124	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:35	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=124,US)
143.198.165.135	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:43	SQL injection - 6Hr Web Attacks (IP=135,US)
143.198.165.149	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:07	SQL injection - 6Hr Web Attacks (IP=149,US)
143.198.165.190	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:10	SQL injection - Web Attacks (IP=190,US)
143.198.165.216	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:47	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=216,US)
143.198.166.254	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:32	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=254,US)
143.198.168.137	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:52	SQL injection - 6hr Web Attacks (IP=137,US)
143.198.168.230	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:49	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=230,US)
143.198.169.100	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:16	SQL injection - 6hr Web Attacks (IP=100,US)
143.198.169.68	32	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:27	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=68,US)
143.198.17.218	32	AR	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:35:41	FEC_Webshell_PHP_Generic_43 - FireEye CMS (IP=218,US)
143.198.17.77	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:52	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=77,US)
143.198.170.100	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:11	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt - SourceFire (IP=100,US)
143.198.170.161	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:50	SQL injection - WebAttacks (IP=161,US)
143.198.170.196	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:04	SQL injection - Web Attacks (IP=196,US)
143.198.170.242	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:38	SQL injection - 6 Hr Web Report (IP=242,US)
143.198.170.85	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:06	SQL injection - 6Hr Web Attacks (IP=85,US)
143.198.171.63	32	KD	None	2021-10-14 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00152 (IP=63,US) | updated by ZH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=63,US)
143.198.172.45	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:15	SQL injection - Web Attacks (IP=45,US)
143.198.172.52	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=52,US)
143.198.173.112	32	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:08	SQL injection - Web Attacks (IP=112,US)
143.198.173.149	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:45	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Source Fire (IP=149,US)
143.198.173.175	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:26	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=175,US)
143.198.173.53	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:51	SQL injection - WebAttacks (IP=53,US)
143.198.174.221	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=221,US)
143.198.177.56	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:45	SQL injection - 6hr Web Attacks (IP=56,US)
143.198.179.146	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:50	Seowon 130-SLC router queriesCnt Remote Code Execution - FE IPS Events (IP=146,US)
143.198.179.182	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:21	SQL injection - 6hr Web Attacks (IP=182,US)
143.198.18.206	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:58	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=206,US)
143.198.18.254	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=254,US)
143.198.18.94	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:13	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=94,US)
143.198.180.168	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:39	SQL injection - 6 Hr Web Report (IP=168,US)
143.198.181.183	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:39	SQL injection - 6 Hr Web Report (IP=183,US)
143.198.182.51	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:27	SQL injection - Web Attacks (IP=51,US)
143.198.183.124	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:14	SQL injection - Web Attacks (IP=124,US)
143.198.185.216	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:05	SQL injection - Web Attacks (IP=216,US)
143.198.187.101	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:18	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=101,US)
143.198.189.102	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:16	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (1:50304:2) - SourceFire (IP=102,US)
143.198.190.162	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:10	SQL injection - WebAttacks (IP=162,US)
143.198.190.183	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:39	SERVER-WEBAPP Java ClassLoader access attempt - SourceFire (IP=183,US)
143.198.191.90	32	SW	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:21	SQL injection - WebAttacks (IP=90,US)
143.198.194.129	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:13	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire Report (IP=129,SG)
143.198.196.249	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:05	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=249,SG)
143.198.198.154	24	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:40	SQL injection - 6Hr Web Attacks (IP=154,SG)
143.198.2.108	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:12	SQL injection - WebAttacks (IP=108,US)
143.198.2.175	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:36	SQL injection - 6 Hr Web Report (IP=175,US)
143.198.2.199	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:31	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=199,US)
143.198.20.151	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=151,US)
143.198.201.23	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 22:27:57	SQL injection - WebAttacks (IP=23,US)
143.198.204.158	24	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:41	SQL injection - 6Hr Web Attacks (IP=158,US)
143.198.206.229	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:47	SQL injection - WebAttacks (IP=229,US)
143.198.21.169	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:53	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=169,US)
143.198.21.176	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:30	SQL injection - WebAttacks (IP=176,US)
143.198.21.196	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:53	SERVER-WEBAPP Java ClassLoader access attempt - SourceFire (IP=196,US)
143.198.21.235	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:48	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=235,US)
143.198.22.110	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=110,US)
143.198.22.62	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQL Injection - ABC Report (IP=62,US)
143.198.224.27	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:41	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=27,US)
143.198.225.152	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:10	SERVER-OTHER Apache Log4j logging remote code execution attempt - Sourcefire (IP=152,US)
143.198.225.190	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:32	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59298:1) - SourceFire Report (IP=190,US)
143.198.225.197	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:37	SIPVicious Security Scanner - IPS Events (IP=197,US)
143.198.225.88	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:58	POLICY-OSAER Micro Focus Operations Bridge default credentials login attempt (1:57495:1) - SourceFire Report (IP=88,US)
143.198.225.9	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:35	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=9,US)
143.198.226.63	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:36	SQL injection - Web Attacks (IP=63,US)
143.198.227.138	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:01	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=138,US)
143.198.227.17	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:14	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=17,US)
143.198.227.29	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:01	SQL injection - 6Hr Web Attacks (IP=29,US)
143.198.227.67	32	AR	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 13:59:03	Webshell.Binary.php.FEC2 - FE NX (IP=67,US)
143.198.227.92	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=92,US)
143.198.229.179	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:33	HIVE Case #7653 CTO 22-144 (IP=179,US)
143.198.229.248	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:36	SQL injection - 6 Hr Web Report (IP=248,US)
143.198.229.92	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:05	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire Report (IP=92,US)
143.198.230.153	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:45	SQL injection - Web Attacks (IP=153,US)
143.198.230.66	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:49	SQL injection - WebAttacks (IP=66,US)
143.198.231.148	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:56	SQL injection - WebAttacks (IP=148,US)
143.198.231.200	32	KH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:38	SQL injection - Web Attacks (IP=200,US)
143.198.232.153	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:18	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - Sourcefire Rpt (IP=153,US)
143.198.232.249	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:43	SERVER-WEBAPP VMware vCenter Server file upload attempt (1:58219:1) - SourceFire Report (IP=249,US)
143.198.232.60	32	TH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-29 13:57:19	SQL injection - 6 Hr Web Report (IP=60,US)
143.198.233.176	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:07	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=176,US)
143.198.233.231	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:35	HTTP: SQL Injection - Exploit II - Web Attacks (IP=231,US)
143.198.233.48	32	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:53	SQL injection - 6 Hr Web Report (IP=48,US)
143.198.234.229	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:02	HTTP SQL Injection Attempt - Web Attacks (IP=229,US)
143.198.234.27	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:12	SQL injection - Web Attacks (IP=27,US)
143.198.235.162	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:38	SQL injection - 6Hr Web Attacks (IP=162,US)
143.198.235.173	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:15:13	SQL injection - Web Attacks (IP=173,US)
143.198.236.185	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:10	File /etc/passwd Access Attempt Detect - FE IPS (IP=185,US)
143.198.237.103	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:12	HTTP SQL Injection Attempt- 6hr Web Attacks (IP=103,US)
143.198.237.218	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:22	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=218,US)
143.198.237.82	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:54	SQL injection - WebAttacks (IP=82,US)
143.198.238.138	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:23	HTTP: SQL Injection - Exploit - Web Attacks (IP=138,US)
143.198.238.87	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:07	SIPVicious Security Scanner - IPS Events (IP=87,US)
143.198.239.127	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=127,US)
143.198.239.163	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:28	SQL injection- 6hr Web Attacks (IP=163,US)
143.198.239.185	32	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 22:56:33	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=185,US)
143.198.239.238	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:48	SQL injection - 6Hr Web Attacks (IP=238,US)
143.198.24.191	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:06	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - SourceFire (IP=191,US)
143.198.24.233	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=233,US)
143.198.24.95	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:51	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=95,US)
143.198.25.200	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:35	SQL injection - 6Hr Web Attacks (IP=200,US)
143.198.26.153	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:26	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=153,US)
143.198.26.207	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:06	SQL injection - Web Attacks (IP=207,US)
143.198.26.230	32	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection - ABCReport (IP=230,US)
143.198.27.119	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:32	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Source Fire (IP=119,US)
143.198.27.154	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:32	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - Source Fire (IP=154,US)
143.198.27.211	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:03	SQL injection - 6 Hr Web Report (IP=211,US)
143.198.27.220	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:55	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=220, US)
143.198.27.242	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:32	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=242, US)
143.198.27.253	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:44	SQL injection - Web Attacks (IP=253,US)
143.198.27.68	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:31	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=68, US)
143.198.28.119	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:36	SQL injection - Web Attacks (IP=119,US)
143.198.28.78	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:07	SQL injection - 6 Hr Web Report (IP=78,US)
143.198.29.176	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:39	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=176,US)
143.198.29.187	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:58	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=187,US)
143.198.3.224	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:58	SQL injection - Web Attacks (IP=224,US)
143.198.3.70	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:46	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=70,US)
143.198.30.247	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:50	SQL injection - 6Hr Web Attacks (IP=247,US)
143.198.30.85	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:13	SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt - Sourcefire (IP=85,US)
143.198.31.128	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:07	SQL injection - WebAttacks (IP=128,US)
143.198.31.129	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:52	SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (1:51925:4) - Sourcefire Rpt (IP=129,US)
143.198.31.209	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:53	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire Rpt (IP=209,US)
143.198.31.219	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:01	SQL injection - 6hr Web Attacks (IP=219,US)
143.198.31.251	32	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 22:41:18	SQL injection - 6hr Web Attacks (IP=251,US)
143.198.32.72	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=72,CA)
143.198.33.92	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:10	SQL injection- Web Attacks(IP=92,CA)
143.198.34.3	32	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-13 13:47:55	SQL injection - WebAttacks (IP=3,US)
143.198.35.38	24	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:47	HTTP: PHP File Inclusion Vulnerability- Web Attacks(IP=38,DE)
143.198.36.135	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:45	File /etc/passwd Access Attempt Detect - IPS Events(IP=135,CA)
143.198.37.243	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:23	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - SourceFire (IP=243,CA)
143.198.38.138	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:45	SQL injection - Web Attacks (IP=138,US)
143.198.38.178	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:28	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttacks (IP=178,US)
143.198.38.226	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:34	SQL injection - 6Hr Web Attacks (IP=226,US)
143.198.39.140	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:35	SQL injection - 6 Hr Web Report (IP=140,CA)
143.198.4.150	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:09	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=150,US)
143.198.4.65	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:23	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - Sourcefire Rpt (IP=65,US)
143.198.40.95	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:19	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=95,CA)
143.198.41.126	32	JY	None	2022-09-22 00:00:00	2022-12-22 00:00:00	2022-09-22 22:55:17	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=126,US)
143.198.41.181	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:12	SQL injection - 6Hr Web Attack (IP=181,US)
143.198.41.71	24	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 13:54:45	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=71,CA)
143.198.42.10	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:23	SQL injection - 6hr Web Attacks (IP=10,US)
143.198.42.10	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:23	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - Sourcefire Rpt (IP=10,CA)
143.198.42.198	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:58	SQL injection - Web Attacks (IP=198,US)
143.198.42.51	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:24	Artica Web Proxy SQL Injection Vulnerability - 6hr Web Attacks (IP=51,US)
143.198.42.98	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:45	SQL injection - Web Attacks (IP=98,US)
143.198.43.228	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:38	HTTP: SQL Injection - Exploit - Web Attacks (IP=228,CA)
143.198.44.57	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:13	SQL injection - 6 Hr Web Report (IP=57,CA)
143.198.44.84	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:53	SQL injection - Web Attacks (IP=84,US)
143.198.45.117	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=117,CA)
143.198.45.160	24	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:38	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=160,CA)
143.198.46.100	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-27 13:46:41	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=100,CA)
143.198.47.124	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=124,US)
143.198.47.19	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:26	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=19,CA)
143.198.47.27	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:28	SQL injection - Web Attacks (IP=27,US)
143.198.48.149	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:22	SQL injection - WebAttacks (IP=149,US)
143.198.48.152	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:31	SQL injection - 6 hr Web Attacks (IP=152,US)
143.198.49.209	32	KH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00037 (IP=209,US)
143.198.49.239	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:27	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=239,US)
143.198.49.246	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:50	HIVE Case #7820 CTO 22-174 (IP=246,US)
143.198.49.253	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:08	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=253,US)
143.198.49.63	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:51	SERVER-APACHE Apache Struts2 blacklisted method redirectAction - SourceFire (IP=63,US)
143.198.50.155	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:22	SQL injection - Web Attacks (IP=155,US)
143.198.50.29	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:24	SQL injection - 6hr Web Attacks (IP=29,US)
143.198.51.128	32	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:52	SQL injection - 6 Hr Web Report (IP=128,US)
143.198.51.13	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:01	SQL injection - WebAttacks (IP=13,US)
143.198.52.248	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:47	SQL injection - Web Attacks (IP=248,US)
143.198.53.156	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:12	HTTP SQL Injection Attempt - Web Attacks (IP=156,US)
143.198.53.174	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:24	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=174,US)
143.198.53.228	32	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:48	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=228,US)
143.198.53.253	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:25	SQL union select - possible sql injection attempt - POST parameter - Sourcefire (IP=253,US)
143.198.53.75	32	AR	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:27	SQL injection - WebAttacks (IP=75,US)
143.198.54.177	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=177,US)
143.198.55.16	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:45	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - SourceFire (IP=16,US)
143.198.55.221	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:00	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt - SourceFire (IP=221,US)
143.198.55.239	32	TH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-16 13:52:00	SQL injection - 6 Hr Web Report (IP=239,US)
143.198.56.129	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:13	SQL injection - Web Attacks (IP=129,US)
143.198.56.23	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:02	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - SourceFire (IP=23,US)
143.198.56.238	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:37	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - Source Fire (IP=238,US)
143.198.58.17	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:03	SQL injection - 6 Hr Web Report (IP=17,US)
143.198.58.206	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:56	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) SourceFire (IP=206,US)
143.198.58.91	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:44	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (1:57492:1) - SourceFire (IP=91,US)
143.198.58.99	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:37	SQL injection - Web Attacks (IP=99,US)
143.198.59.195	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:22	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - SourceFire Report (IP=195,US)
143.198.6.20	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:16	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=20,US)
143.198.6.52	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:07	SQL injection - WebAttacks (IP=52,US)
143.198.6.61	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:40	SQL injection - 6 Hr Web Report (IP=61,US)
143.198.60.98	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:46	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=98,US)
143.198.61.125	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=125,US)
143.198.61.125	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=125,US)
143.198.62.134	32	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:49	SQL injection - Web Attacks (IP=134,US)
143.198.62.200	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:25	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=200,US)
143.198.62.206	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:08	SQL injection - WebAttacks (IP=206,US)
143.198.63.102	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:50	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=102,US)
143.198.63.119	32	RB	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 22:47:32	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=119, US)
143.198.63.159	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:51	SQL injection - 6Hr Web Attacks (IP=159,US)
143.198.63.228	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:23	SQL injection - WebAttacks (IP=228,US)
143.198.63.231	32	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:22	SQL injection - Web Attacks (IP=231,US)
143.198.64.113	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 22:52:33	SQL injection - WebAttacks (IP=113,US)
143.198.64.212	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:40	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=212,US)
143.198.64.73	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:50	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - SourceFire (IP=73,US)
143.198.65.19	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=19,US)
143.198.65.205	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:41	SERVER-WEBAPP Multiple products invalid HTTP request attempt (1:40880:8) - SourceFire (IP=205,US)
143.198.65.21	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:29	File /etc/passwd Access Attempt Detect - FE CMS IPS alert (IP=21,US)
143.198.65.46	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:57	SQL injection - 6 Hr Web Report (IP=46,US)
143.198.67.139	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:14	SQL injection - 6HR Web Attacks (IP=139,US)
143.198.67.143	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:55:00	SQL injection - 6hr Web Attacks (IP=143,US)
143.198.67.21	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:24	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire Rpt (IP=21,US)
143.198.67.66	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=66,US)
143.198.67.82	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:22	SQL injection - Web Attacks (IP=82,US)
143.198.69.115	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:02	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - SourceFire (IP=115,US)
143.198.69.146	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:18	SQL injection - 6 Hr Web Report (IP=146,US)
143.198.69.164	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:06	SQL injection - Web Attacks (IP=164,US)
143.198.69.190	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:47	SQL injection - WebAttacks (IP=190,US)
143.198.69.201	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:58	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=201,US)
143.198.69.209	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:40	SQL injection - Web Attacks (IP=209,US)
143.198.7.149	32	RR	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:49:00	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt - SourceFire (IP=149,US)
143.198.7.171	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:56	SQL injection - WebAttacks (IP=171,US)
143.198.7.26	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:51	SQL injection - 6hr Web Attacks (IP=26,US)
143.198.70.100	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:11	SQL injection - Web Attacks (IP=100,US)
143.198.70.105	32	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:36	SQL injection - 6Hr Web Attack (IP=105,US)
143.198.70.118	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:44	SERVER-WEBAPP Cisco ASA cross site scripting attempt (1:57857:1) - SourceFire (IP=118,US)
143.198.70.230	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:06	SQL injection - 6hr Web Attacks (IP=230,US)
143.198.70.3	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:50	HTTP: Detect PHP-CGI Remote code Execution vulnerability - WebAttacks (IP=3,US)
143.198.70.70	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:06	SQL Injection - 6hr Web Attacks (IP=70,US)
143.198.70.78	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:45	SQL injection - Web Attacks (IP=78,US)
143.198.71.100	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:07	SQL injection - Web Attacks (IP=100,US)
143.198.71.118	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:29	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=118,US)
143.198.71.190	32	NAB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=190,US)
143.198.72.101	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:41	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=101,US)
143.198.72.182	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:24	MALWARE-BACKDOOR JSP webshell backdoor detected - SourceFire (IP=182,US)
143.198.72.200	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:02	SQL injection - 6hr web attacks (IP=200,US)
143.198.72.232	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:41	SQL injection - 6Hr Web Attacks (IP=232,US)
143.198.72.61	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:08	SQL injection - WebAttacks (IP=61,US)
143.198.72.80	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:27	SQL injection - 6 Hr Web Report (IP=80,US)
143.198.72.98	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:02	SQL injection - 6hr web attacks (IP=98,US)
143.198.73.124	32	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:52	SQL injection - 6 Hr Web Report (IP=124,US)
143.198.73.223	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:19	SQL injection - Web Attacks (IP=223,US)
143.198.73.59	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:57	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=59,US)
143.198.73.60	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:25	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=60,US)
143.198.74.114	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:14	SQL injection - Web Attacks (IP=114,US)
143.198.74.116	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:20	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (1:57492:1) - SourceFire (IP=116, US)
143.198.74.162	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:09	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=162,US)
143.198.74.166	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:28	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttacks (IP=166,US)
143.198.74.27	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:13	SQL injection - Web Attacks (IP=27,US)
143.198.74.79	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:52	SIPVicious Security Scanner - IPS Events (IP=79,US)
143.198.75.163	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:26	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - SourceFire (IP=163,US)
143.198.75.244	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:52:01	SQL injection - 6HR Web Attacks (IP=244,US)
143.198.76.100	32	AR	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - - 6Hr Web Attacks (IP=100,US)
143.198.76.178	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:50	SQL injection - WebAttacks (IP=178,US)
143.198.76.39	32	BB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=39,US)
143.198.76.42	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:15	SQL injection - Web Attacks (IP=42,US)
143.198.77.10	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:53	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=10,US)
143.198.77.184	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:33	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=184,US)
143.198.78.230	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:12	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - SourceFire (IP=230,US)
143.198.78.255	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:15	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=255,US)
143.198.78.66	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:31	SQL injection - WebAttacks (IP=66,US)
143.198.79.238	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:33	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=238,US)
143.198.79.71	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 13:55:37	SQL injection - 6hr Web Attacks (IP=71,US)
143.198.9.73	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:43	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=73, US)
143.198.9.8	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:53	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=8,US)
143.198.96.123	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:47	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=123,US)
143.198.96.143	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:02	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=143,US)
143.198.96.155	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:21	SQL injection - Web Attacks (IP=155,US)
143.198.96.214	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:34	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - Sourcefire (IP=214,US)
143.198.96.245	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:35	SQL injection - 6Hr Web Attacks (IP=245,US)
143.198.97.69	32	RR	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:06	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=69,US)
143.198.97.70	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:08	SQL injection - Web Attacks (IP=70,US)
143.198.97.74	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:22	SQL injection - 6hr Web Attacks (IP=74,US)
143.198.97.94	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:28	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=94,US)
143.198.98.137	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:58	SQL injection - Web Attacks (IP=137,US)
143.198.98.195	32	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:25	SQL injection - Web Attacks (IP=195,US)
143.198.98.243	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:25	SQL injection - 6hr Web Attacks (IP=243,US)
143.198.98.52	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:03	SERVER-WEBAPP VMware vCenter Server file upload attempt - SourceFire (IP=52,US)
143.202.188.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
143.244.129.171	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:25	HTTP: SQL Injection - Exploit II - Web Attacks (IP=171,US)
143.244.129.233	24	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SQL injection - 6HR WebAttacks (IP=233,IN)
143.244.129.86	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:36	SQL injection - 6 Hr Web Report (IP=86,IN)
143.244.130.165	24	NAB	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:14	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=165,IN)
143.244.130.46	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=46,IN)
143.244.131.35	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:37	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=35,IN)
143.244.132.146	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=146,IN)
143.244.132.231	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:51	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=231,IO)
143.244.133.110	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:22	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Source Fire (IP=110,IN)
143.244.133.143	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:25	SQL injection - Web Attacks (IP=143,US)
143.244.133.57	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:49	SQL injection - Web Attacks (IP=57,US)
143.244.134.14	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:07	SQL injection - Web Attacks (IP=14,IN)
143.244.134.21	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=21,IN)
143.244.135.106	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:49	SQL injection - 6Hr Web Attack (IP=106,IN)
143.244.136.216	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:39	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=216,IN)
143.244.137.193	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:59	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=193,IN)
143.244.138.115	24	TH	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:49:01	Exploit.Log4Shell.CVE-2021-44228 - FireEye Alerts (IP=115,IN)
143.244.139.51	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:23	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - Source Fire (IP=51,IN)
143.244.140.129	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:34	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=129,IN)
143.244.140.171	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:47	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=171,IN)
143.244.141.222	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:48	POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (1:52561:2) - SourceFire (IP=222,IO)
143.244.142.148	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:40	SQL injection- Web Attacks (IP=148,IN)
143.244.143.50	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:42	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=50,IN)
143.244.144.110	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:30	SQL injection - WebAttack (IP=110,US)
143.244.144.85	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:11	SQL injection - Web Attacks (IP=85,US)
143.244.145.139	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:30	SQL injection - Web Attacks (IP=139,US)
143.244.145.140	32	AR	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 22C00300 (IP=140,US)
143.244.146.59	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:16	HTTP SQL Injection Attempt - Web Attacks (IP=59,US)
143.244.147.100	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:02	SQL injection - WebAttacks (IP=100,US)
143.244.147.22	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:44	SQL injection - 6 Hr Web Report (IP=22,US)
143.244.148.82	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:07	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=82,US)
143.244.148.89	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:35	HTTP: SQL Injection - Exploit - Web Attacks (IP=89,US)
143.244.149.214	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:25	SQL injection - 6hr Web Attacks (IP=214,US)
143.244.150.226	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:19	SQL injection - 6hr Web Attacks (IP=226,US)
143.244.150.57	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:54	SQL injection - WebAttacks (IP=57,US)
143.244.151.232	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=232,US)
143.244.151.232	24	BB	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	SQL use of concat function with select - likely SQL injection (1:24172:2) - Sourcefire (IP=232,US )
143.244.152.253	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:52	SQL injection - 6 Hr Web Report (IP=253,US)
143.244.152.87	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:10	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=87,US)
143.244.153.201	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:36	SQL injection - 6 Hr Web Report (IP=201,US)
143.244.154.14	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:39	SQL injection - 6 Hr Web Report (IP=14,US)
143.244.154.147	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:29	SQL injection - 6 Hr Web Report (IP=147,US)
143.244.154.216	32	RB	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:53	Hive Case #6651 (IP=216,US)
143.244.154.252	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:49	SQL injection - 6Hr Web Attacks (IP=252,US)
143.244.155.109	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:02	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=109,US)
143.244.155.203	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:06	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=203,US)
143.244.155.227	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:50	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - SourceFire (IP=227,US)
143.244.155.97	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:39	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=97,US)
143.244.156.0	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:41	SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt - SourceFire (IP=0,US)
143.244.156.104	32	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=104,US)
143.244.157.163	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:26	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=163,US)
143.244.157.179	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:17	SQL injection - 6hr Web Attacks (IP=179,US)
143.244.157.7	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:50	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=7,US)
143.244.157.82	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:57	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=82,US)
143.244.158.48	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:02	SQL injection - 6 Hr Web Report (IP=48,US)
143.244.158.90	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:54	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=90,US)
143.244.159.3	32	SW	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:08	File /etc/passwd Access Attempt Detect - IPS Events(IP=3,US)
143.244.161.38	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:01	SQL injection - Web Attacks (IP=38,US)
143.244.162.156	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:06	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt - SourceFire (IP=156,US)
143.244.162.77	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:36	SQL injection - Web Attacks (IP=77,US)
143.244.163.11	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:08	SQL injection - WebAttacks (IP=11,US)
143.244.164.115	32	RB	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:12	SQL injection - WebAttacks (IP=115,US)
143.244.165.12	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:33	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=12, US)
143.244.165.143	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:20	SQL injection - 6hr web attacks (IP=143,US)
143.244.165.32	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:58	SQL injection - WebAttacks (IP=32,US)
143.244.166.111	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:14	SQL 1 = 1 - possible sql injection attempt (1:27287:5) - SourceFire (IP=111,US)
143.244.166.207	32	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 22:56:35	HTTP: SQL Injection - Exploit - WebAttacks (IP=207,US)
143.244.166.249	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:07	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=249,US)
143.244.166.35	32	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 17:20:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=35,US)
143.244.167.115	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:27	SERVER-WEBAPP Cisco ASA cross site scripting attempt - SourceFire (IP=115,US)
143.244.167.69	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:08	Automattic WooCommerce Blocks WordPress Plugin Store API SQL Injection Vulnerability - Web Attacks (IP=69,US)
143.244.168.125	32	ZH	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:25	Upload.php attempt - FE NX (IP=125,US)
143.244.168.22	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:17	SQL injection - 6Hr Web Attacks (IP=22,US)
143.244.168.255	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:51	SQL injection - 6hr Web Attacks (IP=255,US)
143.244.168.93	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:48	SQL injection - Web Attacks (IP=93,US)
143.244.169.196	32	RB	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:29	SQL injection - 6hr web attacks (IP=196,US)
143.244.169.62	32	KH	None	2021-10-20 00:00:00	2022-01-19 00:00:00	None	SQL injection - 6hr Web Attacks (IP=62,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt - SourceFire (IP=62,US)
143.244.170.133	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:10	SQL 1 = 1 - possible sql injection attempt (1:30041:4) - SourceFire (IP=133,US)
143.244.172.48	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:14	SQL injection - 6 Hr Web Report (IP=48,US)
143.244.173.40	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=40,US)
143.244.174.236	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 13:44:17	SQL injection - WebAttacks (IP=236,US)
143.244.175.136	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:59	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=136,US)
143.244.175.15	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt - Web Attacks (IP=15,US)
143.244.175.165	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:10	SQL injection - Web Attacks (IP=175,US)
143.244.175.219	32	KH	None	2021-10-20 00:00:00	2022-01-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=219,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=219,US)
143.244.176.148	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:58	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=148,US)
143.244.177.143	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:12	ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (CVE-2021-44228) - SourceFire (IP=143,US)
143.244.177.24	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:05	SQL injection - 6Hr Web Attacks (IP=24,US)
143.244.177.250	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:03	SQL injection - 6hr web attacks (IP=250,US)
143.244.178.173	32	ZH	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-03 13:44:40	SQL injection - 6 hr web attacks (IP=173,US)
143.244.178.175	32	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-04 00:19:32	SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (1:21073:7) - Sourcefire (IP=175,US)
143.244.179.155	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:51	SQL injection - WebAttacks (IP=155,US)
143.244.179.217	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:40	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - Source Fire (IP=217,US)
143.244.179.59	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:36	SQL injection - Web Attacks (IP=59,US)
143.244.180.185	32	RR	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:33	SQL injection - Web Attacks (IP=185,US)
143.244.180.23	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:26	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=23,US)
143.244.180.75	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:43	SQL Injection - Web Attacks (IP=75,US)
143.244.180.96	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:47	SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt (1:48070:2) - SourceFire (IP=96,US)
143.244.181.147	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:35	SQL injection - 6hr Web Attacks (IP=147,US)
143.244.182.115	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:38	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=115,US)
143.244.182.218	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:46	SERVER-WEBAPP JBoss JMX console access attempt - Source Fire (IP=218,US)
143.244.182.249	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:47	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=249,US)
143.244.182.29	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:06	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=29,US)
143.244.182.74	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:26	SQL injection - 6hr Web Attacks (IP=74,US)
143.244.183.146	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:26	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=146,US)
143.244.183.163	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:33	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - Source Fire (IP=163,US)
143.244.184.132	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:26	SQL injection - 6hr Web Attacks (IP=132,US)
143.244.184.174	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:50	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=174,US)
143.244.184.236	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:23	SQL injection - Web Attacks (IP=236,US)
143.244.184.245	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:27	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=245,US)
143.244.185.12	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:23	SQL injection - Web Attacks (IP=12,US)
143.244.185.13	32	KH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:13	SQL injection - Web Attacks (IP=13,US)
143.244.185.35	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:42	SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt - SourceFire (IP=35,US)
143.244.186.66	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:11	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - WebAttacks (IP=66,US)
143.244.187.157	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:42	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=157,US)
143.244.188.151	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:08	SQL injection - Web Attacks (IP=151,US)
143.244.188.187	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:15	SQL injection - Web Attacks (IP=187,US)
143.244.188.39	32	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:45	SQL injection - 6HR Web Attacks (IP=39,US)
143.244.189.150	32	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:20	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=150,US)
143.244.189.197	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:27	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=197,US)
143.244.189.201	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:00	rConfig SQL Injection Vulnerability - 6hr web attacks (IP=201,US)
143.244.189.202	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:33	SQL injection - 6 Hr Web Report (IP=202,US)
143.244.190.116	32	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:00	SQL injection - 6Hr Web Attack (IP=116,US)
143.244.190.15	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:47	SERVER-APACHE Apache Struts2 remote code execution attempt (1:27245:7) - SourceFire (IP=15,US)
143.244.190.169	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:50	SQL injection - WebAttacks (IP=169,US)
143.244.190.181	32	NAB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=181,US)
143.244.190.199	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:58	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=199,US)
143.244.191.36	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:39	SQL injection - 6Hr Web Attacks (IP=36,US)
143.244.200.150	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=150,US)
143.244.213.188	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:42	HIVE Case #7327 COLS-NA TIP 22-0114 (IP=188,US)
143.244.215.36	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:07	HIVE Case #7341 CTO 22-092 (IP=36,US)
143.244.35.193	32	RS	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:47	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=193,US)
143.244.38.2	24	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	Known Attack Tool User Agent V2- TT# 22C00304 (IP=2,GB)
143.244.38.78	32	WR	None	2021-11-03 00:00:00	2022-02-01 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 22C00281 (IP=78,GB)
143.244.57.82	32	SW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	SQL injection - WebAttacks (IP=82, US)
143.255.124.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
143.255.124.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
143.69.13.149	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6860 TO-S-2022-0117 (IP=149,US)
143.73.248.125	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6860 TO-S-2022-0117 (IP=125,US)
143.84.174.107	32	srm	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 12:17:47	HIVE Case #CVE-2022-26134 CVE-2022-26134 (IP=107,US)
143.95.146.31	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=31,US)
143.95.156.57	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=57,US)
143.95.249.44	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
143.95.33.59	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=59,US)
143.95.44.98	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=98,US)
143.95.83.183	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
1434811492.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:19	HIVE Case #5940 TO-S-2021-1447
144.126.129.19	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=19,US)
144.126.141.147	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=147,US)
144.126.156.44	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	File /etc/passwd Access Attempt Detect - Fire Eye CMS IPS (IP=44,US)
144.126.156.80	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:53	SERVER-WEBAPP Facade Ignition remote code execution attempt - SourceFire (IP=80,US)
144.126.159.83	32	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 22:51:13	SIPVicious Security Scanner - IPS Events (IP=83,US)
144.126.159.88	32	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 22:51:14	SIPVicious Security Scanner - IPS Events (IP=88,US)
144.126.208.110	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:13	SQL injection - 6Hr Web Attacks (IP=110,US)
144.126.208.119	32	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:51	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6HR Web Attacks (IP=119,US)
144.126.208.128	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:02	SQL injection - 6hr Web Attacks (IP=128,US)
144.126.208.154	32	TH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-10 13:46:13	SQL injection - 6 Hr Web Report (IP=154,US)
144.126.208.24	32	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:14	SQL injection - 6 Hr Web Report (IP=24,US)
144.126.210.165	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:17	SQL injection - 6hr Web Attacks (IP=165,US)
144.126.210.80	32	AR	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-13 13:54:45	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=80,US)
144.126.210.96	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:56	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=96, US)
144.126.211.1	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=1,US)
144.126.211.164	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:28	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=164,US)
144.126.211.170	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:33	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Source Fire (IP=170,US)
144.126.211.23	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:19	SQL injection - Web Attacks (IP=23,US)
144.126.211.232	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:16	SQL injection - Web Attacks (IP=232,US)
144.126.212.11	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:13	SQL injection - Web Attacks (IP=11,US)
144.126.212.242	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:34	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - Source Fire (IP=242,US)
144.126.212.40	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:49	SQL injection - 6Hr Web Attacks (IP=40,US)
144.126.212.70	32	KH	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:11	SQL injection - Web Attacks (IP=70,US)
144.126.213.115	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:07	SQL injection - Web Attacks (IP=115,US)
144.126.213.130	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:03	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=130,US)
144.126.213.138	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:50	SQL injection - Web Attacks (IP=138,US)
144.126.213.154	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:07:59	SQL injection - 6Hr Web Attacks (IP=154,US)
144.126.213.240	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:25	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=240,US)
144.126.214.158	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:27	SQL injection - Web Attacks (IP=158,US)
144.126.214.200	32	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:23:59	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt - SourceFire Report (IP=200,US)
144.126.214.216	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:02	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=216,US)
144.126.215.184	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:50	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire Report (IP=184,US)
144.126.215.205	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:29	SQL injection - Web Attacks (IP=205,US)
144.126.215.230	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:28	SQL injection- 6hr Web Attacks (IP=230,US)
144.126.215.48	32	RB	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:48	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=48,US)
144.126.215.9	32	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:13	SQL injection - 6 Hr Web Report (IP=9,US)
144.126.216.14	32	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:45	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=14,US)
144.126.216.179	32	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:50	SQL injection - 6Hr Web Attack (IP=179,US)
144.126.216.94	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:53	SQL injection - 6 Hr Web Report (IP=94,US)
144.126.217.101	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:40	SQL injection - 6 Hr Web Report (IP=101,US)
144.126.217.105	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:28	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=105,US)
144.126.217.209	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:26	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=209,US)
144.126.217.45	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:12	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=45,US)
144.126.217.54	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:16:00	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=54,US)
144.126.218.10	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:41	SQL injection - WebAttacks (IP=10,US)
144.126.218.116	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:43	SQL injection - 6hr Web Attacks (IP=116,US)
144.126.218.185	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:54	SQL injection - 6 Hr Web Report (IP=185,US)
144.126.219.1	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:42	SQL injection - 6Hr Web Attacks (IP=1,US)
144.126.219.133	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:53	SIPVicious Security Scanner - IPS Events (IP=133,US)
144.126.219.175	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:07	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=175,US)
144.126.219.70	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:31	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 Hr Web Report (IP=70,US)
144.126.219.89	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:54	SERVER-WEBAPP Cisco ASA cross site scripting attempt - SourceFire (IP=89,US)
144.126.220.129	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:32	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=129,US)
144.126.220.83	32	KH	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:26	SQL injection - Web Attacks (IP=83,US)
144.126.221.234	32	AR	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-22 13:38:37	SQL injection - 6Hr Web Attack (IP=234,US)
144.126.221.54	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:12	SQL injection - Web Attacks (IP=54,US)
144.126.222.171	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:21	SQL injection - 6 Hr Web Report (IP=171,US)
144.126.222.196	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:31	SQL injection - Web Attacks (IP=196,US)
144.126.222.247	32	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:04	SQL injection - 6 Hr Web Report (IP=247,US)
144.126.223.151	32	RR	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-21 14:34:30	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=151,US)
144.126.223.170	32	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 22:50:43	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=170,US)
144.126.223.178	32	TH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:00	Threat Request // DT / SQLi attempts - IR#22C01820 (IP=178,US)
144.126.223.67	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:41	SQL injection - WebAttacks (IP=67,US)
144.168.44.234	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
144.172.118.104	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:22	HIVE Case #7653 CTO 22-144 (IP=104,US)
144.172.118.145	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:49	HIVE Case #7731 CTO 22-158 (IP=145,US)
144.172.118.37	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:17	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=37,US)
144.172.118.4	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:01	SQL injection - 6Hr Web Attacks (IP=4,US)
144.172.71.212	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:08	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=212,US)
144.172.73.66	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:34	HIVE Case #7342 CTO 22-092 FRAGO (IP=66,RU)
144.176.176.171	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=171,NO)
144.202.101.163	32	JP	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:56	SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=163,US)
144.202.106.187	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=187,US)
144.202.12.225	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:31	HIVE Case #8395 TO-S-2022-0233 (IP=225,US)
144.202.20.210	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=210,US)
144.202.48.65	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:47	HIVE Case #7779 CTO 22-162 (IP=65,US)
144.202.50.26	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:13:02	HIVE Case #8259 TO-S-2022-0228 (IP=26,US)
144.202.62.127	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
144.202.82.71	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:02	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=71,US)
144.202.95.152	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=152,US)
144.208.71.101	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=101,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=101,US)
144.208.75.75	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
144.21.50.41	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:55	HIVE Case #7898 CTO 22-188 (IP=41,GB)
144.217.121.58	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=58,CA)
144.217.121.95	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=95,CA)
144.217.129.175	32	TLM	None	2021-12-10 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:11	HIVE Case #6644 CTO 21-344 (IP=175,CA) | updated by AS Block was inactive. Reactivated on 20220701 with reason HIVE Case #7876 TO-S-2022-0204 (IP=175,CA)
144.217.129.176	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=176,CA)
144.217.138.155	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=155,CA)
144.217.139.155	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=155,CA)
144.217.153.19	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=19,CA)
144.217.215.127	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:26:05	HIVE Case #7150 CTO 22-064 (IP=127,CA)
144.217.215.59	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=59,CA)
144.217.233.245	32	AS	None	2021-12-28 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:10	HIVE Case #6702 CTO 21-362 (IP=245,CA) | updated by AS Block was inactive. Reactivated on 20220701 with reason HIVE Case #7876 TO-S-2022-0204 (IP=245,CA)
144.217.233.248	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:20	HIVE Case #7432 CTO 22-110 (IP=248,CA)
144.217.233.4	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=4,CA)
144.217.49.82	32	TLM	None	2021-12-10 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:09	HIVE Case #6644 CTO 21-344 (IP=82,CA) | updated by AS Block was inactive. Reactivated on 20220701 with reason HIVE Case #7876 TO-S-2022-0204 (IP=82,CA)
144.217.50.252	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:21	HIVE Case #7928 CTO 22-194 (IP=252,CA)
144.217.61.132	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=132,CA)
144.217.68.113	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=113,CA) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=113,CA)
144.217.72.185	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:39	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01520(IP=185,CA)
144.217.72.92	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=92,CA)
144.217.80.80	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=80,CA)
144.217.86.109	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:34	HIVE Case #7342 CTO 22-092 FRAGO (IP=109,CA)
144.217.96.200	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
144.22.169.221	24	BB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - SourceFire (IP=221,BR)
144.22.197.146	24	NAB	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=146,BR)
144.22.198.141	24	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:49:00	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=141,BR)
144.22.220.23	24	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:47:02	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=23,BR)
144.22.246.124	32	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:06	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01733 (IP=124,BR)
144.22.255.144	24	BB	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - SourceFire (IP=144,BR)
144.24.182.144	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:54	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00984 (IP=144,DE)
144.48.240.69	24	EE	None	2022-02-22 00:00:00	2022-05-23 00:00:00	2022-02-25 23:37:19	HIVE Case #7087 IOC_ Vul MS-SQL Servers - Cobalt Strike (IP=69,HK)
144.48.6.15	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=15,HK)
144.64.88.27	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PT TO-S-2021-1050 Hive Case 4821 Malware Activity
144.7.127.144	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:36	Infection Match- FIREEYE Web(IP=144,CN)
144.7.127.144	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:47:30	Infection Match- FIREEYE Web(IP=144,CN)
144.7.127.144	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:47:39	Infection Match- FIREEYE Web(IP=144,CN)
144.76.104.186	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
144.76.115.26	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:28	HIVE Case #7404 CTO 22-105 (IP=26,DE)
144.76.120.197	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:56	HIVE Case #7913 CTO 22-190 (IP=197,DE)
144.76.136.153	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=153,DE)
144.76.136.153	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=153,DE)
144.76.136.153	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=153,DE)
144.76.137.254	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=254,DE)
144.76.14.153	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=153,DE)
144.76.176.171	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:15	HIVE Case #7126 CTO 22-061 (IP=171,DE)
144.76.186.38	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:47	HIVE Case #7227 CTO 22-076 (IP=38,DE)
144.76.207.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
144.76.220.253	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:59	HIVE Case #7820 CTO 22-174 (IP=253,DE)
144.76.29.148	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:27	HIVE Case #7198 CTO 22-071 (IP=148,DE)
144.76.29.149	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:47	HIVE Case #7282 CTO 22-085 (IP=149,DE)
144.76.3.131	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=131,DE)
144.76.3.79	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:12	HIVE Case #7627 CTO 22-140 (IP=79,DE)
144.76.38.10	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:42	HIVE Case #7652 CTO 22-141 (IP=10,DE)
144.76.38.40	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:15	HIVE Case #7237 CTO 22-077 (IP=40,DE)
144.76.4.41	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=41,DE)
144.76.40.222	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:49	HIVE Case #7282 CTO 22-085 (IP=222,DE)
144.76.42.39	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=39,DE)
144.76.45.75	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=75,DE)
144.76.6.230	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=230,DE)
144.76.60.198	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:57	HIVE Case #7308 CTO 22-090 (IP=198,DE)
144.76.7.79	32	dcg	None	2018-08-07 05:00:00	2022-07-24 00:00:00	2022-04-25 14:46:04	DE TO-S-2018-1009 associated with malicious web application and malware activity | updated by TLM Block was inactive. Reactivated on 20220425 with reason HIVE Case #7458 CTO 22-113 (IP=79,DE)
144.76.81.229	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=229,DE)
144.76.87.169	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=169,DE)
144.76.87.231	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=231,DE)
144.76.91.79	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:13	HIVE Case #7627 CTO 22-140 (IP=79,DE)
144.76.96.236	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=236,DE)
144.76.99.93	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=93,DE)
144.91.100.249	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.102.98	24	KH	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 23:25:04	Exploit.Log4Shell.CVE-2021-44228 FE NX (IP=98,DE)
144.91.104.98	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=98,DE)
144.91.109.69	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=69,DE)
144.91.110.61	24	TC	None	2022-08-15 00:00:00	2022-12-05 00:00:00	2022-09-06 13:55:04	SQL injection - 6hr Web Attacks (IP=61,DE) | updated by ZH Block expiration extended with reason SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (1:45453:2) - SourceFire (IP=61,DE) | updated by ZH Block expiration extended with reason SQL injection - WebAttacks (IP=61,DE)
144.91.124.140	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:57	SQL injection - Web Attacks (IP=140,DE)
144.91.70.204	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=204,DE)
144.91.79.125	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.79.50	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=50,DE)
144.91.80.182	32	KF	None	2019-12-30 00:00:00	2022-01-20 00:00:00	None	Immediate Inbound Network Block - TT# 20C01296 (IP=182,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.80.207	24	ZH	None	2022-04-29 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:08	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Rpt (IP=207,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=207,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt - SourceFire (IP=207,DE)
144.91.80.99	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.82.224	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.82.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.82.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.83.189	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:52	HIVE Case #7271 CTO 22-083 (IP=189,DE)
144.91.83.245	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:05	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire Report (IP=245,DE)
144.91.85.140	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=140,DE)
144.91.87.222	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=222,DE)
144.91.88.62	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
144.91.95.70	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:36	HIVE Case #7380 CTO 22-099 (IP=70,DE)
1442919714.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
1448635652.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
145.236.176.218	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
145.236.37.27	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
145.239.154.84	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:45	Abnormally Long Request - ArcSight (IP=84,FR)
145.239.175.116	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=116,FR)
145.239.199.208	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=208,FR)
145.239.23.7	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=7,FR)
145.239.32.235	24	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=235,FR)
145.239.32.235	24	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP Multiple products invalid HTTP request attempt (1:40880:8) - Sourcefire Report (IP=235,US)
145.239.32.235	24	WR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=235,FR)
145.239.51.233	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=233,FR)
145.239.51.233	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=233,FR)
145.239.51.233	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=233,FR)
145.239.91.37	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=37,FR)
145.239.95.202	24	KD	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:26	HTTP: PHPUnit Remote Code Execution - IR#22C01047(IP=202,PL)
145.255.248.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
145.53.64.57	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:12	HIVE Case #7894 CTO 22-187 (IP=57,NL)
146.0.32.244	24	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:55	SIPVicious Security Scanner - IPS Events(IP=244,DE)
146.0.32.86	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=86,DE)
146.0.74.161	24	TH	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 13:49:11	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - FE CMS IPS Events (IP=161,NL)
146.0.75.210	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=210,NL)
146.0.77.15	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:10	HIVE Case #7441 CTO 22-111 (IP=15,NL)
146.112.255.205	32	KH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:55	Malicious host IP - Hive Case #7026 (IP=205,US)
146.148.83.199	32	SW	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=199,US)
146.165.230.5	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=5,DE)
146.185.201.69	24	NAB	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=69,RU)
146.185.214.102	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=102,AU)
146.185.214.181	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=181,AU)
146.185.215.18	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:27	HIVE Case #7432 CTO 22-110 (IP=18,RU)
146.185.218.0	23	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:04	HIVE Case #7826 TO-S-2022-0203 (IP=0,RU)
146.185.218.176	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:46	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=176,RU)
146.185.219.220	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=220,IL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=220,IL) HIVE Case #5968 TO-S-2021-1276 (IP=220,IL)
146.185.219.220	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=220,IL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=220,IL) HIVE Case #5968 TO-S-2021-1276 (IP=220,IL)
146.185.28.58	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=58,GB)
146.19.13.140	24	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:02	Nmap Scanner Traffic Detected - IPS Events (IP=140,RU)
146.19.191.121	24	RR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=121,FR)
146.19.247.28	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:15	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=28,DE)
146.19.247.52	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:16	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=52,DE)
146.19.75.8	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:16	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=8,RO)
146.190.16.45	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:52	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=45,US)
146.190.16.49	24	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:34	SQL use of sleep function with and - likely SQL injection - Source Fire (IP=49,NL)
146.190.17.102	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:10	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=102,US)
146.190.19.147	24	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:58	SQL injection - 6Hr Web Attacks (IP=147,NL)
146.190.20.120	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:18	SQL injection - 6hr Web Attacks (IP=120,NL)
146.190.21.212	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:00	SQL injection - WebAttacks (IP=212,US)
146.190.21.219	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:09	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire (IP=219,US)
146.190.22.18	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:44	SQL injection - 6Hr Web Attacks (IP=18,US)
146.190.22.231	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:00	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=231,NL)
146.190.224.174	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:30	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=174, US)
146.190.224.42	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:08	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=42,US)
146.190.224.42	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:28	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=42,US)
146.190.224.45	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:05	SQL injection - Web Attacks (IP=45,US)
146.190.224.64	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:30	SQL injection - Web Attacks (IP=64,US)
146.190.225.0	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:06	SQL injection - 6 Hr Web Report (IP=0,US)
146.190.225.116	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:39	File /etc/passwd Access Attempt Detect - IPS Events(IP=116,US)
146.190.225.121	24	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:24	SQL injection- Web Attacks (IP=121,NL)
146.190.225.187	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:09	DoctorAppointmentSystem SQL Injection Vulnerability - Web Attacks (IP=187,US)
146.190.225.187	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:29	DoctorAppointmentSystem SQL Injection Vulnerability - Web Attacks (IP=187,US)
146.190.225.250	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:33	SQL injection - WebAttacks (IP=250,US)
146.190.225.31	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:44	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - 6 HR WebAttack (IP=31,US)
146.190.225.51	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:08	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt - SourceFire (IP=51,US)
146.190.225.96	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:22	SERVER-WEBAPP Cisco ASA cross site scripting attempt (1:57857:1) - SourceFire (IP=96, US)
146.190.226.118	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:18	SQL injection - 6hr Web Attacks (IP=118,NL)
146.190.226.118	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:18	SQL injection - 6hr Web Attacks (IP=118,NL) SQL injection - 6hr Web Attacks (IP=118,NL)
146.190.226.126	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:30	Django SQL Injection Vulnerability - Web Attacks (IP=126,US)
146.190.226.233	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:38	SQL injection - Web Attacks (IP=233,SG)
146.190.227.13	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:11	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - SourceFire (IP=13,US)
146.190.227.212	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:49	SQL injection - Web Attacks (IP=212,US)
146.190.227.246	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:11	SQL injection- WebAttack(IP=246,NL)
146.190.227.60	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:19	SQL injection - WebAttacks (IP=60,US)
146.190.227.60	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:19	SQL injection - WebAttacks (IP=60,US) SQL injection - WebAttacks (IP=60,US)
146.190.227.92	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:13	HTTP SQL Injection Attempt - WebAttacks (IP=92,US)
146.190.228.104	24	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:40	SERVER-APACHE Apache Struts2 remote code execution attempt (1:27245:7) - SourceFire (IP=104,NL)
146.190.228.194	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:53	SQL injection - 6 HR WebAttack (IP=194,US)
146.190.228.33	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:00	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=33,US)
146.190.229.148	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:48	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=148,NL)
146.190.229.46	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:11	SQL injection - Web Attacks (IP=46,US)
146.190.23.136	24	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:38:44	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire Report (IP=136,NL)
146.190.23.228	24	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:19	SQL injection - Web Attacks (IP=228,NL)
146.190.230.124	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:38	SQL injection - Web Attacks (IP=124,US)
146.190.230.171	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:39	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=171,US)
146.190.230.196	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:31	SQL injection - Web Attacks (IP=196,US)
146.190.230.213	24	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 13:53:01	SQL injection - 6hr Web Attacks (IP=213,NL)
146.190.230.247	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:42	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=247,US)
146.190.230.25	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:34	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=25, US)
146.190.230.3	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:59	SQL injection - Web Attacks (IP=3,US)
146.190.230.68	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:29	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=68,US)
146.190.231.182	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:51	SQL injection - 6Hr Web Attacks (IP=182,NL)
146.190.231.182	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:27	SQL injection - 6Hr Web Attacks (IP=182,NL)
146.190.231.22	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:40	SQL 1 = 1 - possible sql injection attempt (1:30040:5) - SourceFire (IP=22, US)
146.190.232.119	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:32	SQL injection - Web Attacks (IP=119,US)
146.190.232.200	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:27	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=200,NL)
146.190.233.137	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:39	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=137,NL)
146.190.233.143	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:37	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=143,US)
146.190.233.171	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:59	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=171,US)
146.190.234.158	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:49	SQL use of concat function with select - likely SQL injection - SourceFire (IP=158,US)
146.190.235.140	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:14	SQL injection - WebAttacks (IP=140,US)
146.190.235.16	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:22	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=16, US)
146.190.235.51	24	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:25	HTTP: SQL Injection - Exploit - Web Attacks (IP=51,NL)
146.190.236.199	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:51	SQL injection - 6Hr Web Attacks (IP=199,NL)
146.190.236.229	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:15	SQL injection - WebAttacks (IP=229,US)
146.190.237.148	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:51	HTTP: SQL Injection - Exploit - Web Attacks (IP=148,US)
146.190.237.161	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:15	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=161,US)
146.190.237.163	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:59	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=163,US)
146.190.237.219	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:15	HTTP SQL Injection Attempt - WebAttacks (IP=219,US)
146.190.237.230	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:41	SERVER-WEBAPP Sitecore XP insecure deserialization attempt (1:59236:1) - SourceFire (IP=230, US)
146.190.237.28	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:15	SQL injection - 6 Hr Web Report (IP=28,US)
146.190.237.42	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:54	SQL injection - 6 HR WebAttack (IP=42,US)
146.190.237.93	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:36	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=93,US)
146.190.237.99	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:59	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=99,US)
146.190.237.99	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:15	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt (1:54162:1) - Sourcefire (IP=99,NL)
146.190.238.169	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:24	SQL injection - 6hr Web Attacks (IP=169,NL)
146.190.238.29	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:26	SQL injection - Web Attacks (IP=29,US)
146.190.238.71	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:36	SQL injection - Web Attacks (IP=71,US)
146.190.238.9	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:46	SERVER-WEBAPP Java ClassLoader access attempt - SourceFire (IP=9,US)
146.190.239.190	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:50	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=190,US)
146.190.239.202	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:40	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=202,US)
146.190.239.245	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=245,US)
146.190.239.26	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:44	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=26,US)
146.190.24.125	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:57	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=125,US)
146.190.24.87	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:48	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=87,US)
146.190.24.98	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:56	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=98,US)
146.190.24.99	24	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:44	SQL injection - 6Hr Web Attacks (IP=99,NL)
146.190.25.102	24	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:38:43	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire Report (IP=102,NL)
146.190.26.118	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:08	SQL injection - Web Attacks (IP=118,US)
146.190.26.142	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:09	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=142,US)
146.190.26.207	24	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:43	SQL injection - 6Hr Web Attacks (IP=207,NL)
146.190.26.207	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:29	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - SourceFire (IP=207,US)
146.190.26.31	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:09	SQL injection - Web Attacks (IP=31,US)
146.190.27.1	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:26	SQL injection - WebAttacks (IP=1,US)
146.190.27.1	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:26	SQL injection - WebAttacks (IP=1,US) SQL injection - WebAttacks (IP=1,US)
146.190.27.1	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:27	SQL injection - WebAttacks (IP=1,US)
146.190.27.1	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:27	SQL injection - WebAttacks (IP=1,US) SQL injection - WebAttacks (IP=1,US)
146.190.27.29	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:31	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=29,NL)
146.190.28.168	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:10	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - SourceFire (IP=168,US)
146.190.28.192	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:19	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=192,US)
146.190.28.202	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:25	SQL injection - 6 Hr Web Report (IP=202,US)
146.190.28.250	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:29	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=250,US)
146.190.28.53	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:53	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=53,US)
146.190.29.50	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:04	SQL injection - WebAttacks (IP=50,US)
146.190.31.221	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:22	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - SourceFire (IP=221,SG)
146.190.31.221	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:28	Layer5 Meshery SQL Injection Vulnerability - 6Hr Web Attacks (IP=221,US)
146.190.32.144	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:11	SQL injection - Web Attacks (IP=144,US)
146.190.32.146	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:33	SQL injection - Web Attacks (IP=146,US)
146.190.32.147	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:33	SQL injection - Web Attacks (IP=147,US)
146.190.32.206	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:34	SQL injection - Web Attacks (IP=206,US)
146.190.32.51	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:05	SQL injection - Web Attacks (IP=51,US)
146.190.32.54	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:11	SQL injection - Web Attacks (IP=54,US)
146.190.33.117	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:49	SQL injection - 6HR Web Attacks (IP=117, US)
146.190.34.150	32	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:08	SQL injection - Web Attacks (IP=150,US)
146.190.34.154	32	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:08	SQL injection - Web Attacks (IP=154,US)
146.190.34.190	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:41	SQL injection - WebAttacks (IP=190,US)
146.190.36.116	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:32	SQL injection - WebAttacks (IP=116,US)
146.190.36.130	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:32	SQL injection - WebAttacks (IP=130,US)
146.190.36.153	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:47	SQL injection - Web Attacks (IP=153,US)
146.190.36.154	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:48	SQL injection - Web Attacks (IP=154,US)
146.190.36.189	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:33	SQL injection - WebAttacks (IP=189,US)
146.190.36.90	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:34	SQL injection - WebAttacks (IP=90,US)
146.190.40.129	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:34	SQL injection - 6 Hr Web Report (IP=129,US)
146.190.40.19	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:35	SQL injection - 6 Hr Web Report (IP=19,US)
146.190.40.2	32	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:35	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=2,US)
146.190.40.40	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:35	SQL injection - 6 Hr Web Report (IP=40,US)
146.190.40.43	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:36	SQL injection - 6 Hr Web Report (IP=43,US)
146.190.40.72	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:36	SQL injection - 6 Hr Web Report (IP=72,US)
146.190.44.37	32	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:49	SQL injection - WebAttacks (IP=37,US)
146.190.48.182	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:37	SQL injection - 6 Hr Web Report (IP=182,US)
146.190.48.42	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:12	SQL injection - Web Attacks (IP=42,US)
146.190.48.59	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:24	SQL injection - Web Attacks (IP=59,US)
146.190.48.75	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:24	SQL injection - Web Attacks (IP=75,US)
146.190.49.211	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 22:41:53	SQL injection - 6HR Web Attacks (IP=211, US)
146.190.56.167	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:52	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=167,US)
146.190.56.28	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:51	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=28,US)
146.190.56.69	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:21	SQL injection - Web Attacks (IP=69,US)
146.190.56.92	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:34	SQL injection - 6hr Web Attacks (IP=92,US)
146.190.62.158	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:43	SQL injection - Web Attacks (IP=158,US)
146.190.62.205	32	TH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-26 13:48:07	SQL injection - 6 Hr Web Report (IP=205,US)
146.196.122.15	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=15,IN)
146.196.34.198	24	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:40	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=198,IN)
146.196.54.229	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=229,HK)
146.196.55.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
146.196.65.168	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:48	HIVE Case #7416 CTO 22-106 (IP=168,VN)
146.199.19.145	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:42	HIVE Case #7904 CTO 22-189 (IP=145,GB)
146.199.19.183	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:43	HIVE Case #7768 CTO 22-161 (IP=183,GB)
146.255.47.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
146.59.12.90	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=90,FR)
146.59.176.213	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
146.59.176.213	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
146.59.185.19	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
146.59.185.19	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
146.59.208.122	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
146.59.208.122	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
146.59.225.87	32	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:03	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01702 (IP=87,FR)
146.59.230.81	32	RR	None	2021-10-28 00:00:00	2022-01-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00251 (IP=81,NL)
146.59.233.33	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:35	HIVE Case #7342 CTO 22-092 FRAGO (IP=33,FR)
146.59.45.142	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=142,FR)
146.59.45.142	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=142,FR)
146.59.45.142	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=142,FR)
146.59.45.142	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=142,FR)
146.59.48.252	32	TLM	None	2022-05-04 00:00:00	2022-11-03 00:00:00	2022-05-04 18:17:17	HIVE Case #7515 CTO 22-124 (IP=252,FR)
146.59.49.67	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:12	HIVE Case #7876 TO-S-2022-0204 (IP=67,FR)
146.59.49.69	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:09	HIVE Case #6673 CTO 21-351 (IP=69,FR) | updated by AS Block was inactive. Reactivated on 20220701 with reason HIVE Case #7876 TO-S-2022-0204 (IP=69,FR) HIVE Case #7876 TO-S-2022-0204 (IP=69,FR)
146.59.49.69	32	TLM	None	2021-12-17 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:09	HIVE Case #6673 CTO 21-351 (IP=69,FR) | updated by AS Block was inactive. Reactivated on 20220701 with reason HIVE Case #7876 TO-S-2022-0204 (IP=69,FR) HIVE Case #7876 TO-S-2022-0204 (IP=69,FR)
146.70.101.97	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:45	HIVE Case #7361 CTO 22-098 (IP=97,DE)
146.70.124.71	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:17	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=71,RO)
146.70.128.34	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:20	SQL parameter ending in comment characters - possible sql injection attempt - POST (1:21778:7) - SourceFire (IP=34, ES)
146.70.132.10	24	RR	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 16:36:35	SQL injection - Web Attacks (IP=10,GB)
146.70.15.32	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:15	HIVE Case #7894 CTO 22-187 (IP=32,MY)
146.70.24.147	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=147,CA)
146.70.24.173	32	srm	None	2021-09-13 00:00:00	2022-08-12 00:00:00	None	HIVE Case 6148 Forcepoint FP Custom-Encrypted Uploads (IP=173,CA) | updated by TLM Block was inactive. Reactivated on 20220211 with reason HIVE Case #6973 TO-S-2022-0128 (IP=173,CA) HIVE Case #6973 TO-S-2022-0128 (IP=173,CA)
146.70.24.173	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case 6148 Forcepoint FP Custom-Encrypted Uploads (IP=173,CA) | updated by TLM Block was inactive. Reactivated on 20220211 with reason HIVE Case #6973 TO-S-2022-0128 (IP=173,CA) HIVE Case #6973 TO-S-2022-0128 (IP=173,CA)
146.70.24.183	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:46	HIVE Case #7361 CTO 22-098 (IP=183,RO)
146.70.24.238	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=238,CA)
146.70.34.34	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:08	Infection Match (blocked)- FIREEYE Web(IP=34,US)
146.70.34.50	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:21	Infection Match (blocked)- FIREEYE Web(IP=50,US)
146.70.38.132	32	BB	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE- - TT# 22C00114 (IP=132,)
146.70.40.236	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:46	HIVE Case #7361 CTO 22-098 (IP=236,FR)
146.70.41.147	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=147,US)
146.70.41.157	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=157,US)
146.70.41.158	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:47	HIVE Case #7361 CTO 22-098 (IP=158,US)
146.70.49.2	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:02	SERVER-WEBAPP Apache Log4j logging remote code execution attempt- Web Attacks (IP=2,US)
146.70.50.122	32	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:35	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=122,US)
146.70.50.122	32	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:50:12	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=122,US)
146.70.50.178	32	DT	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-03-01 14:46:37	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=238,US)
146.70.50.178	32	DT	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-03-01 14:50:14	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=238,US)
146.70.50.26	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:15	Infection Match (blocked)- FIREEYE Web(IP=26,US)
146.70.52.53	24	WR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - Sourcefire (IP=53,RU)
146.70.53.147	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:44	HIVE Case #7325 CTO 22-091 (IP=147,BG)
146.70.53.153	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:38	HIVE Case #7387 CTO 22-103(IP=153,BG)
146.70.57.42	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:33	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) (1:2034673:2) - Sourcefire (IP=42,TW)
146.70.57.66	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:09	Infection Match (blocked)- FIREEYE Web(IP=66,US)
146.70.76.106	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:05	Infection Match (blocked)- FIREEYE Web(IP=106,JP)
146.70.87.120	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:58	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=120,US)
146.70.87.19	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:00	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=19,US)
146.70.87.47	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:59	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=47,US)
146.70.88.119	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:38	HIVE Case #7387 CTO 22-103(IP=119,FR)
146.70.92.36	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:07	HIVE Case #7862 CTO 22-176 (IP=36,DK)
146.71.84.110	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:38	HIVE Case #7258 CTO 22-082 (IP=110,US)
146.83.32.0	19	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,CL)
146.88.18.92	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=92,AU)
146.88.22.33	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
146.88.232.170	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-26 22:35:45	HIVE Case #8170 COLS-NA TIP 22-0284 (IP=170,CA)
146.88.240.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	Unauthorized Access-Probe - TT# 19C02025 (IP=2,FR) | updated by KF with reason Immediate Inbound Network Block - TT# 19C02389 (IP=2,US) | updated by RB with reason Unauthorized Access-Probe - TT# 20C00520 (IP=2,US) | updated by dbc Block was inactive.
146.88.240.2	32	RR	None	2019-04-30 00:00:00	2022-01-28 00:00:00	None	Unauthorized Access-Probe - TT# 19C02025 (IP=2,FR) | updated by KF with reason Immediate Inbound Network Block - TT# 19C02389 (IP=2,US) | updated by RB with reason Unauthorized Access-Probe - TT# 20C00520 (IP=2,US) | updated by dbc Block was inactive.
146.88.240.248	32	GM	None	2021-02-12 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:55	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00491 (IP=248,US) | updated by JKC Block was inactive. Reactivated on 20220323 with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=248,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=248,US) | updated by RS Block was inactive. Reactivated on 20220718 with reason SIPVicious Security Scanner - IPS Events (IP=248,US) SIPVicious Security Scanner - IPS Events (IP=248,US)
146.88.240.248	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:55	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00491 (IP=248,US) | updated by JKC Block was inactive. Reactivated on 20220323 with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=248,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=248,US) | updated by RS Block was inactive. Reactivated on 20220718 with reason SIPVicious Security Scanner - IPS Events (IP=248,US) SIPVicious Security Scanner - IPS Events (IP=248,US)
146.88.240.248	32	JKC	None	2022-03-23 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:55	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00491 (IP=248,US) | updated by JKC Block was inactive. Reactivated on 20220323 with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=248,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=248,US) | updated by RS Block was inactive. Reactivated on 20220718 with reason SIPVicious Security Scanner - IPS Events (IP=248,US) SIPVicious Security Scanner - IPS Events (IP=248,US)
146.88.240.4	32	TH	None	2021-12-23 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	Signature: Unauthorized Access-Probe - TT# 19C01995 (IP=4,US) | updated by RB Block was inactive. Reactivated on 20191003 with reason Unauthorized Access-Probe - TT# 20C00135 (IP=4,US) | updated by RR with reason Unauthorized Access-Probe - TT# 20C0131 | updated by TH Block was inactive. Reactivated on 20211223 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by TH Block expiration extended with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by JKC Block expiration extended with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) | updated by TH Block was inactive. Reactivated on 20220622 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) | updated by JP Block was inactive. Reactivated on 20220919 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US)
146.88.240.4	32	TH	None	2022-02-07 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	Signature: Unauthorized Access-Probe - TT# 19C01995 (IP=4,US) | updated by RB Block was inactive. Reactivated on 20191003 with reason Unauthorized Access-Probe - TT# 20C00135 (IP=4,US) | updated by RR with reason Unauthorized Access-Probe - TT# 20C0131 | updated by TH Block was inactive. Reactivated on 20211223 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by TH Block expiration extended with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by JKC Block expiration extended with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) | updated by TH Block was inactive. Reactivated on 20220622 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) | updated by JP Block was inactive. Reactivated on 20220919 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US)
146.88.240.4	32	TH	None	2022-06-22 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	Signature: Unauthorized Access-Probe - TT# 19C01995 (IP=4,US) | updated by RB Block was inactive. Reactivated on 20191003 with reason Unauthorized Access-Probe - TT# 20C00135 (IP=4,US) | updated by RR with reason Unauthorized Access-Probe - TT# 20C0131 | updated by TH Block was inactive. Reactivated on 20211223 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by TH Block expiration extended with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by JKC Block expiration extended with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) | updated by TH Block was inactive. Reactivated on 20220622 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) | updated by JP Block was inactive. Reactivated on 20220919 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US)
146.88.240.4	32	TH	None	2022-02-07 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	Signature: Unauthorized Access-Probe - TT# 19C01995 (IP=4,US) | updated by RB Block was inactive. Reactivated on 20191003 with reason Unauthorized Access-Probe - TT# 20C00135 (IP=4,US) | updated by RR with reason Unauthorized Access-Probe - TT# 20C0131 | updated by TH Block was inactive. Reactivated on 20211223 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by TH Block expiration extended with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by JKC Block expiration extended with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) | updated by TH Block was inactive. Reactivated on 20220622 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) | updated by JP Block was inactive. Reactivated on 20220919 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US)
146.88.240.4	32	JKC	None	2022-03-23 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	Signature: Unauthorized Access-Probe - TT# 19C01995 (IP=4,US) | updated by RB Block was inactive. Reactivated on 20191003 with reason Unauthorized Access-Probe - TT# 20C00135 (IP=4,US) | updated by RR with reason Unauthorized Access-Probe - TT# 20C0131 | updated by TH Block was inactive. Reactivated on 20211223 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by TH Block expiration extended with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by JKC Block expiration extended with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) | updated by TH Block was inactive. Reactivated on 20220622 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) | updated by JP Block was inactive. Reactivated on 20220919 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US)
146.88.240.4	32	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	Signature: Unauthorized Access-Probe - TT# 19C01995 (IP=4,US) | updated by RB Block was inactive. Reactivated on 20191003 with reason Unauthorized Access-Probe - TT# 20C00135 (IP=4,US) | updated by RR with reason Unauthorized Access-Probe - TT# 20C0131 | updated by TH Block was inactive. Reactivated on 20211223 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by TH Block expiration extended with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by JKC Block expiration extended with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) | updated by TH Block was inactive. Reactivated on 20220622 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) | updated by JP Block was inactive. Reactivated on 20220919 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US)
146.88.240.4	32	KF	None	2019-04-24 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	Signature: Unauthorized Access-Probe - TT# 19C01995 (IP=4,US) | updated by RB Block was inactive. Reactivated on 20191003 with reason Unauthorized Access-Probe - TT# 20C00135 (IP=4,US) | updated by RR with reason Unauthorized Access-Probe - TT# 20C0131 | updated by TH Block was inactive. Reactivated on 20211223 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by TH Block expiration extended with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) | updated by JKC Block expiration extended with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,US) | updated by TH Block was inactive. Reactivated on 20220622 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=4,US) | updated by JP Block was inactive. Reactivated on 20220919 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=4,US)
147.135.1.175	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:52:01	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=175,US)
147.135.105.62	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=62,US)
147.135.221.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
147.139.134.5	24	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:22	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=5,ID)
147.139.41.0	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
147.158.125.125	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
147.182.129.180	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:22	SQL injection - WebAttacks (IP=180,US)
147.182.129.239	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:26	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - Sourcefire (IP=239,US)
147.182.130.151	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:28	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=151,US)
147.182.130.43	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:27	SQL injection - Web Attacks (IP=43,US
147.182.131.251	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:11	SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (1:17156:9) - SourceFire (IP=251, US)
147.182.132.144	32	KH	None	2022-08-16 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:40	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire (IP=144,US) | updated by RB Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=144, US) | updated by ZH Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=144,US)
147.182.132.175	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:37	HIVE Case #7380 CTO 22-099 (IP=175,US)
147.182.132.199	32	KH	None	2022-01-29 00:00:00	2022-04-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan Report (IP=199,US)
147.182.132.55	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:15	SQL injection - Web Attacks (IP=55,US)
147.182.132.98	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:57	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (1:55778:1) - SourceFire (IP=98,US)
147.182.134.171	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6806 CTO 22-013 (IP=171,US)
147.182.134.223	32	KH	None	2021-10-20 00:00:00	2022-01-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=223,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPMailer command injection remote code execution attempt - SourceFire (IP=223,US)
147.182.134.254	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:24	SQL injection - 6Hr Web Attacks (IP=254,US)
147.182.134.64	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:09	File /etc/passwd Access Attempt Detect - FE CMS IPS Events (IP=64,US)
147.182.134.70	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:04	SQL injection - Web Attacks (IP=.70,US)
147.182.135.157	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:37	SQL injection - Web Attacks (IP=157,US)
147.182.135.241	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:16	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=241,US)
147.182.135.52	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:53	SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt - SourceFire (IP=52,US)
147.182.136.44	32	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter (IP=44,US)
147.182.137.105	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=105,US)
147.182.137.253	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=253,US)
147.182.138.201	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:28	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=201,US)
147.182.139.54	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:52	SQL injection - 6Hr Web Attacks (IP=54,US)
147.182.139.83	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:06	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=83,US)
147.182.140.102	32	BB	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Sourcefire (IP=102,US)
147.182.140.110	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:19	SQL injection - WebAttacks (IP=110,US)
147.182.140.251	32	SW	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:22	SQL injection - WebAttacks (IP=251,US)
147.182.144.156	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:57	SQL injection - Web Attacks (IP=156,US)
147.182.144.160	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:35	SQL injection - Web Attcks (IP=160,US)
147.182.144.31	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:06	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=31,US)
147.182.144.31	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:08	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=31,CA)
147.182.145.148	24	RT	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:49	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=148,CA)
147.182.146.165	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=165,CA)
147.182.146.192	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=192,CA)
147.182.146.238	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:36	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=238,US)
147.182.146.67	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:12	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=67,CA)
147.182.147.16	24	WR	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:26	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attack (IP=16,CA)
147.182.148.254	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:14	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttacks (IP=254,CA)
147.182.148.26	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=26,CA)
147.182.148.89	32	KH	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:46:51	Self-Report / Probes - TT# 22C01151 (IP=89,US)
147.182.149.191	24	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:48	SQL injection- Web Attacks (IP=191,CA)
147.182.150.18	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=18,CA)
147.182.150.37	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=37,CA)
147.182.151.116	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:01	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - SourceFire (IP=116,CA)
147.182.152.155	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=155,CA)
147.182.152.208	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:27	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Sourcefire (IP=208,CA)
147.182.152.9	32	AR	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 13:57:31	SQL injection - 6Hr Web Attacks (IP=9,US)
147.182.153.167	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:46	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=167,CA)
147.182.153.226	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:33	SQL injection - WebAttacks (IP=226,US)
147.182.154.113	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=113,CA)
147.182.154.114	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=114,CA)
147.182.155.8	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:57	SQL injection - 6Hr Web Attacks (IP=8,CA)
147.182.156.183	24	KD	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-19 13:46:42	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=183,CA)
147.182.157.236	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:02	SQL injection - 6 Hr Web Report (IP=236,CA)
147.182.158.129	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:12	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=129,CA)
147.182.158.168	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:34	HTTP: Grandstream UCM6200 SQL - Web Attacks(IP=168,US)
147.182.159.194	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:54	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=194,US)
147.182.159.2	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:43	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=2,US)
147.182.159.45	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:20	SQL injection - 6hr Web Attacks (IP=45,US)
147.182.160.115	32	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:37	SQL injection - WebAttacks (IP=115,US)
147.182.160.239	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:13	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=239,US)
147.182.161.200	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:02	SQL injection - 6Hr Web Attacks (IP=200,US)
147.182.161.211	32	SW	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=211, US)
147.182.161.214	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:55	SQL injection - 6 Hr Web Report (IP=214,US)
147.182.162.156	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=156,US)
147.182.162.222	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:50	SQL injection - 6Hr Web Attacks (IP=222,US)
147.182.162.227	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=227,US)
147.182.162.86	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:43	SQL injection - 6hr Web Attacks (IP=86,US)
147.182.163.125	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=125, US)
147.182.163.72	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:09	SQL injection - WebAttacks (IP=72,US)
147.182.164.195	32	SW	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=195, US)
147.182.165.132	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	SQL injection - 6hr Web Attacks (IP=132,US)
147.182.165.24	32	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:09	SQL injection - Web Attacks (IP=24,US)
147.182.165.37	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:09	SQL injection - WebAttacks (IP=37,US)
147.182.165.82	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=82,US)
147.182.166.33	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:52:02	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=33,US)
147.182.167.142	32	KH	None	2021-10-20 00:00:00	2022-01-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=142,US) | updated by RR Block expiration extended with reason SQL use of concat function with select - likely SQL injection - SourceFire (IP=142,US)
147.182.167.144	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:00	SQL injection - 6Hr Web Attacks (IP=144,US)
147.182.167.165	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=165,US)
147.182.168.223	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:08	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=223,US)
147.182.168.74	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:46	: HTTP: PHP File Inclusion Vulnerability - IR# 22C01532 (IP=74,US)
147.182.169.208	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:28	SQL injection - 6hr Web Attacks (IP=208,US)
147.182.169.254	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=254,US)
147.182.169.47	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:05	SQL injection - 6Hr Web Attacks (IP=47,US)
147.182.169.69	32	TH	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00673
147.182.170.118	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:55	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=118,US)
147.182.170.15	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=15,US)
147.182.170.17	32	KH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:27	File /etc/passwd Access Attempt Detect - FE IPS (IP=17,US)
147.182.170.243	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:31	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=243,US)
147.182.170.37	32	NAB	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:54	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=37,US)
147.182.170.45	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=45,US)
147.182.171.237	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:49	SQL injection - Web Attacks (IP=237,US)
147.182.171.63	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:29	SQL injection - 6hr Web Attacks (IP=63,US)
147.182.172.217	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:14	SQL injection - Web Attacks (IP=217,US)
147.182.172.68	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:01	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=68,US)
147.182.173.189	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:42	SQL injection - 6HR Web Attacks (IP=189, US)
147.182.173.232	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=232,US)
147.182.173.5	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:37	SQL injection - 6 Hr Web Report (IP=5,US)
147.182.174.147	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:00	SQL injection - WebAttacks (IP=147,US)
147.182.174.3	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:30	22622 HTTP ThinkPHP Framework Code Injection Vulnerability - IR# 22C01670 (IP=3,US)
147.182.174.94	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:14	SQL injection - Web Attacks (IP=94,US)
147.182.175.131	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:45	SQL injection - Web Attacks (IP=131,US)
147.182.176.131	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:53:57	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=131,US)
147.182.177.78	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:23	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54598:2) - Sourcefire (IP=78,US)
147.182.178.161	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:07	SQL injection - Web Attacks (IP=161,US)
147.182.178.241	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=241,US)
147.182.178.64	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=64,US)
147.182.180.205	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	SQL injection - Web Attacks (IP=205,US)
147.182.180.70	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=70,US)
147.182.182.147	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:34	SQL injection - Web Attacks (IP=147,US)
147.182.182.165	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:25	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=165,US)
147.182.182.199	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:35	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=199,US)
147.182.182.32	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:09	SQL injection - WebAttacks (IP=32,US)
147.182.183.184	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:29	SERVER-WEBAPP rConfig compliance policies SQL injection attempt (1:59326:1) - Sourcefire Rpt (IP=184,US)
147.182.183.233	32	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:21	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=233,US)
147.182.184.120	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:45	SQL injection - Web Attacks (IP=120,US)
147.182.184.188	32	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:54:59	Possible Cross-site Scripting Attack - IPS Events (IP=188,US)
147.182.185.114	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:29	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=114,US)
147.182.185.120	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:18	POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=120,US)
147.182.185.140	32	TH	None	2022-06-07 00:00:00	2022-09-05 00:00:00	2022-06-08 13:48:16	Possible Cross-site Scripting Attack - FE CMS IPS Events (IP=140,US)
147.182.185.210	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:43	CVE_2021_44228:LOG4J_RCE - Elastic (IP=210,US)
147.182.185.229	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:38	SQL injection - WebAttacks (IP=229,US)
147.182.185.86	32	NAB	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:07	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=86,US)
147.182.186.28	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=28,US)
147.182.186.9	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:30	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=9,US)
147.182.187.62	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:32	SQL injection - Web Attacks (IP=62,US)
147.182.188.118	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:57	SQL injection - Web Attacks (IP=118,US)
147.182.188.144	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:18	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=144,US)
147.182.188.96	32	TH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:34	SERVER-WEBAPP VMware Workspace ONE Access server side template injection attempt - SourceFire Report (IP=96,US)
147.182.190.105	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:20	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=105,US)
147.182.190.137	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:00	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=137,US)
147.182.190.233	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:00	SQL injection - 6Hr Web Attacks (IP=233,US)
147.182.190.71	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:19	SQL injection - WebAttacks (IP=71,US)
147.182.191.199	32	KD	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-18 13:56:57	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt- Sourcefire (IP=199,US)
147.182.192.110	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:52	SQL injection - 6Hr Web Attacks (IP=110,US)
147.182.192.128	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:10	SQL injection - Web Attacks (IP=128,US)
147.182.192.138	32	NAB	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:34	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=138,US)
147.182.192.59	32	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:49	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=59,US)
147.182.193.106	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:52	SQL injection - WebAttacks (IP=106,US)
147.182.193.213	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:57	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=213, US)
147.182.196.233	32	TC	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:59:00	SQL injection - WebAttacks (IP=233,US)
147.182.197.104	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:25	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=104,US)
147.182.197.121	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:56	SQL injection Web Attacks (IP=121,US)
147.182.198.108	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:32	SQL injection - 6 Hr Web Report (IP=108,US)
147.182.198.139	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:49	SQL injection - Web Attacks (IP=139,US)
147.182.198.187	32	SW	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:25	SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt (1:58857:1) - SourceFire (IP=187, US)
147.182.198.215	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:38	SQL injection - Web Attacks (IP=215,US)
147.182.198.32	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:15	SQL injection - Web Attacks (IP=32,US)
147.182.199.2	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:40	SQL injection - 6Hr Web Attacks (IP=2,US)
147.182.199.245	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:35	SQL injection - 6 Hr Web Report (IP=245,US)
147.182.200.187	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:33	Exploit.Log4Shell.CVE-2021-44228 - Case 6652 - SourceFire (IP=187,US)
147.182.200.8	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:11	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - SourceFire (IP=8,US)
147.182.201.213	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:22	SQL injection - 6Hr Web Attacks (IP=213,US)
147.182.201.92	32	SW	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:08	Possible Cross-site Scripting Attack - IPS Events(IP=92,US)
147.182.202.153	32	RS	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:48	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=153,US)
147.182.202.172	32	SW	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-07 13:39:18	SQL injection - Web Attacks (IP=172,US)
147.182.202.30	32	NAB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=30,US)
147.182.203.160	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:35	SQL injection-Web Attacks (IP=29,NL)
147.182.203.177	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:36	HTTP: SQL Injection - Exploit - Web Attacks (IP=177,US)
147.182.204.249	32	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:52	SQL injection - 6hr web attacks (IP=249,US)
147.182.205.185	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:04	SQL injection- 6hr Web Attacks (IP=185,US)
147.182.205.39	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:28	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=39,US)
147.182.206.3	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:46	FE Webshell activity - FE HX (IP=3,US)
147.182.207.125	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:52	SQL injection - WebAttacks (IP=125,US)
147.182.207.159	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:15	SQL injection - Web Attacks (IP=159,US)
147.182.207.70	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:48	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - SourceFire (IP=70,US)
147.182.208.128	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:23	SQL injection - Web Attacks (IP=128,US)
147.182.208.14	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:23	SQL injection - Web Attacks (IP=14,US)
147.182.208.150	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:33	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=150, US)
147.182.208.239	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:25	SQL injection - WebAttacks (IP=239,US)
147.182.209.128	32	TH	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:57	SQL injection - 6 Hr Web Report (IP=128,US)
147.182.209.69	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:51	SQL injection - Web Attacks (IP=69,US)
147.182.209.71	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:33	SQL injection - 6Hr Web Attacks (IP=71,US)
147.182.209.75	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:43	SQL injection - 6Hr Web Attacks (IP=75,US)
147.182.212.164	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:30	SQL injection - 6hr Web Attacks (IP=164,US)
147.182.212.42	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:19	SERVER-WEBAPP Buffalo WSR router configuration injection attempt (1:58530:1) - SourceFire (IP=42,US)
147.182.212.43	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:13	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=43,US)
147.182.212.44	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=44,US)
147.182.213.106	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:14	SQL injection - Web Attacks (IP=106,US)
147.182.213.12	32	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=12,US)
147.182.213.34	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:46	SQL injection - Web Attacks (IP=34,US)
147.182.214.117	32	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 17:20:51	SQL injection - Web Attacks (IP=117,US)
147.182.214.79	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:15	SQL injection - Web Attacks (IP=79,US)
147.182.215.151	32	NAB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:15	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=151,US)
147.182.216.21	32	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=21,US)
147.182.217.120	32	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:26	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=120,US)
147.182.217.212	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:57	SQL injection - 6Hr Web Attacks (IP=212,US)
147.182.218.10	32	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:13	SQL injection - Web Attacks (IP=10,US)
147.182.218.194	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:11	SQL injection - Web Attacks (IP=194,US)
147.182.218.229	32	KH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:28	File /etc/passwd Access Attempt Detect - FE IPS (IP=229,US)
147.182.219.130	32	NAB	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:01	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=130,US)
147.182.219.152	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:39	SQL injection - 6 Hr Web Report (IP=152,US)
147.182.219.202	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:21	SQL injection - 6Hr Web Attacks (IP=202,US)
147.182.219.27	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:40	SQL injection - Web Attacks (IP=27,US)
147.182.219.45	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:43	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=45,US)
147.182.219.61	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:30	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=61,US)
147.182.219.9	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=9,US)
147.182.220.21	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:20	SQL injection - 6hr Web Attacks (IP=21,US)
147.182.222.16	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:31	SQL injection - 6 Hr Web Report (IP=16,US)
147.182.222.237	32	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:44	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=237,US)
147.182.222.62	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:26	HIVE Case #7227 CTO 22-076 (IP=62,US)
147.182.223.250	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:20	SQL injection - 6hr Web Attacks (IP=250,US)
147.182.223.85	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00044 (IP=85,US)
147.182.224.181	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:52	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire Report (IP=181,US)
147.182.226.128	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:22	SQL injection - 6Hr Web Attacks (IP=128,US)
147.182.226.93	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:00	SQL injection - 6Hr Web Attacks (IP=93,US)
147.182.227.107	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:57	SQL injection - 6hr Web Attacks (IP=107,US)
147.182.227.245	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:34	SQL injection - WebAttacks (IP=245,US)
147.182.227.49	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:01	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=49,US)
147.182.227.53	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:33	SQL injection - 6Hr Web Attacks (IP=53,US)
147.182.228.120	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:31	SQL injection - Web Attacks (IP=120,US)
147.182.228.243	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:49	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt (1:57436:1) - SourceFire (IP=243,US)
147.182.229.127	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:57	SQL injection - Web Attacks (IP=127,US)
147.182.229.128	32	RB	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-17 22:34:59	SQL injection - WebAttacks (IP=128,US)
147.182.229.21	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:49	SQL injection - 6HR Web Attacks (IP=21, US)
147.182.229.236	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:37	HIVE Case #7380 CTO 22-099 (IP=236,US)
147.182.229.96	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:15	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attacks (IP=96,US)
147.182.230.222	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:09	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=222,US)
147.182.230.35	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:58	SQL injection - Web Attacks (IP=35,US)
147.182.230.95	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:02	SQL injection - WebAttacks (IP=95,US)
147.182.231.108	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:00	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=108,US)
147.182.231.113	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:50	HTTP: SQL Injection - Exploit II - Web Attacks (IP=113,US)
147.182.231.142	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:46	SQL injection - Web Attacks (IP=142,US)
147.182.231.201	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:33	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=201,US)
147.182.231.220	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:42	SQL injection - 6Hr Web Attacks (IP=220,US)
147.182.231.252	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:23	SQL injection - WebAttacks (IP=252,US)
147.182.231.4	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:32	SQL injection - WebAttacks (IP=4,US)
147.182.232.1	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:49	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=1,US)
147.182.232.181	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:57	SQL injection Web Attacks (IP=181,US)
147.182.233.147	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:09	SQL injection - 6 Hr Web Report (IP=147,US)
147.182.233.213	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:09	SQL injection - WebAttacks (IP=213,US)
147.182.234.156	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:29	SQL injection - 6Hr Web Attacks (IP=156,US)
147.182.234.198	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:31	SQL injection - 6hr Web Attacks (IP=198,US)
147.182.234.2	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:23	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=2,US)
147.182.234.252	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:56	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - SourceFire (IP=252,US)
147.182.235.224	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:38	SQL injection - 6hr Web Attacks (IP=224,US)
147.182.235.60	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:30	SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt (1:48065:2) - SourceFire (IP=60,US)
147.182.236.100	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:32	SQL injection - Web Attacks (IP=100,US)
147.182.236.237	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:31	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - Sourcefire Rpt (IP=237,US)
147.182.236.48	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:27	SQL injection - Web Attacks (IP=48,US)
147.182.237.119	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:33	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=119,US)
147.182.237.129	32	TH	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 13:49:08	SQL injection - 6 Hr Web Report (IP=129,US)
147.182.237.250	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:55	SQL injection - WebAttacks (IP=250,US)
147.182.237.66	32	RS	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:03	Exploit.CVE-2021-44228 - ApacheLog4j2 - Case 6651 (IP=66,US)
147.182.238.177	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:09	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - Sourcefire (IP=177,US)
147.182.238.215	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:27	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - SourceFire (IP=215, US)
147.182.238.226	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:19	SQL injection - Web Attacks (IP=226,US)
147.182.238.238	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:21	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=238,US)
147.182.239.163	32	RB	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-17 22:35:00	SERVER-WEBAPP JBoss JMX console access attempt - WebAttacks (IP=163,US)
147.182.239.183	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:40	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - Source Fire (IP=183,US)
147.182.239.191	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:01	HTTP PHP File InclusionVulnerability- Web Attacks (IP=191,US)
147.182.239.201	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:04	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - Sourcefire (IP=201,US)
147.182.239.221	32	KH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 13:49:47	SQL injection - Web Attacks (IP=221,US)
147.182.239.53	32	AR	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:11	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=53,US)
147.182.239.73	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:34	SQL injection - WebAttacks (IP=73,US)
147.182.240.194	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:50	SQL injection - Web Attacks (IP=194,US)
147.182.240.238	32	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:41	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=238,US
147.182.240.33	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:36	SQL union select - possible sql injection attempt - GET parameter - Source Fire (IP=33,US)
147.182.240.60	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:12	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=60,US)
147.182.240.76	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:08	Malicious activity IR#: 22C01951 (IP=76,US)
147.182.240.99	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:25	SQL injection - Web Attacks (IP=99,US)
147.182.241.126	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:05	HTTP: PHP File Inclusion Vulnerability - IR# 23C01988 (IP=126,US)
147.182.241.184	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:08	SQL injection - Web Attacks (IP=184,US)
147.182.241.34	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:58	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=34, US)
147.182.241.54	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:54	SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt - SourceFire (IP=54, US)
147.182.241.69	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:12	SQL injection - WebAttacks (IP=69,US)
147.182.241.91	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:02	SQL injection - 6Hr Web Attacks (IP=91,US)
147.182.242.104	32	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:32	Possible Cross-site Scripting Attack - IPS Events(IP=104,US)
147.182.242.127	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:02	SQL injection - 6Hr Web Attacks (IP=127,US)
147.182.242.135	32	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:25	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=135,US)
147.182.242.140	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:21	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Rpt (IP=140,US)
147.182.242.207	32	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:50	SQL injection - Web Attacks (IP=207,US)
147.182.242.246	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:11	Possible Cross-site Scripting Attack - IPS Events (IP=246,US)
147.182.243.59	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:22	SQL injection - WebAttacks (IP=59,US)
147.182.244.155	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:35	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire (IP=155,US)
147.182.244.213	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:02	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=213,US)
147.182.244.39	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:03	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=39,US)
147.182.244.7	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:39	SQL injection - 6 hr Web Attacks (IP=7,US)
147.182.245.186	32	AR	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:14	SQL injection - Web Attacks (IP=186,US)
147.182.245.205	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:47	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=205,US)
147.182.245.248	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:54	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=248,US)
147.182.245.50	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:49	HTTP: PHP File Inclusion Vulnerability- 6Hr Web Attacks (IP=50,US)
147.182.245.65	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:45	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=65,US)
147.182.245.9	32	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:43	SERVER-APACHE Apache Struts2 blacklisted method redirectAction (1:27243:6) - SourceFire (IP=9,US)
147.182.246.114	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:04	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=114,US)
147.182.246.36	32	AR	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-13 13:54:46	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=36,US)
147.182.246.57	32	AR	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:13	Webshell.Binary.php.FEC2 - FE CMS (IP=57,US)
147.182.246.96	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:21	SQL injection - 6hr Web Attacks (IP=96,US)
147.182.247.103	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:51	HIVE Case #7904 CTO 22-189 (IP=103,US)
147.182.247.175	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:16	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=175,US)
147.182.247.230	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:01	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - SourceFire (IP=230,US)
147.182.247.242	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:41	SQL injection - Web Attacks (IP=242,US)
147.182.248.149	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:07	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=149,US)
147.182.248.171	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:09	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=171,US)
147.182.248.185	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:58	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=185,US)
147.182.249.26	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:08	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=26,US)
147.182.249.42	32	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:50	SQL injection - Web Attacks (IP=42,US)
147.182.249.49	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:11	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (1:58069:1) - SourceFire (IP=49,US)
147.182.250.121	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:08	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=121,US)
147.182.250.158	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:12	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=158,US)
147.182.250.75	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:21	SQL injection - 6Hr Web Attacks (IP=75,US)
147.182.251.115	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:16	SQL injection - Web Attacks (IP=115,US)
147.182.251.152	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:26	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=152,US)
147.182.251.232	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:36	SQL injection - Web Attcks (IP=232,US)
147.182.251.3	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:16	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=3,US)
147.182.252.136	32	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - Web Attacks (IP=136,US)
147.182.252.17	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:34	POLICY-OTHER Adobe ColdFusion admin interface access attempt (1:25975:3) - Source Fire (IP=17,US)
147.182.252.202	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:44	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=202,US)
147.182.252.205	32	AR	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:17	SQL injection - 6 Hr Web Report (IP=205,US)
147.182.252.43	32	RB	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-17 22:35:00	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=43,US)
147.182.253.124	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:19	SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt - SourceFire (IP=124,US)
147.182.253.57	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:24	SQL injection - Web Attacks (IP=57,US)
147.182.253.64	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:11	SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (3:56220:1) - SourceFire Report (IP=64,US)
147.182.254.213	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:32	SQL injection - WebAttack (IP=213,US)
147.182.254.47	32	AR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:52	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=47,US)
147.234.38.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IL TO-S-2021-1050 Hive Case 4821 Malware Activity
147.48.47.247	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:56	HIVE Case #7380 CTO 22-099 (IP=247,US)
147.51.55.20	32	TAH	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-04-04 20:24:09	HIVE Case #7246 TO-S-2022-0153 (IP=20,US) | **CIRT T1** - IP UNBLOCK Request - Hive Case #7246 TO-S-2022-0153 by TAH
147.52.201.132	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=132,GR)
147.75.194.61	32	CR	None	2021-08-25 00:00:00	2022-08-25 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=61,FR)
147.78.47.242	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:45	HIVE Case #7904 CTO 22-189 (IP=242,NL)
147.78.47.247	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:36:54	HIVE Case #7449 CTO 22-112 (IP=247,NL)
147.78.47.34	24	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 21:47:16	SQL parameter ending in comment characters - possible sql injection attempt - POST (1:21778:7) - SourceFire Report (IP=34,NL)
147.92.153.16	24	WR	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 13:50:46	Known Attack Tool - Hydra - 22C01071 (IP=16,JP)
148.0.114.65	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DM TO-S-2021-1037 Hive Case 4785 Malware Activity
148.0.88.95	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:37:02	HIVE Case #7449 CTO 22-112 (IP=95,DO)
148.101.195.17	24	WR	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:22	FTP Login Failed - Failed Logons (IP=17,DO)
148.101.31.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DM TO-S-2021-1037 Hive Case 4785 Malware Activity
148.103.7.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DM TO-S-2021-1037 Hive Case 4785 Malware Activity
148.163.0.202	32	RB	None	2021-11-23 00:00:00	2022-02-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT#22C00410 (IP=202,US)
148.163.122.88	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:17	SQL injection - 6Hr Web Attacks (IP=88,US)
148.163.124.27	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PT TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.163.124.5	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=5,US)
148.163.66.90	32	JP	None	2022-07-13 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:09	SQL parameter ending in comment characters - possible sql injection attempt - POST (1:21778:7) - SourceFire (IP=90,US) | updated by RR Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=90,US)
148.163.83.152	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
148.163.89.221	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=221,US)
148.243.63.197	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
148.251.12.24	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=24,DE)
148.251.120.201	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=201,DE)
148.251.195.14	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=14,DE)
148.251.68.49	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=49,DE)
148.251.69.139	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=139,DE)
148.251.71.182	32	TLM	None	2021-12-10 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:46	HIVE Case #6644 CTO 21-344 (IP=182,DE) | updated by TLM Block was inactive. Reactivated on 20220615 with reason HIVE Case #7779 CTO 22-162 (IP=182,DE)
148.251.8.250	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=250,DE)
148.251.9.145	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:35	HIVE Case #7088 CTO 22-056 (IP=145,DE)
148.66.131.149	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SG TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
148.66.135.10	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=10,SG)
148.66.135.137	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=137,SG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=137,SG)
148.66.136.0	22	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=0,SG)
148.66.136.11	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.66.136.120	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.66.136.137	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.66.136.152	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6344 TO-S-2022-1604 (IP=152,SG)
148.66.136.3	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.66.136.6	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-20 16:36:34	HIVE Case #7599 COLS-NA-TIP 22-0172 (IP=6,SG)
148.66.136.67	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.66.137.18	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=18,SG)
148.66.138.116	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.66.138.145	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=145,SG) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=145,SG)
148.66.138.162	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=162,SG)
148.66.138.169	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.66.138.171	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=171,SG)
148.66.139.57	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=57,SG) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=57,SG)
148.66.158.210	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=210,SG)
148.72.144.39	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:53	SIPVicious Security Scanner - FE CMS IPS Events (IP=39,US)
148.72.155.66	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=66,US)
148.72.172.197	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.72.176.106	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=106,US)
148.72.203.126	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=126,SG)
148.72.214.212	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=212,SG)
148.72.22.178	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=178,US)
148.72.254.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.72.42.115	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=115,US)
148.72.60.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
148.72.76.198	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
148.72.82.20	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
148.72.88.29	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=29,SG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=29,SG)
148.72.93.221	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
148.76.89.2	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:31	HIVE Case #7199 CTO 22-074 (IP=2,US)
148.76.89.3	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:31	HIVE Case #7199 CTO 22-074 (IP=3,US)
148.76.89.4	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:32	HIVE Case #7199 CTO 22-074 (IP=4,US)
148.76.89.5	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:32	HIVE Case #7199 CTO 22-074 (IP=5,US)
148.76.89.6	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:33	HIVE Case #7199 CTO 22-074 (IP=6,US)
1486936184.zingerrolstoel-nederland.nl	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:57:58	HIVE Case #5644 TO-S-2021-1352
149.102.140.46	24	RS	None	2022-08-13 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:03	SQL injection - Web Attacks (IP=46,DE) | updated by RR Block expiration extended with reason ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt - SourceFire (IP=46,SA)
149.11.144.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
149.127.176.12	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:12	HIVE Case #7881 CTO 22-182 (IP=12,SG)
149.127.176.14	32	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:46	HIVE Case #7840 CTO 22-175 (IP=14,SG)
149.127.176.24	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:17	HIVE Case #7894 CTO 22-187 (IP=24,SG)
149.129.222.195	32	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00307 (IP=195,ZZ)
149.137.129.254	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:24	HIVE Case #7905 COLS-NA TIP 22-0239 (IP=254,US)
149.154.100.151	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:51	HIVE Case #7904 CTO 22-189 (IP=151,AT)
149.154.152.161	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:39	HIVE Case #7458 CTO 22-113 (IP=161,AT)
149.154.157.176	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:47	HIVE Case #7731 CTO 22-158 (IP=176,IT)
149.154.159.117	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=117,DE)
149.154.167.51	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:19	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=51,GB)
149.154.167.91	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=91,GB)
149.154.175.100	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:19	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=100,AG)
149.154.175.50	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:20	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=50,AG)
149.154.175.55	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:21	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=55,AG)
149.156.1.252	24	KD	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt- Sourcefire(IP=252,PL)
149.200.73.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
149.202.12.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
149.202.238.204	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=204,FR)
149.202.251.78	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
149.202.65.41	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
149.202.70.203	24	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=203,FR)
149.202.82.11	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=11,FR)
149.202.86.61	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:02:56	HIVE Case #7441 CTO 22-111 (IP=61,FR)
149.248.11.223	32	WR	None	2021-01-01 00:00:00	2022-04-01 00:00:00	None	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - Sourcefire (IP=223,US)
149.248.12.163	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6581 CTO 21-321 (IP=163,US)
149.248.13.58	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:33	HIVE Case #7380 CTO 22-099 (IP=58,US)
149.248.19.145	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:58	HIVE Case #7731 CTO 22-158 (IP=145,US)
149.248.35.200	32	TLM	None	2022-04-25 00:00:00	2022-10-24 00:00:00	2022-04-26 14:55:02	HIVE Case #7462 TO-S-2022-0168 (IP=200,US)
149.248.52.31	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:13:00	HIVE Case #8259 TO-S-2022-0228 (IP=31,CA)
149.255.35.134	32	JEB	None	2022-06-06 00:00:00	2022-09-06 00:00:00	2022-06-08 16:55:38	REV Malicious Bumblebee Hardcoded C2 (IP=134,US)
149.255.35.179	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=179,US)
149.255.62.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
149.255.62.68	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
149.28.108.66	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:15	HIVE Case #7881 CTO 22-182 (IP=66,US)
149.28.128.117	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:09	HIVE Case #7564 TO-S-2022-0180 (IP=117,SG)
149.28.128.174	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
149.28.131.155	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=155,SG)
149.28.139.86	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:09	HIVE Case #7564 TO-S-2022-0180 (IP=86,SG)
149.28.14.163	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
149.28.140.9	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
149.28.141.114	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:42	HIVE Case #7793 CTO 22-168 (IP=114,SG)
149.28.143.29	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:31	HIVE Case #7894 CTO 22-187 (IP=29,SG)
149.28.145.11	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:24	HIVE Case #7653 CTO 22-144 (IP=11,SG)
149.28.147.105	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:16	HIVE Case #7894 CTO 22-187 (IP=105,SG)
149.28.15.152	32	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:34	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=152,US)
149.28.150.146	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=146,SG)
149.28.159.211	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
149.28.16.125	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=125,JP)
149.28.162.113	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=113,AU)
149.28.170.39	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:07	HIVE Case #7774 CTO 22-166 (IP=39,AU)
149.28.192.0	20	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:39	HIVE Case #7840 CTO 22-175 (IP=0,US)
149.28.200.140	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:30	HIVE Case #7189 CTO 22-068.1 (IP=140,US)
149.28.204.142	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=142,US)
149.28.207.34	32	RR	None	2021-11-23 00:00:00	2022-02-24 00:00:00	None	File /etc/passwd Access Attempt Detected - IPS Event (IP=34,US)
149.28.212.30	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:40	SQL injection - WebAttacks (IP=30,US)
149.28.226.59	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:06	HIVE Case #7696 CTO 22-152 (IP=59,US)
149.28.241.241	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:08	HIVE Case #8395 TO-S-2022-0233 (IP=241,US)
149.28.254.42	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:18	HIVE Case #7881 CTO 22-182 (IP=42,US)
149.28.28.159	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 19:15:20	HIVE Case #7897 TO-S-2022-0205 (IP=159,JP)
149.28.78.155	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=155,US)
149.28.78.89	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=89,US)
149.28.93.184	32	dbc	None	2019-10-23 00:00:00	2022-10-25 00:00:00	2022-04-27 18:49:26	US TO-S-2020-0056 Malware Activity | updated by TLM Block was inactive. Reactivated on 20220426 with reason HIVE Case #7465 CTO 22-116 (IP=184,US)
149.3.170.66	24	RT	None	2021-11-30 00:00:00	2022-02-28 00:00:00	None	SQL injection - 6HR Web Attacks (IP=66,RU)
149.3.27.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GE TO-S-2021-1037 Hive Case 4785 Malware Activity
149.34.244.153	24	AR	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:16	SQL use of sleep function in HTTP header - likely SQL injection attempt - SourceFire (IP=153,NL)
149.34.32.55	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C00469 (IP=55,ES)
149.34.32.77	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00468 (IP=77,ES)
149.34.4.98	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
149.34.40.77	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
149.34.46.180	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
149.34.51.101	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:57	HIVE Case #7282 CTO 22-085 (IP=101,IT)
149.47.146.153	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=153,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=153,US)
149.5.173.16	32	TH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-29 13:57:15	Known Attack Tool/BOT: Muieblackcat Traffic Detected - IR# 22C01880 (IP=16,US)
149.5.173.33	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:22	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=33,RO)
149.56.117.69	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=69,CA)
149.56.129.132	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
149.56.129.85	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
149.56.131.28	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:17	HIVE Case #7535 TO-S-2022-0176 (IP=28,CA)
149.56.153.183	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=183,CA)
149.56.17.122	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=122,CA)
149.56.44.47	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=47,CA)
149.56.72.220	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=220,CA)
149.56.99.85	24	CR	None	2020-07-14 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=85,CA) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=85,CA)
149.57.210.56	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:38	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=56,US)
149.71.33.164	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malware Activity
149.81.74.205	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=205,US)
149.81.74.207	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=207,US)
149.81.75.204	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=204,US)
149.81.87.19	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:12	HIVE Case #7862 CTO 22-176 (IP=19,US)
149.81.87.20	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:13	HIVE Case #7862 CTO 22-176 (IP=20,US)
149.84.87.18	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=18,US)
15.148.165.233	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=233,US)
15.160.228.185	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:42	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=185,IT)
15.165.13.243	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=243,KR)
15.188.207.74	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:43	Abnormally Long Header Line - ArcSight (IP=74,FR)
15.200.117.65	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	2022-02-25 03:53:28	HIVE Case #7081 TO-S-2022-0135 (IP=65,US)
15.200.179.208	32	TLM	None	2022-10-19 00:00:00	2022-12-23 00:00:00	2022-12-23 19:05:34	HIVE Case #8482 CTO 22-288 (IP=208,US) | UNBLOCKESD - CTO 22-348 Unblock request - JFHQ-DODIN directs all Tier-1 IAP owners to unblock the IP.
15.200.248.15	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=15,US)
15.204.143.157	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:51	Apache HTTP Server CVE-2021-40438 Server-Side Request Forgery - IPS Events (IP=157,US)
15.204.25.65	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:35	SIPVicious Security Scanner - IPS Events(IP=65,US)
15.205.169.217	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=217,US) | UNBLOCKED per CTO 22-305
15.205.22.112	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:18	HIVE Case #8100 CTO 22-211 (IP=112,US)
15.205.57.55	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=55,US)
15.206.84.52	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:52	HIVE Case #7904 CTO 22-189 (IP=52,IN)
15.207.110.133	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2)- SourceFire Rpt (IP=133,IN)
15.235.30.194	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=194,CA)
15.235.33.14	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:20	HIVE Case #8395 TO-S-2022-0233 (IP=14,CA)
15.235.55.155	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:43	PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt - SourceFire (IP=155,CA)
150.107.107.8	24	DT HTTP:	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	PHP File Inclusion Vulnerability - Web Attacks (IP=8,NP)
150.107.137.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
150.107.190.45	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
150.116.165.16	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
150.116.165.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
150.129.124.109	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
150.129.124.46	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
150.129.219.222	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=222,CN)
150.136.107.192	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=192,US)
150.136.111.68	32	NAB	None	2022-01-11 00:00:00	2022-07-03 00:00:00	2022-04-04 13:49:01	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=68,US) | updated by KH Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=68,US)
150.136.137.41	32	NAB	None	2022-06-15 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:52	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=41,US) | updated by ZH Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=41,US)
150.136.140.174	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:21	HIVE Case #7653 CTO 22-144 (IP=174,US)
150.136.167.66	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:03	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=66,US)
150.136.234.9	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:54	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR #22C01691 (IP=9,US)
150.136.87.39	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:37	HIVE Case #7676 CTO 22-147 (IP=39,US)
150.136.89.241	32	DT	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:32	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01354 (IP=241,US)
150.143.151.192	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=192,GB)
150.158.182.230	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:32	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=230,CN)
150.158.189.96	24	AR	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6658 - Exploit.CVE-2021-44228 (IP=96,CN)
150.158.191.30	24	RT	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00271 (IP=30,CN)
150.158.91.179	24	RR	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=179,CN)
150.158.95.54	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=54,CN)
150.203.254.0	24	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,AU)
150.60.156.181	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	JP TO-S-2021-1102 Malicious Email Activity
150.95.178.62	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
150.95.205.214	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=214,JP)
151.0.169.240	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:33	HIVE Case #7199 CTO 22-074 (IP=240,IT)
151.0.169.241	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:34	HIVE Case #7199 CTO 22-074 (IP=241,IT)
151.0.169.242	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:34	HIVE Case #7199 CTO 22-074 (IP=242,IT)
151.0.169.243	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:35	HIVE Case #7199 CTO 22-074 (IP=243,IT)
151.0.169.244	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:35	HIVE Case #7199 CTO 22-074 (IP=244,IT)
151.0.169.245	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:36	HIVE Case #7199 CTO 22-074 (IP=245,IT)
151.0.169.246	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:36	HIVE Case #7199 CTO 22-074 (IP=246,IT)
151.0.169.247	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:37	HIVE Case #7199 CTO 22-074 (IP=247,IT)
151.0.169.250	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=250,IT)
151.0.185.146	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:38	HIVE Case #7199 CTO 22-074 (IP=146,IT)
151.0.185.147	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:38	HIVE Case #7199 CTO 22-074 (IP=147,IT)
151.0.185.148	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:39	HIVE Case #7199 CTO 22-074 (IP=148,IT)
151.0.185.149	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:39	HIVE Case #7199 CTO 22-074 (IP=149,IT)
151.0.185.150	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:40	HIVE Case #7199 CTO 22-074 (IP=150,IT)
151.0.53.104	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	EE TO-S-2021-1102 Malware Activity
151.101.120.119	32	TLM	None	2022-09-01 00:00:00	2022-12-01 00:00:00	2022-09-02 21:05:02	HIVE Case #8225 COLS-NA-TIP 22-0305 (IP=119,FR)
151.101.192.119	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:23	HIVE Case #7905 COLS-NA TIP 22-0239 (IP=119,US)
151.101.2.159	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:42	HIVE Case #7673 TO-S-2022-0189 (IP=159,US)
151.101.205.188	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:30	FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt - SourceFire (IP=188,US)
151.101.64.119	32	RS	None	2022-05-21 00:00:00	2022-10-09 00:00:00	2022-07-15 16:47:40	Phish.LIVE.DTI.URL - Case # 7635 (IP=119,US) | updated by AS Block expiration extended with reason HIVE Case #7919 COLS-NA TIP 22-0240 (IP=50,US)
151.101.66.133	32	NAB	None	2020-10-30 00:00:00	2022-07-13 00:00:00	2022-07-15 20:59:40	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=133,US) | updated by AR Block was inactive. Reactivated on 20220521 with reason Phish.LIVE.DTI.URL - Case # 7635 (IP=133,US) | UNBLOCKED - IP is associated with mdc.mo.gov and preventing users from gaining access. SNOW Ticket: INC0371003
151.106.32.239	24	KH	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:14	SIPVicious Security Scanner - FE IPS (IP=239,FR)
151.106.34.152	24	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:01	SIPVicious Security Scanner - IPS Events (IP=152,FR)
151.106.34.97	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=97,FR)
151.106.34.97	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=97,FR)
151.106.34.97	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=97,FR)
151.106.38.211	24	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:45	SIPVicious Security Scanner - IPS Events (IP=211,FR)
151.106.39.208	24	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:11	SIPVicious Security Scanner - FE IPS (IP=208,FR)
151.106.40.90	24	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:57	Generic URI Injection wget Attempt - IPS Events (IP=90,FR)
151.106.5.86	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:08	SIPVicious Security Scanner - CMS IPS Events (IP=86,FR)
151.106.9.83	32	BB	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00445 (IP=83,NL)
151.106.96.83	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=83,DE)
151.115.60.113	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=113,PL)
151.22.181.206	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.225.130.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
151.236.101.19	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:22	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=19,RU)
151.236.104.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:22	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.106.4	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:23	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,RU)
151.236.110.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:23	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.115.20	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:24	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=20,RU)
151.236.118.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:25	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.119.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:25	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.126.6	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:26	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=6,RU)
151.236.127.145	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:55:41	HIVE Case #7152 CTO 22-064 F1 (IP=145,RU)
151.236.127.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:27	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.53.36	24	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:33	FTP Login Failed - Failed Logons (IP=36,GB)
151.236.64.24	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:27	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=24,RU)
151.236.81.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:28	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.82.3	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:29	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=3,RU)
151.236.89.13	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:30	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=13,RU)
151.236.89.26	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:30	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=26,RU)
151.236.92.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:31	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.95.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:32	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
151.236.99.9	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:32	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=9,RU)
151.24.1.133	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.248.112.254	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=254,RU)
151.248.114.67	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=67,RU)
151.248.116.243	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=243,RU)
151.248.116.243	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=243,RU)
151.248.116.243	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=243,RU)
151.248.117.250	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=250,RU)
151.248.117.250	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=250,RU)
151.248.117.250	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=250,RU)
151.248.121.176	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=176,RU)
151.248.121.176	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=176,RU)
151.248.121.176	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=176,RU)
151.248.125.115	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=115,RU)
151.248.125.140	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=140,RU)
151.251.30.69	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:45:59	HIVE Case #7458 CTO 22-113 (IP=69,BG)
151.254.72.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SA TO-S-2021-1050 Hive Case 4821 Malware Activity
151.32.79.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.41.88.89	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.42.211.73	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
151.50.139.49	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.50.22.241	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.50.78.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.73.113.159	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.76.103.96	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
151.80.148.159	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=159,FR)
151.80.172.145	24	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:02	SQL injection - Web Attacks (IP=145,FR)
151.80.36.188	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
151.84.220.205	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:40	HIVE Case #7199 CTO 22-074 (IP=205,IT)
1514602498.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:19	HIVE Case #5940 TO-S-2021-1447
152.115.84.170	24	BB	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (1:39406:3) - SourceFire (IP=170,DK)
152.136.120.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
152.136.152.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
152.136.164.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
152.136.197.84	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:57	HIVE Case #7282 CTO 22-085 (IP=84,CN)
152.136.21.229	24	RT	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=229,CN) | updated by RT Block was inactive. Reactivated on 20211102 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00272 (IP=229,CN) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00272 (IP=229,CN)
152.136.21.229	24	RR	None	2021-05-12 00:00:00	2022-02-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=229,CN) | updated by RT Block was inactive. Reactivated on 20211102 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00272 (IP=229,CN) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00272 (IP=229,CN)
152.136.212.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
152.136.224.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
152.136.80.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
152.166.116.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DM TO-S-2021-1050 Hive Case 4821 Malware Activity
152.172.57.228	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
152.172.6.158	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
152.174.2.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
152.216.11.132	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:40	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=132,US)
152.216.11.133	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:41	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=133,US)
152.216.7.164	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:41	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=164,US)
152.216.7.165	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:42	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=165,US)
152.245.189.195	24	SW	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=195, BR)
152.247.64.129	24	RR	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 14:22:03	SSH User Authentication Brute Force Attempt - Failed Logon (IP=129,BR)
152.250.36.44	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP F5 iControl REST interface ssrf attempt - SourceFire (IP=44,BR)
152.250.39.227	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=227,BR)
152.250.42.38	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=38,BR)
152.32.138.234	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:09:59	HIVE Case #7563 CTO 22-131 (IP=234,KR)
152.32.145.148	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:54	HIVE Case #7380 CTO 22-099 (IP=148,JP)
152.32.153.134	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:47	HIVE Case #7458 CTO 22-113 (IP=134,ID)
152.32.153.189	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=189,ID)
152.32.165.70	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:47	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=70,TW)
152.32.172.163	24	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=163,HK)
152.32.177.0	24	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:05	HIVE Case #7826 TO-S-2022-0203 (IP=0,RU)
152.32.186.0	24	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:06	HIVE Case #7826 TO-S-2022-0203 (IP=0,HK)
152.32.197.0	24	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:06	HIVE Case #7826 TO-S-2022-0203 (IP=0,BR)
152.32.203.199	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:47	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=199,JP)
152.32.209.58	24	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=58,HK)
152.32.212.208	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:32	HIVE Case #7495 CTO 22-120 (IP=208,HK)
152.32.218.181	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:18	HIVE Case #7653 CTO 22-144 (IP=181,SG)
152.32.218.199	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:48	HIVE Case #7458 CTO 22-113 (IP=199,SG)
152.32.219.135	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=135,SG)
152.32.219.4	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:25:02	HIVE Case #7608 CTO 22-137 (IP=4,SG)
152.32.221.0	19	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:07	HIVE Case #7826 TO-S-2022-0203 (IP=0,VN)
152.32.221.242	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:48	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=242,VN)
152.32.225.210	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:55	HIVE Case #7380 CTO 22-099 (IP=210,HK)
152.32.245.157	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:49	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=157,TH)
152.32.247.153	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:49	HIVE Case #7458 CTO 22-113 (IP=153,TH)
152.32.255.145	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:49	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=145,VN)
152.57.194.232	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=232,IN)
152.57.194.232	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=232,IN)
152.66.249.135	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=135,HU)
152.66.249.135	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=135,HU)
152.66.249.135	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=135,HU)
152.67.35.9	24	NAB	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:02	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=9,BR)
152.67.63.150	24	WR	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=150,BR)
152.70.222.112	24	NAB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:50	HIVE Case #6651 Exploit.Log4Shell.CVE-2021-44228 (IP=112,BR)
152.88.9.5	24	KD	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=5,CH)
152.89.196.62	32	ZH	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:18	HTTP: ThinkPHP CMS Getshell Vulnerability IR 22C01874 (IP=62,RU)
152.89.196.64	24	KH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 13:49:47	SQL injection - Web Attacks (IP=64,RU)
152.89.198.161	24	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:39	SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt (1:59948:1) - SourceFire (IP=161,RU)
152.89.247.114	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=114,DE)
152.89.247.137	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=137,DE)
152.89.247.147	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=147,DE)
152.89.247.157	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=157,DE)
152.89.247.161	32	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6196 CTO 21-258 (IP=161,DE)
152.89.247.162	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=162,DE)
152.89.247.172	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=172,DE)
152.89.247.193	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=193,DE)
152.89.247.193	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=193,DE)
152.89.247.207	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:04	HIVE Case #7441 CTO 22-111 (IP=207,DE)
152.89.247.26	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=26,DE)
152.89.247.37	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=37,DE)
152.89.247.87	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:34	HIVE Case #8395 TO-S-2022-0233 (IP=87,DE)
153.121.45.96	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:16	HIVE Case #7816 TO-S-2022-0202 (IP=96,JP)
153.122.102.214	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:37	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR WebAttack (IP=214,JP)
153.122.20.202	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=202,JP)
153.122.39.207	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
153.126.146.25	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:30	HIVE Case #7535 TO-S-2022-0176 (IP=25,JP)
153.126.205.162	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malware Activity
153.127.242.109	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
153.149.141.167	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=167,JP)
153.161.244.172	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
153.178.179.118	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:17	HIVE Case #7894 CTO 22-187 (IP=118,JP)
153.231.56.13	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:01	FireEye High Attacker (IP=13,JP)
153.92.216.0	21	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:36	HIVE Case #7704 TO-S-2022-0190 (IP=0,NL)
153.96.1.1	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=1,DE)
153.96.32.2	24	DT	None	2022-02-24 00:00:00	2022-05-25 00:00:00	2022-02-25 14:56:24	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=2,DE)
153.96.87.2	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=72,DE)
154.12.241.247	32	AS	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-26 16:43:48	HIVE Case #8178 COLS-NA TIP 22-0289 (IP=247,US)
154.12.244.43	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:49	HIVE Case #7676 CTO 22-147 (IP=43,US)
154.120.119.0	23	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,NG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,NG) HIVE Case #5969 TO-S-2021-1289 (IP=0,NG)
154.120.119.0	23	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,NG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,NG) HIVE Case #5969 TO-S-2021-1289 (IP=0,NG)
154.120.119.0	23	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,NG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,NG) HIVE Case #5969 TO-S-2021-1289 (IP=0,NG)
154.124.35.211	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:35	HIVE Case #7198 CTO 22-071 (IP=211,SN)
154.126.98.131	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:22	HIVE Case #7904 CTO 22-189 (IP=131,MG)
154.13.1.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,DE)
154.146.0.0	16	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:51	HIVE Case #7728 TO-S-2022-0192 (IP=0,MA)
154.16.105.147	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:55	HIVE Case #7728 TO-S-2022-0192 (IP=147,US)
154.16.113.199	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
154.16.148.80	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=80,US)
154.16.192.70	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=70,US)
154.16.79.37	32	TH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:11	SIPVicious Security Scanner - FE CMS IPS Events (IP=37,US)
154.176.232.72	32	KD	None	2021-10-20 00:00:00	2022-01-20 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00192 (IP=72,EG)
154.179.28.118	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EG TO-S-2021-1050 Hive Case 4821 Malware Activity
154.181.235.104	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:51	FIREEYE Web: Infection Match - FE NX (IP=104,EG)
154.197.50.63	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:29	HIVE Case #7495 CTO 22-120 (IP=63,HK)
154.202.56.132	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:36	HIVE Case #7458 CTO 22-113 (IP=132,US)
154.202.56.139	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:42	HIVE Case #7416 CTO 22-106 (IP=139,US)
154.202.59.148	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=148,US)
154.202.59.190	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=190,US)
154.202.59.196	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=196,US)
154.204.27.130	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=130,HK)
154.204.27.181	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:10	HIVE Case #7282 CTO 22-085 (IP=181,HK)
154.208.100.47	24	RT	None	2021-11-30 00:00:00	2022-02-28 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Report (IP=47,HK)
154.208.76.252	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=252,HK)
154.208.77.176	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=176,HK)
154.209.125.50	24	ZH	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:27	Suspicious Response Code - Imperva (IP=50,HK)
154.209.72.197	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:39	HIVE Case #7458 CTO 22-113 (IP=197,HK)
154.21.21.227	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:28	SQL use of sleep function in HTTP header - likely SQL injection attempt - SourceFire (IP=227,US)
154.215.115.105	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=105,HK)
154.215.123.202	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=202,HK)
154.215.197.141	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:47	HIVE Case #7198 CTO 22-071 (IP=141,HK)
154.22.120.4	32	RB	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=4,US)
154.220.251.25	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:44	HIVE Case #7662 CTO 22-145 (IP=25,HK)
154.222.238.50	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:50	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=50,HK)
154.223.135.214	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=214,HK)
154.23.182.52	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:16	HIVE Case #7894 CTO 22-187 (IP=52,US)
154.28.188.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,DE)
154.3.250.163	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=163,US)
154.3.40.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,CA)
154.3.42.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,CA)
154.3.44.136	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=136,US)
154.30.220.211	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=211,US)
154.30.223.90	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=90,US)
154.31.172.86	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:53	HIVE Case #7380 CTO 22-099 (IP=86,DE)
154.31.174.84	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=84,DE)
154.38.110.215	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:16	HIVE Case #7653 CTO 22-144 (IP=215,US)
154.38.111.223	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=223,US)
154.38.230.182	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:11	HIVE Case #7862 CTO 22-176 (IP=182,US)
154.39.254.31	32	KH	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - TT# 22C00770 (IP=31,HK)
154.39.255.195	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=195,US)
154.39.66.122	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:25:00	HIVE Case #7608 CTO 22-137 (IP=122,US)
154.39.66.248	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:25:01	HIVE Case #7608 CTO 22-137 (IP=248,US)
154.48.228.89	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=89,US)
154.55.138.105	24	AR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:42	Potentially Malicious Domain - HIVE Case # 7501 (IP=105,CN)
154.55.187.71	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:49	HIVE Case #7282 CTO 22-085 (IP=71,US)
154.56.0.214	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:09	HIVE Case #7669 TO-S-2022-0187 (IP=214,US)
154.56.0.216	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:09	HIVE Case #7669 TO-S-2022-0187 (IP=216,US)
154.56.0.218	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:10	HIVE Case #7669 TO-S-2022-0187 (IP=218,US)
154.57.200.167	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=167,AF)
154.58.23.192	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=192,ES)
154.6.19.58	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:50	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=58,US)
154.6.19.63	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:51	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=63,US)
154.6.26.57	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:51	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=57,US)
154.61.227.8	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=8,ES)
154.61.71.51	24	EE	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-29 02:13:33	HIVE Case #7288 IOC_STIC_Submission (IP=51,IE)
154.79.244.182	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=182,KE)
154.8.196.32	24	KD	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=32,CN)
154.86.127.157	24	DT	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	- Case # 6763 CMS Notified Report (IP=157,HK)
154.88.26.226	32	WR	None	2021-12-25 00:00:00	2022-03-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=226,US)
154.88.26.229	32	WR	None	2021-12-25 00:00:00	2022-03-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=229,US)
154.89.10.123	24	RR	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 13:47:05	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability - SourceFire (IP=123,HK)
154.89.5.86	24	WR	None	2022-02-20 00:00:00	2022-05-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=86,HK)
154.89.5.86	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:33	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=86,HK)
154.91.144.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,HK)
154.91.194.116	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=116,HK)
154.91.194.117	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=117,HK)
154.92.15.0	24	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:22	HIVE Case #8395 TO-S-2022-0233 (IP=0,HK)
154.95.195.194	24	DT	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	- Case # 6763 CMS Notified Report (IP=194,HK)
155.133.111.235	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
155.138.137.25	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=25,CA)
155.138.138.9	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=9,CA)
155.138.159.45	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:10	HIVE Case #8395 TO-S-2022-0233 (IP=45,CA)
155.138.174.112	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=112,US)
155.138.205.35	32	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=35,US)
155.138.205.39	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=39,US)
155.138.244.17	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=17,US)
155.235.250.0	24	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,US)
155.248.243.60	24	BMP	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	FireEye Web - Nuclei sscanner; Interactsh[.]com (IP=60,IN)
155.4.170.98	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
155.76.92.232	32	JKC	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	Non compliant system - INC0148439 (IP=232,US)
155.83.205.15	32	srm	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-06 17:29:17	HIVE Case #CVE-2022-26134 CVE-2022-26134 (IP=15,US) | [3:22 PM] Thompson, John M CIV USARMY CEIT (USA) immediate unblock 155.83.205.15 by RBB
155.93.118.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NE TO-S-2021-1037 Hive Case 4785 Malware Activity
155.94.128.131	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=131,US)
155.94.128.151	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=151,US)
155.94.129.124	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=124,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=124,US)
155.94.129.137	32	NAB	None	2021-05-06 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5404 TO-S-21-1270 COLS-NA-TIP-21-0144 (IP=137,US) | updated by TLM Block expiration extended with reason HIVE Case #5590 TO-S-2021-1276 (IP=137,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=137,US)
155.94.133.15	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=15,US)
155.94.134.105	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=105,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=105,US)
155.94.145.168	32	AR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-28 13:41:32	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=168,US)
155.94.146.87	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:22	HIVE Case #7881 CTO 22-182 (IP=87,US)
155.94.154.170	32	TH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	Hive Case 6651 - Exploit.CVE-2021-44228 (IP=170,US)
155.94.158.105	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
155.94.158.119	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
155.94.158.47	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
155.94.160.234	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=234,US)
155.94.174.143	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=143,US)
155.94.177.155	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=155,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=155,US)
155.94.178.9	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=9,US)
155.94.179.201	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
155.94.182.75	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=75,US)
155.94.196.226	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 19:11:22	HIVE Case #7259 COLS-NA TIP 22-0099 (IP=226,US)
155.94.200.206	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:10	HIVE Case #7564 TO-S-2022-0180 (IP=206,US)
155.94.200.209	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:55	HIVE Case #7546 CTO 22-127 (IP=209,US)
155.94.200.211	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:10	HIVE Case #7564 TO-S-2022-0180 (IP=211,US)
155.94.200.212	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:11	HIVE Case #7564 TO-S-2022-0180 (IP=212,US)
155.94.205.100	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=100,US)
155.94.211.207	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:51	HIVE Case #7779 CTO 22-162 (IP=207,NL)
155.94.228.172	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=172,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=172,US)
155.94.228.236	32	TLM	None	2022-02-28 00:00:00	2022-08-29 00:00:00	2022-02-28 14:37:59	HIVE Case #7099 COLS-NA-TIP 22-0067 (IP=236,US)
1559794842.spectools.com	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:17	HIVE Case #6025 TO-S-2021-1472
155fu.codesandbox.io	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:08	HIVE Case #5985 TO-S-2021-1459
156.112.98.233	32	TLM	Kristen Pope	2022-10-17 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=233,US) | UNBLOCKED per CTO 22-305
156.112.98.233	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=233,US) | UNBLOCKED per CTO 22-305
156.112.98.80	32	TLM	Kristen Pope	2022-10-17 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=80,US) | UNBLOCKED per CTO 22-305
156.112.98.80	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=80,US) | UNBLOCKED per CTO 22-305
156.146.34.193	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:35	HIVE Case #7894 CTO 22-187 (IP=193,JP)
156.146.34.46	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:19	HIVE Case #7733 CTO 22-155 (IP=46,JP)
156.146.34.52	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:21	HIVE Case #7733 CTO 22-155 (IP=52,JP)
156.146.34.9	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:20	HIVE Case #7733 CTO 22-155 (IP=9,JP)
156.146.36.102	32	AR	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	SQL injection - 6Hr Web Attacks (IP=102,US)
156.146.47.27	32	WR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SQL injection - Web Attacks (IP=27,US)
156.146.55.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,BG)
156.146.56.136	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:20	HIVE Case #7733 CTO 22-155 (IP=136,SG)
156.146.63.159	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:33	ColdFusion Error reporting - IR # 22C01141 (IP=159,FR)
156.154.100.20	32	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire Rpt (IP=20,US)
156.192.178.239	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:28	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Source Fire (IP=239,EG)
156.200.107.242	32	BB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03579 (IP=242,EG) | updated by BB Block was inactive. Reactivated on 20211228 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability -TT# 22C00728 (IP=242,EG) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability -TT# 22C00728 (IP=242,EG)
156.200.107.242	32	DT	None	2020-10-08 00:00:00	2022-03-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03579 (IP=242,EG) | updated by BB Block was inactive. Reactivated on 20211228 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability -TT# 22C00728 (IP=242,EG) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability -TT# 22C00728 (IP=242,EG)
156.200.107.242	32	RR	None	2020-07-29 00:00:00	2022-03-28 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03579 (IP=242,EG) | updated by BB Block was inactive. Reactivated on 20211228 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability -TT# 22C00728 (IP=242,EG) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability -TT# 22C00728 (IP=242,EG)
156.200.107.244	32	RT	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03580 (IP=244,EG) | updated by RT Block was inactive. Reactivated on 20211217 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 22C00612(IP=244,EG) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 22C00612(IP=244,EG)
156.200.107.244	32	DT	None	2020-10-08 00:00:00	2022-03-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03580 (IP=244,EG) | updated by RT Block was inactive. Reactivated on 20211217 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 22C00612(IP=244,EG) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 22C00612(IP=244,EG)
156.200.107.244	32	RR	None	2020-07-29 00:00:00	2022-03-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03580 (IP=244,EG) | updated by RT Block was inactive. Reactivated on 20211217 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 22C00612(IP=244,EG) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability(CVE-2019-16759) - TT# 22C00612(IP=244,EG)
156.200.207.32	24	NAB	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:04	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=32,EG)
156.206.218.156	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:46	SQL injection - 6Hr Web Attacks (IP=156,EG)
156.211.131.252	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:54	SIPVicious Security Scanner - IPS Events (IP=252,EG)
156.211.131.252	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:51:00	SIPVicious Security Scanner - IPS Events (IP=252,EG)
156.215.14.76	24	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:32	POLICY-OTHER Adobe ColdFusion admin interface access attempt (1:25975:3) - SourceFire (IP=76,EG)
156.216.123.113	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:55	Atlassian Confluence CVE-2022-26134 RCE - IPS Events (IP=113,EG)
156.216.123.113	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:51:01	Atlassian Confluence CVE-2022-26134 RCE - IPS Events (IP=113,EG)
156.217.68.233	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:50	Telerik UI CVE-2017-9248 Information Disclosure - IPS Events (IP=233,EG)
156.217.68.233	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:55	Telerik UI CVE-2017-9248 Information Disclosure - IPS Events (IP=233,EG)
156.218.112.51	24	NAB	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:56	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=51,EG)
156.218.37.104	24	RS	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:49	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (Outbound) (CVE-2021-44228) (1:2034800:2) - SourceFire (IP=104,EG)
156.220.163.196	24	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:02	SQL injection - 6Hr Web Attacks (IP=196,EG)
156.220.227.143	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:05	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=143,EG)
156.222.143.31	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:06	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=31,EG)
156.226.173.23	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:13	HIVE Case #7282 CTO 22-085 (IP=23,SC)
156.233.224.0	19	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,US)
156.234.248.71	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:15	HIVE Case #7705 CTO 22-153 (IP=71,HK)
156.236.102.131	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:03	HIVE Case #7104 TO-S-2022-0138 (IP=131,US)
156.236.102.159	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:03	HIVE Case #7104 TO-S-2022-0138 (IP=159,US)
156.236.106.78	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:04	HIVE Case #7104 TO-S-2022-0138 (IP=78,US)
156.238.111.174	24	EE	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	HIVE Case #6451 IOC_FontOnLake (IP=174,HK)
156.240.106.69	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:41	HIVE Case #7769 CTO 22-165 (IP=69,HK)
156.240.108.103	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:24:59	HIVE Case #7608 CTO 22-137 (IP=103,HK)
156.240.108.20	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:26	HIVE Case #7653 CTO 22-144 (IP=20,HK)
156.240.108.251	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:24:59	HIVE Case #7608 CTO 22-137 (IP=251,HK)
156.247.10.118	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=118,US)
156.247.11.57	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=57,SC)
156.251.176.13	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:35	HIVE Case #7380 CTO 22-099 (IP=13,HK)
156.253.5.147	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6162 CTO 21-245 (IP=147,DE)
156.255.3.199	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=199,HK)
156.67.22.130	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:41	HIVE Case #7199 CTO 22-074 (IP=130,IT)
156.67.22.130	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:49	HIVE Case #7199 CTO 22-074 (IP=130,IT)
156.67.220.68	24	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=68, SG)
156.96.128.150	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=150,US)
156.96.157.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,US)
156.96.46.116	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=116,US)
156.96.46.116	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=116,US)
156.96.46.116	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=116,US)
1561185377.dnddevelopers.com	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
1561951183.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:20	HIVE Case #5940 TO-S-2021-1447
157.100.54.148	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
157.112.183.47	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:06:04	HIVE Case #7565 TO-S-2022-0179 (IP=47,JP)
157.122.104.32	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:06	SIPVicious Security Scanner - IPS Events (IP=32,CN)
157.205.202.199	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=199,JP)
157.205.202.201	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=201,JP)
157.205.202.213	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=213,JP)
157.230.1.174	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:54	SERVER-APACHE Apache Struts remote code execution attempt (1:39190:3) - Sourcefire Rpt (IP=174,US)
157.230.1.174	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:19	SERVER-APACHE Apache Struts remote code execution attempt (1:39190:3) - Sourcefire Rpt (IP=174,US)
157.230.1.221	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:18	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (Outbound) (CVE-2021-44228) - Source Fire (IP=221,US)
157.230.10.120	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:52	SQL injection - Web Attacks (IP=120,US)
157.230.103.53	32	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:50:20	SQL Injection - Web Attacks(IP=53,US)
157.230.104.79	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 12:32:13	HIVE Case #7143 CTO 22-063 (IP=79,DE)
157.230.105.127	24	KH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 22:28:51	SQL injection - Web Attacks (IP=127,DE)
157.230.107.173	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:54	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - Sourcefire Rpt (IP=173,DE)
157.230.107.173	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:20	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - Sourcefire Rpt (IP=173,DE)
157.230.108.203	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:30	SQL injection - 6Hr Web Attacks (IP=203,DE)
157.230.109.85	24	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:42	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=85,DE) | updated by WR Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Sourcefire (IP=85,DE) SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Sourcefire (IP=85,DE)
157.230.109.85	24	RS	None	2022-05-02 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:42	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=85,DE) | updated by WR Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Sourcefire (IP=85,DE) SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Sourcefire (IP=85,DE)
157.230.11.186	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00059 (IP=186,US)
157.230.11.187	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: Apache Struts 2 remote code execution vulnerability (CVE-2016-4438) - TT# 22C00048 (IP=187,US)
157.230.11.207	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00051 (IP=207,US)
157.230.11.94	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:14	SQL injection - 6 Hr Web Report (IP=94,US)
157.230.110.54	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:52	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (1:57907:4) - SourceFire (IP=54,DE)
157.230.112.240	24	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:37	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=240,DE)
157.230.112.240	24	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:41	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=240,DE)
157.230.116.165	32	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:31	SQL Injection - Web Attacks(IP=165,DE)
157.230.117.10	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:32	HTTP: SQL Injection - Exploit II - 6Hr Web Attacks (IP=10,DE)
157.230.120.67	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:46	SQL injection - 6Hr Web Attacks (IP=67,DE)
157.230.125.224	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:45	HTTP: PHP File Inclusion Vulnerability - IR# 22C01550 (IP=224,US)
157.230.126.207	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:58	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=207,DE)
157.230.127.59	24	RB	None	2022-04-16 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:20	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=59,DE) | updated by RR Block expiration extended with reason SERVER-OTHER PHP webshell upload attempt - SourceFire (IP=59,DE) SERVER-OTHER PHP webshell upload attempt - SourceFire (IP=59,DE)
157.230.127.59	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:20	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=59,DE) | updated by RR Block expiration extended with reason SERVER-OTHER PHP webshell upload attempt - SourceFire (IP=59,DE) SERVER-OTHER PHP webshell upload attempt - SourceFire (IP=59,DE)
157.230.13.31	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:40	SERVER-WEBAPP Java ClassLoader access attempt (1:30790:8) - Sourcefire (IP=31,US)
157.230.13.98	32	KH	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:11	SQL injection - Web Attacks (IP=98,US)
157.230.15.45	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:08	Malicious activity IR#: 22C01951 (IP=45,US)
157.230.175.48	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:52	File /etc/passwd Access Attempt Detect - IPS Events (IP=48,US) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=48,US) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=48,US)
157.230.175.48	32	RS	None	2022-07-22 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:52	File /etc/passwd Access Attempt Detect - IPS Events (IP=48,US) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=48,US) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=48,US)
157.230.176.94	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:50	SERVER-WEBAPP JBoss JMX console access attempt - WebAttacks (IP=94,US)
157.230.20.203	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:08	HIVE Case #7341 CTO 22-092 (IP=203,DE)
157.230.20.206	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:55	SERVER-OTHER PHP webshell upload attempt (1:49457:2) - SourceFire (IP=206,DE)
157.230.22.160	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:21	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=160, DE)
157.230.22.160	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:21	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=160, DE) SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=160, DE)
157.230.22.20	24	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:03	SQL injection - Web Attacks (IP=20,DE)
157.230.22.20	24	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:03	SQL injection - Web Attacks (IP=20,DE) SQL injection - Web Attacks (IP=20,DE)
157.230.22.210	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:50	SQL injection - WebAttacks (IP=210,DE)
157.230.237.238	32	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=238,US)
157.230.24.1	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:08	SQL injection - WebAttacks (IP=1,DE)
157.230.240.169	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:16	SQL injection - WebAttacks (IP=169,SG)
157.230.243.42	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:04	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (1:57492:1) - SourceFire (IP=42,SG)
157.230.244.255	24	RS	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:04	Exploit.CVE-2021-44228 - ApacheLog4j2 - Case 6651 (IP=255,SG)
157.230.245.138	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 22:46:07	FIREEYE Web: Infection Match - FE CMS (IP=138,SG)
157.230.246.8	24	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:21	SQL injection - WebAttacks (IP=8,SG)
157.230.247.151	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:33	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=151,SG)
157.230.248.168	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:19	SQL injection - 6 Hr Web Report (IP=168,SG)
157.230.25.213	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:09	SQL injection - 6 Hr Web Report (IP=213,DE)
157.230.250.6	24	JP	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-23 13:58:35	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=6,SG)
157.230.251.247	24	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:14	SQL injection - 6hr Web Attacks (IP=247,SG)
157.230.252.175	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:02	SQL injection - 6 Hr Web Report (IP=175,SG)
157.230.253.121	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:56	SQL injection - 6 Hr Web Report (IP=121,SG)
157.230.254.149	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:50	SQL injection - 6Hr Web Attacks (IP=149,SG)
157.230.255.181	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:46	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=181,SG)
157.230.29.106	32	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:26	HTTP: Oracle GlassFish Server ThemeServlet Directory Traversal - TT# 22C01087 (IP=106,US)
157.230.29.82	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:31	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=82,DE)
157.230.30.99	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:46	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=99,DE)
157.230.31.191	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:23	SQL injection - Web Attacks (IP=191,DE)
157.230.33.85	24	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=85,SG)
157.230.34.219	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:55	HIVE Case #7874 CTO 22-181 (IP=219,SG)
157.230.34.219	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:55	HIVE Case #7874 CTO 22-181 (IP=219,SG) HIVE Case #7874 CTO 22-181 (IP=219,SG)
157.230.34.4	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:21	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - Sourcefire Rpt (IP=4,SG)
157.230.35.68	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:21	SERVER-WEBAPP D-Link DNS-320 Firewall command injection attempt (1:57330:1) - Sourcefire Report (IP=,SG)
157.230.36.235	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:36	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - Sourcefire (IP=235,SG)
157.230.37.140	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:17	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=140,SG)
157.230.39.156	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:58	SQL injection - Web Attacks (IP=156,SG)
157.230.4.212	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:09	Malicious activity IR#: 22C01951 (IP=212,US)
157.230.40.184	24	JY	None	2022-09-26 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:32	SQL injection - 6hr web attacks (IP=184,SG)
157.230.41.81	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:50:59	SQL injection - Web Attacks (IP=81,SG)
157.230.43.133	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:03	SQL injection - 6Hr Web Attacks (IP=133,SG)
157.230.45.77	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:04	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt - Sourcefire (IP=77,SG)
157.230.46.25	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:12	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=25,SG)
157.230.5.133	32	RS	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:36	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=133,US)
157.230.50.233	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:22	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=233,US)
157.230.50.233	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:48	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=233,US)
157.230.50.254	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:23	SQL injection - 6hr Web Attacks (IP=254,US)
157.230.50.254	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:48	SQL injection - 6hr Web Attacks (IP=254,US)
157.230.50.58	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:40	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire (IP=58,US)
157.230.51.186	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:07	Malicious activity IR#: 22C01951 (IP=186,US)
157.230.51.50	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:06	Malicious activity IR#: 22C01951 (IP=50,US)
157.230.53.197	32	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:40	SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt (1:60074:1) - SourceFire (IP=197,US)
157.230.54.189	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:52	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=189,US)
157.230.55.95	32	RS	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:05	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=95,US)
157.230.57.199	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 13:55:08	SQL injection - Web Attacks (IP=199,US)
157.230.57.57	32	KH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:12	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=57,US)
157.230.60.159	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:41	SQL generic sql insert injection attempt - POST parameter (1:15875:12) - Sourcefire (IP=159,US)
157.230.62.10	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:08	SQL injection - Web Attacks (IP=10,US)
157.230.62.107	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:16	SQL injection - Web Attacks (IP=107,US)
157.230.63.144	32	JY	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 13:52:00	SQL injection- 6 hour web attack (IP=144,US)
157.230.63.47	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 13:55:09	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - Web Attacks (IP=47,US)
157.230.7.101	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00053 (IP=101,US)
157.230.7.104	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00057 (IP=104,US)
157.230.7.43	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 22C00056 (IP=43,US)
157.230.7.85	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00064 (IP=85,US)
157.230.7.88	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	INDY_HRC_IPS - TT# 22C00049 (IP=88,US)
157.230.8.135	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:13	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - SourceFire (IP=135,US)
157.230.81.39	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:13	HIVE Case #7237 CTO 22-077 (IP=39,US)
157.230.84.54	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:08	SQL injection - WebAttacks (IP=54,US)
157.230.9.160	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:29	SQL injection- 6hr Web Attacks (IP=160,US)
157.230.98.111	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:35	SQL injection - Web Attacks (IP=111,DE)
157.245.0.101	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:15	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability (1:58555:1) - SourceFire (IP=101, US)
157.245.0.131	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:44	SQL injection - 6 Hr Web Report (IP=131,US)
157.245.0.131	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:50	SQL injection - 6 Hr Web Report (IP=131,US)
157.245.0.196	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:34	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=196,US)
157.245.1.112	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:22	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - SourceFire (IP=112,US)
157.245.1.135	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:45	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - SourceFire (IP=135,US)
157.245.1.169	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:13	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire Report (IP=169,US)
157.245.10.47	32	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:29	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=47,US)
157.245.100.58	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:09	SQL injection - Web Attacks (IP=58,IN)
157.245.101.14	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:17	SQL injection - Web Attacks (IP=14,IN)
157.245.102.139	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:28	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=139,IN)
157.245.102.139	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:28	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=139,IN) SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=139,IN)
157.245.102.58	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:23	SQL injection - 6hr Web Attacks (IP=58,IN)
157.245.102.58	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:49	SQL injection - 6hr Web Attacks (IP=58,IN)
157.245.103.55	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=55,IN)
157.245.103.55	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=55,IN)
157.245.103.77	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:05	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - Sourcefire (IP=77,IN)
157.245.104.27	24	KD	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-16 14:40:52	SQL injection- Web Attacks (IP=27,IN)
157.245.105.97	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:35	SQL injection- Web Attacks (IP=97,IN)
157.245.106.129	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:49	SERVER-WEBAPP System Information Library for node.js command injection attempt (1:58980:1) - SourceFire (IP=129,IN)
157.245.107.128	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:13	SQL injection - 6Hr Web Attack (IP=128,IN)
157.245.107.16	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:37	HIVE Case #7458 CTO 22-113 (IP=16,IN)
157.245.107.16	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:37	HIVE Case #7458 CTO 22-113 (IP=16,IN) HIVE Case #7458 CTO 22-113 (IP=16,IN)
157.245.108.138	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:43	SQL injection - WebAttacks (IP=138,IN)
157.245.109.27	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:03	SQL injection - 6hr Web Attacks (IP=27,IN)
157.245.110.176	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:28	SQL injection - Web Attacks (IP=176,IN)
157.245.110.176	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:41	SQL injection - Web Attacks (IP=176,IN)
157.245.110.5	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=5,IN)
157.245.110.5	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=5,IN)
157.245.111.30	32	wmp	None	2020-10-22 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:12	HIVE Case #4172 CTO-20-295 (IP=30,IN) | updated by TLM Block was inactive. Reactivated on 20220511 with reason HIVE Case #7564 TO-S-2022-0180 (IP=30,IN) HIVE Case #7564 TO-S-2022-0180 (IP=30,IN)
157.245.111.30	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:12	HIVE Case #4172 CTO-20-295 (IP=30,IN) | updated by TLM Block was inactive. Reactivated on 20220511 with reason HIVE Case #7564 TO-S-2022-0180 (IP=30,IN) HIVE Case #7564 TO-S-2022-0180 (IP=30,IN)
157.245.112.15	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:25	SQL injection - 6Hr Web Attacks (IP=15,US)
157.245.113.59	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:15	SQL injection - 6 Hr Web Report (IP=59,US)
157.245.113.92	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:53	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=92,US)
157.245.115.44	32	SW	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:23	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=44, US)
157.245.116.150	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:49	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=150,US)
157.245.116.99	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:27	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=99,US)
157.245.117.111	32	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:32	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attack (IP=111,US)
157.245.117.20	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:51	SERVER-WEBAPP F5 iControl REST interface ssrf attempt (1:57337:1) - SourceFire (IP=20,US)
157.245.117.228	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:46	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=228,US)
157.245.117.37	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:10	SQL injection - 6 Hr Web Report (IP=37,US)
157.245.118.188	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:18	SQL injection - Web Attacks (IP=188,US)
157.245.119.167	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:30	SQL injection - 6Hr Web Attacks (IP=167,US)
157.245.119.46	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:06	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=46,US)
157.245.121.157	32	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:40	SQL injection - 6Hr Web Attack (IP=157,US)
157.245.121.254	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:21	SQL injection - 6hr Web Attacks (IP=254,US)
157.245.122.206	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:07	Zimbra CVE-2022-27925 RCE (IP=206,US)
157.245.122.8	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:27	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=28,US)
157.245.123.186	32	AR	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-18 13:49:59	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=186,US)
157.245.123.221	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:21	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=221, US)
157.245.124.138	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:05	SQL injection - WebAttacks (IP=138,US)
157.245.126.218	32	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:49	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - Sourcefire (IP=218,CA)
157.245.126.58	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:04	SQL injection- 6hr Web Attacks (IP=58,US)
157.245.126.65	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:51	SQL injection - Web Attacks (IP=65,US)
157.245.126.65	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:14	SQL injection - Web Attacks (IP=65,US)
157.245.127.82	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:53	SQL use of concat function with select - likely SQL injection - SourceFire (IP=82,US)
157.245.127.82	32	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:47:54	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - Source Fire (IP=82,US)
157.245.128.107	32	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:29	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44329:2) - Source Fire (IP=107,US)
157.245.128.137	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:23	Django SQL Injection Vulnerability- 6Hr Web Attacks (IP=137,US)
157.245.129.111	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=111,US)
157.245.129.31	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:50	SQL injection - 6HR Web Attacks (IP=31, US)
157.245.13.194	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:04	SERVER-WEBAPP Dicoogle directory traversal attempt - SourceFire (IP=194,US)
157.245.13.249	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:27	SQL injection - 6 Hr Web Report (IP=249,US)
157.245.130.121	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:00	muieblackcat PHP Vulnerability Scanner - FE IPS Events (IP=121,US)
157.245.130.36	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:16	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=36,US)
157.245.132.0	32	RB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SQL injection - 6hr web attacks (IP=0,US)
157.245.133.40	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:57	SQL injection Web Attacks (IP=40,US)
157.245.135.157	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:10	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=157,US)
157.245.136.139	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:31	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - Source Fire (IP=139,US)
157.245.136.152	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:32	SQL injection - 6Hr Web Attacks (IP=152,US)
157.245.136.78	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:53	SQL injection - 6Hr Web Attacks (IP=78,US)
157.245.137.133	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:48	SQL injection - 6 Hr Web Report (IP=133,US)
157.245.137.234	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:13	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=234,US)
157.245.137.244	32	TLM	None	2022-05-03 00:00:00	2022-11-02 00:00:00	2022-05-04 20:59:42	HIVE Case #7506 TO-S-2022-0174 (IP=244,US)
157.245.139.168	32	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:10	HTTP: PHP File Inclusion Vulnerability (IP=168,US)
157.245.14.164	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:12	SQL injection - Web Attacks (IP=164,US)
157.245.14.57	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:20	SQL injection - 6hr Web Attacks (IP=57,US)
157.245.140.212	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:31	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=212,US)
157.245.140.227	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:12	SQL injection - Web Attacks (IP=227,US)
157.245.140.245	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:50	SQL injection - WebAttacks (IP=245,US)
157.245.141.14	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:14	SQL injection - Web Attacks (IP=14,US)
157.245.142.83	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:59	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=83, US)
157.245.142.84	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:10	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=84,US)
157.245.143.202	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:02	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=202,US)
157.245.143.62	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:29	SQL injection - 6hr Web Attacks (IP=62,US)
157.245.144.66	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:01	VMware vSphere CVE-2021-21985 Remote Code Execution Vulnerability - FE IPS Events (IP=66,SG)
157.245.145.117	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:41	HTTP: Detect PHP-CGI Remote code Execution vulnerability- Web Attacks (IP=117,SG)
157.245.146.1	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:29	SQL injection- 6hr Web Attacks (IP=1,SG)
157.245.147.190	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:39	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=190,SG)
157.245.147.190	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:45	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=190,SG)
157.245.148.64	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:10	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=64,SG)
157.245.149.174	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:17	SQL injection - Web Attacks (IP=174,US)
157.245.15.116	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:43	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6Hr Web Attacks (IP=116,US)
157.245.15.130	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:18	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=130,US)
157.245.15.164	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:25	SQL injection - 6 Hr Web Report (IP=164,US)
157.245.15.226	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:59	SQL injection - Web Attacks (IP=226,US)
157.245.151.133	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:02	HTTP SQL Injection Attempt - Web Attacks (IP=133,SG)
157.245.152.173	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:55	SQL injection - WebAttacks (IP=173,US)
157.245.152.49	24	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:40	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=49,SG)
157.245.153.37	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:49	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=37,SG)
157.245.154.17	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:55	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=17,SG)
157.245.154.17	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:38	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=17,SG)
157.245.155.52	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:25	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Source Fire (IP=52,SG)
157.245.156.7	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:46	SQL injection - WebAttacks (IP=7,US)
157.245.157.251	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:22	SQL injection - Web Attacks (IP=251,US)
157.245.157.251	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:11	SQL injection - Web Attacks (IP=251,US)
157.245.158.182	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:29	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=182,SG)
157.245.159.178	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:46	SERVER-WEBAPP Cisco ASA directory traversal attempt - SourceFire (IP=178,SG)
157.245.159.68	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:17	SQL injection - Web Attacks (IP=68,US)
157.245.192.106	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=106,SG)
157.245.192.106	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:20	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=106,SG)
157.245.193.222	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:47	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=222,SG)
157.245.193.224	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:36	SQL injection- Web Attacks (IP=224,US)
157.245.194.248	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:36	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01736(IP=248,SG)
157.245.194.33	32	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:18	SQL injection - Web Attacks (IP=33,US)
157.245.195.230	24	TC	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 22:53:09	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=230,SG)
157.245.196.25	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:42	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - Sourcefire (IP=25,SG)
157.245.197.164	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:20	SQL injection - WebAttacks (IP=164,US)
157.245.198.147	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:44	HIVE Case #7227 CTO 22-076 (IP=147,SG)
157.245.199.156	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:38	SQL injection - Web Attacks (IP=156,US)
157.245.2.187	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:39	SQL injection - Web Attacks (IP=187,US)
157.245.2.201	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:50	SQL injection - 6hr Web Attacks (IP=201,US)
157.245.2.71	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:58	SQL injection - Web Attacks (IP=71,US)
157.245.2.74	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:01	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=74,US)
157.245.201.137	24	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:50	SQL injection - 6HR Web Attacks (IP=137, SG)
157.245.201.210	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:38	HIVE Case #7769 CTO 22-165 (IP=210,SG)
157.245.202.226	24	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:45	SQL injection - 6HR Web Attacks (IP=226,SG)
157.245.203.54	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:33	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=54,SG)
157.245.204.109	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:11	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=109,SG)
157.245.206.54	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:29	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=54,SG)
157.245.207.198	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:09	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58722:5) - SourceFire Report (IP=198,US)
157.245.208.164	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:58	SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (3:56220:1) - SourceFire (IP=164,US)
157.245.210.127	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:06	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=127,US)
157.245.210.177	32	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:55	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - SourceFire (IP=177,US)
157.245.210.254	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:35	SQL injection - Web Attacks (IP=254,US)
157.245.212.112	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:29	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=112,US)
157.245.212.155	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:43	SQL injection - 6Hr Web Attacks (IP=155,US)
157.245.213.53	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:37	SQL injection - Web Attacks (IP=53,US)
157.245.214.10	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:17	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1317 attack attempt - SourceFire (IP=10,US)
157.245.214.166	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:14	Possible Cross-site Scripting Attack - IPS Events (IP=166,US)
157.245.214.28	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:54	SQL injection - Web Attacks (IP=28,US)
157.245.215.128	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:01	SQL injection - 6Hr Web Attacks (IP=128,US)
157.245.215.47	32	SW	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-09-01 13:52:42	SQL injection - WebAttacks (IP=47,US)
157.245.216.175	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:59	SQL 1 = 1 - possible sql injection attempt (1:30040:5) - SourceFire (IP=175,US)
157.245.216.184	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:29	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (1:49499:1) - SourceFire (IP=184,US)
157.245.216.219	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:42	SQL injection - 6Hr Web Attacks (IP=219,US)
157.245.216.43	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:43	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=43,US)
157.245.218.123	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:27	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=123,US)
157.245.218.181	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:08	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=181,US)
157.245.218.240	32	TH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:35	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire Report (IP=240,US)
157.245.219.144	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:47	SQL injection - WebAttacks (IP=144,US)
157.245.219.178	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:03	SQL injection - Web Attacks (IP=178,US)
157.245.220.118	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:30	SQL injection - Web Attacks (IP=118,US)
157.245.221.43	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:09	SQL injection - WebAttacks (IP=43,US)
157.245.222.22	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:44	SQL injection - WebAttacks (IP=22,US)
157.245.223.132	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:23	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=132,US)
157.245.240.139	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:21	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=139,US)
157.245.240.248	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:43	SQL injection - 6HR Web Attacks (IP=248,US)
157.245.240.50	32	NAB	None	2022-03-12 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:21	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=50,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=50,US) SQL injection - Web Attacks (IP=50,US)
157.245.240.50	32	RR	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:21	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=50,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=50,US) SQL injection - Web Attacks (IP=50,US)
157.245.241.2	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:53	SQL injection - 6 Hr Web Report (IP=2,US)
157.245.242.132	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:42	SQL injection - 6Hr Web Attacks (IP=132,US)
157.245.242.134	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:17	SQL injection - WebAttacks (IP=134,US)
157.245.242.17	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 13:53:01	SQL injection - 6hr Web Attacks (IP=17,US)
157.245.242.72	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:23	HTTP: Firefuzzer SQL Injection Scanning II- 6Hr Web Attacks (IP=72,US)
157.245.242.79	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:45	SQL injection - 6Hr Web Attacks (IP=79,US)
157.245.243.103	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:54	SQL injection - Web Attacks (IP=103,US)
157.245.243.147	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:28	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (1:58594:1) - SourceFire (IP=147,US)
157.245.244.3	32	SW	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=3, US)
157.245.244.53	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:49	HTTP SQL Injection Attempt - Web Attacks (IP=53,US)
157.245.248.48	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:48	SQL injection - 6 Hr Web Report (IP=48,US)
157.245.248.52	32	DT	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=52,US)
157.245.249.16	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:09	SQL injection - Web Attacks (IP=16,US)
157.245.249.86	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:51	SERVER-WEBAPP Multiple PACS Server directory traversal attempt - WebAttacks (IP=86,US)
157.245.250.201	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:26	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=201,US)
157.245.253.157	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:09	SQL injection - Web Attacks (IP=157,US)
157.245.253.24	32	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:11	SQL injection - 6Hr Web Attacks (IP=24,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt - SourceFire (IP=24,US) SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt - SourceFire (IP=24,US)
157.245.253.24	32	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:11	SQL injection - 6Hr Web Attacks (IP=24,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt - SourceFire (IP=24,US) SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt - SourceFire (IP=24,US)
157.245.253.24	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:11	SQL injection - 6Hr Web Attacks (IP=24,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt - SourceFire (IP=24,US) SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt - SourceFire (IP=24,US)
157.245.254.156	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:55	SERVER-WEBAPP Terramaster TOS command injection attempt (1:57442:1) - SourceFire (IP=156,US)
157.245.255.113	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:25	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=113, US)
157.245.255.157	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:12	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=157,US)
157.245.255.170	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:53:48	SQL injection - 6hr Web Attacks (IP=170,US)
157.245.32.38	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:51	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25886:3) - SourceFire (IP=38, GB)
157.245.33.51	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:21	SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt - SourceFire (IP=51,GB)
157.245.34.113	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:53	SQL injection - 6hr web attacks (IP=113,GB)
157.245.35.64	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:05	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=.64,GB)
157.245.36.13	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:43	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt (1:54824:1) - Sourcefire (IP=13,GB)
157.245.37.248	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:32	SQL injection - 6Hr Web Attacks (IP=248,GB)
157.245.39.129	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:12	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=129,GB)
157.245.4.156	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:58	SQL injection - 6 Hr Web Report (IP=156,US)
157.245.40.252	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:30	SQL injection- 6hr Web Attacks (IP=252,GB)
157.245.42.55	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:13	CA ARCserve D2D Axis2 Default Credentials Remote Code Execution - FE CMS IPS Events (IP=55,GB)
157.245.44.192	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:49	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=192,GB)
157.245.44.192	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:24	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=192,GB)
157.245.44.61	24	RR	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:29	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=61,GB)
157.245.46.121	24	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:23	SQL injection - 6Hr Web Attacks (IP=121,GB)
157.245.47.218	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:37	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt - Source Fire (IP=218,GB)
157.245.5.169	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:19	SQL injection - Web Attacks (IP=169,US)
157.245.50.223	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:50	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=223,SG)
157.245.51.45	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:43	SQL injection - Web Attacks (IP=45,SG)
157.245.55.184	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=184,SG)
157.245.57.74	24	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:54:59	Apache Struts2 ParametersInterceptor Remote Command Execution - IPS Events (IP=74,SG)
157.245.58.194	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:01	SQL injection - WebAttacks (IP=194,US)
157.245.59.69	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:55	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=69,SG)
157.245.6.194	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:43	POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (1:52561:2) - SourceFire (IP=194,US)
157.245.61.207	24	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:08	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=207,SG)
157.245.62.243	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:15	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attacks (IP=243,SG)
157.245.63.166	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:34	SQL injection - 6 Hr Web Report (IP=166,SG)
157.245.64.138	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:05	SQL injection - Web Attacks (IP=138,NL)
157.245.66.48	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:05	SQL injection - 6Hr Web Attacks (IP=48,NL)
157.245.67.86	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:04	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=86,NL)
157.245.69.48	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:22	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=48,NL)
157.245.7.21	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:09	SQL injection - 6 Hr Web Report (IP=21,US)
157.245.70.127	32	RW	None	2020-05-19 00:00:00	2022-06-09 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02850 (IP=127,US) | updated by TLM Block was inactive. Reactivated on 20211209 with reason HIVE Case #6624 CTO 21-341 (IP=127,NL) HIVE Case #6624 CTO 21-341 (IP=127,NL)
157.245.70.127	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C02850 (IP=127,US) | updated by TLM Block was inactive. Reactivated on 20211209 with reason HIVE Case #6624 CTO 21-341 (IP=127,NL) HIVE Case #6624 CTO 21-341 (IP=127,NL)
157.245.70.17	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:23	HTTP SQL Injection Attempt - Web Attacks (IP=17,NL)
157.245.70.17	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:12	HTTP SQL Injection Attempt - Web Attacks (IP=17,NL)
157.245.71.94	24	SW	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=94, NL)
157.245.72.161	24	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:13	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=161,NL) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=161,NL) SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=161,NL)
157.245.72.161	24	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:13	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=161,NL) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=161,NL) SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=161,NL)
157.245.72.161	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:13	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=161,NL) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=161,NL) SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=161,NL)
157.245.75.236	24	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:10	SQL injection - WebAttacks (IP=236,NL)
157.245.76.158	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
157.245.76.173	24	NAB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:19	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=173,NL)
157.245.77.25	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:09	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=25,NL)
157.245.79.143	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:55	HTTP: SQL Injection - Exploit II - WebAttacks (IP=143,NL)
157.245.8.174	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 22:41:53	SQL injection - 6HR Web Attacks (IP=174, US)
157.245.8.60	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:35	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=60,US)
157.245.8.63	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:55	SQL injection - 6 Hr Web Report (IP=63,US)
157.245.81.159	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:04	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=159,US)
157.245.81.164	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:56	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=164,US)
157.245.81.225	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:55	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=225,US)
157.245.83.107	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:27	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt - WebAttacks (IP=107,US)
157.245.83.107	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:27	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt - WebAttacks (IP=107,US)
157.245.84.180	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:36	SQL injection - 6 Hr Web Report (IP=180,US)
157.245.86.51	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:06	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=51,US)
157.245.88.183	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:13	SQL injection - Web Attacks (IP=183,US)
157.245.88.198	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:17	SQL injection - Web Attacks (IP=198,US)
157.245.88.227	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:33	SQL injection - 6 Hr Web Report (IP=227,US)
157.245.88.62	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:44	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - SourceFire Report (IP=62,US)
157.245.90.210	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:09	SQL injection - Web Attacks (IP=210,US)
157.245.90.56	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:23	SQL injection - WebAttacks (IP=56,US)
157.245.91.52	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:46	SQL injection - 6hr Web Attacks (IP=52,US)
157.245.91.79	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:44	SQL injection - 6hr Web Attacks (IP=79,US)
157.245.92.238	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:23	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=238,US)
157.245.92.238	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=238,US)
157.245.92.87	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:21	SQL injection - 6hr Web Attacks (IP=87,US)
157.245.93.13	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:06	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=13,US)
157.245.94.0	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:28	SQL injection - 6hr Web Attacks (IP=0,US)
157.245.95.103	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:35	SQL injection - Web Attacks (IP=103,US)
157.245.96.39	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:38	SQL injection - 6HR WebAttack (IP=39,IN)
157.245.97.236	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:30	SQL injection- 6hr Web Attacks (IP=236,IN)
157.245.98.88	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:37	File /etc/passwd Access Attempt Detect - IPS Events(IP=88,IN)
157.245.99.132	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:56	SERVER-WEBAPP Sitecore XP insecure deserialization attempt - SourceFire (IP=132,IN)
157.245.99.132	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:38	SERVER-WEBAPP Sitecore XP insecure deserialization attempt - SourceFire (IP=132,IN)
157.247.217.200	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=200,AT)
157.247.225.66	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=66,AT)
157.25.190.181	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
157.55.39.222	32	TC	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-11 22:52:11	HUNT IP Block request - IR# 22C01791 (IP=222,US)
157.55.87.116	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:28	SIPVicious Security Scanner - IPS Events(IP=116,US)
157.7.107.181	24	DT	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	Malicious Site Hive Case #6810 (IP=181,JP)
157.7.107.27	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6412 TO-S-2022-1635 (IP=27,JP)
157.7.107.53	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=53,JP)
157.7.144.5	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=5,JP)
157.7.44.229	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=229,JP) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=229,JP) HIVE Case #5968 TO-S-2021-1276 (IP=229,JP)
157.7.44.229	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=229,JP) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=229,JP) HIVE Case #5968 TO-S-2021-1276 (IP=229,JP)
157.88.193.20	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=20,ES)
157.90.14.242	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=242,DE)
157.97.122.10	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=10,BE)
158.101.118.236	32	NAB	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=236,US)
158.106.138.148	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
158.140.166.17	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
158.140.169.214	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=214,ID)
158.177.73.251	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:32	HIVE Case #7904 CTO 22-189 (IP=251,US)
158.195.45.77	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SK TO-S-2021-1037 Hive Case 4785 Malware Activity
158.247.192.171	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=171,KR)
158.247.193.17	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:22	HIVE Case #7495 CTO 22-120 (IP=17,KR)
158.247.194.247	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 18:09:58	HIVE Case #7921 CTO 22-193 (IP=247,KR)
158.247.194.99	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6183 CTO 21-254 (IP=99,KR)
158.247.195.79	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=79,KR)
158.247.197.143	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=143,KR)
158.247.199.220	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:30	HIVE Case #7769 CTO 22-165 (IP=220,KR)
158.247.200.24	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:31	HIVE Case #7853 CTO 22-179 (IP=24,KR)
158.247.200.240	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=240,KR)
158.247.204.191	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:12	HIVE Case #7564 TO-S-2022-0180 (IP=191,KR)
158.247.205.164	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=164,KR)
158.247.206.12	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:54	HIVE Case #7820 CTO 22-174 (IP=12,KR)
158.247.207.201	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=201,KR)
158.247.208.210	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=210,KR)
158.247.210.247	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=247,KR)
158.247.212.12	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=12,KR)
158.247.218.14	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=14,KR)
158.247.218.144	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=144,KR)
158.247.221.115	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:38	HIVE Case #7652 CTO 22-141 (IP=115,KR)
158.247.221.82	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:17	HIVE Case #7894 CTO 22-187 (IP=82,KR)
158.247.222.199	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=199,KR)
158.247.222.240	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:20	HIVE Case #7881 CTO 22-182 (IP=240,KR)
158.247.223.156	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=156,KR)
158.247.227.111	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:45	HIVE Case #7731 CTO 22-158 (IP=111,KR)
158.247.231.63	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:28	HIVE Case #7387 CTO 22-103(IP=63,KR)
158.247.237.215	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:24:58	HIVE Case #7608 CTO 22-137 (IP=215,KR)
158.255.211.40	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=40,AT)
158.36.153.153	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=153,NO)
158.58.187.44	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 20:26:08	HIVE Case #8166 COLS-NA TIP 21-0386 (IP=44,IR)
158.58.239.249	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
158.69.17.240	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
158.69.194.231	24	DT	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=231,CA)
158.69.222.101	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:18	HIVE Case #7535 TO-S-2022-0176 (IP=101,CA)
158.69.245.197	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=197,CA)
158.69.252.66	32	RR	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 13:49:52	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR # 22C01389 (IP=66,CA)
158.69.63.54	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=54,CA)
158.69.7.158	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=158,CA)
158.9.130.2	32	TAH	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-04-04 20:22:28	HIVE Case #7246 TO-S-2022-0153 (IP=2,US) | **CIRT T1** - IP UNBLOCK Request - Hive Case #7246 TO-S-2022-0153 by TAH
158.9.130.3	32	TAH	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-04-04 20:23:01	HIVE Case #7246 TO-S-2022-0153 (IP=3,US) | **CIRT T1** - IP UNBLOCK Request - Hive Case #7246 TO-S-2022-0153 by TAH
158.9.130.4	32	TAH	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-04-04 20:23:27	HIVE Case #7246 TO-S-2022-0153 (IP=4,US) | **CIRT T1** - IP UNBLOCK Request - Hive Case #7246 TO-S-2022-0153 by TAH
158.9.130.5	32	TAH	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-04-04 20:23:50	HIVE Case #7246 TO-S-2022-0153 (IP=5,US) | **CIRT T1** - IP UNBLOCK Request - Hive Case #7246 TO-S-2022-0153 by TAH
158.9.159.79	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:35	Self Report/ ColdFusion Error reporting - IR# 22C01640 (IP=79,US)
159.122.162.226	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=226,US)
159.122.162.227	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:33	HIVE Case #6729 CTO 22-004 (IP=227,US) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=227,US)
159.122.162.228	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=228,US)
159.122.162.230	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=230,US)
159.122.162.232	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=232,US)
159.122.162.236	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:33	HIVE Case #6729 CTO 22-004 (IP=236,US) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=236,US)
159.122.162.238	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=238,US)
159.122.73.30	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=30,DE)
159.138.112.70	32	TLM	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-09 18:53:33	HIVE Case #8250 COLS-NA-TIP 22-0310 (IP=70,CL)
159.138.150.139	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=139,CN)
159.138.224.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
159.146.2.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
159.146.20.146	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
159.146.34.135	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
159.146.51.185	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
159.146.67.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
159.146.86.93	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
159.146.94.103	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
159.148.186.228	24	KH	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	Malicious IP HIVE Case 6498 (IP=228,LV)
159.203.0.124	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:04	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=124,CA)
159.203.1.59	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:34	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=59,CA)
159.203.10.26	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:10	SQL injection - Web Attacks (IP=26,CA)
159.203.100.247	24	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:50:21	HTTP: PHP File InclusionVulnerability - Web Attacks (IP=247,US)
159.203.101.73	32	TH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 13:54:40	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire Report (IP=73,US)
159.203.103.75	32	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:20	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=75,US)
159.203.104.148	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=148, US)
159.203.104.245	32	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:25	SQL injection (IP=245,US)
159.203.104.60	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:09	SQL injection - Web Attacks (IP=60,US)
159.203.105.28	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:11	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=28,US)
159.203.106.159	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:22	SQL injection - WebAttacks (IP=159,US)
159.203.106.185	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:22	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=185,US)
159.203.106.253	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:52	SQL injection - 6HR Web Attacks (IP=253, US)
159.203.107.180	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:31	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=180,US)
159.203.107.218	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:10	SQL injection - Web Attacks (IP=218,US)
159.203.108.124	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:36	SQL injection - Web Attacks (IP=124,US)
159.203.108.178	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:35	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=178,US)
159.203.108.30	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:04	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - SourceFire (IP=30,US)
159.203.109.5	32	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:52	SQL injection - 6Hr Web Attack (IP=5,US)
159.203.11.17	24	WR	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:26	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6HR Web Attack (IP=17,CA)
159.203.11.247	24	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:54	SQL injection - 6 Hr Web Report (IP=247,CA)
159.203.110.68	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 14:05:27	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 Hr Web Report (IP=68,US)
159.203.110.98	32	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-03 14:03:27	SQL injection - 6 hr Web attacks (IP=98,US)
159.203.111.173	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:11	SQL injection - WebAttacks (IP=173,US)
159.203.111.30	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:52	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=30,US)
159.203.112.129	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:05	SQL injection - Web Attacks (IP=129,US)
159.203.112.250	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:23	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=250,US)
159.203.113.188	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 13:57:22	SQL injection - 6HR Web Attacks (IP=188,US)
159.203.113.236	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:46	SQL injection - Web Attacks (IP=236,US)
159.203.114.242	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:40	SQL injection - 6 Hr Web Report (IP=242,US)
159.203.116.116	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:33	ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt (1:21002462:3) - SourceFire (IP=116,US)
159.203.116.200	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=200,US)
159.203.116.238	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:31	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=238,US)
159.203.117.212	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:02	SQL injection - WebAttacks (IP=212,US)
159.203.117.225	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:42	SQL injection - 6HR Web Attacks (IP=225, US)
159.203.118.106	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:17	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=106,US)
159.203.118.3	32	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:09	SQL injection - Web Attacks (IP=3,US)
159.203.118.86	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:10	SQL injection - 6 Hr Web Report (IP=86,US)
159.203.119.22	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:20	SQL injection - Web Attacks (IP=22,US)
159.203.119.8	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:00	SQL injection - Web Attacks (IP=8,US)
159.203.12.172	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:55	SQL Injection- Web Attacks (IP=172,US)
159.203.12.172	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:14	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=172,CA)
159.203.120.58	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:21	POLICY-OSAER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - SourceFire Report (IP=58,US)
159.203.121.132	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:38	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=132,US)
159.203.121.234	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:27	SQL Injection - 6Hr Web Attacks (IP=234,US)
159.203.121.4	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:30	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - SourceFire (IP=4,US)
159.203.121.76	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:22	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=76,US)
159.203.122.105	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:30	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=105,US)
159.203.124.38	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:40	HTTP: PHP File Inclusion Vulnerability - IR# 22C01537 (IP=38 ,US)
159.203.124.73	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:10	SQL 1 = 1 - possible sql injection attempt (1:30041:4) - SourceFire (IP=73,US)
159.203.124.87	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:25	SQL injection - Web Attacks (IP=87,US)
159.203.125.163	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:13	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=163,US)
159.203.126.67	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:13	SQL injection - WebAttacks (IP=67,US)
159.203.127.180	32	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:41	SQL injection - Web Attacks (IP=180,US)
159.203.13.15	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:34	Adobe ColdFusion AdministratorAccess Restriction - Web Attacks (IP=15,CA)
159.203.14.164	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:20	SQL injection - 6hr web attacks (IP=164,CA)
159.203.15.200	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:44	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire (IP=200,CA)
159.203.16.219	24	AR	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-05-01 13:52:41	SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2) - SourceFire (IP=219,CA)
159.203.160.122	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=122,US)
159.203.160.33	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 22:48:45	SQL injection - WebAttacks (IP=33,US)
159.203.161.177	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:05	SQL injection- 6hr Web Attacks (IP=177,US)
159.203.161.2	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:02	SERVER-WEBAPP System Information Library for node.js command injection attempt - SourceFire (IP=2,US)
159.203.162.188	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:35	SQL injection - 6 Hr Web Report (IP=188,US)
159.203.163.247	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:37	Django SQL Injection Vulnerability - Web Attcks (IP=247,US)
159.203.166.101	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:00	SQL injection - Web Attacks (IP=101,US)
159.203.167.94	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:25	SQL injection - Web Attacks (IP=94,US)
159.203.168.116	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:06	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire Report (IP=116,US)
159.203.169.217	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:37	SQL injection - Web Attacks (IP=217,US)
159.203.169.24	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:59	SQL injection - Web Attacks (IP=24,US)
159.203.169.43	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:53	SQL injection - 6Hr Web Attacks (IP=43,US)
159.203.169.69	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:13	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt - SourceFire (IP=69,US)
159.203.17.206	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:38	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=206,CA)
159.203.170.121	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:31	SQL injection - 6Hr Web Attacks (IP=121,US)
159.203.170.139	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:43	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=139,US)
159.203.170.59	32	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:46:56	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Sourcefire (IP=59,US)
159.203.171.194	32	KH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:48	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=194,US)
159.203.172.153	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:52:56	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=153,US)
159.203.172.201	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:36	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) - SourceFire (IP=201,US)
159.203.173.134	32	KH	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:09	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire (IP=134,US)
159.203.173.240	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:26	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=240,US)
159.203.175.147	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:10	SQL injection - WebAttacks (IP=147,US)
159.203.177.0	32	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:57:59	SQL injection - WebAttacks (IP=0,US)
159.203.177.57	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:30	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=57,US)
159.203.179.98	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:03	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt - SourceFire (IP=98,US)
159.203.18.132	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:17	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=132,CA)
159.203.180.70	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:51	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=70,US)
159.203.181.179	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:37	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=179,US)
159.203.182.153	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:57	SQL injection - 6Hr Web Attacks (IP=153,US)
159.203.182.197	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:55	SQL injection - Web Attacks (IP=28,US)
159.203.182.230	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:30	SQL injection - 6Hr Web Attacks (IP=230,US)
159.203.183.105	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:03	SERVER-WEBAPP CGit cgit_clone_objects function directory traversal attempt - SourceFire (IP=105,US)
159.203.183.138	32	RW	None	2021-11-24 00:00:00	2022-02-22 00:00:00	None	File /etc/passwd Access Attempt Detect - Fireeye IPS (IP=138,US)
159.203.183.67	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:46	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt (1:49257:2) - SourceFire (IP=67,US)
159.203.185.250	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 13:57:23	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6HR Web Attacks (IP=250,US)
159.203.185.98	32	RB	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 13:51:59	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=98,US)
159.203.186.204	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:50	SQL injection - 6hr Web Attacks (IP=204,US)
159.203.19.182	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:17	SQL injection - Web Attacks (IP=182,CA)
159.203.190.203	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:41	SQL injection - 6 Hr Web Report (IP=203,US)
159.203.190.97	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:06	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - Source Fire (IP=97,US)
159.203.191.11	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=11,US)
159.203.2.75	24	NAB	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:55	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=75,CA)
159.203.20.118	24	RT	None	2022-03-22 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:29	SQL injection - 6HR Web Attack (IP=118,CA) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=118,CA) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=118,CA)
159.203.20.118	24	NAB	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:29	SQL injection - 6HR Web Attack (IP=118,CA) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=118,CA) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=118,CA)
159.203.21.39	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:06	SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt - SourceFire (IP=39,CA)
159.203.22.36	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:11	SQL injection - Web Attacks (IP=36,CA)
159.203.23.32	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:52	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=32,CA)
159.203.24.54	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:24	SQL injection - Web Attacks (IP=54,CA)
159.203.25.30	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:38	SQL injection - Web Attcks (IP=30,CA)
159.203.26.136	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:31	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=136,CA)
159.203.27.27	24	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:13	SQL injection - Web Attacks (IP=27,CA)
159.203.28.101	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:14	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=101,CA)
159.203.29.120	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:15	Django SQL Injection Vulnerability- Web Attacks (IP=120,CA)
159.203.30.224	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:31	SQL injection - 6Hr Web Attacks (IP=224,CA)
159.203.31.117	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:19	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=117,CA)
159.203.32.97	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:35	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2)- Sourcefire Rpt (IP=97,CA)
159.203.33.223	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:51	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=223,CA)
159.203.34.198	24	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:42	SQL injection - Web Attacks (IP=198,CA)
159.203.36.135	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:25	SQL injection - Web Attacks (IP=135,CA)
159.203.36.135	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:14	SQL injection - Web Attacks (IP=135,CA)
159.203.37.14	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:38	SQL injection - Web Attacks (IP=14,CA)
159.203.38.206	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:22	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Report (IP=,CA)
159.203.4.1	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:14	SQL injection - Web Attacks (IP=1,CA)
159.203.41.42	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:05	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=42,CA)
159.203.42.233	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:03	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=233,CA)
159.203.43.91	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:31	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - Source Fire (IP=91,CA)
159.203.44.155	24	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:01	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=155,CA)
159.203.44.176	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:16	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attacks (IP=176,CA)
159.203.45.116	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:37	SQL injection - Web Attacks (IP=116,CA)
159.203.46.179	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:48:57	SQL injection - 6hr Web Attacks (IP=179,CA)
159.203.47.190	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:05	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 HR WebAttack (IP=190,CA)
159.203.5.28	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:39	SQL injection - Web Attacks (IP=28,CA)
159.203.56.4	24	WR	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:24	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - Sourcefire (IP=4,CA)
159.203.57.32	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:12	SQL injection - Web Attacks (IP=32,CA)
159.203.58.197	24	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:53	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - SourceFire (IP=197,CA)
159.203.6.135	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:34	SQL generic sql insert injection attempt - POST parameter (1:15875:12) - SourceFire (IP=135,CA)
159.203.6.225	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:18	SQL injection - Web Attacks (IP=225,CA)
159.203.60.125	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:00	SQL injection - 6 Hr Web Report (IP=125,CA)
159.203.60.159	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:13	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=159,CA)
159.203.61.90	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:07	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttacks (IP=90,CA)
159.203.62.1	24	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:52	SQL injection - 6HR Web Attacks (IP=1, CA)
159.203.63.113	24	RT	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:48	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=113,CA)
159.203.64.126	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:44	SQL injection - WebAttacks (IP=126,US)
159.203.64.201	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:52	SQL injection - 6Hr Web Attacks (IP=201,US)
159.203.64.220	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:49	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:50015:1) - SourceFire (IP=220,US)
159.203.64.224	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:53:59	SQL injection - WebAttacks (IP=224,US)
159.203.65.94	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:35	SQL injection - 6hr Web Attacks (IP=94,US)
159.203.66.80	32	RB	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-25 14:09:15	SQL injection - WebAttacks (IP=80,US)
159.203.67.112	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:31	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (1:50304:2) - Sourcefire (IP=110,US)
159.203.67.179	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:41	SQL injection - WebAttacks (IP=179,US)
159.203.67.231	32	AR	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:14	SQL injection - 6Hr Web Attacks (IP=231,US)
159.203.68.12	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:01	SQL injection - 6 Hr Web Report (IP=12,US)
159.203.69.140	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:23	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire (IP=140,CA)
159.203.7.151	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:21	SQL injection - 6hr Web Attacks (IP=151,CA)
159.203.70.138	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:07	SQL injection - 6hr Web Attacks (IP=138,US)
159.203.71.219	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:22	SQL injection - 6hr Web Attacks (IP=219,US)
159.203.71.225	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:11	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=225,US)
159.203.72.15	32	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:42	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=15,US)
159.203.74.117	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:09	SQL injection - Web Attacks (IP=117,US)
159.203.74.36	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:07	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=36,US)
159.203.75.127	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:44	SQL injection - Web Attacks (IP=127,US)
159.203.75.207	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:26	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=207, US)
159.203.75.211	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:32	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire Report (IP=211,US)
159.203.75.233	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:33	SQL injection - WebAttack (IP=233,US)
159.203.76.205	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:50	SQL injection - WebAttacks (IP=205,US)
159.203.78.193	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:12	SQL injection - Web Attacks (IP=193,US)
159.203.79.52	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:07	SQL injection - 6HR Web Attacks (IP=52,US)
159.203.79.65	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:13	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=65,US)
159.203.8.163	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:11	SQL injection (IP=163,CA)
159.203.80.120	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:30	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=120,US)
159.203.80.152	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:57	SQL injection - 6 Hr Web Report (IP=152,US)
159.203.81.116	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:39	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=116,US)
159.203.81.158	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:52	SQL injection - 6Hr Web Attacks (IP=158,US)
159.203.82.187	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:57	SQL injection - Web Attacks (IP=187,US)
159.203.82.9	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:14	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (1:45421:2) - SourceFire (IP=9, US)
159.203.84.202	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:41	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=202, US)
159.203.85.158	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:22	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=158,US)
159.203.85.215	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:35	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (3:49987:3) - SourceFire (IP=215,US)
159.203.85.55	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:58	SQL injection - 6 Hr Web Report (IP=55,US)
159.203.86.183	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:21	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=183,US)
159.203.87.214	32	NAB	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:47	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=214,US)
159.203.87.49	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:30	SQL injection - 6hr Web Attacks (IP=49,US)
159.203.88.226	32	TC	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:59:01	SQL injection - WebAttacks (IP=226,US)
159.203.88.51	32	JP	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-22 13:55:03	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - Sourcefire (IP=51,US)
159.203.89.141	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:45	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire Report (IP=141,US)
159.203.89.254	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:47	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=254,US)
159.203.90.112	32	RR	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:06	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=112,US)
159.203.90.131	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:53	SQL Injection - Web Attacks (IP=131,US)
159.203.90.165	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:20	SQL injection - WebAttacks (IP=165,US)
159.203.90.247	32	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 22:45:08	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=247,US)
159.203.90.52	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:00	HTTP: Detect PHP-CGI Remote code Execution vulnerability - WebAttacks (IP=52,US)
159.203.90.65	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:33	SQL injection - 6hr Web Attacks (IP=65,US)
159.203.91.137	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=137,US)
159.203.91.187	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:51	SQL injection - WebAttacks (IP=187,US)
159.203.91.244	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:06	SQL injection - 6hr web attacks (IP=244,US)
159.203.92.235	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:03	SQL injection - WebAttacks (IP=235,US)
159.203.92.253	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:49	SQL injection - Web Attacks (IP=253,US)
159.203.92.8	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:35	SQL injection - Web Attacks (IP=8,US)
159.203.92.9	32	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=9,US)
159.203.93.61	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:19	SQL use of concat function with select - likely SQL injection - SourceFire (IP=61,US)
159.203.93.87	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:22	SQL injection - Web Attacks (IP=87,US)
159.203.94.175	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:05	SQL injection - Web Attacks (IP=175,US)
159.203.94.24	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:11	SQL injection - Web Attacks (IP=24,US)
159.203.95.125	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:19	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=125,US)
159.203.95.179	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:20	SERVER-WEBAPP Dicoogle directory traversal attempt (1:47664:1) - SourceFire Report (IP=179,US)
159.203.95.23	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:01	SQL injection - Web Attacks (IP=23,US)
159.203.95.246	32	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:25	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=246,US)
159.203.95.7	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:34	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=7,US)
159.203.96.148	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:25	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=148,US)
159.203.96.163	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:54	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=163,US)
159.203.96.183	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:26	SQL injection - Web Attacks (IP=183,US)
159.203.98.104	32	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:36	HTTP: SQL Injection - Exploit - WebAttacks (IP=104,US)
159.203.98.162	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:09	SQL injection - 6 Hr Web Report (IP=162,US)
159.223.0.245	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:43	SQL injection - 6hr web attacks (IP=245,NL)
159.223.1.7	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:39	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Source Fire (IP=7,NL)
159.223.10.62	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:55	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - Sourcefire Rpt (IP=62,NL)
159.223.101.112	32	JY	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 22:55:49	SQL injection 6 hr web attacks (IP=112,US)
159.223.101.184	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:19	SQL injection - Web Attacks (IP=184,US)
159.223.102.42	32	RR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=42,US)
159.223.102.53	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:15	SQL injection - Web Attacks (IP=53,US)
159.223.103.121	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:11	SQL injection - 6 Hr Web Report (IP=121,US)
159.223.104.138	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:13	SERVER-WEBAPP Spring Security OAuth remote code execution attempt - SourceFire (IP=138,US)
159.223.104.160	32	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:10	SQL injection - Web Attacks (IP=160,US)
159.223.104.41	32	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:55	Possible Cross-site Scripting Attack - IPS Events (IP=41,US)
159.223.106.110	32	NAB	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=110,US)
159.223.106.25	32	AR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=25,US)
159.223.106.46	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:28	SQL injection - 6Hr Web Attacks (IP=46,US)
159.223.107.103	32	AR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:44	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=103,US)
159.223.107.108	32	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:43	SQL injection - Web Attacks (IP=108,US)
159.223.107.131	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:48	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=131,US)
159.223.108.15	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:03	SQL injection - WebAttacks (IP=15,US)
159.223.109.68	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:40	HTTP SQL Injection Attempt - 6hr web attacks (IP=68,US)
159.223.11.163	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:27	SQL injection - 6hr web attacks (IP=163,NL)
159.223.11.224	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:03	SQL injection - Web Attacks (IP=224,US)
159.223.111.88	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:09	SERVER-WEBAPP Java ClassLoader access attempt (1:30790:8) - SourceFire (IP=88,US)
159.223.112.69	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:52	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt - SourceFire (IP=69,US)
159.223.113.211	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:45	HTTP: PHP File Inclusion Vulnerability - IR# 22C01531 (IP=211,US)
159.223.113.66	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:06	SQL injection - Web Attacks (IP=66,US)
159.223.114.194	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:40	SQL injection - WebAttacks (IP=194,US)
159.223.115.157	32	AR	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:50	SQL injection - WebAttacks (IP=157,US)
159.223.115.253	32	RS	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:16	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=253,US)
159.223.115.53	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:53	SQL injection - WebAttacks (IP=53,US)
159.223.116.107	32	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:22	SQL injection - Web Attacks (IP=107,US)
159.223.116.173	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:32	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=173,US)
159.223.116.97	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:13	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=97,US)
159.223.117.10	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:03	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - SourceFire (IP=10,US)
159.223.117.96	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:23	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt - SourceFire (IP=96,US)
159.223.118.152	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:13	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=152,US)
159.223.118.168	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:42	SQL injection - 6 Hr Web Report (IP=168,US)
159.223.119.249	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:37	SQL injection- Web Attacks (IP=249,US)
159.223.119.36	32	TH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:16	Exploit.Log4Shell.CVE-2021-44228 - FE NX Alerts (IP=36,US)
159.223.12.47	24	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:27	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=47,NL)
159.223.120.123	32	AR	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 13:43:40	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - SourceFire (IP=123,US)
159.223.120.202	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:46	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=202,US)
159.223.120.224	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:12	SQL injection - Web Attacks (IP=224,US)
159.223.120.243	32	TH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-29 13:57:18	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire Report (IP=243,US)
159.223.122.123	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:42	SQL injection - 6 Hr Web Report (IP=123,US)
159.223.122.125	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:10	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=125,US)
159.223.122.2	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:13	SQL injection - Web Attacks (IP=2,US)
159.223.122.203	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:24	SQL injection - WebAttacks (IP=203,US)
159.223.122.48	32	TC	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 13:49:45	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) (1:2034673:2) - SourceFire (IP=48,US)
159.223.122.6	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:24	SQL injection - 6hr Web Attacks (IP=6,US)
159.223.124.118	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:01	SQL injection - Web Attacks (IP=118,US)
159.223.124.135	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:50	SQL injection - 6 Hr Web Report (IP=135,US)
159.223.124.181	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:00	SQL injection - WebAttacks (IP=181,US)
159.223.124.74	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:34	SQL injection - Web Attacks (IP=74,US)
159.223.125.139	32	wmp	None	2021-10-29 00:00:00	2022-01-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=139,US)
159.223.125.144	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:36	HTTP: SQL Injection - Exploit - WebAttacks (IP=144,US)
159.223.125.145	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:11	SQL injection - Web Attacks (IP=145,US)
159.223.125.249	32	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:29	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=249,US)
159.223.126.164	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:52	SQL injection - 6hr Web Attacks (IP=164,US)
159.223.126.169	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:21	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR# 22C01654 (IP=169,US)
159.223.126.175	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:59	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=175,US)
159.223.127.167	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:56	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=167,US)
159.223.128.30	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:19	SQL injection - Web Attacks (IP=30,US)
159.223.129.126	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:27	SQL injection - 6 Hr Web Report (IP=126,US)
159.223.129.160	32	ZH	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=160,US)
159.223.129.29	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:04	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=29,US)
159.223.13.204	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:07	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=204,NL)
159.223.130.17	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:33	SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (1:52355:1) - SourceFire Report (IP=17,US)
159.223.131.1	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:15	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter - SourceFire (IP=1,US)
159.223.133.10	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:13	SQL injection - Web Attacks (IP=10,US)
159.223.133.92	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:13	SQL injection - Web Attacks (IP=92,US)
159.223.134.104	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:14	SQL injection - Web Attacks (IP=104,US)
159.223.134.159	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:25	SQL injection - WebAttacks (IP=159,US)
159.223.134.174	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:59	SQL injection - Web Attacks (IP=174,US)
159.223.134.24	32	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:06	SQL injection - 6hr Web Attacks (IP=24,US)
159.223.135.109	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:40	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=109,US)
159.223.135.15	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:26	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=15,US)
159.223.135.237	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 22:41:54	SQL injection - 6HR Web Attacks (IP=237, US)
159.223.135.239	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:01	SQL injection - Web Attacks (IP=239,US)
159.223.136.92	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:54	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=92,US)
159.223.138.31	32	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:25	SQL injection- Web Attacks (IP=31,US)
159.223.138.91	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:32	SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt (1:49899:1) - SourceFire (IP=91,US)
159.223.139.123	32	SW	None	2022-01-24 00:00:00	2022-04-24 00:00:00	None	HTTP: SQL Injection - Exploit II - WebAttacks (IP=123,US)
159.223.14.123	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:14	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=123,NL)
159.223.140.117	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:26	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=117,US)
159.223.140.159	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:56	SQL injection - 6Hr Web Attacks (IP=159,US)
159.223.140.177	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:24	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - SourceFire (IP=177,US)
159.223.140.224	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:30	SERVER-WEBAPP WebSVN search command injection attempt - SourceFire (IP=224,US)
159.223.140.227	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:09	SQL injection - WebAttacks (IP=227,US)
159.223.141.142	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:40	SQL injection - 6Hr Web Attacks (IP=142,US)
159.223.141.159	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:31	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=159,US)
159.223.141.249	32	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:44	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=249,US)
159.223.141.66	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:10	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=66,US)
159.223.141.92	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:16	SQL injection - Web Attacks (IP=92,US)
159.223.142.135	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:26	SQL injection - Web Attacks (IP=135,US)
159.223.142.151	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:14	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt - SourceFire (IP=151,US)
159.223.142.200	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:15	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=200,US)
159.223.142.245	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:15	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=245,US)
159.223.143.0	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=0,US)
159.223.143.126	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:50	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=126,US)
159.223.143.181	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:42	SQL injection - WebAttacks (IP=181,US)
159.223.144.114	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:37	SQL injection - Web Attacks (IP=114,US)
159.223.144.191	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:40	SQL injection - Web Attacks (IP=191,US)
159.223.144.37	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:27	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=37,US)
159.223.145.191	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:03	SQL injection - WebAttacks (IP=191,US)
159.223.145.199	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:41	POLICY-OTHER PHP uri tag injection attempt - Source Fire (IP=199,US)
159.223.146.175	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:41	SQL injection - 6Hr Web Attacks (IP=175,US)
159.223.146.186	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:48	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=186,US)
159.223.147.43	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:42	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=43,US)
159.223.148.118	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:42	SQL injection - 6Hr Web Attacks (IP=118,US)
159.223.148.150	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:04	SQL injection - WebAttacks (IP=150,US)
159.223.148.168	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:42	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt - Source Fire (IP=168,US)
159.223.148.23	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:03	SQL injection - WebAttacks (IP=23,US)
159.223.148.48	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:28	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=48,US)
159.223.148.88	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:54	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=88,US)
159.223.149.199	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:16	SQL injection - Web Attacks (IP=199,US)
159.223.149.244	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:09	SQL injection - WebAttacks (IP=244,US)
159.223.149.62	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:04	SQL injection - WebAttacks (IP=62,US)
159.223.15.227	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:45	SQL injection - WebAttacks (IP=227,US)
159.223.15.31	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:04	SQL injection - 6Hr Web Attacks (IP=31,NL)
159.223.150.178	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:11	SQL injection - Web Attacks (IP=178,US)
159.223.151.101	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:43	SQL injection - 6 hr Web Attacks (IP=101,US)
159.223.151.205	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:23	SQL injection - Web Attacks (IP=205,US)
159.223.151.207	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:43	SQL injection - 6 hr Web Attacks (IP=207,US)
159.223.152.104	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:38	SQL injection - Web Attacks (IP=104,US)
159.223.152.187	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:53	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=187,US)
159.223.152.203	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:22	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=203,US)
159.223.152.239	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:28	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=239,US)
159.223.154.11	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:05	SQL injection - WebAttacks (IP=11,US)
159.223.154.44	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:36	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (1:51924:4)- Sourcefire Rpt (IP=44,US)
159.223.155.2	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:07	SQL injection - 6Hr Web Attacks (IP=2,US)
159.223.155.219	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:53	SQL injection - 6hr Web Attacks (IP=219,US)
159.223.156.141	32	RR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=141,US)
159.223.156.222	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:45	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=222,US)
159.223.156.249	32	IJ	None	2022-09-30 00:00:00	2022-12-30 00:00:00	2022-09-30 22:47:33	HTTP: PHP File Inclusion Vulnerability- 6 Hr Web Attacks Report (IP=249,US)
159.223.157.129	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:18	SQL injection - WebAttacks (IP=129,US)
159.223.158.227	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:07	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Source Fire (IP=227,US)
159.223.158.237	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:26	HIVE Case #7227 CTO 22-076 (IP=237,US)
159.223.158.254	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:53	SQL injection - WebAttacks (IP=254,US)
159.223.158.40	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:52	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=40,US)
159.223.159.118	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:54	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=118,US)
159.223.159.140	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:37	HIVE Case #7198 CTO 22-071 (IP=140,US)
159.223.159.208	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:44	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - SourceFire (IP=208,US)
159.223.159.245	32	ZH	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 22:55:17	Webshell.Binary.php.FEC2 (IP=245,US)
159.223.16.105	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:52	SQL injection - WebAttacks (IP=105,US)
159.223.160.115	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:05	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=115,US)
159.223.160.57	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:22	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=57,US)
159.223.161.166	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:44	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=166,US)
159.223.161.218	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:08	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=218,US)
159.223.163.83	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:52	SQL injection - Web Attacks (IP=83,US)
159.223.164.53	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:26	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=53,US)
159.223.164.59	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:31	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=59,US)
159.223.164.97	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:40	SQL injection - WebAttacks (IP=97,US)
159.223.165.216	32	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=216,US)
159.223.167.36	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=36,US)
159.223.168.198	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:03	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=198,US)
159.223.169.177	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:37	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=177,US)
159.223.169.22	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:49	SQL injection - Web Attacks (IP=22,US)
159.223.169.33	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:29	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=33,US)
159.223.169.47	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:42	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=47,US)
159.223.17.130	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:34	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - Sourcefire Rpt (IP=130,DE)
159.223.170.163	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:44	SQL injection - 6 hr Web Attacks (IP=163,US)
159.223.170.230	32	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:19	SQL injection - Web Attacks (IP=230,US)
159.223.171.171	32	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:6)- Sourcefire Rpt (IP=171,US)
159.223.171.98	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:41:13	SQL injection - Web Attacks (IP=98,US)
159.223.172.144	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:45	SQL injection - 6 Hr Web Report (IP=144,US)
159.223.172.242	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:55:00	SQL injection - Web Attacks (IP=242,US)
159.223.172.250	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:16	SERVER-WEBAPP rConfig snippets SQL injection attempt (1:59329:1) - SourceFire (IP=250,US)
159.223.173.203	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:13	SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (1:41642:2) - SourceFire (IP=203,US)
159.223.173.226	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:33	SQL injection - Web Attacks (IP=226,US)
159.223.174.182	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:10	SQL injection - WebAttacks (IP=182,US)
159.223.174.53	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=53,US)
159.223.175.248	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:10	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - 6hr Web Attacks (IP=248,US)
159.223.175.65	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:45	SQL injection - 6 Hr Web Report (IP=65,US)
159.223.176.210	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:23	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (1:58069:1) - SourceFire (IP=210,US)
159.223.176.4	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:09	SQL injection - 6Hr Web Attacks (IP=4,US)
159.223.177.13	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:45	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - Sourcefire (IP=13,US)
159.223.178.130	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:37	SQL injection - Web Attacks (IP=130,US)
159.223.178.153	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:01	SQL injection - WebAttacks (IP=153,US)
159.223.178.204	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:58	SQL injection - 6hr Web Attacks (IP=204,US)
159.223.178.214	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:22	SQL injection - Web Attacks (IP=214,US)
159.223.179.161	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:23	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=161,US)
159.223.179.180	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:15	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=180, US)
159.223.179.20	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:16	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=20,US)
159.223.18.124	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:54	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=124,DE)
159.223.180.171	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:05	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=171,US)
159.223.180.43	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Source Fire (IP=43,US)
159.223.181.193	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:04	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=193,US)
159.223.181.84	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:46	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=84,US)
159.223.182.129	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:39	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=129,US)
159.223.182.216	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:58	SQL injection Web Attacks (IP=216,US)
159.223.182.62	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:30	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=62,US)
159.223.182.69	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:32	SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt - SourceFire (IP=69,US)
159.223.183.123	32	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:57	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=123,US)
159.223.184.208	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:46	SQL injection- 6hr Web Attacks (IP=208,US)
159.223.184.213	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:53	SQL injection - Web Attacks (IP=213,US)
159.223.185.147	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:55:00	SQL injection - Web Attacks (IP=147,US)
159.223.186.3	32	NAB	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=3,US)
159.223.188.120	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:57	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=120,US)
159.223.188.197	32	ZH	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=197,US)
159.223.188.223	32	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:49:03	SQL injection - Web Attacks (IP=223,US)
159.223.188.59	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:38	SQL injection - Web Attacks (IP=59,US)
159.223.188.70	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:27	HIVE Case #7227 CTO 22-076 (IP=70,US)
159.223.188.72	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:51	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=72,US)
159.223.189.102	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:34	SQL injection - Web Attacks (IP=102,US)
159.223.189.69	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:18	SQL injection - Web Attacks (IP=69,US)
159.223.19.79	24	TH	None	2022-06-07 00:00:00	2022-09-05 00:00:00	2022-06-08 13:48:12	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt - SourceFire Report (IP=79,DE)
159.223.190.104	32	RB	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-12 22:45:02	SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (1:51925:4) - SourceFire (IP=104,US)
159.223.190.166	32	ZH	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-03 13:44:41	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=166,US)
159.223.190.59	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:38	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=59,US)
159.223.190.62	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:58	SERVER-WEBAPP Yealink Device Management server side request forgery attempt (1:57367:1) - SourceFire (IP=62,US)
159.223.191.126	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:06	SQL injection - 6 Hr Web Report (IP=126,US)
159.223.192.11	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:34	Adobe ColdFusion Administrator Access Restriction - WebAttack (IP=11,US)
159.223.192.114	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:58	ET INFO Possible Apache log4j RCE Attempt - Any Protocol - SourceFire (IP=114,US)
159.223.192.159	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:47:03	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=159,US)
159.223.192.25	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:33	SERVER-WEBAPP F5 iControl REST interface ssrf attempt - SourceFire (IP=25,US)
159.223.192.27	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:35	SQL injection - WebAttack (IP=27,US)
159.223.192.30	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:49	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=30,US)
159.223.192.46	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:35	Adobe ColdFusion Administrator Access Restriction - WebAttack (IP=46,US)
159.223.192.8	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:44	SQL injection - Web Attacks (IP=8,US)
159.223.193.136	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:59	SQL injection - 6hr Web Attacks (IP=136,US)
159.223.193.145	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:59	SQL injection - 6hr Web Attacks (IP=145,US)
159.223.193.172	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:51	SQL injection - 6 Hr Web Report (IP=172,US)
159.223.193.198	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:17	SQL injection - Web Attacks (IP=198,US)
159.223.193.200	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:18	SQL injection - Web Attacks (IP=200,US)
159.223.194.147	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:47	SQL injection - 6hr Web Attacks (IP=147,US)
159.223.194.182	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:48	HIVE Case #7731 CTO 22-158 (IP=182,US)
159.223.194.28	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:42	SQL injection - 6 Hr Web Report (IP=28,US)
159.223.194.90	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:47	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=90,US)
159.223.195.40	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:48	ZmEu phpMyAdmin Vulnerability Scanner - FE CMS IPS Events (IP=40,US)
159.223.195.40	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:43	ZmEu phpMyAdmin Vulnerability Scanner FE CMS IPS alert (IP=40,SG)
159.223.196.123	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:48	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=123,US)
159.223.196.206	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:42	SQL injection - 6 Hr Web Report (IP=206,US)
159.223.196.50	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:05	SQL injection - Web Attacks (IP=50,US)
159.223.196.86	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:47:00	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=86,US)
159.223.196.91	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:55	SQL injection - 6Hr Web Attacks (IP=91,US)
159.223.196.92	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:55	SQL injection - 6Hr Web Attacks (IP=92,US)
159.223.196.97	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:56	SQL injection - 6Hr Web Attacks (IP=97,US)
159.223.197.0	32	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:09	SQL injection - Web Attacks (IP=0,US)
159.223.197.141	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:41	SQL injection - 6Hr Web Attacks (IP=141,US)
159.223.197.177	32	RS	None	2022-05-27 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:14	SQL injection - 6Hr Web Attacks (IP=177,US) | updated by SW Block expiration extended with reason Possible Cross-site Scripting Attack - IPS Events(IP=,177,US)
159.223.197.181	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:39	SQL injection - 6Hr Web Attacks (IP=181,US)
159.223.197.185	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:38	SQL injection - 6Hr Web Attacks (IP=185,US)
159.223.197.186	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:50	DoctorAppointmentSystem SQL Injection Vulnerability - 6Hr Web Attacks (IP=186,US)
159.223.197.197	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:49	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=197,US)
159.223.197.199	32	NAB	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:16	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=199,US)
159.223.197.203	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:23	SQL injection - 6Hr Web Attacks (IP=203,US)
159.223.197.210	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:22	SQL injection - 6Hr Web Attacks (IP=210,US)
159.223.197.247	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:18	SQL injection - 6 Hr Web Report (IP=247,US)
159.223.198.104	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:50	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=104,US)
159.223.198.116	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:19	SQL use of concat function with select - likely SQL injection - SourceFire (IP=116,US)
159.223.198.117	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:51	SQL injection - 6hr Web Attacks (IP=117,US)
159.223.198.144	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:54	SQL injection - WebAttacks (IP=144,US)
159.223.198.205	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:46	SQL injection - WebAttacks (IP=205,US)
159.223.198.235	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:47	SQL injection - 6 hr Web Attacks (IP=235,US)
159.223.198.41	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:47	SQL injection - WebAttacks (IP=41,US)
159.223.198.52	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:10	SQL injection - Web Attacks (IP=52,US)
159.223.198.65	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:36	SQL injection - Web Attacks (IP=65,US)
159.223.198.87	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:52	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - SourceFire (IP=87,US)
159.223.199.128	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:35	SQL injection - 6hr Web Attacks (IP=128,US)
159.223.199.203	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:14	SQL injection - Web Attacks (IP=203,US)
159.223.199.253	32	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 13:55:49	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=253,US)
159.223.2.182	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:35	SQL injection - Web Attacks (IP=182,NL)
159.223.200.192	32	RR	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:37	SQL injection - Web Attacks (IP=192,US)
159.223.200.209	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:10	SQL injection - Web Attacks (IP=209,US)
159.223.200.255	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:18	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=255,US)
159.223.201.223	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:48	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=223,US)
159.223.201.225	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:12	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire Report (IP=225,US)
159.223.201.245	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:47	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=245,US)
159.223.202.104	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:51	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=104,US)
159.223.202.182	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:48	SQL injection - WebAttacks (IP=182,US)
159.223.202.193	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:24	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:49503:1) - Sourcefire Rpt (IP=193,US)
159.223.202.195	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:20	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54598:2) - SourceFire (IP=195,US)
159.223.202.215	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:46	SQL injection - 6hr Web Attacks (IP=215,US)
159.223.202.236	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:36	SQL injection - 6hr Web Attacks (IP=236,US)
159.223.202.25	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:55:01	SQL injection - Web Attacks (IP=25,US)
159.223.202.47	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:52	SQL injection - 6hr Web Attacks (IP=47,US)
159.223.202.72	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:53	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=72,US)
159.223.202.86	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:32	SQL injection - Web Attacks (IP=86,US)
159.223.203.115	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:16	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire Report (IP=115,US)
159.223.203.125	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:30	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=125,US)
159.223.203.138	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:30	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=138,US)
159.223.203.141	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:21	SQL injection - Web Attacks (IP=141,US)
159.223.203.179	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:53	SQL injection - 6 Hr Web Report (IP=179,US)
159.223.203.194	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:56	SQL injection - 6Hr Web Attacks (IP=194,US)
159.223.203.57	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:50	SQL injection - Web Attacks (IP=57,US)
159.223.203.79	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:20	SQL injection - Web Attacks (IP=79,US)
159.223.203.82	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:35	SQL injection - Web Attacks (IP=82,US)
159.223.203.96	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:21	SQL injection - Web Attacks (IP=96,US)
159.223.204.105	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:03	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=105,US)
159.223.204.218	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:55:01	SQL injection - Web Attacks (IP=218,US)
159.223.204.25	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:10	SQL injection - Web Attacks (IP=25,US)
159.223.204.48	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:38	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - SourceFire (IP=48,US)
159.223.204.6	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:31	SERVER-WEBAPP Yealink VoIP phone directory traversal attempt - Source Fire (IP=6,US)
159.223.204.92	32	RR	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:48:57	SQL injection - Web Attacks (IP=92,US)
159.223.205.109	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:11	SQL injection - Web Attacks (IP=109,US)
159.223.205.111	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:21	SQL injection - Web Attacks (IP=111,US)
159.223.205.12	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:34	INDICATOR-OBFUSCATION select concat statement - possible sql injection - SourceFire (IP=12,US)
159.223.205.178	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:12	SQL injection - Web Attacks (IP=178,US)
159.223.205.212	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:20	SQL injection - Web Attacks (IP=212,US)
159.223.205.253	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:22	SQL injection - 6Hr Web Attacks (IP=253,US)
159.223.205.65	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:34	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=65,US)
159.223.205.74	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:11	SQL injection - Web Attacks (IP=74,US)
159.223.206.13	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:36	SQL injection - 6hr Web Attacks (IP=13,US)
159.223.206.202	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:19	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=202,US)
159.223.207.149	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:10	SQL injection - 6 Hr Web Report (IP=149,US)
159.223.207.211	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:11	SQL injection - 6 Hr Web Report (IP=211,US)
159.223.207.40	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:49	SQL injection - 6 Hr Web Report (IP=40,US)
159.223.208.152	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:31	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=152,NL)
159.223.208.29	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:52	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - WebAttacks (IP=29,US)
159.223.209.220	32	TH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-29 13:57:20	Malicious Domain - Hive Case #8204 (IP=220,US)
159.223.209.47	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:58	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=47,NL)
159.223.209.48	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:53	HTTP: Blind SQL Injection - Timing - WebAttacks (IP=48,US)
159.223.21.105	24	AR	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-02 13:32:48	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=105,DE)
159.223.21.254	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:12	SQL injection - Web Attacks (IP=254,US)
159.223.210.111	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:26	HIVE Case #7458 CTO 22-113 (IP=111,NL)
159.223.210.19	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:25	SQL injection - 6hr Web Attacks (IP=19,US)
159.223.211.4	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:55	SQL injection - 6 Hr Web Report (IP=4,NL)
159.223.212.251	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:52:56	SERVER-WEBAPP Java ClassLoader access attempt - SourceFire (IP=251,NL)
159.223.213.49	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:32	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=49, NL)
159.223.214.222	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:52:57	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - SourceFire (IP=222,NL)
159.223.215.176	24	TH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:34	Possible Cross-site Scripting Attack - FE CMS IPS Events (IP=176,NL)
159.223.215.49	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:56	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - Sourcefire Rpt (IP=49,US)
159.223.216.225	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:59	SERVER-WEBAPP Zimbra remote code execution attempt (1:29027:6) - SourceFire (IP=225,NL)
159.223.217.163	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:03	SQL injection - 6Hr Web Attacks (IP=163,NL)
159.223.217.71	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:04	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=71,NL)
159.223.218.74	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:42	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=74,NL)
159.223.219.117	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:39	SQL injection - Web Attacks (IP=117,NL)
159.223.219.119	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:41	SQL injection - Web Attacks (IP=119,US)
159.223.22.139	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:54	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=139,US)
159.223.22.163	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:29	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=163, DE)
159.223.220.134	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:37	SQL injection- Web Attacks (IP=134,US)
159.223.220.15	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:55	SQL injection - WebAttacks (IP=15,US)
159.223.220.81	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:24	SQL Injection - 6Hr Web Attacks (IP=81,US)
159.223.221.58	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:59	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=58,NL)
159.223.222.177	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:38	SQL injection - Web Attacks (IP=177,US)
159.223.222.45	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:35	SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (1:21073:7) - Sourcefire Rpt (IP=45,NL)
159.223.222.93	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:09	SQL injection - WebAttacks (IP=93,US)
159.223.223.252	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:13	HTTP: PHP File Inclusion Vulnerability (IP=252,NL)
159.223.223.86	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:12	SQL injection - Web Attacks (IP=86,US)
159.223.224.19	24	JP	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:57	- 6HR Web Attacks (IP=19, NL)
159.223.224.213	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:37	SQL injection - WebAttacks (IP=213,US)
159.223.224.251	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:47	SQL injection - Web Attacks (IP=251,US)
159.223.225.26	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:36	SQL injection - Web Attacks (IP=26,NL)
159.223.226.63	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:33	SQL injection - 6hr Web Attack (IP=63,NL)
159.223.227.148	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:39	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire Report (IP=148,NL)
159.223.228.168	24	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:21	SQL injection - 6Hr Web Attacks (IP=168,NL)
159.223.228.80	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:27	SQL injection - Web Attacks (IP=80,US)
159.223.229.11	24	JP	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:39	SQL injection - 6HR Web Attacks (IP=11,NL)
159.223.229.2	32	AR	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:44	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=2,US)
159.223.229.56	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:41	SQL injection - Web Attacks (IP=56,US)
159.223.229.67	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:58	SQL injection - WebAttacks (IP=67,US)
159.223.229.96	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:30	SQL injection - Web Attacks (IP=96,US)
159.223.23.206	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:32	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=206,DE)
159.223.23.232	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:19	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=232,US)
159.223.230.138	24	TH	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-16 18:12:40	SQL injection - 6 Hr Web Report (IP=138,NL)
159.223.230.224	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:19	SQL injection - Web Attacks (IP=224,US)
159.223.231.175	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:30	SQL injection - Web Attacks (IP=175,US)
159.223.232.73	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:59	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=73,NL)
159.223.233.139	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:04	SQL injection - Web Attacks (IP=139,NL)
159.223.234.10	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:12	HIVE Case #7458 CTO 22-113 (IP=10,NL)
159.223.234.147	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:56	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - Web Attacks (IP=147,US)
159.223.234.247	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:36	SQL injection - Web Attacks (IP=247,NL)
159.223.234.50	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:20	Django SQL Injection Vulnerability - Web Attacks (IP=50,US)
159.223.234.61	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:55	SQL injection - Web Attacks (IP=61,US)
159.223.235.205	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:04	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=205,NL)
159.223.236.110	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:04	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=110,NL)
159.223.236.111	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:42	SIPVicious Security Scanner - FE IPS Events (IP=111,NL)
159.223.237.67	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:07	SQL injection - 6Hr Web Attacks (IP=67,NL)
159.223.237.88	32	RB	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:42	HTTP: PHPUnit Remote Code Execution Vulnerability - IR# 22C01243 (IP=88,US)
159.223.238.107	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:45	rConfig SQL Injection Vulnerability - Web Attacks (IP=107,NL)
159.223.238.99	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:17	HIVE Case #7341 CTO 22-092 (IP=99,NL)
159.223.239.5	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:35	SQL injection - 6hr Web Attacks (IP=5,NL)
159.223.24.141	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:36	SQL injection - 6hr Web Attacks (IP=141,DE)
159.223.26.128	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=128,US)
159.223.26.17	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:11	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire Report (IP=17,DE)
159.223.27.204	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:12	HTTP SQL Injection Attempt (IP=204,DE)
159.223.28.77	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:25	SQL injection - 6Hr Web Attacks (IP=77,DE)
159.223.29.246	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:25	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=246,DE)
159.223.3.22	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:24	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - Sourcefire (IP=22,NL)
159.223.30.28	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:35	Adobe ColdFusion AdministratorAccess Restriction - Web Attacks (IP=28,DE)
159.223.31.247	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:56	HTTP SQL Injection Attempt - Web Attacks (IP=247,US)
159.223.31.91	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:15	Django SQL Injection Vulnerability - 6 Hr Web Report (IP=91,DE)
159.223.32.131	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:05	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=131,SG)
159.223.33.1	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:59	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=1,SG)
159.223.34.220	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:05	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=220,SG)
159.223.35.62	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:14	Django SQL Injection Vulnerability- 6hr Web Attacks (IP=62,SG)
159.223.36.150	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:35	SERVER-WEBAPP Pulse Secure SSL VPN arbitrary file read attempt - SourceFire (IP=150,SG)
159.223.36.233	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:55	SQL injection - Web Attacks (IP=233,US)
159.223.38.222	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:32	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=222,SG)
159.223.38.35	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=35,SG)
159.223.39.131	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:46	SQL injection - WebAttacks (IP=131,US)
159.223.39.56	24	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:44	SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt (1:48065:2) - SourceFire (IP=56,HK)
159.223.39.88	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:43	SQL injection - Web Attcks (IP=88,US)
159.223.40.49	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:25	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (1:57495:1) - SourceFire (IP=49,SG)
159.223.41.52	24	KH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:33	File /etc/passwd Access Attempt Detect - FE CMS (IP=52,SG)
159.223.42.148	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:31	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=148,SG)
159.223.43.232	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:36	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - Sourcefire Rpt (IP=232,SG)
159.223.43.4	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:59	SQL injection - WebAttacks (IP=4,US)
159.223.44.216	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:45	SQL union select - possible sql injection attempt - POST parameter - Sourcefire(IP=216,SG)
159.223.45.115	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:15	SQL injection- 6hr Web Attacks (IP=115,SG)
159.223.46.197	24	KD	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-19 13:46:42	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=197,SG)
159.223.47.238	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:26	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=238,SG)
159.223.49.194	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:10	Possible Cross-site Scripting Attack - FE CMS IPS Events (IP=194,SG)
159.223.5.198	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:36	SQL injection - WebAttacks (IP=198,US)
159.223.5.30	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=30,NL)
159.223.50.249	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:09	Possible Cross-site Scripting Attack - FE CMS IPS Events (IP=249,SG)
159.223.51.37	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=37,US)
159.223.52.135	24	WR	None	2022-02-13 00:00:00	2022-05-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=135,SG)
159.223.53.90	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	FTP Login Failed - 6 hr Failed Logon (IP=90,SG)
159.223.54.176	24	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:36	SQL injection - WebAttacks (IP=176,SG)
159.223.55.176	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:59	SQL injection - WebAttacks (IP=176,US)
159.223.55.86	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:06	SQL injection - Web Attacks (IP=.86,SG)
159.223.56.171	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:18	SQL injection - WebAttacks (IP=171,US)
159.223.56.208	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:03	SQL injection - 6Hr Web Attacks (IP=208,SG)
159.223.56.6	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=6,SG)
159.223.57.116	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:40	SQL injection - Web Attacks (IP=116,US)
159.223.57.145	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:48	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt - SourceFire (IP=145,SG)
159.223.58.39	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:16	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=39,SG)
159.223.59.49	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:20	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=49,SG)
159.223.6.180	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:22	SQL injection - 6hr Web Attacks (IP=180,NL)
159.223.60.28	24	AR	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=28,SG)
159.223.61.100	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:09	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=100,SG)
159.223.62.116	24	RR	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:49:01	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt - SourceFire (IP=116,SG)
159.223.63.129	24	RB	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-11 14:39:50	Apache Log4j Attempt (IP=129,SG)
159.223.64.212	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:16	HTTP SQL Injection Attempt- 6hr Web Attacks (IP=212,SG)
159.223.64.217	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:25	HUNT IP Block Request - IR# 22C01887(IP=217,SG)
159.223.65.128	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:10	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59299:1) - SourceFire Report (IP=128,SG)
159.223.66.183	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:50	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - SourceFire (IP=183,SG)
159.223.66.183	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:27	SQL injection - Web Attacks (IP=183,US)
159.223.67.133	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:05	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - Sourcefire (IP=133,SG)
159.223.68.196	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:39	SQL injection - Web Attacks (IP=196,SG)
159.223.69.241	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:26	File /etc/passwd Access Attempt Detect - FE CMS IPS alert (IP=241,SG)
159.223.7.112	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:20	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=112,US)
159.223.7.201	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:53	SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (3:56220:1) - SourceFire (IP=201,NL)
159.223.70.18	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:22	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - Sourcefire Report (IP=,SG)
159.223.71.45	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:45	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt- Sourcefire(IP=45,SG)
159.223.72.198	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:59	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=198,SG)
159.223.73.26	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:31	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=26,SG)
159.223.74.108	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:37	SQL injection - 6hr Web Attacks (IP=108,US)
159.223.74.44	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:57	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Rpt (IP=44,SG)
159.223.75.22	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:38	SQL injection - 6hr Web Attacks (IP=22,SG)
159.223.76.31	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:01	HTTP SQL Injection Attempt - WebAttacks (IP=31,US)
159.223.77.244	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:43	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=244,US)
159.223.77.79	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:57	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (1:44472:3) - Sourcefire Rpt (IP=79,SG)
159.223.78.164	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:11	SQL injection- WebAttacks(IP=164,SG)
159.223.78.22	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:13	SQL injection - Web Attacks (IP=22,US)
159.223.79.170	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:52	SQL injection - 6hr Web Attacks (IP=170,SG)
159.223.8.159	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:38	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=159,NL)
159.223.80.210	24	WR	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:24	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - Sourcefire (IP=210,SG)
159.223.82.91	24	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:57	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51466:1) - SourceFire (IP=91,SG)
159.223.83.200	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:38	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=200,SG)
159.223.84.125	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:32	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=125,SG)
159.223.84.212	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:17	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=212,SG)
159.223.85.131	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:57	SQL injection - Web Attacks (IP=131,US)
159.223.85.222	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:21	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=222,US)
159.223.86.46	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:46	SIPVicious Security Scanner - FE IPS Events (IP=46,SG)
159.223.87.241	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:33	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=241,SG)
159.223.88.17	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:45	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire Report (IP=17,SG)
159.223.89.253	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:24	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=253,SG)
159.223.90.51	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:20	SQL injection - Web Attacks (IP=51,US)
159.223.91.183	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:21	SQL injection - Web Attacks (IP=183,US)
159.223.91.73	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:26	SQL injection - 6hr Web Attacks (IP=73,SG)
159.223.93.162	24	JP	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:55	Atlassian Confluence CVE-2022-26134 RCE - IPS Events (IP=162,SG)
159.223.94.116	24	AR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:07	FE_Webshell_PHP_Generic_1 - FireEye CMS (IP=116,SG)
159.223.95.235	32	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:52	SQL injection - 6HR Web Attacks (IP=235,US)
159.223.95.98	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:33	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt - SourceFire (IP=98,SG)
159.223.96.136	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:32	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt - SourceFire (IP=136,US)
159.223.96.242	32	AR	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C00296 (IP=242,US)
159.223.96.36	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:34	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=36,US)
159.223.96.65	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:40	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=65,US)
159.223.96.91	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:48	SERVER-WEBAPP Aviatrix Controller directory traversal attempt - SourceFire (IP=91,US)
159.223.97.1	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=1,US)
159.223.97.219	32	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=219,US)
159.223.97.95	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:32	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt - Source Fire (IP=95,US)
159.223.98.104	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:53	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=104,US)
159.223.98.32	32	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:17	HTTP: SQL Injection - Exploit - WebAttacks (IP=32,US)
159.223.98.41	32	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:20	Possible Cross-site Scripting Attack - FE IPS (IP=41,US)
159.223.99.14	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:22	SQL injection - Web Attacks (IP=14,US)
159.223.99.157	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:24	SQL injection - 6hr Web Attacks (IP=157,US)
159.223.99.224	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:14	Exploit.Log4Shell.CVE-2021-44228 - (IP=224,US)
159.223.99.243	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:32	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917)- 6hr Web Attacks (IP=243,US)
159.223.99.52	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:08	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (1:57907:4) - SourceFire (IP=52,US)
159.23.65.114	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:43	HIVE Case #7904 CTO 22-189 (IP=114,US)
159.23.65.116	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:19	HIVE Case #7928 CTO 22-194 (IP=116,US)
159.233.134.48	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6593 TO-S-2022-0087 (IP=48,US)
159.246.29.79	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=79,US)
159.253.43.126	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
159.65.1.77	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:28	SQL injection - 6hr web attacks (IP=77,SG)
159.65.1.99	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:29	SQL injection - Web Attacks (IP=99,SG)
159.65.10.245	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:58	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=245,SG)
159.65.10.245	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:05	SERVER-WEBAPP Zimbra remote code execution attempt - Sourcefire (IP=245,SG)
159.65.11.214	24	NAB	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:08	SQL injection- Web Attacks (IP=214,CA) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=214,SG) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=214,SG)
159.65.11.214	24	KD	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:08	SQL injection- Web Attacks (IP=214,CA) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=214,SG) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=214,SG)
159.65.112.188	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:37	SQL injection - 6 HR WebAttack (IP=188,DE)
159.65.113.204	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=204,DE)
159.65.118.171	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:21	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=171,DE)
159.65.120.158	24	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:49	File /etc/passwd Access Attempt Detect - FE CMS IPS Events (IP=158,DE)
159.65.124.7	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:29	SQL injection - Web Attacks (IP=7,DE)
159.65.124.7	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:43	SQL injection - Web Attacks (IP=7,DE)
159.65.125.177	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:46	SQL injection - Web Attacks (IP=177,DE)
159.65.128.240	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:14	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=240,SG)
159.65.130.124	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:28	SQL injection - WebAttacks (IP=124,SG)
159.65.130.124	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:29	SQL injection - WebAttacks (IP=124,SG)
159.65.130.58	24	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:34	SQL injection - Web Attacks (IP=58,SG)
159.65.131.212	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:30	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=212,SG)
159.65.132.230	24	RT	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 14:15:46	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=230,SG)
159.65.133.83	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:44	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=83,SG)
159.65.134.219	24	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:13	SQL injection - Web Attacks (IP=219,SG)
159.65.134.35	24	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:28	SQL injection - 6HR Web Attacks (IP=35,SG)
159.65.135.20	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:52	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=20,SG)
159.65.135.20	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:26	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=20,SG)
159.65.136.3	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:36	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=3,SG)
159.65.137.154	24	TC	None	2022-09-04 00:00:00	2022-12-03 00:00:00	2022-09-05 12:31:08	SQL injection - 6hr Web Attacks (IP=154,SG)
159.65.138.58	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:06	SQL injection - 6 HR WebAttack (IP=58,SG)
159.65.14.9	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:13	DoctorAppointmentSystem SQL Injection Vulnerability - Web Attacks (IP=9,SG)
159.65.140.177	24	RR	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-15 14:09:21	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=177,SG)
159.65.144.145	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:24	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=145,IN)
159.65.145.214	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:28	SQL injection - Web Attacks (IP=214,IN)
159.65.147.114	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:47:59	SQL injection - Web Attacks (IP=114,IN)
159.65.147.134	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:59	SQL injection - WebAttacks (IP=134,IN)
159.65.148.255	24	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:37	SQL injection - WebAttacks (IP=255,IN)
159.65.149.167	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:21	SQL injection - Web Attacks (IP=167,IN)
159.65.15.237	24	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:50	SQL injection - WebAttacks (IP=237,SG)
159.65.150.167	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=167,IN)
159.65.150.167	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=167,IN)
159.65.152.59	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:09	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=59,IN)
159.65.153.232	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:52	HTTP: SQL Injection - Exploit - Web Attacks (IP=232,IN)
159.65.154.81	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:56	SQL injection - Web Attacks (IP=81,IN)
159.65.154.81	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:18	SQL injection - Web Attacks (IP=81,IN)
159.65.155.208	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=208,IN)
159.65.156.16	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:57	SQL injection - WebAttacks (IP=16,IN)
159.65.157.168	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:36	SQL injection- Web Attacks (IP=168,IN)
159.65.158.163	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:38	SQL injection - Web Attacks (IP=163,IN)
159.65.159.93	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:34	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attack (IP=93,IN)
159.65.16.91	24	NAB	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:46	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=91,GB)
159.65.160.210	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:10	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=210,US)
159.65.160.215	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:02	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=215,US)
159.65.160.35	32	TH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-16 13:52:00	SQL injection - 6 Hr Web Report (IP=35,US)
159.65.161.163	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:02	SQL injection - WebAttacks (IP=163,US)
159.65.162.38	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:00	SQL injection - 6 Hr Web Report (IP=38,US)
159.65.162.86	32	TH	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-16 18:12:40	SQL injection - 6 Hr Web Report (IP=86,US)
159.65.163.212	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:48	SQL injection - WebAttacks (IP=212,US)
159.65.164.110	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:01	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=110,US)
159.65.164.156	32	AR	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-05-01 13:52:40	SQL injection - 6Hr Web Attacks (IP=156,US)
159.65.164.179	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:04	SQL injection - Web Attacks (IP=179,US)
159.65.164.2	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:42	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=2, US)
159.65.164.45	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:41	SQL injection - WebAttacks (IP=45,US)
159.65.164.60	32	RS	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:57	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=60,US)
159.65.165.52	32	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:02	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=52,US)
159.65.165.76	32	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 22:41:19	SQL injection - 6hr Web Attacks (IP=76,US)
159.65.165.90	32	TH	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:58	SQL injection - 6 Hr Web Report (IP=90,US)
159.65.166.120	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:39	SQL injection - 6hr Web Attacks (IP=120,US)
159.65.167.148	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:37	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - SourceFire (IP=148,US)
159.65.167.148	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:43	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - SourceFire (IP=148,US)
159.65.167.22	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=22,US)
159.65.167.88	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:11	SQL injection - 6 Hr Web Report (IP=88,US)
159.65.168.11	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:16	SQL injection- 6hr Web Attacks (IP=11,US)
159.65.168.140	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:09	SQL injection - Web Attacks (IP=140,US)
159.65.168.17	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:44	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=17,US)
159.65.168.201	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:40	SQL injection - Web Attacks (IP=201,US)
159.65.168.223	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:15	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt - SourceFire (IP=223,US)
159.65.168.224	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:53	SQL injection - WebAttacks (IP=224,US)
159.65.168.87	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:26	SQL injection - Web Attacks (IP=87,US)
159.65.169.72	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:10	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=72,US)
159.65.17.149	24	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:26	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=149,GB)
159.65.170.176	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:50	SQL injection - Web Attacks (IP=176,US)
159.65.170.193	32	KH	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:12	SQL injection - Web Attacks (IP=193,US)
159.65.170.236	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:47	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=236,US)
159.65.170.96	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:07	SQL injection - 6Hr Web Attacks (IP=96,US)
159.65.171.94	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:47	SQL injection - Web Attacks (IP=94,US)
159.65.172.144	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:06	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=144,US)
159.65.172.97	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:55	SQL injection - WebAttacks (IP=97,US)
159.65.173.171	32	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:04	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire Report (IP=171,US)
159.65.173.174	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:23	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=174,US)
159.65.174.212	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:45	SQL injection - 6 Hr Web Report (IP=212,US)
159.65.174.218	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:15	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=218,US)
159.65.175.30	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:53	SQL injection - WebAttacks (IP=30,US)
159.65.175.97	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 14:05:28	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=97,US)
159.65.176.210	32	AR	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:47	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=210,US)
159.65.176.240	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:08	File /etc/passwd Access Attempt Detect (IP=240,US)
159.65.176.249	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:32	SQL injection - WebAttacks (IP=249,US)
159.65.177.17	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:46	SQL injection - 6 Hr Web Report (IP=17,US)
159.65.177.26	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:32	SQL injection- 6hr Web Attacks (IP=26,US)
159.65.177.46	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:39	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=46,US)
159.65.177.63	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:43	SQL injection - 6Hr Web Attacks (IP=63,US)
159.65.178.208	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:25	SQL injection - 6hr Web Attacks (IP=208,US)
159.65.179.182	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:52	SQL injection - 6hr Web Attacks (IP=182,US)
159.65.18.38	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:11	SQL injection - WebAttacks (IP=38,GB)
159.65.180.108	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:29	SQL injection - Web Attacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US)
159.65.180.108	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:29	SQL injection - Web Attacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US)
159.65.180.108	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:29	SQL injection - Web Attacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US)
159.65.180.108	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:29	SQL injection - Web Attacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=108,US) SQL injection - WebAttacks (IP=108,US)
159.65.180.164	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:32	SQL injection - Web Attacks (IP=164,US)
159.65.180.198	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:33	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=198,US)
159.65.180.73	32	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:41	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=73,US)
159.65.181.134	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:16	SQL injection - Web Attacks (IP=134,US)
159.65.181.154	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:03	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=154,US)
159.65.181.157	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:28	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=157,US)
159.65.181.53	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 22:47:36	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=53,US)
159.65.182.94	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:16	SQL injection - Web Attacks (IP=94,US)
159.65.184.179	32	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:48:00	SQL injection - Web Attacks (IP=179,US)
159.65.184.49	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:09	SQL injection - WebAttacks (IP=49,US)
159.65.184.99	32	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:58	HIVE Case #7532 IOC_SOLARDEFLECTION C2 (IP=99,US)
159.65.185.116	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:52	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=116,US)
159.65.185.175	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:08	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=175, US)
159.65.186.50	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:53	HIVE Case #7904 CTO 22-189 (IP=50,US)
159.65.187.179	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:40	SQL injection - WebAttacks (IP=179,US)
159.65.188.126	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:27	SQL injection - Web Attacks (IP=126,US)
159.65.188.18	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:53	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=18,US)
159.65.188.189	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=189,US)
159.65.188.239	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:57	SSLv2 Client Hello Request Detected - SourceFire (IP=239,US)
159.65.189.169	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:40	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=169,US)
159.65.190.250	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:30	SQL injection - WebAttacks (IP=250,US)
159.65.190.250	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:30	SQL injection - WebAttacks (IP=250,US)
159.65.191.204	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:58	SQL injection - WebAttacks (IP=204,US)
159.65.192.55	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:38:00	SERVER-WEBAPP WordPress get_post authentication bypass attempt - SourceFire (IP=55,NL)
159.65.193.237	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:50	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=237,NL)
159.65.194.103	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=103,NL)
159.65.195.169	32	RR	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 13:49:07	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01428 (IP=169,NY)
159.65.195.169	32	RR	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 13:49:07	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01428 (IP=169,NY) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01428 (IP=169,NY)
159.65.195.200	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:22	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=200,NL)
159.65.196.83	24	SW	None	2022-08-24 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:30	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=83, NL) | updated by RR Block expiration extended with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=83,NL)
159.65.197.233	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:24	SQL injection - 6 Hr Web Report (IP=233,NL)
159.65.198.202	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:41	SQL injection - Web Attacks (IP=202,NL)
159.65.199.240	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:54	SQL Injection- Web Attacks (IP=240,US)
159.65.199.240	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:15	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=240,NL)
159.65.2.49	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:00	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=49,SG)
159.65.20.222	24	TH	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:35	SQL injection - 6 Hr Web Report (IP=222,GB) | updated by RR Block expiration extended with reason SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - SourceFire (IP=222,GB)
159.65.201.203	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:06	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=203,NL)
159.65.202.13	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:41	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire (IP=13,NL)
159.65.203.91	24	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:28	SQL injection - 6 Hr Web Report (IP=91,NL)
159.65.204.226	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:44	HTTP: PHP File Upload Vulnerability Detected - WebAttacks (IP=226,NL)
159.65.205.202	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:48	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - SourceFire (IP=202,NL)
159.65.206.154	24	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:11	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=154,NL)
159.65.207.198	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:12	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=198,NL)
159.65.21.243	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:38:00	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt - SourceFire (IP=243,GB)
159.65.216.109	24	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:45	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=109,GB)
159.65.217.105	32	AR	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:42	SQL injection - WebAttacks (IP=105,US)
159.65.217.180	32	AR	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:54:03	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=180,US)
159.65.219.170	32	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:07	SQL injection - 6hr Web Attacks (IP=170,US)
159.65.22.94	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:14	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=94,GB)
159.65.220.186	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:53	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=186,US)
159.65.221.173	32	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:33	SERVER-WEBAPP Unraid Operating System PHP code injection attempt (1:58550:1) - Source Fire (IP=173,US)
159.65.222.4	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:45	SQL injection - 6hr Web Attacks (IP=4,US)
159.65.222.52	32	RR	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:36	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=52,US)
159.65.223.172	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:46	SQL injection - Web Attacks (IP=172,US)
159.65.224.118	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:07	Malicious activity IR#: 22C01951 (IP=118,US)
159.65.227.134	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:51	SQL injection - 6HR Web Attacks (IP=134, US)
159.65.228.185	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:10	SQL injection - 6hr Web Attacks (IP=185,US)
159.65.228.79	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:54	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=79,US)
159.65.229.14	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:14	SQL injection - Web Attacks (IP=14,US)
159.65.229.173	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:49	SQL injection - 6 hr Web Attacks (IP=173,US)
159.65.229.176	32	AR	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:27	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=176,US)
159.65.230.197	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 22:52:34	SQL injection - WebAttacks (IP=197,US)
159.65.231.41	32	RB	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:54	SQL injection - WebAttacks (IP=41,US)
159.65.232.170	32	RR	None	2021-05-12 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:51	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=170,US) | updated by RR Block was inactive. Reactivated on 20210512 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by BB Block was inactive. Reactivated on 20211213 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by SW Block was inactive. Reactivated on 20220703 with reason SQL injection - WebAttacks (IP=170,US) SQL injection - WebAttacks (IP=170,US)
159.65.232.170	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:51	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=170,US) | updated by RR Block was inactive. Reactivated on 20210512 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by BB Block was inactive. Reactivated on 20211213 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by SW Block was inactive. Reactivated on 20220703 with reason SQL injection - WebAttacks (IP=170,US) SQL injection - WebAttacks (IP=170,US)
159.65.232.170	32	RR	None	2020-11-26 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:51	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=170,US) | updated by RR Block was inactive. Reactivated on 20210512 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by BB Block was inactive. Reactivated on 20211213 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by SW Block was inactive. Reactivated on 20220703 with reason SQL injection - WebAttacks (IP=170,US) SQL injection - WebAttacks (IP=170,US)
159.65.232.170	32	BB	None	2021-12-13 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:51	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=170,US) | updated by RR Block was inactive. Reactivated on 20210512 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by BB Block was inactive. Reactivated on 20211213 with reason SQL injection - Web Attacks (IP=170,US) SQL injection - Web Attacks (IP=170,US) | updated by SW Block was inactive. Reactivated on 20220703 with reason SQL injection - WebAttacks (IP=170,US) SQL injection - WebAttacks (IP=170,US)
159.65.232.253	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:19	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=253,US)
159.65.233.168	32	AR	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=168,US)
159.65.234.77	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:50	SQL injection - 6 hr Web Attacks (IP=77,US)
159.65.236.35	32	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:21	HTTP SQL Injection Attempt - Web Attcks (IP=35,US)
159.65.237.209	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:17	HTTP SQL Injection Attempt - Web Attacks (IP=209,US)
159.65.238.79	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:38	HIVE Case #7198 CTO 22-071 (IP=79,US)
159.65.239.135	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:50	SQL injection - WebAttacks (IP=135,US)
159.65.240.176	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:17	SQL injection- 6hr Web Attacks (IP=176,US)
159.65.240.99	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:14	SQL injection - Web Attacks (IP=99,US)
159.65.242.39	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:23	SQL injection - 6hr web attacks (IP=39,US)
159.65.243.255	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:36	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=255,US)
159.65.243.29	32	SW	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:54	Possible SQLi attempt - IR # 22C00973(IP=29,US)
159.65.244.223	32	TH	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire Report (IP=223,US)
159.65.244.24	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:20	SQL injection - Web Attacks (IP=24,US)
159.65.245.158	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:14	SQL injection - Web Attacks (IP=158,US)
159.65.248.200	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:48	SQL injection - Web Attacks (IP=200,US)
159.65.248.247	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:42	SQL injection - 6Hr Web Attacks (IP=247,US)
159.65.249.120	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:51	SQL injection - 6 Hr Web Report (IP=120,US)
159.65.249.185	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:07	SQL injection - 6Hr Web Attacks (IP=185,US)
159.65.25.215	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:46	SQL injection- Web Attacks(IP=215,GB)
159.65.250.119	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:31	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - Sourcefire (IP=119,US)
159.65.251.122	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:03	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=122,US)
159.65.251.206	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:24	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (1:52603:1) - SourceFire Report (IP=206,US)
159.65.252.25	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:22	SQL injection - Web Attacks (IP=25,US)
159.65.253.37	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:23	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=37,US)
159.65.254.173	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:10	SQL injection - Web Attacks (IP=173,US)
159.65.27.98	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:44	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Source Fire (IP=98,GB)
159.65.28.233	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:06	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=233,GB)
159.65.29.60	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:45	SQL injection - 6hr web attacks (IP=60,GB)
159.65.3.206	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:36	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=206,SG)
159.65.30.100	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:57	SQL injection - Web Attacks (IP=100,GB)
159.65.30.100	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:19	SQL injection - Web Attacks (IP=100,GB)
159.65.31.184	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:28	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=184,GB)
159.65.31.45	32	BB	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=45,US)
159.65.32.105	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=105,US)
159.65.32.95	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:40	SQL injection - Web Attacks (IP=95,US)
159.65.33.133	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:41	HTTP: SQL Injection - Exploit II - Web Attacks (IP=133,US)
159.65.33.96	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:05	SQL injection - Web Attacks (IP=96,US)
159.65.35.152	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:00	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=152,US)
159.65.35.170	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:53	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=170,US)
159.65.35.200	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:18	SQL injection - Web Attacks (IP=200,US)
159.65.35.200	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:18	SQL injection - Web Attacks (IP=200,US)
159.65.35.44	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:52	SQL injection - WebAttacks (IP=44,US)
159.65.35.95	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:42	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=95, US)
159.65.36.210	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:28	SQL injection - Web Attacks (IP=210,US)
159.65.36.210	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:17	SQL injection - Web Attacks (IP=210,US)
159.65.36.245	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 22:52:31	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - SourceFire (IP=245, US)
159.65.36.89	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:44	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=89, US)
159.65.37.161	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:51	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=161,US)
159.65.37.204	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:45	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=204,US)
159.65.37.48	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:36	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=48,US)
159.65.39.146	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:33	SQL injection - Web Attacks (IP=146,US)
159.65.40.57	32	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:41	SQL injection - WebAttacks (IP=57,US)
159.65.41.115	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:33	SQL injection - Web Attacks (IP=115,US)
159.65.41.200	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:40	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR#22C01397 (IP=200,US)
159.65.42.213	32	AR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 13:55:35	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=213,US)
159.65.42.238	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:23	CVE 2021-44228 (1:40140200:1) - SourceFire (IP=238, US)
159.65.43.233	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:48:59	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - SourceFire (IP=233,US)
159.65.43.45	32	DT	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-08 13:46:31	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - Source Fire (IP=14,US)
159.65.44.20	32	KH	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:28	SolarView Compact CVE-2022-29303 OS Command Injection - FE CMS (IP=20,US)
159.65.44.236	32	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:50	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=236,US)
159.65.44.74	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:31	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=74,US)
159.65.45.175	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:11	SQL injection - Web Attacks (IP=210,US)
159.65.45.2	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:22	SQL injection - Web Attacks (IP=2,US)
159.65.45.69	32	JP	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:57	- 6HR Web Attacks (IP=69, US)
159.65.46.131	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:24	SQL injection - WebAttacks (IP=131,US)
159.65.46.245	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:44	SQL injection - 6hr Web Attacks (IP=245,US)
159.65.46.81	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 13:54:20	SQL injection - WebAttacks (IP=81,US)
159.65.47.140	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:10	SQL injection - 6hr Web Attacks (IP=140,US)
159.65.47.204	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:01	SQL injection - WebAttacks (IP=204,US)
159.65.47.215	32	AR	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-25 13:54:53	SQL injection - Web Attack (IP=215,US)
159.65.48.75	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=75,GB)
159.65.48.80	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:25	SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt - SourceFire (IP=80,GB)
159.65.50.94	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:56	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=94,GB)
159.65.51.145	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=145,GB)
159.65.51.145	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=145,GB)
159.65.52.168	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:38:01	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=168,GB)
159.65.53.167	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:26	SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt - SourceFire (IP=167,GB)
159.65.54.145	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:58	SQL injection - Web Attacks (IP=145,GB)
159.65.54.145	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:20	SQL injection - Web Attacks (IP=145,GB)
159.65.55.181	24	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:18	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=181,GB) | updated by RR Block expiration extended with reason SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=181,GB)
159.65.56.122	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:16	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=122,GB)
159.65.56.251	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=251,GB)
159.65.57.132	24	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:23	SQL injection - Web Attacks (IP=132,GB)
159.65.57.133	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:47:01	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=133,GB)
159.65.58.66	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=66,GB)
159.65.59.244	24	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:44	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=244,DE)
159.65.60.35	24	TH	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 14:04:46	SQL injection - 6 Hr Web Report (IP=35,GB)
159.65.61.60	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:10	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=60,GB)
159.65.62.99	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-17 13:54:58	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=99,GB)
159.65.63.232	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:21	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt - SourceFire (IP=232,GB)
159.65.7.56	24	RB	None	2019-08-24 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:51	Illegal user_6 hr Failed Logons (IP=56,SG) | updated by SW Block was inactive. Reactivated on 20220926 with reason SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt - WebAttacks (IP=56,SG)
159.65.8.208	24	DT	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 13:31:17	SQL injection - Web Attacks (IP=208,SG)
159.65.80.155	24	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:02	SQL injection - WebAttacks (IP=155,GB)
159.65.81.164	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:39	SQL injection - Web Attacks (IP=164,GB)
159.65.82.138	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:07	HTTP SQL Injection Attempt - 6HR WebAttacks (IP=138,GB)
159.65.82.185	32	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:01	Threat Request // DT / SQLi attempts - IR# 22C01700 (IP=185,US)
159.65.83.248	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:50	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=248,GB)
159.65.84.35	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:18	SQL injection - Web Attacks (IP=35,GB)
159.65.85.144	32	RB	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:30	DT Attempts/Hunt Team Submission - IR #22C01910 (IP=144,US)
159.65.86.91	24	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:27	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=91,GB)
159.65.87.236	24	ZH	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:24	FIREEYE Web: Log4j attempt (IP=236,GB)
159.65.88.45	24	KH	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-02 13:50:50	SQL injection - Web Attacks (IP=45,GB)
159.65.88.62	24	KD	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-19 13:52:24	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt- Sourcefire (IP=62,GB)
159.65.9.234	24	NAB	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:14	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=234,SG)
159.65.92.101	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:36	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=101,GB)
159.65.93.126	32	RB	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:31	DT Attempts/Hunt Team Submission - IR #22C01910 (IP=126,US)
159.65.93.13	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:10	SQL injection - WebAttacks (IP=13,GB)
159.65.94.242	24	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:14	SQL injection - Web Attacks (IP=242,GB)
159.65.95.102	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:19	SQL injection - Web Attacks (IP=102,GB)
159.69.117.213	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=213,DE)
159.69.176.87	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
159.69.222.53	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:50	HIVE Case #7282 CTO 22-085 (IP=53,DE)
159.69.87.185	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=185,DE)
159.75.132.234	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=234,CN)
159.75.71.29	24	DT	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=29,CN)
159.8.168.164	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=164,GB)
159.8.168.171	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=171,GB)
159.8.73.197	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:23	HIVE Case #6729 CTO 22-004 (IP=197,FR) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=197,FR)
159.8.73.198	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=198,FR)
159.89.1.132	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:14	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - SourceFire (IP=132,DE)
159.89.10.125	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:09	SQL injection - Web Attacks (IP=125,DE)
159.89.10.125	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:29	SQL injection - Web Attacks (IP=125,DE)
159.89.100.45	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:33	HTTP SQL Injection Attempt- 6hr Web Attacks (IP=45,DE)
159.89.101.126	32	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:46:57	HTTP: PHP File Inclusion Vulnerability - TT# 22C01026 (IP=126,US)
159.89.101.68	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:13	SQL injection - Web Attacks (IP=68,DE)
159.89.102.253	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:02	Hive Case 7576 (IP=253,DE)
159.89.104.175	24	KD	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt- Sourcefire(IP=175,DE)
159.89.105.147	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:15	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=147,DE)
159.89.107.149	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:52	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=149,DE)
159.89.11.4	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:06	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=4,DE)
159.89.111.202	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:23	SQL injection - 6hr Web Attacks (IP=202,DE)
159.89.112.162	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:34	SQL injection - 6hr Web Attacks (IP=162,CA)
159.89.113.63	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:45	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=63,CA)
159.89.114.245	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:25	SQL injection - WebAttacks (IP=245,CA)
159.89.115.67	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:39	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=67,CA)
159.89.116.250	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:24	SQL injection - Web Attacks (IP=250,CA)
159.89.117.54	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:44	WordPress CodePeople Payment Form SQL Injection Vulnerability - Web Attacks (IP=54,CA)
159.89.118.134	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:59	SQL injection - Web Attacks (IP=134,CA)
159.89.119.53	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:53	SQL injection - WebAttacks (IP=53,CA)
159.89.12.62	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:19	HTTP: SQL Injection - Exploit - Web Attacks (IP=62,DE)
159.89.120.121	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:59	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=121,CA)
159.89.120.175	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:51	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44329:2) - SourceFire (IP=175,CA)
159.89.121.206	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:14	SQL injection - Web Attacks (IP=206,CA)
159.89.122.203	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 14:05:29	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 Hr Web Report (IP=203,US)
159.89.123.58	24	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:55	SQL injection - 6 HR WebAttack (IP=58,CA)
159.89.124.251	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:41	SQL injection - Web Attacks (IP=251,CA)
159.89.125.42	24	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:39	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=42,CA)
159.89.126.156	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:34	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - Sourcefire (IP=156,CA)
159.89.127.225	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:50	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - SourceFire (IP=225,CA)
159.89.135.175	32	SW	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-24 22:47:14	SQL injection - WebAttacks (IP=175,US)
159.89.14.20	24	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:08	SQL injection - Web Attacks (IP=20,DE)
159.89.15.152	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=152,DE)
159.89.152.227	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:09	SIPVicious Security Scanner - IPS Events (IP=227,US)
159.89.155.205	32	BB	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=205,US)
159.89.16.208	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:34	SQL injection - 6 Hr Web Report (IP=208,DE)
159.89.160.152	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:08	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttacks (IP=152,IN)
159.89.162.118	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:35	Invalid user - 6hr Logons (IP=118,CA) | updated by DT Block was inactive. Reactivated on 20220428 with reason POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=118,IN) POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=118,IN)
159.89.162.118	24	BP	None	2019-11-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:35	Invalid user - 6hr Logons (IP=118,CA) | updated by DT Block was inactive. Reactivated on 20220428 with reason POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=118,IN) POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=118,IN)
159.89.163.244	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:00	SQL injection - Web Attacks (IP=244,IN)
159.89.163.244	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:22	SQL injection - Web Attacks (IP=244,IN)
159.89.164.12	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:07	SQL injection - 6 HR WebAttack (IP=12,IN)
159.89.165.202	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:21	SQL injection - Web Attacks (IP=202,IN)
159.89.166.22	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:40	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=22,IN)
159.89.167.140	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:51	SQL injection - 6Hr Web Attack (IP=140,IN)
159.89.168.82	32	RR	None	2022-08-13 00:00:00	2022-11-13 00:00:00	2022-08-14 13:58:02	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR 22C01801 (IP=82,IN)
159.89.169.189	32	RR	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 13:49:06	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01426 (IP=189,US)
159.89.169.189	32	RR	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 13:49:06	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01426 (IP=189,US) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01426 (IP=189,US)
159.89.169.55	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:39	HTTP SQL Injection Attempt - 6 HR WebAttack (IP=55,IN)
159.89.17.83	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:41	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Sourcefire Rpt (IP=83,DE)
159.89.170.63	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:43	SQL injection - Web Attacks (IP=63,IN)
159.89.171.92	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:45	SQL injection - WebAttacks (IP=92,IN)
159.89.172.165	24	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:15	SQL injection - Web Attacks (IP=165,IN)
159.89.173.167	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:17	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=167,IN)
159.89.174.33	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:35	SQL injection - Web Attacks (IP=33,IN)
159.89.175.89	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:41	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=89,IN)
159.89.178.174	32	KH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:14	SQL injection - Web Attacks (IP=174,US)
159.89.178.86	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:22	SQL injection - Web Attacks (IP=86,US)
159.89.179.15	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:36	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - Sourcefire (IP=15,US)
159.89.179.66	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:08	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - Web Attacks (IP=66,US)
159.89.180.150	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:38	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=150,US)
159.89.180.213	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:53	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=213,US)
159.89.181.43	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:01	HTTP SQL Injection Attempt - Web Attacks (IP=43,US)
159.89.182.122	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:40	SQL injection - 6 Hr Web Report (IP=122,US)
159.89.182.211	32	SW	None	2022-09-22 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:37	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=211,US)
159.89.182.222	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:35	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=222,US)
159.89.182.80	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:36	SQL injection - Web Attacks (IP=80,US)
159.89.183.42	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:45	SQL injection - Web Attacks (IP=42,US)
159.89.183.45	32	RR	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 12:28:39	SQL injection - Web Attacks (IP=45,US)
159.89.184.122	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:27	SQL injection - 6hr Web Attacks (IP=122,US)
159.89.185.63	32	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:42	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=63,US)
159.89.185.92	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:52	SQL injection - 6hr Web Attacks (IP=92,US)
159.89.186.7	32	RR	None	2022-09-25 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:33	SQL injection - Web Attacks (IP=7,US) | updated by JY Block expiration extended with reason HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=07,US)
159.89.186.7	32	RR	None	2022-09-25 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:33	SQL injection - Web Attacks (IP=7,US) | updated by JY Block expiration extended with reason HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=07,US)
159.89.187.172	32	JP	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:20	Webshell.Binary.php.FEC2 - FE NX (IP=81,US)
159.89.187.32	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:36	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - Sourcefire (IP=32,US)
159.89.19.112	24	RR	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 13:49:54	SQL injection - Web Attacks (IP=112,DE)
159.89.190.31	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:33	SQL injection- 6 hour Web Attacks (IP=31,US)
159.89.191.149	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:36	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=149,US)
159.89.191.20	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:41	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) - Source Fire (IP=20,US)
159.89.193.173	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:17	SQL injection - Web Attacks (IP=173,SG)
159.89.193.173	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:17	SQL injection - Web Attacks (IP=173,SG) SQL injection - Web Attacks (IP=173,SG)
159.89.193.253	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:25	SQL injection - Web Attacks (IP=253,SG)
159.89.194.172	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:28	SQL injection - 6hr Web Attacks (IP=172,US)
159.89.194.177	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:03	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=177,SG)
159.89.195.230	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:15	HTTP SQL Injection Attempt - Web Attacks (IP=230,SG)
159.89.196.114	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:49	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - Sourcefire (IP=114,SG)
159.89.197.145	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:02	SQL injection - Web Attacks (IP=145,SG)
159.89.197.145	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:24	SQL injection - Web Attacks (IP=145,SG)
159.89.198.93	24	AR	None	2022-05-13 00:00:00	2022-08-13 00:00:00	2022-05-16 15:21:19	SQL injection - WebAttacks (IP=93,SG)
159.89.2.132	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:43	SQL injection - 6Hr Web Attacks (IP=132,DE)
159.89.2.190	24	AR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=190,DE)
159.89.200.32	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:23	SQL injection (IP=32,SG)
159.89.201.143	24	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:43	SQL injection - Web Attacks (IP=143,SG)
159.89.203.127	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:36	SQL injection - 6hr Web Attacks (IP=127,SG)
159.89.204.176	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:41	SQL injection - 6hr Web Attacks (IP=176,SG)
159.89.205.79	24	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:36	SQL injection - 6Hr Web Attacks (IP=79,SG)
159.89.207.233	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:38:02	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=233,SG)
159.89.21.0	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:46	HTTP SQL Injection Attempt - Web Attcks (IP=0,DE)
159.89.224.61	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:29	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - SourceFire (IP=61,US)
159.89.225.57	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:42	SQL injection - 6Hr Web Attacks (IP=57,US)
159.89.226.203	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:16	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt - SourceFire (IP=203,US)
159.89.227.182	32	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:54:56	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=182,US)
159.89.23.159	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:37	HTTP SQL Injection Attempt - 6 HR WebAttack (IP=159,DE)
159.89.230.35	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:13	SQL injection - Web Attacks (IP=35,US)
159.89.232.18	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:58	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=18,US)
159.89.232.18	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:23	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=18,US)
159.89.235.247	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:36	SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2) - SourceFire (IP=247,US)
159.89.236.240	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=240,US)
159.89.237.183	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:23	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=183,US)
159.89.238.174	32	JY	None	2022-09-22 00:00:00	2022-12-22 00:00:00	2022-09-22 22:55:19	Exploit.Webshell.Binary.php.FEC2 - FE NX (IP=174,US)
159.89.238.24	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:07	SQL injection - Web Attacks (IP=24,US)
159.89.239.165	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:54	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=165,US)
159.89.24.121	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:20	SQL injection - Web Attacks (IP=121,DE)
159.89.240.142	32	TLM	None	2022-09-01 00:00:00	2022-12-01 00:00:00	2022-09-02 21:05:03	HIVE Case #8225 COLS-NA-TIP 22-0305 (IP=142,US)
159.89.25.24	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:23	SQL injection - 6hr Web Attacks (IP=24,DE)
159.89.25.71	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=71,DE)
159.89.251.106	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:31	HIVE Case #7198 CTO 22-071 (IP=106,GB)
159.89.26.182	24	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:49	SQL injection - 6hr Web Attacks (IP=182,DE)
159.89.27.235	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:37	SQL injection - Web Attacks (IP=235,DE)
159.89.28.183	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:02	SQL injection - Web Attacks (IP=183,DE)
159.89.29.146	32	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:42	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01510(IP=146,DE)
159.89.3.66	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:36	POLICY-OTHER PHP uri tag injection attempt (1:23111:14)- Sourcefire Rpt (IP=66,DE)
159.89.30.185	32	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:15	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01497 (IP=185,US)
159.89.30.203	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=203,DE)
159.89.32.172	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:14	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=172,US)
159.89.33.174	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:08	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - SourceFire Report (IP=174,US)
159.89.33.236	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:43	HTTP: SQL Injection - Exploit - 6Hr Web Attacks (IP=236,US)
159.89.33.81	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 22:52:34	SQL injection - WebAttacks (IP=81,US)
159.89.34.244	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:54	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=244,US)
159.89.35.13	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:48	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=13,US)
159.89.35.184	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:12	File /etc/passwd Access Attempt Detect - FE IPS (IP=184,US)
159.89.35.72	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:23	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58723:5) - SourceFire (IP=72, US)
159.89.36.136	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:22	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=136,US)
159.89.37.120	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 14:05:29	SERVER-WEBAPP Java ClassLoader access attempt - 6 Hr Web Report (IP=120,US)
159.89.37.193	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:51	SQL injection - WebAttacks (IP=193,US)
159.89.37.232	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:40	SQL injection - 6 Hr Web Report (IP=232,US)
159.89.4.184	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:40	SQL injection - Web Attacks (IP=184,DE)
159.89.4.39	24	BMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=39,DE)
159.89.40.190	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:18	SQL injection- 6hr Web Attacks (IP=190,US)
159.89.40.73	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:05	SQL injection - Web Attacks (IP=73,US)
159.89.41.123	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:08	SQL injection - Web Attacks (IP=123,US)
159.89.41.226	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:15	HTTP: SQL Injection - Exploit - Web Attacks (IP=226,US)
159.89.42.13	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:45	SQL injection - 6hr Web Attacks (IP=13,US)
159.89.42.63	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:36	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Source Fire (IP=63,US)
159.89.43.167	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:36	SQL injection - Web Attacks (IP=167,US)
159.89.43.4	32	WR	None	2022-02-27 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:35	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=4,US) | updated by KH Block was inactive. Reactivated on 20220713 with reason SQL injection - Web Attacks (IP=4,US)
159.89.44.203	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:03	SQL injection - WebAttacks (IP=203,US)
159.89.45.30	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:08	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=30,US)
159.89.45.91	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:21	SQL injection - WebAttacks (IP=91,US)
159.89.46.211	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:26	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - SourceFire (IP=211,US)
159.89.46.56	32	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:07	SQL injection - WebAttacks (IP=56,US)
159.89.48.144	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:23	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=144,US)
159.89.49.184	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 13:54:46	SQL Injection - 6hr Web Attacks (IP=184,US)
159.89.49.36	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:36	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - SourceFire (IP=36,US)
159.89.50.76	32	KH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 13:57:35	SQL injection - Web Attacks (IP=76,US)
159.89.51.241	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:45	SQL injection - 6Hr Web Attacks (IP=241,US)
159.89.52.22	32	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:34	SQL injection - 6hr Web Attack (IP=22,US)
159.89.52.243	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:38	SQL injection - Web Attacks (IP=243,US)
159.89.53.198	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:37	SQL injection - 6Hr Web Attacks (IP=198,US)
159.89.54.70	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:15:13	SQL injection - Web Attacks (IP=70,US)
159.89.7.42	32	KD	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 22:25:58	HTTP: PHP File Inclusion Vulnerability-IR #22C01053(IP=42,US)
159.89.8.178	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:46	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=178,DE)
159.89.81.82	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:26	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=82,US)
159.89.83.107	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:47	SQL injection - Web Attacks (IP=107,US)
159.89.83.60	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:28	SQL injection - Web Attacks (IP=60,US)
159.89.84.91	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:24	SQL injection - WebAttacks (IP=91,US)
159.89.85.213	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:20	SQL injection - 6Hr Web Attacks (IP=213,US)
159.89.88.124	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:37	SQL injection - 6hr Web Attacks (IP=124,US)
159.89.89.254	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:50	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=254,US)
159.89.89.98	32	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:07	SQL injection - WebAttacks (IP=98,US)
159.89.9.106	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:43	Adobe ColdFusion Administrator Access Restriction- Web Attacks (IP=106,DE)
159.89.91.194	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:36	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=194,US)
159.89.92.72	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:59	HIVE Case #7745 CTO 22-160 (IP=72,US)
159.89.93.30	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 13:55:38	SQL injection - 6hr Web Attacks (IP=30,US)
159.89.94.144	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:37	SQL injection - 6 Hr Web Report (IP=144,US)
159.89.94.224	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:59	SQL injection - Web Attacks (IP=224,US)
159.89.95.104	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:19	SQL injection- 6hr Web Attacks (IP=104,US)
159.89.96.184	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:11	SQL injection (IP=184,DE)
159.89.99.16	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:23	SQL injection - Web Attacks (IP=16,DE)
15thandeads.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:17	HIVE Case #5985 TO-S-2021-1459
160.109.103.66	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=66,US)
160.111.252.5	32	SA	None	2022-06-02 00:00:00	2022-07-13 00:00:00	2022-07-15 21:04:07	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=5,US) | UNBLOCKED - IP is a DNS server for https://siarchives.si.edu/ SNOW Ticket: INC0375508
160.111.252.6	32	SA	None	2022-05-31 00:00:00	2022-07-13 00:00:00	2022-07-15 21:02:44	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) SourceFire (IP=6,US) | UNBLOCKED - IP is a DNS server for https://siarchives.si.edu/ SNOW Ticket: INC0375508
160.116.93.107	24	KD	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	SQL injection- 6hr Web Attacks (IP=107,BR)
160.119.79.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
160.121.22.73	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-02 12:29:08	HIVE Case #7494 CTO 22-119 (IP=73,US)
160.153.128.2	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
160.153.129.213	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
160.153.129.222	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
160.153.129.30	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
160.153.129.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
160.153.133.141	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
160.153.133.147	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=147,NL) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=147,NL)
160.153.133.154	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=154,NL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=154,NL)
160.153.133.159	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
160.153.16.28	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=28,NL)
160.153.16.6	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=6,NL)
160.153.209.23	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=23,NL)
160.153.246.233	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=233,NL)
160.153.247.219	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:09	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=219,US)
160.153.40.9	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-14 15:27:37	HIVE Case #7917 COLS-NA TIP 22-0241 (IP=9,US)
160.153.44.197	32	AR	None	2022-01-08 00:00:00	2022-04-08 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire (IP=197,US)
160.153.47.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
160.153.50.139	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=139,US)
160.153.60.226	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:40	HIVE Case #7327 COLS-NA TIP 22-0114 (IP=226,US)
160.153.77.167	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
160.16.142.56	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:30	HIVE Case #7535 TO-S-2022-0176 (IP=56,JP)
160.16.56.72	32	RW	None	2021-10-08 00:00:00	2022-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00100 (IP=72,US)
160.176.130.52	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:23	SQL injection - 6 Hr Web Report (IP=52,MA)
160.20.145.225	24	NAB	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:58	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=225,DE)
160.20.147.0	24	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=0,DE)
160.20.147.159	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=159,DE)
160.20.147.195	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=195,DE)
160.20.147.61	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=61,DE)
160.20.147.87	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=87,DE)
160.20.147.94	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=94,DE)
160.202.116.42	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=42,US)
160.202.163.207	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=207,KR)
160.202.65.114	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=114,US)
160.251.39.81	24	TC	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:13	SQL injection - 6HR Web Attacks (IP=81,JP)
160.251.82.156	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
161.132.96.0	19	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,PE)
161.139.21.59	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=59,MY)
161.139.21.59	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=59,MY)
161.139.21.59	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=59,MY)
161.139.21.59	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=59,MY)
161.139.21.59	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=59,MY)
161.139.21.59	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=59,MY)
161.142.170.174	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
161.202.139.114	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:57	HIVE Case #7380 CTO 22-099 (IP=114,JP)
161.202.139.120	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:13	HIVE Case #7495 CTO 22-120 (IP=120,JP)
161.202.139.123	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:32	HIVE Case #7623 CTO 22-139 (IP=123,JP)
161.202.139.124	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:04	HIVE Case #7696 CTO 22-152 (IP=124,JP)
161.202.175.204	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:36	HIVE Case #7432 CTO 22-110 (IP=204,JP)
161.202.234.39	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=39,JP)
161.202.234.42	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:24	HIVE Case #6729 CTO 22-004 (IP=42,JP) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=42,JP) HIVE Case #7904 CTO 22-189 (IP=42,JP)
161.202.234.42	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:24	HIVE Case #6729 CTO 22-004 (IP=42,JP) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=42,JP) HIVE Case #7904 CTO 22-189 (IP=42,JP)
161.202.234.42	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:24	HIVE Case #6729 CTO 22-004 (IP=42,JP) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=42,JP) HIVE Case #7904 CTO 22-189 (IP=42,JP)
161.202.234.42	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:24	HIVE Case #6729 CTO 22-004 (IP=42,JP) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=42,JP) HIVE Case #7904 CTO 22-189 (IP=42,JP)
161.202.234.42	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:24	HIVE Case #6729 CTO 22-004 (IP=42,JP) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=42,JP) HIVE Case #7904 CTO 22-189 (IP=42,JP)
161.202.234.42	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:24	HIVE Case #6729 CTO 22-004 (IP=42,JP) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=42,JP) HIVE Case #7904 CTO 22-189 (IP=42,JP)
161.202.63.179	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=179,US)
161.202.63.179	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=179,US)
161.202.63.185	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=185,US)
161.202.63.185	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=185,US)
161.202.65.4	24	AR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	IP of Malicious Domain - HIVE Case #6679 (IP=4,JP)
161.22.55.45	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CW TO-S-2021-1050 Hive Case 4821 Malware Activity
161.22.9.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
161.230.44.216	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PT TO-S-2021-1037 Hive Case 4785 Malware Activity
161.232.11.36	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:44	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=36,US)
161.232.11.37	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:44	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=37,US)
161.232.11.38	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:45	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=38,US)
161.232.11.7	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:59	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=7,US)
161.232.13.1	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:45	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=1,US)
161.232.13.46	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:46	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) SourceFire (IP=46,US)
161.232.13.6	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:46	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=6,US)
161.232.13.65	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:47	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=65,US)
161.232.15.23	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:47	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=23,US)
161.232.17.36	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:59	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=36,US)
161.232.17.38	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:48	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=38,US)
161.232.17.51	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:48	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=51,US)
161.246.127.29	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 22:18:20	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01838 (IP=29,TH)
161.35.0.174	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:46	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire (IP=174,US)
161.35.0.77	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:06	SQL injection - Web Attacks (IP=77,US)
161.35.0.84	32	NAB	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:05	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=84,US)
161.35.1.128	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:23	SQL injection - Web Attacks (IP=128,US)
161.35.1.144	32	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:18	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=144,US)
161.35.1.70	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:35	SERVER-WEBAPP WebSVN search command injection attempt - SourceFire (IP=70,US)
161.35.10.120	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:05	SQL injection - Web Attacks (IP=120,US)
161.35.100.117	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:47	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=117,US)
161.35.100.186	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:12	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=186,US)
161.35.100.235	32	TH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-28 13:53:28	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire Report (IP=235,US)
161.35.101.14	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:29	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=14,US)
161.35.101.169	32	AR	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=169,US)
161.35.101.181	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:49	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=181,US)
161.35.101.213	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:42	HTTP SQL Injection Attempt - Web Attacks (IP=213,US)
161.35.101.75	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:22	SQL injection - Web Attacks (IP=75,US)
161.35.102.223	32	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 13:54:42	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=223,US)
161.35.104.221	32	NAB	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:09	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=221,US)
161.35.104.242	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:07	ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (CVE-2021-44228) - SourceFire (IP=242,US)
161.35.105.28	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:47	SQL injection - 6hr Web Attacks (IP=28,US)
161.35.106.124	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:46	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire Report (IP=124,US)
161.35.106.180	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:18	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=180,US)
161.35.108.75	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-30 14:04:44	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=75,US)
161.35.109.107	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:53	SQL injection - 6hr Web Attacks (IP=107,US)
161.35.110.250	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:20	HTTP SQL Injection Attempt- 6hr Web Attacks (IP=250,US)
161.35.111.36	32	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00583 (IP=36,US)
161.35.112.127	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00153 (IP=127,US)
161.35.112.127	32	ZH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt- 6hr Web Attacks (IP=127,US)
161.35.112.17	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:36	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=17,US)
161.35.112.226	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:02	SQL injection - 6Hr Web Attacks (IP=226,US)
161.35.113.179	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:54	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=179,US)
161.35.114.13	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:12	Possible Cross-site Scripting Attack - FE IPS (IP=13,US)
161.35.115.171	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:15	SQL injection - Web Attacks (IP=171,US)
161.35.115.78	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:04	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=78,US)
161.35.118.253	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=253,US)
161.35.118.77	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:37	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=77,US)
161.35.12.158	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:57	SQL injection - 6 Hr Web Report (IP=158,US)
161.35.120.141	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:38	SQL injection - 6Hr Web Attacks (IP=141,US)
161.35.121.213	32	KD	None	2021-10-14 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00151 (IP=213,US) | updated by ZH Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction- 6hr Web Attacks (IP=213,US) Adobe ColdFusion Administrator Access Restriction- 6hr Web Attacks (IP=213,US)
161.35.121.213	32	ZH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00151 (IP=213,US) | updated by ZH Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction- 6hr Web Attacks (IP=213,US) Adobe ColdFusion Administrator Access Restriction- 6hr Web Attacks (IP=213,US)
161.35.122.12	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:12	SQL injection - Web Attacks (IP=12,US)
161.35.123.210	32	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:51	SQL injection - 6 Hr Web Report (IP=210,US)
161.35.123.237	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:48	SQL injection - 6hr Web Attacks (IP=237,US)
161.35.124.12	32	TH	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-05 12:32:28	SQL 1 = 1 - possible sql injection attempt (1:27288:5) - SourceFire Report (IP=12,US)
161.35.124.125	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:55	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - SourceFire (IP=125,US)
161.35.127.0	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:12	SQL injection - 6 Hr Web Report (IP=0,US)
161.35.128.106	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:17	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01577 (IP=106,US)
161.35.128.171	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00893 (IP=171,US)
161.35.128.33	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:55	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire (IP=33,US)
161.35.128.33	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:31	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire (IP=33,US)
161.35.128.58	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00900 (IP=58,US)
161.35.131.32	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:42	SQL injection - 6hr Web Attacks (IP=32,US)
161.35.132.116	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:17	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=116,US)
161.35.132.185	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00898 (IP=185,US)
161.35.132.202	32	WR	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00901 (IP=202,US)
161.35.132.215	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00895 (IP=215,US)
161.35.132.240	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00897 (IP=240,US)
161.35.132.92	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00894 (IP=92,US)
161.35.133.11	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:36	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=11,US)
161.35.134.204	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:33	SQL injection - Web Attacks (IP=204,US)
161.35.135.205	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:06	SQL injection- Web Attacks (IP=205,NL)
161.35.136.149	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:13	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=149,US)
161.35.138.2	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:58	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - Sourcefire Rpt (IP=2,US)
161.35.138.2	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:24	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - Sourcefire Rpt (IP=2,US)
161.35.139.175	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:09	HTTP: PHP File Inclusion Vulnerability- 6hr web attacks (IP=175,US)
161.35.14.123	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:43	SQL injection - Web Attacks (IP=123,US)
161.35.14.198	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:52	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44329:2) - SourceFire (IP=198,US)
161.35.140.247	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 22C00896 (IP=247,US)
161.35.140.248	32	RR	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00892 (IP=248,US)
161.35.141.179	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:58	WordPress CodePeople Payment Form SQL Injection Vulnerability - 6 Hr Web Report (IP=179,US)
161.35.141.29	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:37	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=29,US)
161.35.142.105	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:20	SQL injection - Web Attacks (IP=105,US)
161.35.143.192	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:13	SQL injection - Web Attacks (IP=192,US)
161.35.144.18	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:04	SQL injection - 6Hr Web Attacks (IP=18,NL)
161.35.145.108	24	BB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - Sourcefire (IP=108,NL)
161.35.148.126	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:21	SQL injection- 6hr Web Attacks (IP=126,NL)
161.35.149.46	24	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:38	SQL injection - 6hr Web Attacks (IP=46,NL)
161.35.150.84	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:15	SQL injection - Web Attacks (IP=84,NL)
161.35.151.17	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:51	SQL injection - Web Attacks (IP=17,US)
161.35.151.232	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:28	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=232,US)
161.35.151.232	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:18	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=232,US)
161.35.152.64	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:55	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire (IP=64,NL)
161.35.153.99	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:56	SQL injection - 6Hr Web Attacks (IP=99,NL)
161.35.154.18	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:43:59	POLICY-OTHER CA ARCserve Axis2 default credential login attempt - SourceFire (IP=18,NL)
161.35.154.187	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:38	Django SQL Injection Vulnerability - Web Attacks (IP=187,US)
161.35.156.151	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=151,NL)
161.35.156.151	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=151,NL)
161.35.157.208	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:39	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=208,US)
161.35.157.208	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:16	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - SourceFire (IP=208,NL)
161.35.158.207	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:33	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=207,NL)
161.35.159.26	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=26,NL)
161.35.168.133	24	SW	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:36	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=133,GB)
161.35.176.128	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:02	Generic URI Injection wget Attempt - FE IPS Events (IP=128,US)
161.35.176.184	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:19	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=184,US)
161.35.176.217	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:47	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - SourceFire (IP=217,US)
161.35.177.244	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:38	WordPress CodePeople Payment Form SQL - Web Attacks (IP=244,US)
161.35.177.54	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:20	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=54,US)
161.35.177.74	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:51	SQL injection - WebAttacks (IP=74,US)
161.35.179.79	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:56	SQL injection - 6 HR WebAttack (IP=79,US)
161.35.180.188	32	ZH	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:38:58	File /etc/passwd Access Attempt Detect - IPS Events (IP=188,US)
161.35.180.85	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:23	SQL injection - Web Attacks (IP=85,US)
161.35.180.87	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:24	SQL injection - Web Attacks (IP=87,US)
161.35.182.220	32	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:51	SQL injection - WebAttacks (IP=220,US)
161.35.184.223	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:00	SQL injection - 6Hr Web Attacks (IP=223,US)
161.35.184.253	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:37	SQL injection - Web Attacks (IP=253,US)
161.35.185.123	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:54	SQL injection - 6hr Web Attacks (IP=123,US)
161.35.187.203	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:19	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=203,US)
161.35.188.22	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:28	SQL injection - Web Attacks (IP=22,US)
161.35.188.242	32	JP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:12	Directory Traversal Attempts - IPS Events (IP=242,US) | updated by JP Block was inactive. Reactivated on 20220810 with reason HUNT IP Block Request - IR# 22C01789 (IP=242,US) HUNT IP Block Request - IR# 22C01789 (IP=242,US)
161.35.188.242	32	ZH	None	2022-04-26 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:12	Directory Traversal Attempts - IPS Events (IP=242,US) | updated by JP Block was inactive. Reactivated on 20220810 with reason HUNT IP Block Request - IR# 22C01789 (IP=242,US) HUNT IP Block Request - IR# 22C01789 (IP=242,US)
161.35.188.74	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:03	SQL injection - WebAttacks (IP=74,US)
161.35.189.142	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:12	SERVER-WEBAPP LG N1A1 NAS command injection attempt - SourceFire (IP=142,US)
161.35.189.236	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:39	Layer5 Meshery SQL Injection Vulnerability - WebAttacks (IP=236,US)
161.35.190.247	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:43	SQL injection - Web Attacks (IP=247,US)
161.35.191.126	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:43	SQL injection - Web Attacks (IP=126,US)
161.35.191.138	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:54	Django SQL Injection Vulnerability - 6hr Web Attacks (IP=138,US)
161.35.191.223	32	SW	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-20 13:23:17	SQL injection - WebAttacks (IP=223,US)
161.35.191.97	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:36	SQL injection - Web Attacks (IP=97,US)
161.35.194.49	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=49,DE)
161.35.195.92	24	RB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=92,DE)
161.35.198.215	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=215,DE)
161.35.198.215	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58737:2) - SourceFire (IP=215,DE)
161.35.2.38	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:37	SQL injection - Web Attacks (IP=38,US)
161.35.208.123	24	RB	None	2022-01-08 00:00:00	2022-04-08 00:00:00	None	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - 6hr web attacks (IP=123,DE)
161.35.21.51	24	RR	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 14:47:53	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=51,DE)
161.35.210.45	24	AR	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:37	Exploit.Log4Shell.CVE-2021-44228 - IPS Events (IP=45,DE)
161.35.212.127	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:46	rConfig SQL Injection Vulnerability - Web Attacks (IP=127,DE)
161.35.214.158	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:02	SQL injection - 6Hr Web Attacks (IP=158,DE)
161.35.22.217	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=217,DE)
161.35.220.200	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:46	SQL injection- Web Attacks (IP=200,DE)
161.35.222.51	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:39	HTTP SQL Injection Attempt - Web Attacks (IP=51,US)
161.35.224.117	32	KH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:18	Possible Cross-site Scripting Attack - FE IPS (IP=117,US)
161.35.224.244	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:45	SQL injection - 6Hr Web Attacks (IP=244,US)
161.35.225.124	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:24	SQL injection - 6hr Web Attacks (IP=124,US)
161.35.225.17	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:29	HTTP: SQL Injection - Exploit II - Web Attacks (IP=17,US)
161.35.227.24	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:35	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - SourceFire (IP=24,US)
161.35.227.46	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:25	SQL injection - 6hr Web Attacks (IP=46,US)
161.35.227.75	32	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:46	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=75,US)
161.35.228.120	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:04	SQL injection - Web Attacks (IP=120,US)
161.35.228.216	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:06	SQL injection - Web Attacks (IP=216,US)
161.35.228.248	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:00	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt - SourceFire (IP=248,US)
161.35.229.148	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:23	SQL injection - Web Attacks (IP=148,US)
161.35.229.154	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:28	SQL injection - 6Hr Web Attacks (IP=154,US)
161.35.229.176	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:04	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=176,US)
161.35.229.79	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:29	SQL union select - possible sql injection attempt - POST parameter - Sourcefire (IP=79,US)
161.35.230.1	32	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:00	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=1,US)
161.35.230.47	32	KH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:18	File /etc/passwd Access Attempt Detect - FE IPS (IP=47,US)
161.35.231.106	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:24	SQL injection - 6Hr Web Attacks (IP=106,US)
161.35.231.153	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:13	SQL injection - Web Attacks (IP=153,US)
161.35.231.174	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:34	Masscan TCP Port Scanner - IPS Events(IP=174,US)
161.35.231.202	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:13	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=202,US)
161.35.232.216	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:24	SQL injection - Web Attacks (IP=216,US)
161.35.233.166	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:00	SQL injection - 6 Hr Web Report (IP=166,US)
161.35.234.216	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:51	SQL injection - WebAttacks (IP=216,US)
161.35.234.236	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:52	HTTP SQL Injection Attempt - Web Attacks (IP=236,US)
161.35.234.239	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:27	SQL injection - 6hr web attacks (IP=239,US)
161.35.234.84	32	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:10	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire Report (IP=84,US)
161.35.235.195	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:38	SQL injection - Web Attacks (IP=195,US)
161.35.235.231	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:23	SQL injection - WebAttacks (IP=231,US)
161.35.235.245	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:00	SQL injection - 6hr Web Attacks (IP=245,US)
161.35.235.251	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:42	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=251,US)
161.35.236.200	32	AR	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:44	SQL injection - Web Attacks (IP=200,US)
161.35.236.24	32	wmp	None	2022-03-19 00:00:00	2022-06-19 00:00:00	2022-03-19 23:23:11	Suspicious Scan Activity (IP=24,US)
161.35.236.31	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:52	SQL injection - 6hr Web Attacks (IP=31,US)
161.35.236.31	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:27	SQL injection - 6hr Web Attacks (IP=31,US)
161.35.237.128	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:05	SQL injection - Web Attacks (IP=128,US)
161.35.237.131	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:38	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=131,US)
161.35.237.255	32	KH	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:40	SQL injection - Web Attacks (IP=255,US)
161.35.238.160	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:04	SQL injection - Web Attacks (IP=160,US)
161.35.238.175	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:37	SQL injection - WebAttack (IP=175,US)
161.35.238.202	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:15	SQL injection - Web Attacks (IP=202,US)
161.35.239.101	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:24	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=101,US)
161.35.239.145	32	TH	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-16 18:12:38	SQL injection - 6 Hr Web Report (IP=145,US)
161.35.239.65	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:28	SQL injection - Web Attacks (IP=65,US)
161.35.3.163	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:29	SQL injection - Web Attacks (IP=163,US)
161.35.40.78	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:06	SQL injection- Web Attacks (IP=78,SG)
161.35.48.130	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:07	File /etc/passwd Access Attempt Detect - IPS Events (IP=130,US)
161.35.48.16	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:54	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=16,US)
161.35.48.52	32	AR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=52,US)
161.35.49.216	32	AR	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:47	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=216,US)
161.35.49.28	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:11	SQL injection - Web Attacks (IP=28,US)
161.35.5.97	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:38:03	SQL use of concat function with select - likely SQL injection - SourceFire (IP=97,US)
161.35.5.97	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:47	SQL use of concat function with select - likely SQL injection - SourceFire (IP=97,US)
161.35.50.242	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:01	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=242,US)
161.35.53.173	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:33	SQL injection- 6 hour Web Attacks (IP=173,US)
161.35.53.230	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:38	SQL injection - Web Attacks (IP=230,US)
161.35.54.207	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:40	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt (1:57438:1) - SourceFire (IP=207,US)
161.35.55.244	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:39	SQL injection - Web Attacks (IP=244,US)
161.35.55.37	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:21	SQL injection - Web Attacks (IP=37,US)
161.35.55.5	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:54	SQL injection - WebAttacks (IP=5,US)
161.35.55.94	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:53	SQL injection - 6Hr Web Attacks (IP=94,US)
161.35.57.114	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:57	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (1:55778:1) - SourceFire (IP=114,US)
161.35.58.202	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:37	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1)- Sourcefire Rpt (IP=202,US)
161.35.58.83	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:16	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=83,US)
161.35.59.228	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:22	SQL injection - Web Attacks (IP=228,US)
161.35.6.233	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:41	SQL injection - 6Hr Web Attacks (IP=233,US)
161.35.60.10	32	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:54	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=10,US)
161.35.60.232	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:39	SQL generic sql with comments injection attempt - GET parameter - SourceFire (IP=232,US)
161.35.60.55	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:14	HTTP SQL Injection Attempt - 6HR WebAttacks (IP=55,US)
161.35.61.154	32	KD	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00150(IP=154,US)
161.35.61.159	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:52	SQL injection - WebAttacks (IP=159,US)
161.35.61.185	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:49	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - SourceFire (IP=185,US)
161.35.62.227	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:21	SQL injection - 6hr web attacks (IP=227,US)
161.35.63.112	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:16	SERVER-WEBAPP Unraid Operating System PHP code injection attempt - SourceFire (IP=112,US)
161.35.63.96	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:41	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=96,US)
161.35.63.98	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:13	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - SourceFire (IP=98,US)
161.35.80.40	32	RR	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:37	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=40,US)
161.35.80.92	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:37	SQL injection - Web Attacks (IP=92,US)
161.35.83.87	24	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:12	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=87,NL)
161.35.84.0	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:44	SQL injection - 6Hr Web Attacks (IP=0,US)
161.35.84.122	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:48	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=122,NL)
161.35.85.202	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:17	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire Report (IP=202,NL)
161.35.86.181	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:29	Directory Traversal Attempt - FE IPS (IP=181,NL) | updated by SW Block was inactive. Reactivated on 20220528 with reason SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=181,NL) SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=181,NL) | updated by RS Block was inactive. Reactivated on 20220916 with reason File /etc/passwd Access Attempt Detect - IPS Events (IP=181,NL) File /etc/passwd Access Attempt Detect - IPS Events (IP=181,NL)
161.35.86.181	24	SW	None	2022-05-28 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:29	Directory Traversal Attempt - FE IPS (IP=181,NL) | updated by SW Block was inactive. Reactivated on 20220528 with reason SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=181,NL) SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=181,NL) | updated by RS Block was inactive. Reactivated on 20220916 with reason File /etc/passwd Access Attempt Detect - IPS Events (IP=181,NL) File /etc/passwd Access Attempt Detect - IPS Events (IP=181,NL)
161.35.86.181	24	KH	None	2021-10-29 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:29	Directory Traversal Attempt - FE IPS (IP=181,NL) | updated by SW Block was inactive. Reactivated on 20220528 with reason SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=181,NL) SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=181,NL) | updated by RS Block was inactive. Reactivated on 20220916 with reason File /etc/passwd Access Attempt Detect - IPS Events (IP=181,NL) File /etc/passwd Access Attempt Detect - IPS Events (IP=181,NL)
161.35.86.38	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:38	SQL injection - Web Attacks (IP=38,US)
161.35.87.113	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:33	SQL injection- 6hr Web Attacks (IP=113,NL)
161.35.89.157	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:26	SQL Injection - 6Hr Web Attacks (IP=157,NL)
161.35.9.109	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:40	SQL injection - Web Attacks (IP=109,US)
161.35.90.67	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:06	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=.67,NL)
161.35.91.154	24	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:27	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - Sourcefire (IP=154,NL)
161.35.92.226	24	DT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:46	FIREEYE Web: Log4j attempt (IP=226,NL)
161.35.95.239	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:53	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (1:57907:4) - SourceFire (IP=239,NL)
161.35.96.103	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:01	SQL injection - 6Hr Web Attacks (IP=103,US)
161.35.97.121	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:42	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire Rpt (IP=121,US)
161.35.97.62	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:34	SQL injection - 6 Hr Web Report (IP=62,US)
161.35.99.115	32	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:39	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - Source Fire (IP=115,US)
161.35.99.39	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:14	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - SourceFire (IP=39,US)
161.49.176.162	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PH TO-S-2021-1092 Hive Case 4875 Malware Activity
161.53.123.2	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:43	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=2,HR)
161.82.243.4	32	AR	None	2021-11-15 00:00:00	2022-05-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00349 (IP=4,TH) | updated by SW Block was inactive. Reactivated on 20220215 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 22C00937(IP=4,TH) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 22C00937(IP=4,TH)
161.82.243.4	32	SW	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00349 (IP=4,TH) | updated by SW Block was inactive. Reactivated on 20220215 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 22C00937(IP=4,TH) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 22C00937(IP=4,TH)
161.97.100.171	32	TLM	None	2021-10-06 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:10	HIVE Case #6313 CTO 21-274 (IP=171,DE) | updated by TLM Block was inactive. Reactivated on 20220621 with reason HIVE Case #7807 CTO 22-169 (IP=171,DE) HIVE Case #7807 CTO 22-169 (IP=171,DE)
161.97.100.171	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:10	HIVE Case #6313 CTO 21-274 (IP=171,DE) | updated by TLM Block was inactive. Reactivated on 20220621 with reason HIVE Case #7807 CTO 22-169 (IP=171,DE) HIVE Case #7807 CTO 22-169 (IP=171,DE)
161.97.100.171	32	TLM	None	2021-10-06 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:10	HIVE Case #6313 CTO 21-274 (IP=171,DE) | updated by TLM Block was inactive. Reactivated on 20220621 with reason HIVE Case #7807 CTO 22-169 (IP=171,DE) HIVE Case #7807 CTO 22-169 (IP=171,DE)
161.97.103.69	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=69,DE)
161.97.122.17	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
161.97.122.17	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
161.97.124.87	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
161.97.137.65	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:08	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=65,DE)
161.97.138.168	24	JY	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 22:44:40	SIPVicious Security Scanner - ips_events (IP=168,DE)
161.97.140.16	24	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:52	SIPVicious Security Scanner - FE CMS IPS Events (IP=16,DE)
161.97.157.176	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:34	HIVE Case #7432 CTO 22-110 (IP=176,DE)
161.97.171.96	24	SW	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	PHPUnit Remote Code Execution Vulnerability - TT# 22C00317 (CVE-2017-9841) (IP=96, DE)
161.97.172.86	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=86,DE)
161.97.175.17	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=17,DE)
161.97.179.116	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=116,DE)
161.97.180.88	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:07	HIVE Case #7862 CTO 22-176 (IP=88,DE)
161.97.70.153	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=153,DE)
161.97.70.7	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:31	SQL injection - WebAttacks (IP=7,US)
161.97.74.103	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:12	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=103,DE)
161.97.84.131	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:02:58	HIVE Case #7441 CTO 22-111 (IP=131,DE)
161.97.87.172	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=172,DE)
161.97.87.172	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=172,DE)
161.97.87.172	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=172,DE)
161.97.91.29	24	TC	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 14:04:40	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01896 (IP=29,DE)
161.97.91.29	24	TC	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 14:04:43	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01896 (IP=29,DE)
161.97.97.7	24	RS	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:53:49	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=7,DE)
1614950633.site.goapp.today	---	jkc	None	2021-03-22 00:00:00	2022-03-22 00:00:00	2023-01-19 22:53:57	Case # 5090 TO-S-2021-1185 Malicious Domain
162.0.209.135	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.0.209.138	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.0.209.189	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.0.209.222	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=222,US)
162.0.209.77	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=77,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=77,US)
162.0.215.10	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
162.0.215.172	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.0.215.187	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.0.215.229	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=229,US)
162.0.217.17	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=17,NL)
162.0.217.30	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=30,NL)
162.0.217.32	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=32,US)
162.0.217.50	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=50,US)
162.0.219.8	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=8,US)
162.0.220.101	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=101,US)
162.0.220.114	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=114,US)
162.0.222.97	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=97,US)
162.0.226.182	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=182,US)
162.0.226.231	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=231,US)
162.0.226.57	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=57,US)
162.0.228.91	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.0.229.134	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.0.229.223	32	wmp	None	2020-07-30 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:07	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=223,CA) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity | updated by AS Block was inactive. Reactivated on 20220303 with reason HIVE Case #7133 CTO 22-062 (IP=223,US)
162.0.231.50	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=50,US)
162.0.232.168	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.0.232.235	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=235,US)
162.0.232.32	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=32,US)
162.0.234.132	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.0.235.148	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=148,US)
162.0.235.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.0.235.193	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.0.235.194	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.0.235.229	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
162.0.235.242	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=242,US)
162.0.237.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.0.239.247	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=247,US)
162.13.24.184	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	GB TO-S-2021-1092 Hive Case 4875 Malware Activity
162.133.73.151	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:36	HIVE Case #7432 CTO 22-110 (IP=151,US)
162.139.251.128	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:49	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=128,CA)
162.14.117.146	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=146,CN)
162.14.79.204	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=204,CN)
162.142.125.193	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=193,US)
162.142.125.194	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=194,US)
162.142.125.196	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=196,US)
162.142.125.230	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:56	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=230,US)
162.142.125.236	32	JP	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=236,US)
162.142.125.241	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:56	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=241,US)
162.142.125.42	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=42,US)
162.142.125.44	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=44,US)
162.142.125.58	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=58,US)
162.142.125.59	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=59,US)
162.142.125.60	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=60,US)
162.144.113.165	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
162.144.12.110	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=110,US)
162.144.12.153	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=153,US)
162.144.135.175	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=175,US)
162.144.139.197	32	ABC	None	2019-01-22 00:00:00	2022-01-20 00:00:00	None	Generic ArcSight scan attempt (IP=197,US) | updated by KF with reason Generic ArcSight scan attempt (IP=197,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.144.154.151	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=151,US)
162.144.158.98	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=98,US)
162.144.16.243	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=243,US)
162.144.235.7	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.144.238.180	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=180,US)
162.144.35.193	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=193,US)
162.144.62.11	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.144.74.145	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:15	Phish.LIVE.DTI.URL - FE CMS (IP=145,US)
162.144.74.25	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=25,US)
162.158.162.161	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:49	HA_China_Chopper_WebShell - IR#22C01413 (IP=161,US)
162.158.170.250	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:43	HIVE Case #7779 CTO 22-162 (IP=250,SG)
162.158.191.211	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:34	HIVE Case #7226 CTO 22-075 (IP=211,IN)
162.158.203.35	32	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	UDS-Paros_RC8766 - TT# 22C00324 (IP=35,US)
162.158.89.154	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6626 CTO 21-343 (IP=154,DE)
162.158.90.23	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6626 CTO 21-343 (IP=23,DE)
162.158.91.52	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6626 CTO 21-343 (IP=52,DE)
162.159.129.233	32	wmp	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6846 WhisperGate Malware (IP=233,US)
162.159.130.233	32	wmp	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6846 WhisperGate Malware (IP=233,US)
162.159.133.233	32	wmp	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6846 WhisperGate Malware (IP=233,US)
162.159.134.233	32	wmp	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6846 WhisperGate Malware (IP=233,US)
162.17.254.17	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:41	HIVE Case #7199 CTO 22-074 (IP=17,US)
162.19.52.1	24	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:03	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=1,FR)
162.19.54.206	24	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:03	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=206,FR)
162.19.70.143	24	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:04	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=143,FR)
162.19.93.214	24	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:05	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=214,FR)
162.210.100.18	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=18,US)
162.210.102.202	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.210.102.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.210.96.123	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=123,US)
162.211.80.236	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication - TT# 22C00045 (IP=236,US)
162.211.82.48	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.213.215.190	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:38	HIVE Case #7296 CTO 22-088 (IP=190,US)
162.213.249.122	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=122,US)
162.213.251.109	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.213.251.175	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.213.251.223	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
162.213.253.68	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=68,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=68,US)
162.213.255.55	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=55,US)
162.214.0.0	15	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:35	HIVE Case #7704 TO-S-2022-0190 (IP=0,US)
162.214.102.166	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=166,US)
162.214.103.199	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.214.104.108	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.214.112.34	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=34,US)
162.214.112.53	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.214.119.12	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.214.122.97	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=97,US)
162.214.126.242	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=242,US)
162.214.127.242	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.214.144.228	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=228,US)
162.214.149.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.214.153.228	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
162.214.156.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.214.157.236	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.214.157.79	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=79,US)
162.214.157.80	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.214.167.3	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=3,US)
162.214.174.252	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.214.175.117	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.214.186.163	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
162.214.187.11	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.214.189.182	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.214.189.88	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=88,US)
162.214.190.47	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.214.193.236	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=236,US)
162.214.196.105	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=105,US)
162.214.208.245	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=245,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=245,US)
162.214.208.246	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=246,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=246,US)
162.214.210.215	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=215,US)
162.214.211.248	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=248,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=248,US)
162.214.212.166	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=166,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=166,US)
162.214.228.113	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=113,US)
162.214.49.220	32	AS	None	2021-11-12 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6528 TO-S-2022-0082 (IP=220,US)
162.214.55.233	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.214.72.154	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=154,US)
162.214.75.199	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=199,US)
162.214.80.46	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=46,US)
162.214.80.6	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=6,US)
162.214.93.80	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=80,US)
162.215.210.143	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=143,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=143,US)
162.215.213.89	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=89,US)
162.215.241.145	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=145,US)
162.215.248.191	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=191,US)
162.215.248.203	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.216.17.218	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:04	SQL injection - WebAttacks (IP=218,US)
162.216.18.133	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:08	SQL injection - WebAttacks (IP=133,US)
162.216.18.171	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:08	SQL injection - WebAttacks (IP=171,US)
162.216.18.190	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:07	SQL injection - WebAttacks (IP=190,US)
162.216.18.193	32	DT	None	2022-01-16 00:00:00	2022-04-16 00:00:00	None	HTTP: Apache HTTP Server mod_proxy Denial of Service - TT# 22C00841 (IP=193,US)
162.216.18.207	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:07	SQL injection - WebAttacks (IP=207,US)
162.216.18.25	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:06	SQL injection - WebAttacks (IP=25,US)
162.216.240.226	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=226,US)
162.216.240.61	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:53	HIVE Case #7904 CTO 22-189 (IP=61,US)
162.220.163.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.220.57.41	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
162.222.225.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.222.227.181	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=181,US)
162.222.227.215	32	TLM	None	2022-09-01 00:00:00	2022-12-01 00:00:00	2022-09-02 21:05:03	HIVE Case #8225 COLS-NA-TIP 22-0305 (IP=215,US)
162.223.88.241	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:08	HIVE Case #7126 CTO 22-061 (IP=241,US)
162.226.120.185	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:42	HIVE Case #7199 CTO 22-074 (IP=185,US)
162.226.120.186	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:42	HIVE Case #7199 CTO 22-074 (IP=186,US)
162.226.120.187	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:43	HIVE Case #7199 CTO 22-074 (IP=187,US)
162.226.120.188	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:44	HIVE Case #7199 CTO 22-074 (IP=188,US)
162.226.120.189	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:44	HIVE Case #7199 CTO 22-074 (IP=189,US)
162.235.9.111	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-14 11:18:27	HIVE Case #8297 TO-S-2022-0229 (IP=111,US)
162.240.0.213	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=213,US)
162.240.10.205	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=205,US)
162.240.11.186	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=186,US)
162.240.11.231	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=231,US)
162.240.13.92	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=92,US)
162.240.2.147	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=147,US)
162.240.23.165	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=165,US)
162.240.24.38	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=38,US)
162.240.25.110	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=110,US)
162.240.25.179	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:47:33	HIVE Case #8037 COLS-NA TIP 21-0402 (IP=179,US)
162.240.25.3	32	AS	None	2021-11-12 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6528 TO-S-2022-0082 (IP=3,US)
162.240.26.11	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=11,US)
162.240.27.139	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:47:32	HIVE Case #8037 COLS-NA TIP 21-0402 (IP=139,US)
162.240.27.53	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=53,US)
162.240.30.167	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=167,US)
162.240.30.5	32	DT	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	- Case # 6763 CMS Notified Report (IP=5,US)
162.240.5.151	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=151,US)
162.240.5.191	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=191,US)
162.240.5.230	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=230,US)
162.240.68.177	32	AS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-25 12:50:42	HIVE Case #7934 COLS-NA TIP 22-0244 (IP=177,US)
162.241.104.112	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
162.241.114.189	32	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=189,US)
162.241.114.27	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=27,US)
162.241.115.110	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=110,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=110,US)
162.241.115.126	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 16:36:18	HIVE Case #8047 COLS-NA TIP 21-0394 (IP=126,US)
162.241.115.174	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=174,US)
162.241.115.176	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=176,US)
162.241.115.177	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=177,US)
162.241.115.219	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=219,US)
162.241.115.222	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=222,US)
162.241.115.248	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=248,US)
162.241.115.36	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.117.202	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=202,US)
162.241.117.57	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=57,US)
162.241.120.105	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=105,US)
162.241.120.140	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.241.120.145	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=145,US)
162.241.120.147	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:41:27	HIVE Case #8032 COLS-NA TIP 21-0401 (IP=147,US)
162.241.120.217	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=217,US)
162.241.120.218	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.241.120.227	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=227,US)
162.241.120.76	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.121.114	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=114,US)
162.241.121.160	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=160,US)
162.241.121.179	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=179,US)
162.241.121.202	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.121.222	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=222,US)
162.241.121.34	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=34,US)
162.241.121.36	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=36,US)
162.241.121.46	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=46,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=46,US)
162.241.121.79	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=79,US)
162.241.121.96	32	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=96,US)
162.241.123.12	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.123.44	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=44,US)
162.241.124.116	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=116,US)
162.241.124.161	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.241.124.185	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=185,US)
162.241.124.43	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.124.81	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=81,US)
162.241.125.0	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:21	HIVE Case #7714 CTO 22-154 (IP=0,US)
162.241.125.2	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=2,US)
162.241.125.241	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=241,US)
162.241.125.43	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=43,US)
162.241.125.53	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:40	HIVE Case #7338 COLS-NA TIP 22-0116 (IP=53,US)
162.241.125.82	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.126.153	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=153,US)
162.241.126.186	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.126.194	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=194,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=194,US)
162.241.126.206	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.241.126.213	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=213,US)
162.241.126.235	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=235,US)
162.241.126.250	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=250,US)
162.241.126.26	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=26,US)
162.241.126.42	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.126.90	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=90,US)
162.241.127.128	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=128,US)
162.241.127.157	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.127.175	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malware Activity
162.241.127.190	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.127.194	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=194,US)
162.241.127.8	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=8,US)
162.241.127.84	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.241.127.99	32	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=99,US)
162.241.148.206	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.148.29	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.241.148.31	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.148.59	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
162.241.149.153	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=153,US)
162.241.149.164	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=164,US)
162.241.149.18	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6806 CTO 22-013 (IP=18,US)
162.241.149.240	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.241.149.251	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=251,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=251,US)
162.241.149.37	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=37,US)
162.241.149.46	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=46,US)
162.241.153.137	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.241.153.176	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=176,US)
162.241.156.4	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=4,US)
162.241.158.186	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=186,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=186,US)
162.241.174.17	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=17,US)
162.241.174.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
162.241.174.195	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=195,US)
162.241.175.227	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=227,US)
162.241.175.230	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.241.175.67	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=67,US)
162.241.178.225	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=225,US)
162.241.180.128	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=128,US)
162.241.192.201	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=201,US)
162.241.194.16	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=16,US)
162.241.194.62	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=62,US)
162.241.197.39	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.2.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.2.16	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=16,US)
162.241.2.161	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=161,US)
162.241.2.176	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=176,US)
162.241.200.46	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=46,US)
162.241.200.6	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=6,US)
162.241.201.162	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=162,US)
162.241.201.21	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=21,US)
162.241.201.234	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=234,US)
162.241.201.254	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=254,US)
162.241.201.3	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=3,US)
162.241.201.90	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=90,US)
162.241.203.116	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=116,US)
162.241.203.136	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=136,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=136,US)
162.241.203.16	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=16,US)
162.241.203.181	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=181,US)
162.241.203.36	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=36,US)
162.241.203.72	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=72,US)
162.241.208.228	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=228,US)
162.241.214.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.216.20	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=20,US)
162.241.216.221	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.241.216.83	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=83,US)
162.241.217.138	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=138,US)
162.241.217.171	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=171,US)
162.241.217.216	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.218.118	32	dbc	None	2019-08-06 00:00:00	2022-07-07 00:00:00	None	US TO-S-2019-0864 Malware Activity | updated by RR Block was inactive. Reactivated on 20210707 with reason Bot Networks - Inbound (IP=118,US)
162.241.218.199	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=199,US)
162.241.218.64	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=64,US)
162.241.219.188	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=188,US)
162.241.222.228	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=228,US)
162.241.222.53	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=53,US)
162.241.224.11	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=11,US)
162.241.224.143	32	RR	None	2019-04-01 00:00:00	2022-06-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=143,US) | updated by TLM Block was inactive. Reactivated on 20211215 with reason HIVE Case #6667 TO-S-2022-0091 (IP=143,US)
162.241.224.50	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.241.225.192	32	GED	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HIVE Case #NA FP Security (IP=192,US)
162.241.225.246	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=246,US)
162.241.226.115	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=115,US)
162.241.226.37	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.233.204	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=204,US)
162.241.24.38	32	KF	None	2019-12-02 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:12	SQL HTTP URI blind injection attempt (IP=38,US) | updated by KF Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=38,US) | updated by TH Block was inactive. Reactivated on 20220225 with reason FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire Report (IP=38,US)
162.241.24.56	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:42	HIVE Case #8395 TO-S-2022-0233 (IP=56,US)
162.241.24.89	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=89,US)
162.241.244.22	32	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:47	FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (1:3088:11) - SourceFire (IP=22,US)
162.241.252.107	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.252.110	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.241.252.146	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=146,US)
162.241.252.221	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=221,US)
162.241.252.47	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malware Activity
162.241.252.80	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=80,US)
162.241.252.86	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.241.27.25	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=25,US)
162.241.29.157	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=157,US)
162.241.29.17	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=17,US)
162.241.29.48	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=48,US)
162.241.30.119	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=119,US)
162.241.33.248	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=248,US)
162.241.34.212	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=212,US)
162.241.35.232	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.36.66	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=66,US)
162.241.4.158	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=158,US)
162.241.4.42	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=42,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=42,US)
162.241.41.113	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=113,US)
162.241.41.92	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=92,US)
162.241.5.149	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=149,US)
162.241.52.211	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.241.60.105	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=105,US)
162.241.60.14	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=14,US)
162.241.60.178	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=178,US)
162.241.60.19	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:10	HIVE Case #7199 CTO 22-074 (IP=19,US)
162.241.60.209	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=209,US)
162.241.61.249	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.62.196	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=196,US)
162.241.62.226	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=226,US)
162.241.62.252	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=252,US)
162.241.65.157	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=157,US)
162.241.65.200	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.241.65.238	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=238,US)
162.241.65.66	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=66,US)
162.241.65.84	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.241.67.173	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=173,US)
162.241.69.105	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.69.123	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=123,US)
162.241.69.127	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.241.69.134	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=134,US)
162.241.69.14	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=14,US)
162.241.69.15	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=15,US)
162.241.69.182	32	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=182,US)
162.241.69.200	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=200,US)
162.241.69.229	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=229,US)
162.241.69.68	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=68,US)
162.241.69.84	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=84,US)
162.241.7.225	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.70.114	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=114,US)
162.241.70.129	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=129,US)
162.241.70.144	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=144,US)
162.241.70.225	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=225,US)
162.241.70.248	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.70.99	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=99,US)
162.241.71.110	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=110,US)
162.241.71.188	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:42	HIVE Case #7769 CTO 22-165 (IP=188,US)
162.241.71.240	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.71.250	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=250,US)
162.241.71.76	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.241.71.87	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=87,US)
162.241.74.111	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=111,US)
162.241.74.74	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
162.241.81.58	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=58,US)
162.241.85.131	32	AS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 20:19:23	HIVE Case #7930 TO-S-2022-0209 (IP=131,US)
162.241.85.206	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-08-02 21:00:37	HIVE Case #7281 COLS-NA TIP 22-0103 (IP=206,US)
162.241.85.217	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
162.241.85.240	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
162.241.85.246	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.241.85.41	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=41,US)
162.241.85.42	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=42,US)
162.241.85.73	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=73,US)
162.241.87.142	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=142,US)
162.241.87.183	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=183,US)
162.241.87.185	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=185,US)
162.241.87.239	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=239,US)
162.241.87.78	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
162.241.88.186	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=186,US)
162.243.160.214	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:01	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=214,US)
162.243.162.89	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:48	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=89,US)
162.243.163.211	32	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:51	SQL injection - Web Attacks (IP=211,US)
162.243.164.51	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:33	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=51,US)
162.243.165.166	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:08	SQL injection - 6 Hr Web Report (IP=166,US)
162.243.166.155	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:52	SQL injection - 6 Hr Web Report (IP=155,US)
162.243.166.193	32	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:31	SQL Injection - Web Attacks(IP=193,US)
162.243.166.87	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:27	SQL injection - Web Attacks (IP=87,US)
162.243.167.11	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 22:48:26	SQL injection - Web Attacks (IP=11,US)
162.243.167.35	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:21	SQL injection - Web Attacks (IP=35,US)
162.243.169.175	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:38	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2)- Sourcefire Rpt (IP=175,US)
162.243.171.40	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:36	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=40,US)
162.243.172.59	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:25	SQL injection - 6hr Web Attacks (IP=59,US)
162.244.132.218	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=218,US)
162.244.80.235	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:28	HIVE Case #7198 CTO 22-071 (IP=235,US)
162.244.81.169	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=169,US)
162.245.190.203	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:52	HIVE Case #7779 CTO 22-162 (IP=203,US)
162.245.237.226	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:28	SIPVicious Security Scanner - IPS Events(IP=226,US)
162.245.237.242	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:13	SIPVicious Security Scanner - IPS Events (IP=242,US)
162.246.17.61	32	NAB	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:08	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=61,US)
162.247.242.18	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
162.247.72.199	32	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00624 (IP=199,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=199,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=199,US)
162.247.72.199	32	GM	None	2021-03-09 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00624 (IP=199,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=199,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=199,US)
162.247.73.192	32	RW	None	2020-01-16 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=192,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=192,US)
162.247.74.200	32	GM	None	2019-08-20 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:35	Authentication Failed - Failed Logons (IP=200,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=200,US)
162.247.74.201	32	RW	None	2019-08-15 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6hr failed logon (IP=201,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=201,US)
162.247.74.202	32	RW	None	2019-08-21 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6 hr failed logons (IP=202,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=202,US)
162.247.74.204	32	RW	None	2019-08-21 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6 hr failed logons (IP=204,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=204,US)
162.247.74.206	32	GM	None	2019-08-20 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=206,US) | updated by GM Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00635 (IP=206,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=206,US)
162.247.74.213	32	RW	None	2020-07-18 00:00:00	2022-05-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=213,US) | updated by DT Block was inactive. Reactivated on 20210314 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00689 (IP=213,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=213,US)
162.247.74.216	32	RW	None	2019-08-15 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6hr failed logon (IP=216,US) | updated by CR Block expiration extended with reason Possible SQLi attempt - TT# 20C00701 (IP=216,US) | updated by KH Block was inactive. Reactivated on 20211110 with reason File /etc/passwd Access Attempt Detect - FE IPS (IP=216,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=216,US)
162.247.74.217	32	RW	None	2019-08-31 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6 hr failed logons (IP=221,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=217,US)
162.247.74.27	32	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=27,US)
162.247.74.7	32	GM	None	2020-07-14 00:00:00	2022-05-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=7,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=7,US)
162.247.74.74	32	GM	None	2020-07-16 00:00:00	2022-05-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=74,US) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=74,US)
162.248.161.252	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:19	HIVE Case #7881 CTO 22-182 (IP=252,CA)
162.248.210.234	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=234,US)
162.250.122.203	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=203,US)
162.251.61.164	32	TH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-02 13:50:46	SIPVicious Security Scanner - FE CMS IPS Events (IP=164,US)
162.252.57.32	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=32,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=32,US)
162.252.58.219	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=219,US)
162.253.133.189	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 17:50:16	HIVE Case #7916 TO-S-2022-0206 (IP=189,US)
162.254.252.93	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=93,US)
162.255.116.138	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.255.119.14	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.255.119.160	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=160,US)
162.255.119.193	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=193,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=193,US)
162.255.119.202	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.255.119.223	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
162.255.119.234	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
162.255.119.37	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
162.255.119.96	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-15 18:48:07	HIVE Case #8292 COLS-NA-TIP 22-0316 (IP=96,US)
162.33.177.143	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=143,US)
162.33.177.29	32	TLM	None	2022-05-06 00:00:00	2022-11-05 00:00:00	2022-05-06 18:07:08	HIVE Case #7533 CTO 22-126 (IP=29,US)
162.33.177.51	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:15	HIVE Case #7904 CTO 22-189 (IP=51,US)
162.33.178.116	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=116,US)
162.33.178.122	32	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=122,US)
162.33.179.171	32	EE	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:30	HIVE Case #7418 IOC_Fodcha Botnet (IP=171,US)
162.33.179.79	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:29	HIVE Case #7705 CTO 22-153 (IP=79,US)
162.55.136.20	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=20,DE)
162.55.136.233	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6512 CTO 21-308 (IP=233,DE)
162.55.198.178	24	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=178,DE)
162.55.226.51	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=51,DE)
162.55.226.63	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=63,DE)
162.55.32.0	21	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:39	HIVE Case #7840 CTO 22-175 (IP=0,DE)
162.55.38.44	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:34	HIVE Case #7189 CTO 22-068.1 (IP=44,DE)
162.55.57.108	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=108,DE)
162.55.85.218	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:27	HIVE Case #7198 CTO 22-071 (IP=218,DE)
162.55.90.26	24	BMP	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=26,DE) | updated by WR Block expiration extended with reason HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=85,DE)
162.62.191.231	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:33	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=231,RU)
162.62.192.111	24	KD	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=111,RU)
162.62.192.165	24	KD	None	2021-10-31 00:00:00	2022-01-29 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00265 (IP=165,RU)
162.62.218.106	24	WR	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=106,HK)
162.62.219.205	24	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=205,DE)
162.62.222.150	24	WR	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=150,DE)
162.62.223.254	24	UA	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - sourcefire (IP=254,DE)
162.62.224.224	24	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=224,DE)
162.83.191.53	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:19	HIVE Case #7807 CTO 22-169 (IP=53,US)
163.123.143.198	32	KH	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:06	muieblackcat PHP Vulnerability Scanner - FE IPS (IP=198,US)
163.123.143.216	32	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:53	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=216,US)
163.123.143.226	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 22:48:44	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=226,US)
163.125.135.173	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:56	Generic URI Injection wget Attempt - FE IPS Events (IP=173,CN)
163.125.135.173	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:32	Generic URI Injection wget Attempt - FE IPS Events (IP=173,CN)
163.125.185.80	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:34	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=80,CN)
163.171.137.16	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication - TT# 22C00045 (IP=16,US)69.20.59.81/32
163.172.10.53	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
163.172.100.203	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=203,FR)
163.172.108.144	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=144,FR)
163.172.109.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
163.172.114.139	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Unknown Malicious Activity
163.172.139.143	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:28	Firewall intrusion detected and handled - ArcSight (IP=143,FR)
163.172.148.199	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:36	Abnormally Long Header Line - ArcSight (IP=199,FR)
163.172.155.172	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=172,FR)
163.172.157.143	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=143,FR)
163.172.158.4	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:40	Abnormally Long Header Line - ArcSight (IP=4,FR)
163.172.164.231	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=231,FR)
163.172.174.225	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
163.172.175.132	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 17:50:17	HIVE Case #7916 TO-S-2022-0206 (IP=132,FR)
163.172.182.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
163.172.19.145	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=145,FR)
163.172.198.60	24	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:15	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=60,FR)
163.172.20.135	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=135,FR)
163.172.211.131	24	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=131,NL)
163.172.213.69	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=69,NL)
163.172.219.146	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:51	HIVE Case #7325 CTO 22-091 (IP=146,NL)
163.172.37.165	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:20	SIPVicious Security Scanner - FE IPS (IP=165,FR)
163.172.37.165	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:24	SIPVicious Security Scanner - FE IPS (IP=165,FR)
163.172.42.136	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=136,FR)
163.172.43.248	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:05	SIPVicious Security Scanner - IPS Events (IP=248,FR)
163.172.47.200	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
163.172.49.67	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:21	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=67,FR)
163.172.50.82	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=82,FR)
163.172.54.124	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=124,FR)
163.172.60.213	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	FR TO-S-2020-0493 Malware Activity | updated by TLM Block was inactive. Reactivated on 20211215 with reason HIVE Case #6665 CTO 21-349 (IP=213,FR) HIVE Case #6665 CTO 21-349 (IP=213,FR)
163.172.60.213	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=213,FR)
163.172.60.213	32	dbc	None	2020-05-07 00:00:00	2022-06-15 00:00:00	None	FR TO-S-2020-0493 Malware Activity | updated by TLM Block was inactive. Reactivated on 20211215 with reason HIVE Case #6665 CTO 21-349 (IP=213,FR) HIVE Case #6665 CTO 21-349 (IP=213,FR)
163.172.73.105	24	RR	None	2022-02-13 00:00:00	2022-05-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=105,FR)
163.172.82.59	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:51	SIPVicious Security Scanner - IPS Events (IP=59,FR)
163.172.84.202	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
163.172.90.169	24	KH	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:06	SIPVicious Security Scanner - FE IPS (IP=169,FR)
163.172.98.217	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
163.172.99.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
163.179.152.239	24	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:39	SIPVicious Security Scanner - SourceFire (IP=239,CN)
163.197.34.48	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=48,US)
163.197.39.45	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=45,US)
163.43.102.24	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	JP TO-S-2021-1102 Malicious Email Activity
163.44.168.22	32	wmp	None	2020-08-20 00:00:00	2022-02-05 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=22,JP) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=22,JP) HIVE Case #5 TO-S-2021-1447 (IP=22,JP)
163.44.168.22	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=22,JP) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=22,JP) HIVE Case #5 TO-S-2021-1447 (IP=22,JP)
163.47.148.192	24	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	SQL injection - Web Attacks (IP=192,NP)
163.47.148.221	24	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:35	SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt - Source Fire (IP=221,NP)
163.47.202.100	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=100,AU)
163.47.32.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
163.53.149.2	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=2,BD)
163.53.17.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
163.53.186.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
163.53.194.179	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malicious Email Activity
163.53.25.153	24	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	SQL injection - Web Attacks (IP=153,NP)
163.53.81.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
163.68.118.50	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=50,FR)
163.ru.com	---	jkc	None	2021-05-07 00:00:00	2022-08-10 00:00:00	2023-01-19 22:56:31	Case # 5405 IOC_ TO-S-2021-1269 Malicious domain | updated by TLM Block expiration extended with reason HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity | updated by TLM Block expiration extended with reason HIVE Case #5969 TO-S-2021-1289
164.132.159.220	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=220,FR)
164.132.171.89	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	FR TO-S-2021-1092 Hive Case 4875 Malware Activity
164.132.200.32	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
164.132.237.65	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:26	HIVE Case #7088 CTO 22-056 (IP=65,FR)
164.132.250.221	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:24	HIVE Case #7115 CTO 22-060 (IP=221,FR)
164.132.9.199	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=199,FR)
164.132.97.211	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
164.138.219.127	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=127,BG)
164.138.221.75	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=75,BG)
164.138.223.145	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=145,BG)
164.155.88.64	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=64,US)
164.163.145.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
164.163.232.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
164.163.28.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
164.163.36.67	24	KD	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	Known Attack Tool User Agent V2 - TT# 22C00081 (IP=67,BR)
164.190.136.210	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:17	HIVE Case #8100 CTO 22-211 (IP=210,US)
164.190.36.155	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=155,US) | UNBLOCKED per CTO 22-305
164.190.36.157	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=157,US) | UNBLOCKED per CTO 22-305
164.215.48.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
164.52.146.177	32	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:42	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (1:21492:23) - SourceFire (IP=177,US)
164.52.192.0	22	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	IN TO-S-2021-1143 Malicious Email Activity
164.52.212.196	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44229 (IP=196,IN)
164.52.53.163	24	ZH	None	2021-12-15 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=163,SG)
164.58.224.4	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=4,US)
164.68.109.190	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=190,DE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=190,DE)
164.68.111.157	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
164.68.111.173	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
164.68.96.117	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:48	HIVE Case #7662 CTO 22-145 (IP=117,DE)
164.68.96.197	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:22	HIVE Case #7905 COLS-NA TIP 22-0239 (IP=197,DE)
164.68.99.3	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:31	HIVE Case #7535 TO-S-2022-0176 (IP=3,DE)
164.77.162.42	24	EDBT	None	2017-09-11 05:00:00	2022-11-11 00:00:00	2022-08-13 22:59:28	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=42,CL) | updated by RS Block was inactive. Reactivated on 20220813 with reason SIPVicious Security Scanner - IPS Events (IP=42,CL) SIPVicious Security Scanner - IPS Events (IP=42,CL)
164.77.162.42	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:28	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=42,CL) | updated by RS Block was inactive. Reactivated on 20220813 with reason SIPVicious Security Scanner - IPS Events (IP=42,CL) SIPVicious Security Scanner - IPS Events (IP=42,CL)
164.90.128.147	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:19	SQL injection - Web Attacks (IP=147,US)
164.90.129.123	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:50	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter - SourceFire (IP=123,US)
164.90.130.140	32	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:47	SQL injection - Web Attacks (IP=140,US)
164.90.130.152	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:47	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (1:57495:1) - Sourcefire (IP=152,US)
164.90.130.162	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=162,US)
164.90.131.49	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:55	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=49,US)
164.90.131.58	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:18	SQL injection - Web Attacks (IP=58,US)
164.90.133.146	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:43	SQL injection - Web Attacks (IP=146,US)
164.90.133.63	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:03	SQL injection - Web Attacks (IP=63,US)
164.90.133.96	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:22	SQL injection - Web Attacks (IP=96,US)
164.90.134.27	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:12	SQL injection - 6 Hr Web Report (IP=27,US)
164.90.134.73	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:04	SQL injection - WebAttacks (IP=73,US)
164.90.135.22	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:09	EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 - Sourcefire (IP=22,US)
164.90.135.47	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:07	SQL injection - Web Attacks (IP=47,US)
164.90.136.233	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:47	HIVE Case #7662 CTO 22-145 (IP=233,US)
164.90.138.248	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:25	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=248,US)
164.90.139.11	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:17	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=11,US)
164.90.139.187	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:29	SQL injection - Web Attacks (IP=187,US)
164.90.139.193	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:10	Layer5 Meshery SQL Injection Vulnerability - Web Attacks (IP=193,US)
164.90.139.209	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:10	SQL injection - Web Attacks (IP=209,US)
164.90.139.220	32	TH	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:52	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=160,US)
164.90.139.237	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:19	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=237,US)
164.90.140.211	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:15	SQL Injection Attempt - 6HR WebAttacks (IP=211,US)
164.90.140.216	32	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:57	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=216,US)
164.90.140.45	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:00	SQL injection - 6hr Web Attacks (IP=45,US)
164.90.141.39	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:42	SQL injection - Web Attacks (IP=39,US)
164.90.141.84	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:48:59	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=84,US)
164.90.143.58	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:00	HTTP SQL Injection Attempt - WebAttacks (IP=58,US)
164.90.144.173	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:33	SQL injection - Web Attacks (IP=173,US)
164.90.144.221	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:21	SQL injection - Web Attacks (IP=221,US)
164.90.144.89	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:38	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=89,US)
164.90.146.109	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:55	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - SourceFire (IP=109,US)
164.90.146.249	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:56	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=249,US)
164.90.147.15	32	RS	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:29	SIPVicious Security Scanner - IPS Events (IP=15,US)
164.90.147.155	32	JP	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:48	SQL Injection - 6HR Web Attacks (IP=155,US)143.198.146.119/32
164.90.147.180	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:04	SQL injection - WebAttacks (IP=180,US)
164.90.147.240	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:04	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=240,US)
164.90.147.55	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:46	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Source Fire (IP=55,US)
164.90.147.9	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:47	HTTP: SQL Injection - Exploit - 6 Hr Web Report (IP=9,US)
164.90.149.101	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:35	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=101, US)
164.90.149.248	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:25	HTTP SQL Injection Attempt - WebAttacks (IP=248,US)
164.90.149.37	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:05	SQL injection - WebAttacks (IP=37,US)
164.90.150.19	32	KH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:12	FEC_Webshell_PHP_Generic - FE NX (IP=19,US)
164.90.150.220	32	RB	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 22:44:38	Hunt IP Blocks / DT attempts - IR# 22C01963 (IP=220,US)
164.90.150.240	32	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-03 14:03:28	SQL injection - 6 hr Web attacks (IP=240,US)
164.90.152.199	32	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:46	SQL injection - 6hr Web Attacks (IP=199,US)
164.90.152.26	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:54:55	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=26,US)
164.90.153.160	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:23	SQL injection - Web Attacks (IP=160,US)
164.90.153.209	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 22:41:54	SQL injection - 6HR Web Attacks (IP=209, US)
164.90.153.73	32	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:12	SQL injection - 6 Hr Web Report (IP=73,US)
164.90.154.145	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:04	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=145,US)
164.90.154.16	32	RR	None	2022-05-08 00:00:00	2022-08-08 00:00:00	2022-05-08 12:51:40	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=16,US)
164.90.154.170	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:48	SQL injection - Web Attacks (IP=170,US)
164.90.154.243	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:01	SQL injection - 6Hr Web Attacks (IP=243,US)
164.90.157.12	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=12,US)
164.90.157.23	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:46	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=23,US)
164.90.157.57	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:54	SQL injection - 6hr Web Attacks (IP=57,US)
164.90.158.152	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:21	HIVE Case #7495 CTO 22-120 (IP=152,US)
164.90.158.2	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:39	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=2,US)
164.90.159.10	32	TH	None	2022-06-07 00:00:00	2022-09-05 00:00:00	2022-06-08 13:48:11	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire Report (IP=10,US)
164.90.159.180	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:59	WordPress CodePeople Payment Form SQL Injection Vulnerability - 6 Hr Web Report (IP=180,US)
164.90.159.50	32	KH	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:19	SIPVicious Security Scanner - FE IPS (IP=50,US)
164.90.160.143	24	SW	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - SourceFire (IP=143,DE)
164.90.161.195	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=195,DE)
164.90.162.147	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:56	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=147,DE)
164.90.166.191	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:25	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=191,DE)
164.90.168.84	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:15	SQL injection - Web Attacks(IP=84,DE)
164.90.169.220	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:11	SQL injection - Web Attacks (IP=220,DE)
164.90.171.81	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=81,DE)
164.90.178.200	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=200,DE)
164.90.180.9	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=9,DE)
164.90.192.23	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:57	SQL injection - 6hr Web Attacks (IP=23,NL)
164.90.193.153	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:10	HIVE Case #7807 CTO 22-169 (IP=153,NL)
164.90.195.66	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:59	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=66,US)
164.90.196.92	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:03	SQL injection - 6hr Web Attacks (IP=92,NL)
164.90.197.43	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:43	SQL injection - Web Attacks (IP=43,US)
164.90.198.241	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:55	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=241,NL)
164.90.198.40	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:27	HIVE Case #7227 CTO 22-076 (IP=40,NL)
164.90.199.14	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:15	SERVER-WEBAPP VMware vCenter Server file upload attempt (1:58219:1) - Sourcefire (IP=14,NL)
164.90.199.216	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=216,NL)
164.90.199.218	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=218,NL)
164.90.199.250	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=250,NL)
164.90.202.3	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:53	SQL injection - 6hr web attacks (IP=3,NL)
164.90.204.143	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:16	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=143,NL)
164.90.204.224	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:28	HIVE Case #7227 CTO 22-076 (IP=224,NL)
164.90.205.240	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:39	SQL injection - 6hr Web Attacks (IP=240,NL)
164.90.205.93	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:01	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=93,US)
164.90.206.158	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:44	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=158,NL)
164.90.207.195	24	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=195,NL)
164.90.211.8	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:41	SQL injection- Web Attacks (IP=8,DE)
164.90.222.22	32	RT	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 22:41:28	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 22C01065 - (IP=22,DE)
164.90.222.97	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection - WebAttacks (IP=97,US)
164.90.226.220	24	DT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 23:42:54	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=25,DE)
164.90.232.96	32	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=96,US)
164.90.234.201	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection - WebAttacks (IP=201,US)
164.90.237.170	24	NAB	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=170,DE)
164.90.241.135	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:15	HIVE Case #7733 CTO 22-155 (IP=135,DE)
164.92.100.131	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:34:59	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - Sourcefire Rpt (IP=131,US)
164.92.100.192	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:42	SQL injection - Web Attacks (IP=192,US)
164.92.100.226	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:27	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=226, US)
164.92.100.229	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:02	SQL injection - 6 Hr Web Report (IP=229,US)
164.92.101.159	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:41	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=159,US)
164.92.101.57	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:50	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=57,US)
164.92.101.73	32	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:32	Possible Cross-site Scripting Attack - IPS Events(IP=73,US)
164.92.101.79	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:45	SQL injection - 6Hr Web Attacks (IP=79,US)
164.92.101.84	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:41	SQL injection - Web Attacks (IP=84,US)
164.92.102.119	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:43	SQL injection - Web Attacks (IP=119,US)
164.92.102.154	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:43	SQL injection - Web Attacks (IP=154,US)
164.92.102.168	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:55	SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt (1:59735:2) - Sourcefire (IP=168,US)
164.92.102.178	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:47	SQL injection - Web Attacks (IP=178,US)
164.92.102.186	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:44	SQL injection - Web Attacks (IP=186,US)
164.92.102.5	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:09	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=5, US)
164.92.102.53	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:05	SQL injection - WebAttacks (IP=53,US)
164.92.102.67	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:03	SQL injection - Web Attacks (IP=67,US)
164.92.102.85	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:45	SQL injection - Web Attacks (IP=85,US)
164.92.103.14	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:36	SQL injection - 6 Hr Web Report (IP=14,US)
164.92.103.170	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:45	SQL injection - 6Hr Web Attacks (IP=170,US)
164.92.103.89	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:40	SQL injection - 6Hr Web Attacks (IP=89,US)
164.92.104.173	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:48	SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt (1:48206:1) - SourceFire (IP=173,US)
164.92.104.252	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:07	SQL injection - 6 Hr Web Report (IP=252,US)
164.92.104.39	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:44	SQL injection - Web Attacks (IP=39,US)
164.92.105.102	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:53	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=102,US)
164.92.105.143	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:26	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter - SourceFire (IP=143,US)
164.92.105.194	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:05	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=194,US)
164.92.105.205	32	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 22:32:22	HTTP: ThinkPHP CMS Getshell IR#22C01383 (IP=205,US)
164.92.105.55	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:13	File /etc/passwd Access Attempt Detect - IPS Events (IP=55,US)
164.92.105.69	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:52	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - SourceFire (IP=69,US)
164.92.106.2	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:02	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=2,US)
164.92.107.1	32	RB	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:30	SQL injection - 6hr web attacks (IP=1,US)
164.92.107.221	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:39	SQL injection - WebAttack (IP=221,US)
164.92.107.239	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:03	SQL injection - 6Hr Web Attacks (IP=239,US)
164.92.107.249	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:59	SQL injection - Web Attacks (IP=249,US)
164.92.107.31	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:53	SQL injection - 6 Hr Web Report (IP=31,US)
164.92.107.82	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:03	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=82,US)
164.92.108.129	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:43	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - SourceFire (IP=129, US)
164.92.108.134	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:30	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - SourceFire (IP=134,US)
164.92.108.47	32	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:19	SQL injection - Web Attacks (IP=47,US)
164.92.108.73	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:20	SQL injection - WebAttacks (IP=73,US)
164.92.109.145	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:06	SQL injection - Web Attacks (IP=145,US)
164.92.109.187	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:14	SQL injection - Web Attacks (IP=187,US)
164.92.109.216	32	TH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-28 13:53:27	SERVER-WEBAPP Yealink VoIP phone directory traversal attempt (1:42393:2) - SourceFire Report (IP=216,US)
164.92.109.46	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:06	SQL injection - Web Attacks (IP=46,US)
164.92.110.124	32	KH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 22:28:52	SQL injection - Web Attacks (IP=124,US)
164.92.110.133	32	TH	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 13:49:11	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX Alerts (IP=133,US)
164.92.110.145	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:53	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=145,US)
164.92.110.3	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:27	SQL injection - 6hr Web Attacks (IP=3,US)
164.92.111.16	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:57	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=16,US)
164.92.111.189	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:00	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=189,US)
164.92.111.193	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:42	SQL injection - Web Attacks (IP=193,US)
164.92.111.45	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:58	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=45,US)
164.92.111.70	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:28	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=70,US)
164.92.111.96	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:59	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=96,US)
164.92.111.97	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:57:59	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt (1:58863:1) - SourceFire (IP=97,US)
164.92.112.151	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:46	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=151,US)
164.92.112.210	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:28	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt - SourceFire (IP=210,US)
164.92.112.244	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:04	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=244,US)
164.92.113.109	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:25	SQL injection - 6Hr Web Attacks (IP=109,NL)
164.92.113.184	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:04	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt (1:58069:1) - SourceFire (IP=184, US)
164.92.114.223	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:04	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=223,US)
164.92.114.33	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:18	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=33, US)
164.92.115.124	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:54	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=124,US)
164.92.115.218	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:00	vBulletin SQL Injection Vulnerability - 6hr Web Attacks (IP=218,US)
164.92.115.38	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:57	SQL injection - 6Hr Web Attacks (IP=38,US)
164.92.115.6	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:14	HIVE Case #7904 CTO 22-189 (IP=6,US)
164.92.116.232	32	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:14	HTTP: PHP File InclusionVulnerability- Web Attacks(IP=232,US)
164.92.116.248	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:36	SQL injection - 6 Hr Web Report (IP=248,US)
164.92.116.57	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:34	SQL injection- 6hr Web Attacks (IP=57,US)
164.92.116.58	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:35	SQL injection- 6hr Web Attacks (IP=58,US)
164.92.118.119	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:55:02	SQL injection - Web Attacks (IP=119,US)
164.92.118.20	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:37	SQL injection - Web Attacks (IP=20,US)
164.92.118.51	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:46	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=51,US)
164.92.118.80	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:03	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=80,US)
164.92.119.165	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:00	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=165,US)
164.92.119.235	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:15	SQL injection - Web Attacks(IP=235,DE)
164.92.119.238	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:01	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=238,US)
164.92.119.97	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:01	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=97,US)
164.92.120.161	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:59	SQL injection - Web Attacks (IP=161,US)
164.92.120.238	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:39	SERVER-WEBAPP ysoserial TypeConfuseDelegate deserialization exploit attempt (1:57275:2) - SourceFire (IP=238, US)
164.92.120.90	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:56	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=90,US)
164.92.121.11	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:49	SQL injection - 6hr Web Attacks (IP=11,US)
164.92.121.16	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:01	SQL injection - WebAttacks (IP=16,US)
164.92.121.176	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:43	SQL injection - 6 Hr Web Report (IP=176,US)
164.92.121.184	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:54	SQL injection - 6 Hr Web Report (IP=184,US)
164.92.121.201	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:56	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=201,US)
164.92.121.255	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:05	SQL injection - Web Attacks (IP=255,US)
164.92.121.31	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:56	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (1:47634:1) - SourceFire (IP=31,US)
164.92.121.72	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=72,US)
164.92.121.78	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:02	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=78,US)
164.92.122.111	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:12	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=111,US)
164.92.122.122	32	AR	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:38	Exploit.Log4Shell.CVE-2021-44228 - IPS Events (IP=122,US)
164.92.122.178	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:09	SQL injection - WebAttacks (IP=178,US)
164.92.122.184	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:41	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt (1:57438:1) - SourceFire (IP=184,US)
164.92.122.68	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:35	SQL injection - 6 Hr Web Report (IP=68,US)
164.92.123.223	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:39	Adobe ColdFusion Administrator Access Restriction - WebAttack (IP=223,US)
164.92.123.225	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:26	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=225,US)
164.92.124.15	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:05	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=15, US)
164.92.124.242	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:48	SQL injection - WebAttacks (IP=242,US)
164.92.124.6	32	AR	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-18 13:49:58	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=6,US)
164.92.124.90	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:27	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=90,US)
164.92.125.107	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:41	SQL injection - 6Hr Web Attacks (IP=107,US)
164.92.125.149	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=149,US)
164.92.125.240	32	KH	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:32	FE_Webshell_PHP_Generic_1 - FE Web (IP=240,US)
164.92.126.104	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:38	SQL injection - 6hr Web Attacks (IP=104,US)
164.92.126.20	32	DT	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-11 13:46:53	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=20,US)
164.92.126.236	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:48	SQL injection - Web Attacks (IP=236,US)
164.92.126.250	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:52	HTTP: SQL injection - 6Hr Web Attacks (IP=250,US)
164.92.126.43	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:41	SQL injection - Web Attacks (IP=43,US)
164.92.127.103	32	KD	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-19 13:46:43	HTTP: PHP File InclusionVulnerability - Web Attacks (IP=103,US)
164.92.127.141	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:05	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire (IP=141, US)
164.92.127.155	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:14	SQL injection - Web Attacks (IP=155,US)
164.92.127.172	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:43	SQL injection - 6 Hr Web Report (IP=172,US)
164.92.127.176	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:57	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=176,US)
164.92.127.184	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:50	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=184,US)
164.92.127.214	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:26	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - Sourcefire Rpt (IP=214,US)
164.92.127.218	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:21	SQL injection - 6Hr Web Attacks (IP=218,US)
164.92.127.245	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:51	HTTP: PHP File Inclusion Vulnerability- 6Hr Web Attacks (IP=245,US)
164.92.127.93	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:09	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=93,US)
164.92.128.191	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:09	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=191,DE)
164.92.129.241	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:07	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=241,DE)
164.92.130.149	24	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:28	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=149,DE)
164.92.130.77	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:02	SQL injection - Web Attacks (IP=77,DE)
164.92.131.133	32	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:22	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=133,US)
164.92.131.143	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=143,SG)
164.92.132.107	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:56	SQL injection - 6Hr Web Attacks (IP=107,DE)
164.92.133.189	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 13:55:38	SQL injection - 6hr Web Attacks (IP=189,US)
164.92.133.4	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:13	SQL injection - Web Attacks (IP=4,US)
164.92.133.4	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:14	SQL injection - Web Attacks (IP=4,US)
164.92.134.16	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:07	SQL injection- Web Attacks (IP=16,CA)
164.92.134.16	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:42	HTTP SQL Injection Attempt - Web Attacks (IP=16,US)
164.92.135.142	24	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:57	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=142,DE)
164.92.135.18	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:55	SQL Injection- Web Attacks (IP=18,US)
164.92.136.199	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:49	SQL injection - Web Attacks (IP=199,US)
164.92.136.199	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:49	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - SourceFire (IP=199,DE)
164.92.136.26	32	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:46:59	HTTP SQL Injection Attempt - Web Attacks (IP=26,US)
164.92.137.132	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:14	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=132,DE)
164.92.138.146	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:20	SQL injection - WebAttacks (IP=146,US)
164.92.138.54	24	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:41	SQL injection - WebAttacks (IP=54,DE)
164.92.138.65	32	TH	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 23:14:33	SQL injection - 6 Hr Web Report (IP=65,US)
164.92.139.109	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:42	SQL injection - Web Attacks (IP=109,US)
164.92.139.46	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:45	SQL injection - Web Attacks (IP=46,US)
164.92.139.48	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:42	SQL injection - Web Attacks (IP=48,US)
164.92.139.95	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:12	SQL injection- Web Attacks(IP=95,DE)
164.92.140.63	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:40	SQL injection - Web Attacks (IP=63,DE)
164.92.141.212	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:00	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - Sourcefire Rpt (IP=212,DE)
164.92.142.1	24	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:03	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=1,DE)
164.92.143.70	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:02	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt (1:38988:2) - SourceFire Report (IP=70,DE)
164.92.144.163	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:34	SQL injection - 6 Hr Web Report (IP=163,NL)
164.92.145.223	24	AR	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:39:41	Exploit.Log4Shell.CVE-2021-44228 - IPS Events (IP=223,NL)
164.92.147.192	24	RT	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 22:49:47	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=192,NL)
164.92.147.60	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:52:58	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - SourceFire (IP=60,NL)
164.92.148.164	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:22	Layer5 Meshery SQL Injection Vulnerability - Web Attacks (IP=164,US)
164.92.148.19	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:27	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=19,NL)
164.92.148.36	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:46	HTTP SQL Injection Attempt - Web Attacks (IP=36,US)
164.92.149.132	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:39	WordPress CodePeople Payment Form SQL - Web Attacks (IP=132,US)
164.92.149.231	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:23	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire Report (IP=,NL)
164.92.150.191	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:04	SQL injection - 6hr Web Attacks (IP=191,NL)
164.92.150.77	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:14	HIVE Case #7341 CTO 22-092 (IP=77,NL)
164.92.151.80	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:43	SERVER-WEBAPP CGit cgit_clone_objects function directory traversal attempt (1:47466:3) - Sourcefire Rpt (IP=80,NL)
164.92.152.10	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:40	SQL injection - 6Hr Web Attacks (IP=10,NL)
164.92.152.22	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:41	HTTP: PHP File Inclusion Vulnerability - IR# 22C01539 (IP=22,US)
164.92.153.170	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:35	SQL injection- 6hr Web Attacks (IP=170,NL)
164.92.154.121	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:33	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=121,NL)
164.92.155.229	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:40	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire (IP=229,NL)
164.92.155.71	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:04	SQL injection - Web Attacks (IP=71,US)
164.92.156.179	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:37	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - SourceFire (IP=179,NL)
164.92.156.26	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:23	SQL injection - 6 Hr Web Report (IP=26,NL)
164.92.157.86	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:22	SQL injection - 6 Hr Web Report (IP=86,NL)
164.92.159.164	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:53	Automattic WooCommerce Blocks WordPress Plugin Store API SQL Injection Vulnerability - 6 Hr Web Report (IP=164,NL)
164.92.160.229	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:31	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - Sourcefire (IP=229,DE)
164.92.161.171	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:23	SERVER-WEBAPP D-Link DNS-320 Firewall command injection attempt (1:57330:1) - Sourcefire Report (IP=,DE)
164.92.161.247	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:26	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=247,US)
164.92.162.82	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:26	SQL injection - 6hr Web Attacks (IP=82,DE)
164.92.163.191	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:57	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=191,DE)
164.92.164.225	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:27	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - Sourcefire Rpt (IP=225,DE)
164.92.165.193	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 22:48:03	SQL injection - 6 HR WebAttack (IP=193,DE)
164.92.166.2	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:31	SQL injection - 6Hr Web Attacks (IP=2,DE)
164.92.167.59	24	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:25	SQL injection- Web Attacks (IP=59,DE)
164.92.168.209	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:54	SQL injection - 6Hr Web Attacks (IP=209,DE)
164.92.169.139	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:43	SQL injection - 6hr Web Attacks (IP=139,DE)
164.92.170.191	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:02	SQL injection - 6Hr Web Attacks (IP=191,DE)
164.92.171.165	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:56	SQL Injection- Web Attacks (IP=165,US)
164.92.171.190	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:00	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=190,DE)
164.92.172.136	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:10	Automattic WooCommerce Blocks WordPress Plugin Store API SQL Injection Vulnerability - WebAttacks (IP=136,US)
164.92.172.60	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:34	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt (1:48359:2) - SourceFire (IP=60, DE)
164.92.173.169	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:18	SQL injection - Web Attacks (IP=169,US)
164.92.173.6	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:14	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - WebAttacks (IP=6,US)
164.92.173.6	24	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 22:48:43	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=6,DE)
164.92.173.62	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:30	SQL injection - Web Attacks (IP=62,US)
164.92.173.81	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:36	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=81,US)
164.92.174.168	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:40	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - SourceFire (IP=168,DE)
164.92.174.201	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:26	HTTP: SQL Injection - Exploit - WebAttacks (IP=201,US)
164.92.174.83	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:00	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Rpt (IP=83,US)
164.92.175.195	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:05	SQL injection - WebAttacks (IP=195,US)
164.92.176.181	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:03	SQL injection - WebAttacks (IP=181,US)
164.92.176.206	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:03	SQL injection - WebAttacks (IP=206,US)
164.92.177.69	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:35	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attack (IP=69,DE)
164.92.178.100	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:15:14	SQL injection - Web Attacks (IP=100,DE)
164.92.179.240	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:26	SQL injection - WebAttacks (IP=240,US)
164.92.179.93	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:43	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=93,DE)
164.92.180.37	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:29	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=37,DE)
164.92.181.157	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:01	SERVER-APACHE Apache Struts remote code execution attempt (1:39191:3) - Sourcefire Rpt (IP=157,DE)
164.92.182.107	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:36	SQL injection- 6hr Web Attacks (IP=107,US)
164.92.182.128	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:02	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (3:57769:1) - SourceFire (IP=128,DE)
164.92.183.165	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:37	SQL injection- 6hr Web Attacks (IP=165,DE)
164.92.184.219	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:51	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt - SourceFire (IP=219,DE)
164.92.185.228	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=228,DE)
164.92.186.178	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:04	SQL injection - WebAttacks (IP=178,US)
164.92.186.184	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:38	SQL generic sql with comments injection attempt - GET parameter (1:16431:6)- Sourcefire Rpt (IP=184,DE)
164.92.187.38	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:46	SQL injection - Web Attacks (IP=38,DE)
164.92.188.250	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=250,US)
164.92.188.65	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:23	SQL injection - 6Hr Web Attacks (IP=65,US)
164.92.189.96	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:44	SQL injection - 6Hr Web Attacks (IP=96,DE)
164.92.190.63	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:23	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=63,DE)
164.92.191.222	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:24	SQL injection (IP=222,DE)
164.92.193.152	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:52	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=152,DE)
164.92.193.182	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:56	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=182,DE)
164.92.194.109	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:21	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - Source Fire (IP=109,DE)
164.92.195.165	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:30	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=165, DE)
164.92.196.106	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:41	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - Sourcefire (IP=106,DE)
164.92.197.32	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:27	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=32,DE)
164.92.198.198	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:19	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=198,DE)
164.92.198.74	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:27	SQL injection - Web Attacks (IP=74,US)
164.92.199.100	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:44	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=100,DE)
164.92.200.146	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:22	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=146,DE)
164.92.201.142	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:37	SQL injection- 6hr Web Attacks (IP=142,US)
164.92.202.128	32	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:46	HTTP: PHP File InclusionVulnerability - Web Attacks (IP=128,US)
164.92.202.169	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:23	SQL injection - WebAttacks (IP=169,US)
164.92.202.238	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:42	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - Sourcefire Report (IP=238,DE)
164.92.203.145	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:27	SQL injection - 6Hr Web Attacks (IP=145,DE)
164.92.204.61	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:06	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=61,DE)
164.92.205.176	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:49	SQL injection - Web Attacks (IP=176,US)
164.92.206.11	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:22	SQL injection- 6hr Web Attacks (IP=11,DE)
164.92.207.133	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:48:58	SQL injection - 6hr Web Attacks (IP=133,DE)
164.92.208.144	32	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=144,US)
164.92.208.39	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:25	SQL Injection - 6Hr Web Attacks (IP=39,NL)
164.92.209.106	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:05	SQL injection- 6hr Web Attacks (IP=106,US)
164.92.209.168	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:11	SERVER-APACHE Apache Struts remote code execution attempt (1:39190:3) - Sourcefire (IP=168,NL)
164.92.209.168	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:23	SQL injection - Web Attacks (IP=168,US)
164.92.210.1	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:41	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=1,NL)
164.92.211.47	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:48:58	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=47,NL)
164.92.212.62	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:25	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54600:2) - Sourcefire (IP=62,NL)
164.92.213.62	24	KD	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-19 13:52:30	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt- Sourcefire (IP=62,NL)
164.92.214.126	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:47	SQL injection- 6hr Web Attacks (IP=126,NL)
164.92.214.43	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire Report (IP=43,US)
164.92.215.29	24	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:18	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=29,NL)
164.92.215.44	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:25	SQL injection - Web Attacks (IP=44,US)
164.92.215.57	32	AR	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-22 13:38:38	SQL injection - 6Hr Web Attack (IP=57,US)
164.92.216.250	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:47	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Source Fire (IP=250,NL)
164.92.217.104	24	RT	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:35	SQL injection - 6 HR WebAttack (IP=104,NL)
164.92.218.34	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:22	SQL injection - 6 Hr Web Report (IP=34,NL)
164.92.218.9	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 13:54:21	SQL injection - WebAttacks (IP=9,US)
164.92.219.126	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:49	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=126,NL)
164.92.221.181	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:30	SQL injection - Web Attacks (IP=181,US)
164.92.221.88	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:15	SQL injection - 6Hr Web Attacks (IP=88,NL)
164.92.222.197	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:33	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=197,NL)
164.92.223.184	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:05	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=183,NL)
164.92.224.203	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:59	SQL injection - 6Hr Web Attacks (IP=203,DE)
164.92.224.75	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:24	SQL injection - Web Attacks (IP=75,US)
164.92.225.189	24	TH	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:56	SQL injection - 6 Hr Web Report (IP=189,DE)
164.92.226.108	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:30	SQL injection - Web Attacks (IP=108,US)
164.92.226.128	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:30	SQL injection - Web Attacks (IP=128,US)
164.92.226.158	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:35	Adobe ColdFusion AdministratorAccess Restriction - Web Attacks (IP=158,DE)
164.92.226.250	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:50	SQL injection - Web Attacks (IP=250,US)
164.92.227.135	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:46	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=135,DE)
164.92.228.50	24	RR	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 13:56:12	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=50,DE)
164.92.229.109	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:57	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=109,DE)
164.92.229.124	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:52:58	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=124,DE)
164.92.229.218	32	RR	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability Web Attacks (IP=218,US)
164.92.229.242	32	RR	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	SQL injection - Web Attacks (IP=242,US)
164.92.231.18	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:52	HTTP: PHP File Inclusion Vulnerability- 6Hr Web Attacks(IP=18,DE)
164.92.232.45	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:08	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=45,DE)
164.92.233.199	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:06	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=199,DE)
164.92.234.41	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:58	SQL injection - Web Attacks (IP=41,US)
164.92.235.16	24	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire Report (IP=16,DE)
164.92.236.101	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:54	HTTP SQL Injection Attempt - WebAttacks (IP=101,US)
164.92.236.184	24	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:41	SQL injection - WebAttacks (IP=184,DE)
164.92.236.38	32	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=38,US)
164.92.237.161	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:41	SQL injection - 6hr Web Attacks (IP=161,DE)
164.92.238.78	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:23	SQL injection- 6hr Web Attacks (IP=78,DE)
164.92.239.185	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:42	SQL injection- Web Attacks (IP=185,DE)
164.92.240.65	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:59	SQL injection - 6Hr Web Attacks (IP=65,DE)
164.92.241.137	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:12	SQL injection- WebAttacks(IP=137,DE)
164.92.241.75	32	TH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:01	Threat Request // DT / SQLi attempts - IR#22C01820 (IP=75,US)
164.92.242.251	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:28	SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt - SourceFire (IP=251,DE)
164.92.244.178	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:31	SQL injection - Web Attacks (IP=178,US)
164.92.244.221	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:07	SERVER-APACHE Apache Struts remote code execution attempt (1:39191:3) - SourceFire (IP=221,DE)
164.92.245.241	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:56	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=241,DE)
164.92.247.66	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:48:59	SQL injection - 6hr Web Attacks (IP=66,DE)
164.92.248.7	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:51	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=7,DE)
164.92.249.25	24	DT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 23:42:54	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=25,DE)
164.92.250.21	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:50	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - SourceFire (IP=21,DE)
164.92.250.247	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:45	SQL injection - 6hr Web Attacks (IP=247,DE)
164.92.251.208	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:05	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=208,DE)
164.92.252.150	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:31	SQL injection - 6 Hr Web Report (IP=150,DE)
164.92.253.181	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:18	HIVE Case #7928 CTO 22-194 (IP=181,DE)
164.92.253.218	24	TH	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 23:14:34	SQL injection - 6 Hr Web Report (IP=218,DE)
164.92.255.166	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:47	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=166,DE)
164.92.64.132	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:31	SQL injection - Web Attacks (IP=132,US)
164.92.64.15	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:17	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=15,US)
164.92.64.153	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:53	SQL injection - 6hr Web Attacks (IP=153,US)
164.92.64.245	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:05	SQL injection - 6Hr Web Attacks (IP=245,US)
164.92.65.189	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:32	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=189,US)
164.92.65.255	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:07	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=255,US)
164.92.66.130	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:31	SQL injection - Web Attacks (IP=130,US)
164.92.66.14	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:32	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=14,US)
164.92.66.21	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:16	SQL injection - Web Attacks (IP=21,US)
164.92.66.234	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:06	SQL injection - Web Attacks (IP=234,US)
164.92.66.36	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:41	HTTP: PHP File Inclusion Vulnerability - IR# 22C01538 (IP=36 ,US)
164.92.66.49	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:47	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - SourceFire (IP=49, US)
164.92.67.156	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:16	SQL injection - Web Attacks (IP=156,US)
164.92.67.25	32	TH	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 22:41:27	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR#22C01063 - (IP=25,US)
164.92.67.57	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:43	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=57,US)
164.92.67.78	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:55	SQL injection - WebAttacks (IP=78,US)
164.92.68.15	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:06	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=15,US)
164.92.68.198	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:11	SQL injection - WebAttacks (IP=198,US)
164.92.68.240	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:43	HTTP: PHP File Inclusion Vulnerability - IR# 22C01547 (IP=240,US)
164.92.69.193	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:44	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=193,US)
164.92.69.194	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:44	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt (1:49257:2) - SourceFire (IP=194, US)
164.92.69.232	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:17	SQL injection - Web Attacks (IP=232,US)
164.92.69.240	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:44	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=240,US)
164.92.69.40	32	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:43	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt - WebAttacks (IP=40,US)
164.92.70.105	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:20	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=105,US)
164.92.70.140	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:24	SQL injection- 6hr Web Attacks (IP=140,US)
164.92.70.160	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:52	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=160,US)
164.92.70.215	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:32	Django SQL Injection Vulnerability - Web Attacks (IP=215,US)
164.92.70.55	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:53	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SourceFire (IP=55,US)
164.92.71.226	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:45	SERVER-OTHER PHP webshell upload attempt (1:49457:2) - SourceFire (IP=226,US)
164.92.71.37	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:57	SQL injection - Web Attacks (IP=37,US)
164.92.71.78	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:11	SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt - WebAttacks (IP=78,US)
164.92.72.104	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:39	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - SourceFire (IP=104,US)
164.92.72.147	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:17	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=147,US)
164.92.72.19	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:06	SQL injection - 6Hr Web Attacks (IP=19,US)
164.92.72.70	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:00	SQL injection Web Attacks (IP=70,US)
164.92.73.10	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:18	SQL injection - Web Attacks (IP=10,US)
164.92.73.126	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:18	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=126,US)
164.92.73.131	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:53	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=131,US)
164.92.73.252	32	WR	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-16 14:44:04	Webshell.Binary.php.FEC2 - FireEye CMS (IP=252,US)
164.92.74.132	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:38	SQL injection - Web Attacks (IP=132,US)
164.92.74.150	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:13	SQL injection - 6 Hr Web Report (IP=150,US)
164.92.74.158	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 13:55:53	SQL injection - 6hr Web Attacks (IP=158,US)
164.92.74.16	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:32	HIVE Case #7198 CTO 22-071 (IP=16,US)
164.92.74.189	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:07	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=189,US)
164.92.74.80	32	RS	None	2022-05-06 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:08	SQL injection - 6Hr Web Attacks (IP=80,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - SourceFire (IP=80,US)
164.92.75.0	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:48:58	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - SourceFire (IP=0,US)
164.92.75.66	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:02	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (1:51370:1) - SourceFire (IP=66,US)
164.92.76.198	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:39	SQL injection - Web Attacks (IP=198,US)
164.92.76.20	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:38	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=20,US)
164.92.76.239	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:36	SQL injection - Web Attacks (IP=239,US)
164.92.76.65	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:07	SQL injection - Web Attacks (IP=65,US)
164.92.76.78	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:42	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - Web Attacks (IP=78,US)
164.92.76.79	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:59	HIVE Case #7894 CTO 22-187 (IP=79,US)
164.92.77.100	32	TC	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 13:56:59	SQL injection - 6hr Web Attacks (IP=100,US)
164.92.77.141	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:17	HTTP SQL Injection Attempt - Web Attacks (IP=141,US)
164.92.77.158	32	KH	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 22:47:29	Hunt IP Block / DT Attempts - IR# 22C01978 (IP=158,US)
164.92.77.203	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:20	SQL injection - WebAttacks (IP=203,US)
164.92.77.210	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:33	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=210,US)
164.92.77.212	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:45	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=212,US)
164.92.77.247	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:45	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=247,US)
164.92.77.255	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:46	SQL generic sql insert injection attempt - POST parameter (1:15875:12) - SourceFire (IP=255,US)
164.92.77.55	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:46	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=55,US)
164.92.77.76	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:47	SQL injection - Web Attcks (IP=76,US)
164.92.77.94	32	AR	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-18 13:49:56	SQL injection - Web Attack (IP=94,US)
164.92.78.119	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:16:01	Possible Cross-site Scripting Attack - IPS Events (IP=119,US)
164.92.78.194	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:59	muieblackcat PHP Vulnerability Scanner - FE IPS Events (IP=194,US)
164.92.78.241	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:38	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=241,US)
164.92.78.242	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:37	Threat Request // DT / SQLi attempts - IR# 22C01641 (IP=242,US)
164.92.78.247	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:55	SQL injection - WebAttacks (IP=247,US)
164.92.78.33	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:11	SQL injection - 6 Hr Web Report (IP=33,US)
164.92.79.10	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:57	SQL injection - Web Attacks (IP=10,US)
164.92.79.19	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:33	ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (CVE-2021-44228) - SourceFire (IP=19,US)
164.92.79.232	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:20	SQL injection - 6Hr Web Attacks (IP=232,US)
164.92.79.44	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:36	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=44,US)
164.92.79.79	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:21	SQL injection - 6 Hr Web Report (IP=79,US)
164.92.80.149	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:06	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=149,US)
164.92.80.158	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:42	SQL injection - 6Hr Web Attacks (IP=158,US)
164.92.80.167	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:31	rConfig SQL Injection Vulnerability - Web Attacks (IP=167,US)
164.92.80.201	32	SW	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:06	File /etc/passwd Access Attempt Detect - IPS Events(IP=201,US)
164.92.81.103	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:41	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=103,US)
164.92.81.146	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:53	SERVER-WEBAPP eMerge E3 Access Controller command injection attempt - SourceFire (IP=146,US)
164.92.81.148	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:10	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=148,US)
164.92.81.15	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 22:46:08	FIREEYE Web: Infection Match - FE CMS (IP=15,US)
164.92.81.154	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:42	SQL injection - Web Attacks (IP=154,US)
164.92.81.157	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:37	Threat Request // DT / SQLi attempts - IR# 22C01641 (IP=157,US)
164.92.81.186	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:41	SQL injection - 6 Hr Web Report (IP=186,US)
164.92.81.21	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:28	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - SourceFire (IP=21,US)
164.92.81.218	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:16	SQL Injection Attempt - 6HR WebAttacks (IP=218,US)
164.92.81.241	32	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:45	SQL injection - WebAttacks (IP=241,US)
164.92.81.39	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:08	File /etc/passwd Access Attempt Detect - IPS Events (IP=39,US)
164.92.81.62	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:29	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire (IP=62,US)
164.92.82.107	32	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:21	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=107,US)
164.92.82.125	32	RT	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 22:46:54	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire Report (IP=125,US)
164.92.82.155	32	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:53	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=155,US)
164.92.82.195	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:44	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=195,US)
164.92.83.182	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:06	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt - SourceFire (IP=182,US)
164.92.83.2	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:02	SQL injection - Web Attacks (IP=2,US)
164.92.83.203	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:04	SQL injection - WebAttacks (IP=203,US)
164.92.83.80	32	RS	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:17	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=80,US)
164.92.84.171	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:01	SQL injection Web Attacks (IP=171,US)
164.92.84.192	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:49	SQL injection - 6hr Web Attacks (IP=192,US)
164.92.84.214	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:27	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=214,US)
164.92.84.22	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:37	POLICY-OTHER Adobe ColdFusion admin interface access attempt (1:25975:3) - Source Fire (IP=22,US)
164.92.84.73	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:43	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=73,US)
164.92.85.161	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:06	SQL injection - WebAttacks (IP=161,US)
164.92.85.203	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:19	SQL injection - WebAttacks (IP=203,US)
164.92.85.53	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:50	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (1:50646:1) - SourceFire (IP=53,US)
164.92.85.8	32	AR	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 13:44:44	SQL injection - 6 hr web attacks (IP=8,US)
164.92.85.86	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:38	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - SourceFire (IP=86,US)
164.92.86.13	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:07	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=13, US)
164.92.86.146	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:22	SQL injection - Web Attacks (IP=146,US)
164.92.86.174	32	AR	None	2022-05-20 00:00:00	2022-08-19 00:00:00	2022-05-20 13:47:43	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=174,US)
164.92.86.205	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:48	SQL injection - WebAttacks (IP=205,US)
164.92.86.210	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:11	SQL injection - Web Attacks (IP=21,US)
164.92.87.101	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:41	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=101,US)
164.92.87.109	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:36	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=109,US)
164.92.87.125	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:07	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=125,US)
164.92.87.226	32	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:00	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=226,US)
164.92.87.236	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:57	SQL injection - 6hr Web Attacks (IP=236,US)
164.92.87.70	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:06	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=70,US)
164.92.88.133	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:48	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=133,US)
164.92.88.202	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:06	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=202,US)
164.92.88.214	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:58	SQL injection - Web Attacks (IP=214,US)
164.92.88.215	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:54	SQL injection - 6hr Web Attacks (IP=215,US)
164.92.88.226	32	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 22:41:17	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=226,US)
164.92.88.233	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:22	SQL injection - 6hr Web Attacks (IP=233,US)
164.92.88.59	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:04	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=59,US)
164.92.89.145	32	TC	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 13:57:00	SQL injection - 6hr Web Attacks (IP=145,US)
164.92.89.175	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:36	File /etc/passwd Access Attempt Detect - FE CMS IPS alert (IP=175,US)
164.92.89.245	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:47	SQL injection - Web Attcks (IP=245,US)
164.92.90.154	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:37	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=154,US)
164.92.90.59	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:13	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - SourceFire (IP=59, US)
164.92.91.7	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:01	SERVER-APACHE Apache Struts remote code execution attempt - Sourcefire (IP=7,US)
164.92.91.87	32	AR	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 13:49:53	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=87,US)
164.92.92.12	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:01	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) SourceFire (IP=12,US)
164.92.92.147	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:05	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=147,US)
164.92.92.17	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:15	SQL injection - Web Attacks (IP=17,US)
164.92.92.188	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:17	SQL injection - Web Attacks (IP=188,US)
164.92.92.227	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:54	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=227,US)
164.92.93.150	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:02	SQL injection - Web Attacks (IP=150,US)
164.92.93.166	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:57	SQL injection - 6Hr Web Attacks (IP=166,US)
164.92.93.8	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:33	SQL injection - WebAttacks (IP=8,US)
164.92.93.93	32	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:40	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=93,US)
164.92.94.129	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:20	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=129,US)
164.92.94.153	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:34	SQL injection - Web Attacks (IP=153,US)
164.92.94.207	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:39	SQL injection - 6hr Web Attacks (IP=207,US)
164.92.94.244	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:27	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Sourcefire Rpt (IP=244,US)
164.92.95.132	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:17	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=132,US)
164.92.95.149	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:57	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - SourceFire (IP=149,US)
164.92.95.181	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:32	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - SourceFire (IP=181,US)
164.92.95.191	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:49	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=191,US)
164.92.95.202	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:09	File /etc/passwd Access Attempt Detect - IPS Events (IP=202,US)
164.92.95.41	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:58	SQL injection - 6 Hr Web Report (IP=41,US)
164.92.96.207	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:55	SERVER-WEBAPP Webmin password_change command injection attempt (1:51488:1) - SourceFire (IP=207,US)
164.92.96.48	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:50	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - 6Hr Web Attacks (IP=48,US)
164.92.96.91	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:48	SQL injection- 6hr Web Attacks (IP=91,US)
164.92.97.10	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:48	SQL injection - Web Attacks (IP=10,US)
164.92.97.130	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:07	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=130,US)
164.92.97.178	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:49	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=178,US)
164.92.98.106	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:58	SQL injection - Web Attacks (IP=106,US)
164.92.98.116	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:11	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=116,US)
164.92.98.124	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:23	SQL injection - Web Attacks (IP=124,US)
164.92.98.158	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:00	SQL injection - WebAttacks (IP=158,US)
164.92.98.33	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:14	SQL injection - Web Attacks (IP=33,US)
164.92.98.87	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:05	SQL injection - WebAttacks (IP=87,US)
164.92.99.106	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:16	SQL injection - 6HR Web Attacks (IP=106,US)
164.92.99.117	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:33	SERVER-WEBAPP D-Link Routers command injection attempt (1:59072:1) - SourceFire (IP=117,US)
164.92.99.230	32	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:04	SQL use of sleep function with select - likely SQL injection (1:37443:2) - SourceFire (IP=230, US)
164.92.99.6	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:16	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (1:49499:1) - SourceFire Report (IP=6,US)
1646932905.ujsd.jumperctin.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:37	HIVE Case #6042 TO-S-2021-1484
165.154.230.211	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:50	HIVE Case #7820 CTO 22-174 (IP=211,KR)
165.154.233.244	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:21	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR# 22C01651 (IP=244,CA)
165.154.240.128	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:10	HIVE Case #8395 TO-S-2022-0233 (IP=128,GB)
165.154.240.58	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:17	HIVE Case #7928 CTO 22-194 (IP=58,GB)
165.154.253.98	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:03	HIVE Case #7807 CTO 22-169 (IP=98,TW)
165.154.52.0	17	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:07	HIVE Case #7826 TO-S-2022-0203 (IP=0,KR)
165.154.52.41	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:50	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=41,KR)
165.154.58.43	24	EE	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:47	HIVE Case #7697 IOC_CVE-2022-30190_Follina_Zero-Day (IP=43,PH)
165.154.70.51	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:51	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=51,HK)
165.16.62.65	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 14:46:03	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=65,LY)
165.16.62.65	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 18:18:40	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=65,LY)
165.16.62.65	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 18:19:57	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=65,LY)
165.16.62.65	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:39	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=65,LY)
165.16.62.65	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:47:33	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=65,LY)
165.16.62.65	24	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:47:41	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=65,LY)
165.160.15.20	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:52	HIVE Case #7768 CTO 22-161 (IP=20,US)
165.22.100.216	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=216,SG)
165.22.101.210	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:38	SQL injection - 6Hr Web Attacks (IP=210,SG)
165.22.102.19	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:41	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=19,SG)
165.22.103.178	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:38	SQL injection- 6hr Web Attacks (IP=178,SG)
165.22.104.72	24	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:52	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=72,SG)
165.22.105.59	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:53	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=59,SG)
165.22.108.6	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:58	SQL injection - Web Attacks (IP=6,SG)
165.22.109.207	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:47	SQL injection - Web Attacks (IP=207,SG)
165.22.110.45	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:06	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - SourceFire (IP= 45,SG)
165.22.112.220	24	ZH	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=220,GB)
165.22.113.166	24	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:14	SQL injection - Web Attacks (IP=166,GB)
165.22.115.49	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:54	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=49,GB)
165.22.115.62	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:48	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire Report (IP=62,GB)
165.22.116.182	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:52:02	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attacks (IP=182,GB)
165.22.117.90	24	AR	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-05-01 13:52:40	SQL injection - 6Hr Web Attacks (IP=90,GB)
165.22.119.109	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=109,GB)
165.22.119.143	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:08	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (3:57769:1) - SourceFire (IP=143, GB)
165.22.120.150	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:37	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=150,GB)
165.22.121.51	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:27	SQL injection - 6 Hr Web Report (IP=51,GB)
165.22.122.146	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:56:01	SQL injection - Web Attacks (IP=146,GB)
165.22.123.238	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:16	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=238,GB)
165.22.124.40	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:58	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=40,GB)
165.22.125.121	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:18	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59299:1) - SourceFire (IP=
165.22.126.87	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:47	SQL injection - Web Attacks (IP=87,GB)
165.22.127.152	24	TH	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	HTTP Request Brute Force Attack - 6 Hour Failed Logons (IP=152,GB)
165.22.151.166	32	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:02	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=166,US)
165.22.183.152	32	DT	None	2021-10-08 00:00:00	2022-01-10 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00102
165.22.186.217	32	AR	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:25	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=217,US)
165.22.19.86	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:49	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=86,DE)
165.22.192.47	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:43	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=47,NL)
165.22.193.109	24	TH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:11	Exploit.Log4Shell.CVE-2021-44228 - FE CMS Alerts (IP=109,NL)
165.22.194.153	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:18	SQL injection - Web Attacks (IP=153,NL)
165.22.199.89	24	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:21	SQL injection - WebAttacks (IP=89,NL)
165.22.200.42	24	SW	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:09	File /etc/passwd Access Attempt Detect - IPS Events(IP=42,NL)
165.22.200.42	24	ZH	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:24	FIREEYE Web: Log4j attempt (IP=42,NL)
165.22.201.37	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:38	SQL injection - 6HR WebAttack (IP=37,NL)
165.22.202.31	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:10	HTTP: PHP File Inclusion Vulnerability- 6hr web attacks (IP=31,NL)
165.22.203.159	24	WR	None	2022-04-02 00:00:00	2022-06-30 00:00:00	2022-04-02 23:04:57	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - Sourcefire (IP=159,NL)
165.22.204.172	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:32	SQL Injection - Web Attacks(IP=172,NL)
165.22.205.12	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:48	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=12,NL)
165.22.207.196	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:23	SQL injection - 6hr web attacks (IP=196,NL)
165.22.208.233	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:29	SQL injection - 6hr Web Attacks (IP=233,IN)
165.22.21.19	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:53	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01360 (IP=19,US)
165.22.211.226	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:24	SQL injection - Web Attacks (IP=226,IN)
165.22.214.244	24	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:20	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=244,IN) | updated by RR Block expiration extended with reason SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=244,IN)
165.22.215.165	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:35	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attack (IP=165,IN)
165.22.216.201	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:09	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=201,IN)
165.22.217.245	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:42	SQL injection - Web Attacks (IP=245,IN)
165.22.218.180	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:25	SQL injection - Web Attacks (IP=180,IN)
165.22.219.213	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:23	SQL injection - Web Attacks (IP=213,IN)
165.22.22.95	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:38	HIVE Case #7380 CTO 22-099 (IP=95,DE)
165.22.221.7	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:14	HTTP: SQL Injection - Exploit- WebAttacks(IP=7,IN)
165.22.223.101	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:44	SQL injection - 6hr Web Attacks (IP=101,IN)
165.22.224.208	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:15	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=208,CA)
165.22.225.48	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:42	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:49503:1) - Source Fire (IP=48,CA)
165.22.226.140	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:13	Possible Cross-site Scripting Attack - FE NX (IP=140,CA)
165.22.227.177	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:39	SQL injection - 6HR WebAttack (IP=177,CA)
165.22.228.51	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:42	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=51,CA)
165.22.229.204	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:39	SQL injection- Web Attacks (IP=204,CA)
165.22.229.226	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=226,CA)
165.22.23.103	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:06	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=103,DE)
165.22.231.194	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:52:59	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - SourceFire (IP=194,CA)
165.22.232.58	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:55	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:50015:1) - SourceFire (IP=58,CA)
165.22.233.119	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:29	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=119,CA)
165.22.234.18	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:29	SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (1:52355:1) - SourceFire (IP=18, CA)
165.22.235.160	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:45	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=160,CA)
165.22.236.132	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:52:59	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt - SourceFire (IP=132,CA)
165.22.237.223	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:31	SQL injection - 6hr web attacks (IP=223,CA)
165.22.237.61	24	AR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:49	SQL injection - 6Hr Web Attack (IP=61,CA)
165.22.238.171	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:28	SQL injection - 6hr Web Attacks (IP=171,CA)
165.22.239.83	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:32	SQL injection - 6hr web attacks (IP=83,CA)
165.22.239.93	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:19	SQL injection - Web Attacks (IP=93,CA)
165.22.24.40	24	KH	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:49	File /etc/passwd Access Attempt Detect - FE CMS (IP=40,DE)
165.22.240.72	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:08	SQL injection - WebAttacks (IP=72,SG)
165.22.243.246	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:43	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=246,SG)
165.22.244.68	24	RT	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 14:15:46	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=68,SG)
165.22.245.176	24	KH	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:40	SQL injection - Web Attacks (IP=176,SG)
165.22.248.154	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:08	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=154,SG)
165.22.25.181	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:58	SQL injection - 6Hr Web Attacks (IP=181,DE)
165.22.250.40	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:43	SIPVicious Security Scanner - FE IPS Events (IP=250,SG)
165.22.253.252	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:15	HTTP: SQL Injection - Exploit II - WebAttacks (IP=252,SG)
165.22.255.202	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:47	SQL injection - Web Attacks (IP=202,SG)
165.22.255.94	24	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:14	SQL injection - Web Attacks (IP=94,SG)
165.22.255.94	24	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:14	SQL injection - Web Attacks (IP=94,SG)
165.22.27.226	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:37	SQL injection - Web Attacks (IP=226,DE)
165.22.28.165	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:01	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=165,DE)
165.22.29.15	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:38:59	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt - Sourcefire (IP=15,DE)
165.22.33.52	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:44	SQL injection - 6Hr Web Attacks (IP=52,US)
165.22.35.138	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:33	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt - Sourcefire (IP=138,US)
165.22.36.234	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:33	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=234,US)
165.22.37.127	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:28	SQL injection - 6hr Web Attacks (IP=127,US)
165.22.37.229	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:48	SQL injection - Web Attcks (IP=229,US)
165.22.37.94	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:53	SQL injection - 6HR Web Attacks (IP=94, US)
165.22.38.180	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:35	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=180,US)
165.22.38.58	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:43	SQL injection - 6Hr Web Attacks (IP=58,US)
165.22.39.172	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:59	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (1:56990:1) - SourceFire (IP=172,US)
165.22.40.232	32	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:37	SQL use of sleep function in HTTP header - likely SQL injection attempt - Web Attacks (IP=232,US)
165.22.41.112	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:56:00	SQL injection - Web Attacks (IP=112,US)
165.22.42.50	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:54	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=50,US)
165.22.42.57	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:21	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - SourceFire (IP=57,US)
165.22.42.72	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:23	SQL injection - Web Attacks (IP=72,US)
165.22.43.136	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:38	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Source Fire (IP=136,US)
165.22.43.25	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:24	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=25, US)
165.22.44.200	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:15	SQL injection - 6Hr Web Attack (IP=200,US)
165.22.45.57	32	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:18	SQL injection - Web Attacks (IP=57,US)
165.22.46.156	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:43	SQL injection - 6Hr Web Attacks (IP=156,US)
165.22.46.41	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:49	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire (IP=41,US)
165.22.46.42	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:48	SQL injection - Web Attacks (IP=42,US)
165.22.46.48	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:56	SQL injection - WebAttacks (IP=48,US)
165.22.47.233	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:44	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=233, US)
165.22.47.239	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:07	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt - SourceFire (IP=239,US)
165.22.47.241	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:09	SQL union select - possible sql injection attempt - POST parameter - SourceFire (IP=241,US)
165.22.47.42	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:31	SQL injection - 6hr Web Attacks (IP=42,US)
165.22.48.197	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:26	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - SourceFire (IP=197,SG)
165.22.49.163	24	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:36	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=163,SG)
165.22.50.246	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:39	SQL injection - 6HR WebAttack (IP=246,SG)
165.22.52.199	24	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:29	SHTTP: SQL Injection - Exploit II- Web Attacks (IP=199,SG)
165.22.53.147	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:10	SQL injection - WebAttacks (IP=147,SG)
165.22.55.155	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:10	HTTP: PHP File Inclusion Vulnerability- 6hr web attacks (IP=155,SG)
165.22.58.196	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:37	SQL injection - 6Hr Web Attacks (IP=196,SG)
165.22.59.245	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:54	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=245,SG)
165.22.60.124	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:22	SQL injection - 6hr web attacks (IP=124,SG)
165.22.61.171	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:37	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - Sourcefire (IP=171,SG)
165.22.62.197	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:02	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=197,SG)
165.22.63.134	24	RT	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:36	SQL injection - 6 HR WebAttack (IP=134,SG)
165.22.67.55	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:16	SQL injection - 6Hr Web Attacks (IP=55,DE)
165.22.68.140	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:10	SQL injection - 6 Hr Web Report (IP=140,DE)
165.22.70.197	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:16	SQL injection - 6Hr Web Attacks (IP=197,DE)
165.22.72.213	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:20	SQL injection - WebAttacks (IP=213,DE)
165.22.72.35	32	DT	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR# 22C00940
165.22.73.143	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:28	SQL injection - 6hr Web Attacks (IP=143,DE)
165.22.75.154	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:59	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt (1:58863:1) - SourceFire (IP=154,DE)
165.22.77.215	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:48:00	SQL injection - 6Hr Web Attacks (IP=215,DE)
165.22.78.67	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:38	HIVE Case #7380 CTO 22-099 (IP=67,DE)
165.22.79.248	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:03	HTTP: SQL Injection - Exploit II - WebAttacks (IP=248,DE)
165.22.80.81	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:47:00	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=81,DE)
165.22.81.182	24	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:20	SQL injection - Web Attacks (IP=182,DE)
165.22.84.10	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:23	SQL injection (IP=10,DE)
165.22.87.154	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:16	SQL injection - 6Hr Web Attacks (IP=154,DE)
165.22.87.221	32	JP	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:22	Multiple IPs Block - IR# 22C01923 (IP=221,DE)
165.22.89.199	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:00	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=199,DE)
165.22.90.46	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:58	SQL injection - 6Hr Web Attacks (IP=46,DE)
165.22.93.41	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:49	SQL injection - 6hr Web Attacks (IP=41,DE)
165.22.96.39	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:48	SQL injection - Web Attacks (IP=39,SG)
165.22.96.46	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:46	HIVE Case #7380 CTO 22-099 (IP=46,SG)
165.22.99.162	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:26	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Source Fire (IP=162,SG)
165.227.10.212	32	WR	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:23	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - Sourcefire (IP=212,US)
165.227.101.153	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:11	SQL injection - Web Attacks (IP=153,US)
165.227.101.158	32	TH	None	2022-08-28 00:00:00	2022-11-27 00:00:00	2022-08-29 13:57:20	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire Report (IP=158,US) | updated by TH Block expiration extended with reason SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire Report (IP=158,US)
165.227.101.188	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:37	SQL injection - WebAttacks (IP=188,US)
165.227.101.30	32	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:46	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=30,US)
165.227.102.235	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:02	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=235,US)
165.227.102.250	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:12	HIVE Case #8328 TO-S-2022-0230 (IP=250,US)
165.227.102.29	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=29,US)
165.227.103.179	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:29	SQL injection - 6HR Web Attacks (IP=179,US)
165.227.105.234	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:08	SQL injection - 6Hr Web Attacks (IP=234,US)
165.227.105.97	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:28	SERVER-WEBAPP Facade Ignition remote code execution attempt - SourceFire (IP=97,US)
165.227.106.199	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:24	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=199,US)
165.227.107.139	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:33	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=139,US)
165.227.107.247	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:44	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - SourceFire Report (IP=247,US)
165.227.107.248	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:09	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=32,US)
165.227.107.6	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:09	SQL injection - WebAttacks (IP=6,US)
165.227.109.151	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:38	SQL injection - Web Attacks (IP=151,US)
165.227.109.207	32	RS	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:04	Exploit.CVE-2021-44228 - ApacheLog4j2 - Case 6651 (IP=207,US)
165.227.110.118	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:51	SQL injection - 6 Hr Web Report (IP=118,US)
165.227.110.189	32	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:13	SQL injection- WebAttack (IP=189,US)
165.227.110.72	32	AR	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-02 13:32:49	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=72,US)
165.227.111.117	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:56	SQL injection - WebAttacks (IP=117,US)
165.227.112.122	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=122,US)
165.227.112.85	32	RB	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 22:44:37	HTTP: PHP File Inclusion Vulnerability - IR# 22C01961 (IP=85,US)
165.227.112.86	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:53	SQL injection - WebAttacks (IP=86,US)
165.227.114.157	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:09	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - Web Attacks (IP=157,US)
165.227.114.169	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:26	SQL injection - WebAttacks (IP=169,US)
165.227.114.232	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:10	SQL injection - 6Hr Web Attacks (IP=232,US)
165.227.115.255	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:09	CVE-2020-10148 SolarWinds Orion Authentication Bypass attempt - SourceFire (IP=255,US)
165.227.116.232	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:56	SQL injection - 6 Hr Web Report (IP=232,US)
165.227.117.157	32	IJ	None	2022-09-30 00:00:00	2022-12-30 00:00:00	2022-09-30 13:47:40	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - 6 Hr Web Attacks Report (IP=157,US)
165.227.117.61	32	ZH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:05	Webshell.Binary.php.FEC2 - FE NX (IP=61,US)
165.227.118.142	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:54	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=142, US)
165.227.118.254	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 13:54:47	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=254,US)
165.227.118.39	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:33	SQL injection - Web Attacks (IP=39,US)
165.227.118.39	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:41:22	SQL injection - Web Attacks (IP=39,US)
165.227.119.138	32	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:23	SQL injection - Web Attacks (IP=138,US)
165.227.120.110	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:39	SQL injection - Web Attacks (IP=110,US)
165.227.120.194	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:09	SQL injection - WebAttacks (IP=194,US)
165.227.121.149	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:53	SQL injection - 6Hr Web Attack (IP=149,US)
165.227.122.172	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:04	SQL injection - 6 Hr Web Report (IP=172,US)
165.227.122.49	32	RR	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:34	SQL injection - Web Attacks (IP=49,US)
165.227.122.75	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:05	Malicious activity IR#: 22C01951 (IP=75,US)
165.227.123.132	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:15	rConfig SQL Injection Vulnerability - 6 Hr Web Report (IP=132,US)
165.227.123.94	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:17	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=94,US)
165.227.125.122	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:17	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=122,US)
165.227.126.177	32	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:41	SQL injection - WebAttacks (IP=177,US)
165.227.126.230	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:50	SQL injection - 6 Hr Web Report (IP=230,US)
165.227.127.236	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 22:46:05	SERVER-WEBAPP Zimbra directory traversal remote code execution attempt - WebAttacks (IP=236,US)
165.227.128.116	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:39	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=116,DE)
165.227.129.59	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:58	SQL injection - 6Hr Web Attacks (IP=59,DE)
165.227.13.151	32	TH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:13	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass Scanner or Short-Description: FAIR_FIELD2_IPS IR#: 22C01611 (IP=151,US)
165.227.131.75	32	RW	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00222 (IP=75,US)
165.227.132.17	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=17,DE)
165.227.133.53	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:34	HTTP SQL Injection Attempt - Web Attacks (IP=53,DE)
165.227.133.8	32	RB	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 22:44:39	Hunt IP Blocks / DT attempts - IR# 22C01963 (IP=8,US)
165.227.137.222	32	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:55:03	HTTP: PHP File Inclusion Vulnerability - IR#22C01007(IP=222,US)
165.227.139.252	24	DT	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=252,DE)
165.227.140.148	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:09	SQL injection - WebAttacks (IP=148,DE)
165.227.141.167	24	TC	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:15	SQL injection - Web Attacks (IP=167,DE)
165.227.142.116	24	RR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:47	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=116,DE)
165.227.144.161	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:14	rConfig SQL Injection Vulnerability - Web Attacks (IP=161,DE)
165.227.145.153	24	BB	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=153,DE)
165.227.146.7	24	JY	None	2022-09-26 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:33	SERVER-WEBAPP LG N1A1 NAS command injection attempt - 6hr web attacks (IP=07,DE)
165.227.147.6	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:10	SERVER-WEBAPP Harbor Project Harbor admin account creation attempt - SourceFire (IP=6,DE)
165.227.148.239	24	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:07	Exploit.Log4Shell.CVE-2021-44228 - FE NX Alerts (IP=239,DE)
165.227.149.60	24	SW	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:31	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - WebAttacks (IP=60,DE)
165.227.151.203	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:43	SQL injection - Web Attacks (IP=203,DE)
165.227.152.5	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:02	SIPVicious Security Scanner - FE IPS (IP=5,DE)
165.227.153.161	24	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:06	SQL injection - Web Attacks (IP=161,DE)
165.227.157.239	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:17	SQL injection - WebAttacks (IP=239,DE)
165.227.158.132	24	AR	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	Automattic WooCommerce Blocks WordPress Plugin Store API SQL Injection Vulnerability - 6HR Web Attacks (IP=132,DE)
165.227.159.107	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:49	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt - SourceFire (IP=107,DE)
165.227.160.112	24	DT	None	2022-01-04 00:00:00	2022-04-05 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=112,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - SourceFire (IP=112,DE) SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - SourceFire (IP=112,DE)
165.227.160.112	24	RR	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=112,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - SourceFire (IP=112,DE) SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - SourceFire (IP=112,DE)
165.227.162.187	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:31	4640 HTTP PHP Code Injection - IR# 22C01672 (IP=187,US)
165.227.164.255	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:50	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=255,DE)
165.227.165.19	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:43	SQL injection - Web Attacks (IP=19,DE)
165.227.166.156	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:24	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (1:47831:1) - Sourcefire Report (IP=,DE)
165.227.167.111	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:24	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - Sourcefire Report (IP=,DE)
165.227.169.218	24	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:27	SQL injection - WebAttacks (IP=218,DE)
165.227.169.249	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:03	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt (1:58863:1) - SourceFire (IP=249,DE)
165.227.17.22	32	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=22,US)
165.227.171.52	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:42	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - Sourcefire (IP=52,DE)
165.227.172.57	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:49	SQL injection - Web Attacks (IP=57,DE)
165.227.178.217	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:47	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=217,US)
165.227.178.25	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:02	SQL injection - WebAttacks (IP=25,US)
165.227.179.201	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:44	SQL injection - 6Hr Web Attacks (IP=210,US)
165.227.179.253	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:02	SQL injection Web Attacks (IP=253,US)
165.227.179.74	32	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 13:48:28	SQL Injection - 6HR Web Attacks (IP=74,US)
165.227.179.8	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=8,US)
165.227.18.8	32	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=8,US)
165.227.180.156	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:27	SERVER-WEBAPP RevSlider information disclosure attempt (1:34194:4) - Sourcefire (IP=156,US)
165.227.181.220	32	RS	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:56	Possible Cross-site Scripting Attack - IPS Events (IP=220,US)
165.227.185.114	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:48	SQL injection - Web Attcks (IP=114,US)
165.227.185.21	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:12	SQL injection - Web Attacks (IP=247,US)
165.227.185.46	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:50	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - SourceFire (IP=46,US)
165.227.186.166	32	ZH	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:34	Directory Traversal attempts - Imperva (IP=166,US)
165.227.186.60	32	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:11	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=60,US)
165.227.186.72	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:31	SQL injection - Web Attacks (IP=72,US)
165.227.187.108	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:25	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=108,US)
165.227.187.158	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 22:41:55	SQL injection - 6HR Web Attacks (IP=158, US)
165.227.188.105	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:57	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=105,US)
165.227.188.182	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:29	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=182,US)
165.227.189.12	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:41	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=12,US)
165.227.189.177	32	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 13:55:49	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=177,US)
165.227.190.179	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:01	SQL injection - 6Hr Web Attacks (IP=179,US)
165.227.190.29	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:20	SQL injection - Web Attacks (IP=29,US)
165.227.191.15	32	AR	None	2022-05-13 00:00:00	2022-08-13 00:00:00	2022-05-16 15:21:20	SQL injection - WebAttacks (IP=15,US)
165.227.191.152	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:56:00	SQL injection - Web Attacks (IP=152,US)
165.227.191.65	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:43	SQL injection - 6hr Web Attacks (IP=65,US)
165.227.194.150	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:10	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=150,US)
165.227.194.52	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:32	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=52,US)
165.227.195.163	32	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:05	SQL injection - 6 Hr Web Report (IP=163,US)
165.227.195.98	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:54	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=98,US)
165.227.198.12	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:27	SQL injection - WebAttacks (IP=12,US)
165.227.199.53	32	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 22:41:19	SQL injection - 6hr Web Attacks (IP=53,US)
165.227.200.214	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:38	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Source Fire (IP=214,US)
165.227.200.252	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:46	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - Sourcefire Rpt (IP=252,US)
165.227.203.95	32	RR	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00079 (IP=95,US)
165.227.205.119	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:40	SQL injection - Web Attacks (IP=119,US)
165.227.205.222	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:39	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=222,US)
165.227.206.158	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:14	SQL injection - Web Attacks (IP=158,US)
165.227.206.168	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:51	SQL injection - 6hr Web Attacks (IP=168,US)
165.227.206.200	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:26	SQL injection - 6hr Web Attacks (IP=200,US)
165.227.207.225	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:39	SQL injection - 6Hr Web Attacks (IP=225,US)
165.227.209.1	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:40	SQL injection - 6hr Web Attacks (IP=1,US)
165.227.209.142	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:24	CVE 2021-44228 (1:40140200:1) - SourceFire (IP=142, US)
165.227.211.111	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:10	HTTP SQL Injection Attempt - WebAttacks (IP=111,US)
165.227.211.116	32	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:43	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=116,US)
165.227.211.55	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:56	SQL Injection- Web Attacks (IP=55,US)
165.227.212.218	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:07	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=218,US)
165.227.212.236	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:40	SQL injection - Web Attacks (IP=236,US)
165.227.212.29	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:39	SQL injection - 6hr Web Attacks (IP=29,US)
165.227.212.62	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44229 (IP=62,US)
165.227.214.171	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=171,US)
165.227.214.215	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:53	SQL injection - 6 Hr Web Report (IP=215,US)
165.227.214.73	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:40	SQL injection - 6Hr Web Attacks (IP=73,US)
165.227.214.92	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:54	SQL injection - WebAttacks (IP=92,US)
165.227.216.141	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:47:04	SQL injection - 6Hr Web Attacks (IP=141,US)
165.227.216.222	32	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:51	SQL injection - Web Attacks (IP=222,US)
165.227.216.24	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:25	HTTP SQL Injection Attempt - Web Attacks (IP=24,US)
165.227.216.50	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:27	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (1:50304:2) - SourceFire (IP=50,US)
165.227.217.251	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:29	SQL injection - Web Attacks (IP=251,US)
165.227.217.38	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:44	SQL injection - 6HR Web Attacks (IP=38,US)
165.227.218.180	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:49	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=180,US)
165.227.218.225	32	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:24	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch - SourceFire (IP=225,US)
165.227.222.149	32	JY	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 22:55:48	SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (1:58834:1)-Sourcefire (IP=149,US)
165.227.222.217	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:30	SQL injection - 6HR Web Attacks (IP=217,US)
165.227.222.5	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:20	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=5,US)
165.227.223.163	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:22	SQL injection - Web Attacks (IP=163,US)
165.227.223.62	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:18	SQL injection - 6Hr Web Attacks (IP=62,US)
165.227.223.92	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:00	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt (1:58863:1) - SourceFire (IP=92,US)
165.227.224.105	24	RR	None	2022-04-13 00:00:00	2022-07-21 00:00:00	2022-04-13 13:46:20	Apache Log4j CVE-2021-44228 Remote Code Execution - Case 6651 (IP=105,GB)
165.227.224.133	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:16	SQL injection - WebAttacks (IP=133,GB)
165.227.224.133	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:19	SQL injection - WebAttacks (IP=133,GB)
165.227.225.219	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:08	HTTP SQL Injection Attempt - 6HR WebAttacks (IP=219,GB)
165.227.227.230	24	DT	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-30 13:47:02	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - Sourcefire (IP=230,GB)
165.227.227.243	32	DT	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-11 13:46:50	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01356 (IP=243, GB)
165.227.227.243	32	DT	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-11 13:46:50	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01356 (IP=243, GB) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01356 (IP=243, GB)
165.227.227.95	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:39	HIVE Case #7110 CTO 22-057 (IP=95,GB)
165.227.228.18	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:53	SQL injection - 6 Hr Web Report (IP=18,GB)
165.227.231.24	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:46	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - Sourcefire Rpt (IP=24,GB)
165.227.232.211	24	NAB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:28	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=211,GB)
165.227.233.229	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:04	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=229,GB)
165.227.235.153	24	RT	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-21 13:44:39	rConfig SQL Injection Vulnerability - 6 HR WebAttack (IP=153,GB)
165.227.236.242	24	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:53	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - WebAttacks (IP=242,GB)
165.227.236.84	24	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 22:32:24	SQL injection - Web Attacks (IP=84,GB)
165.227.237.195	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:49	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attcks (IP=195,GB)
165.227.238.211	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=211,GB)
165.227.239.48	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:03	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=48,GB)
165.227.3.14	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=14,US)
165.227.32.49	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:50	SQL injection - Web Attcks (IP=49,CA)
165.227.33.243	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:32	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=243,CA)
165.227.34.247	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:14	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - Sourcefire (IP=247,CA)
165.227.34.247	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:38:05	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=247,CA)
165.227.35.14	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:10	SQL injection - 6Hr Web Attacks (IP=14,CA)
165.227.36.143	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:04	SQL injection - 6hr web attacks (IP=143,CA)
165.227.36.209	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:21	SQL injection - 6hr web attacks (IP=209,CA)
165.227.37.131	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:43	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=131,CA)
165.227.38.41	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:38	SQL injection- 6hr Web Attacks (IP=41,CA)
165.227.4.218	32	DT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C00903 (IP=218,US)
165.227.40.47	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:24	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=47,CA)
165.227.41.148	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:50	HTTP SQL Injection Attempt - Web Attacks (IP=148,CA)
165.227.42.16	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:11	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=16, CA)
165.227.43.115	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:05	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=115,CA)
165.227.43.165	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:56	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - SourceFire (IP=165,CA)
165.227.44.76	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:31	SQL injection - 6 Hr Web Report (IP=76,CA)
165.227.45.103	24	DT	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-08 13:46:31	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Source Fire (IP=211,CA)
165.227.47.49	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=49,CA)
165.227.52.241	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:08	Microsoft IIS Source Code Disclosure (uri) (IP=241,US)
165.227.54.225	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:40	SIPVicious Security Scanner - SourceFire (IP=225,US)
165.227.58.125	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:59	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=125,US)
165.227.63.202	32	RR	None	2020-11-14 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:09	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=202,US) | updated by KH Block was inactive. Reactivated on 20221002 with reason Microsoft IIS Source Code Disclosure (uri) (IP=202,US)
165.227.64.223	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:39	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Source Fire (IP=223,US)
165.227.64.226	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:25	SQL injection - Web Attacks (IP=226,US)
165.227.65.63	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:50	SQL injection - Web Attcks (IP=63,US)
165.227.67.190	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:16	SQL Injection Attempt - 6HR WebAttacks (IP=190,US)
165.227.67.241	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:06	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=241,US)
165.227.67.49	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:19	SQL injection - Web Attacks (IP=49,US)
165.227.68.1	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:31	SQL injection - Web Attacks (IP=1,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt - WebAttacks (IP=1,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt - WebAttacks (IP=1,US)
165.227.68.1	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:31	SQL injection - Web Attacks (IP=1,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt - WebAttacks (IP=1,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt - WebAttacks (IP=1,US)
165.227.69.225	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:26	SQL injection - Web Attacks (IP=225,US)
165.227.7.53	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:42	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01543 (IP=53,US)
165.227.70.79	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:39	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Source Fire (IP=79,US)
165.227.71.132	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:44	SQL injection - Web Attacks (IP=132,US)
165.227.71.40	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:57	SQL injection - 6Hr Web Attacks (IP=40,US)
165.227.72.201	32	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:14	SQL injection - 6 Hr Web Report (IP=201,US)
165.227.72.211	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:44	SQL injection - Web Attacks (IP=211,US)
165.227.72.225	32	RR	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:45	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=225,US)
165.227.72.235	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:20	SQL injection - Web Attacks (IP=235,US)
165.227.73.241	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:55	SQL injection - 6hr Web Attacks (IP=241,US)
165.227.74.216	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:55	SQL injection - WebAttacks (IP=216,US)
165.227.74.248	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:11	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire Report (IP=248,US)
165.227.74.33	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:36	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - SourceFire (IP=33,US)
165.227.76.86	32	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:54	SQL injection - Web Attacks (IP=86,US)
165.227.76.88	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:35	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=88,US)
165.227.77.125	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:55	SQL injection - WebAttacks (IP=125,US)
165.227.77.26	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:50	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=26,US)
165.227.79.228	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:24	SQL injection - 6Hr Web Attacks (IP=228,US)
165.227.79.234	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:10	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt (1:57436:1) - SourceFire Report (IP=234,US)
165.227.79.89	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:56	SQL injection - WebAttacks (IP=89,US)
165.227.80.139	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:10	SQL injection - WebAttacks (IP=139,US)
165.227.80.156	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:05	SQL injection - WebAttacks (IP=156,US)
165.227.81.0	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:43	SQL injection - 6HR Web Attacks (IP=0, US)
165.227.82.242	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:44	SQL injection - Web Attacks (IP=242,US)
165.227.84.120	32	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:38	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - SourceFire (IP=120,US)
165.227.84.157	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:10	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=157,US)
165.227.85.149	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:19	SQL injection - 6Hr Web Attacks (IP=149,US)
165.227.87.225	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:56	SQL injection - 6 Hr Web Report (IP=225,US)
165.227.87.79	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:39	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=79,US)
165.227.88.55	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:53	SQL injection - 6HR Web Attacks (IP=55, US)
165.227.90.171	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:37	SQL injection - Web Attacks (IP=171,US)
165.227.92.191	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:10	SQL injection - Web Attacks (IP=191,US)
165.227.93.125	32	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:26	SQL injection- Web Attacks (IP=125,US)
165.227.93.254	32	KD	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00145(IP=254,US)
165.227.94.157	32	RR	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 12:28:39	SQL injection - Web Attacks (IP=157,US)
165.227.95.229	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:54	SQL injection - WebAttacks (IP=229,US)
165.227.95.6	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:55	SQL injection - WebAttacks (IP=6,US)
165.227.97.164	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:34	SQL injection - Web Attacks (IP=164,US)
165.227.97.20	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:20	SQL injection - Web Attacks (IP=20,US)
165.227.97.5	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:12	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=5,US)
165.227.97.96	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:18	SQL injection - 6Hr Web Attacks (IP=96,US)
165.227.98.149	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 13:55:39	SQL injection - 6hr Web Attacks (IP=149,US)
165.227.98.175	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:16:01	File /etc/passwd Access Attempt Detect - IPS Events (IP=175,US)
165.227.98.188	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:54	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=188,US)
165.227.98.24	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:11	SQL injection - Web Attacks (IP=24,US)
165.227.98.94	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:19	SQL injection - WebAttacks (IP=94,US)
165.227.99.106	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:39	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=106,US)
165.227.99.164	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=164,US)
165.227.99.21	32	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:43	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Source Fire (IP=21,US)
165.227.99.237	32	RR	None	2017-12-09 06:00:00	2022-07-16 00:00:00	2022-04-17 13:53:00	BLACKLIST URI - known scanner tool muieblackcat (IP=237,US) | updated by RR Block was inactive. Reactivated on 20220417 with reason ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=237,US)
165.231.143.243	24	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:01	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=243,SE)
165.231.176.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,EE)
165.231.177.109	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:03	HIVE Case #7546 CTO 22-127 (IP=109,EE)
165.231.177.141	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:01	HIVE Case #7546 CTO 22-127 (IP=141,EE)
165.231.177.142	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:01	HIVE Case #7546 CTO 22-127 (IP=142,EE)
165.231.177.93	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:02	HIVE Case #7546 CTO 22-127 (IP=93,EE)
165.231.177.94	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:02	HIVE Case #7546 CTO 22-127 (IP=94,EE)
165.232.128.103	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:05	SQL injection - Web Attacks (IP=103,US)
165.232.128.146	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:46	Artica Web Proxy SQL Injection Vulnerability - 6Hr Web Attacks (IP=146,US)
165.232.128.60	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:43	SQL injection - Web Attacks (IP=60,US)
165.232.130.17	32	JP	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:58	- 6HR Web Attacks (IP=17, US)
165.232.130.231	32	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	Suspicious .ml requests, Hive Case 6282 (IP=231,US)
165.232.131.112	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:41	SQL injection - Web Attacks (IP=112,US)
165.232.131.117	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-30 14:04:44	SQL injection - WebAttacks (IP=117,US)
165.232.132.124	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:17	SQL injection - 6 Hr Web Report (IP=124,US)
165.232.132.78	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:35	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=78,US)
165.232.133.128	32	RB	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:12	SQL injection - WebAttacks (IP=128,US)
165.232.133.144	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:56	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=144,US)
165.232.133.18	32	IJ	None	2022-09-30 00:00:00	2022-12-30 00:00:00	2022-09-30 22:47:33	SQL injection- 6 Hr Web Attacks Report (IP=18,US)
165.232.133.234	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:42	SERVER-WEBAPP WebSVN search command injection attempt - SourceFire (IP=234,US)
165.232.133.32	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:31	SQL injection - Web Attacks (IP=32,US)
165.232.134.241	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=241,US)
165.232.134.47	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:39	SQL injection- 6hr Web Attacks (IP=47,US)
165.232.134.73	32	KH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:38	SQL injection - Web Attacks (IP=73,US)
165.232.135.45	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:24	SQL injection - Web Attacks (IP=45,US)
165.232.135.57	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:02	SQL injection - Web Attacks (IP=57,US)
165.232.137.2	32	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:54	File /etc/passwd Access Attempt Detect - IPS Events (IP=2,US)
165.232.137.232	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:11	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire (IP=232,US)
165.232.137.32	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:38:06	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=32,US)
165.232.138.23	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:02	SQL injection - WebAttacks (IP=23,US)
165.232.138.5	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:12	SQL injection - WebAttacks (IP=5,US)
165.232.138.60	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:03	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=60,US)
165.232.138.90	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:46	SQL injection - WebAttacks (IP=90,US)
165.232.139.105	32	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:50	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=105,US)
165.232.139.150	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:17	HIVE Case #7881 CTO 22-182 (IP=150,US)
165.232.139.184	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:55	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - SourceFire (IP=184, US)
165.232.139.201	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:35	SQL injection - Web Attacks (IP=201,US)
165.232.139.217	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:48	Django SQL Injection Vulnerability - 6 HR WebAttacks (IP=217,US)
165.232.139.237	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:59	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54598:2) - SourceFire (IP=237,US)
165.232.139.37	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:48	SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt (1:58857:1) - SourceFire (IP=37,US)
165.232.139.6	32	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:53	SQL injection - 6HR Web Attacks (IP=6,US)
165.232.140.157	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:20	SQL injection - Web Attacks (IP=157,US)
165.232.140.204	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:34	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=204,US)
165.232.140.214	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:40	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=214,US)
165.232.140.227	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:50	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=227,US)
165.232.141.115	32	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:47	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=115,US)
165.232.141.124	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:47	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - Sourcefire Rpt (IP=124,US)
165.232.141.156	32	JP	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-22 13:55:04	SQL injection - 6HR Web Attacks (IP=156,US)
165.232.141.19	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:47	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - SourceFire Report (IP=19,US)
165.232.141.191	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:07	SQL injection - Web Attacks (IP=191,US)
165.232.142.194	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:12	SQL injection - WebAttacks (IP=194,US)
165.232.142.202	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:24	SQL injection - 6hr web attacks (IP=202,US)
165.232.143.1	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:29	SQL injection - 6hr Web Attacks (IP=1,US)
165.232.143.5	32	AR	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:51:29	SQL injection - Web Attacks (IP=5,US)
165.232.144.220	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:54	SQL injection - 6HR Web Attacks (IP=220, US)
165.232.145.153	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:36	SQL injection - Web Attacks (IP=153,US)
165.232.145.235	32	AR	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-18 13:49:57	SQL injection - Web Attack (IP=235,US)
165.232.145.65	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:44	SQL injection - 6HR Web Attacks (IP=65, US)
165.232.146.107	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:53	SQL injection - 6hr Web Attacks (IP=107,US)
165.232.147.189	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:43	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=189,US)
165.232.147.202	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:24	SQL injection - WebAttacks (IP=202,US)
165.232.147.23	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:43	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=23,US)
165.232.148.183	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:42	SQL injection - 6Hr Web Attacks (IP=183,US)
165.232.148.202	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:27	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=202,US)
165.232.148.84	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:07	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt - SourceFire (IP=84,US)
165.232.150.39	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:06	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=30,US)
165.232.150.88	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:17	SQL injection - Web Attacks (IP=88,US)
165.232.151.109	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:09	SERVER-WEBAPP Facade Ignition remote code execution attempt - SourceFire (IP=109,US)
165.232.152.15	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:40	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Source Fire (IP=15,US)
165.232.153.101	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:01	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire Rpt (IP=101,US)
165.232.153.211	32	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:58	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=211,US)
165.232.153.233	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:04	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=233,US)
165.232.153.43	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:37	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=43,US)
165.232.153.97	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:06	SQL injection - WebAttacks (IP=97,US)
165.232.155.105	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:22	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=105,US)
165.232.155.141	32	RT	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - Sourcefire Report (IP=141,US)
165.232.155.164	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:19	SQL injection - Web Attacks (IP=164,US)
165.232.155.164	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:19	SQL injection - Web Attacks (IP=164,US)
165.232.155.164	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:31	SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=164,US)
165.232.155.164	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:31	SQL 1 = 1 - possible sql injection attempt - WebAttacks (IP=164,US)
165.232.155.184	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:35	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=184,US)
165.232.155.92	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:28	SQL injection - 6hr Web Attacks (IP=92,US)
165.232.156.19	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:18	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=19,US)
165.232.156.9	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:01	SQL injection - 6hr Web Attacks (IP=9,US)
165.232.157.120	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:40	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=120,US)
165.232.157.151	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:11	SQL injection - WebAttacks (IP=151,US)
165.232.157.202	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:02	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=202,US)
165.232.157.25	32	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:26	SQL injection - 6 HR Web Attacks (IP=25,US)
165.232.157.41	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:59	HIVE Case #7894 CTO 22-187 (IP=41,US)
165.232.158.152	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:26	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=152,US)
165.232.158.174	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:50	SQL injection - 6hr Web Attacks (IP=174,US)
165.232.158.26	32	KH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:55:02	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=26,US)
165.232.159.12	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:54:23	SQL Injection - 6Hr Web Attacks (IP=12,US)
165.232.159.40	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:51	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=40,US)
165.232.160.68	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=68,SG)
165.232.161.170	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:21	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=170,SG)
165.232.162.21	24	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:59	SERVER-WEBAPP Terramaster TOS command injection attempt (1:57442:1) - SourceFire (IP=21,SG)
165.232.163.89	24	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 13:55:50	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=89,SG)
165.232.164.135	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:40	SQL injection - 6Hr Web Attacks (IP=135,SG)
165.232.164.9	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:24	SQL injection - WebAttacks (IP=9,US)
165.232.165.179	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:29	SQL injection - 6hr Web Attacks (IP=179,US)
165.232.166.18	24	RB	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:54	Hive Case #6651 (IP=18,SG)
165.232.166.18	24	RB	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:54	Hive Case #6651 (IP=18,SG) Hive Case #6651 (IP=18,SG)
165.232.166.95	24	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=95,SG)
165.232.168.63	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:04	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt - SourceFire (IP=63,SG)
165.232.169.159	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:21	SQL injection - Web Attacks (IP=159,US)
165.232.169.24	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:40	SQL use of concat function with select - likely SQL injection - SourceFire (IP=24,SG)
165.232.170.240	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:10	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=240,SG)
165.232.171.207	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:37	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=207,SG)
165.232.173.186	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:40	SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - SourceFire (IP=186,SG)
165.232.173.224	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:54	SQL injection - 6Hr Web Attacks (IP=224,SG)
165.232.174.102	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:00	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=102,SG)
165.232.175.56	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:49	SQL injection - 6hr Web Attacks (IP=56,SG)
165.232.176.74	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:10	SERVER-WEBAPP Apache Struts remote code execution attempt - SourceFire (IP=74,IN)
165.232.177.27	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:05	FEC_Webshell_PHP_Generic_43 (IP=27,IN)
165.232.178.20	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:37	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=20,IN)
165.232.178.22	32	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:49	Adobe ColdFusion CKeditor Unrestricted File Upload Vulnerability - Web Attacks (IP=22,US)
165.232.178.235	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:03	SQL injection - Web Attacks (IP=235,IN)
165.232.179.174	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:49	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=174,IN)
165.232.180.156	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:19	SQL injection - 6Hr Web Attacks (IP=156,IN)
165.232.180.246	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:45	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=246,US)
165.232.181.68	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:57	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=68,US)
165.232.183.69	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:18	SQL injection - Web Attacks (IP=69,IN)
165.232.184.81	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:21	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt - SourceFire (IP=81,IN)
165.232.185.171	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:06	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire (IP=171,IN)
165.232.186.10	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:02	HTTP PHP File InclusionVulnerability- Web Attacks (IP=10,US)
165.232.186.142	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:05	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - SourceFire (IP=142,IO)
165.232.187.108	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:52	SQL injection - Web Attacks (IP=108,IN)
165.232.189.30	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:58	SQL injection - 6Hr Web Attacks (IP=30,IN)
165.232.190.101	24	NAB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:51	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=101,IN)
165.232.191.203	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=203,US)
165.232.191.243	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:18	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - SourceFire (IP=243,IN)
165.232.191.86	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:11	SQL injection - WebAttacks (IP=86,US)
165.232.191.93	24	ZH	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:38:58	FIREEYE Web: Log4j attempt (IP=93,IN)
165.232.66.239	24	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2) - SourceFire (IP=239,DE)
165.232.66.241	24	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2) - SourceFire (IP=241,DE)
165.232.75.108	32	RR	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability Web Attacks (IP=108,US)
165.232.80.139	32	TLM	None	2022-05-03 00:00:00	2022-11-02 00:00:00	2022-05-04 20:59:42	HIVE Case #7506 TO-S-2022-0174 (IP=139,NL)
165.232.80.160	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:12	SQL injection - WebAttacks (IP=160,US)
165.232.81.145	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:05	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=145,US)
165.232.81.148	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:37	SQL injection - Web Attacks (IP=148,US)
165.232.81.20	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:19	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt - SourceFire (IP=20,NL)
165.232.82.151	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:51	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=151,NL)
165.232.82.170	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:06	SQL injection - Web Attacks (IP=170,US)
165.232.83.118	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:00	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=118,NL)
165.232.84.188	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:12	SQL injection - WebAttacks (IP=188,US)
165.232.85.241	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=241,NL)
165.232.86.104	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:26	SQL injection - Web Attacks (IP=104,US)
165.232.86.139	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:27	SQL injection - Web Attacks (IP=139,US)
165.232.86.163	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:30	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt - SourceFire (IP=163,NL)
165.232.88.1	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:47	SERVER-WEBAPP Zimbra remote code execution attempt - Source Fire (IP=1,NL)
165.232.88.148	24	KH	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	- FE IPS (IP=148,NL)
165.232.89.216	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:53	HTTP SQL Injection Attempt- 6Hr Web Attacks(IP=216,NL)
165.232.90.221	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:31	SERVER-WEBAPP Spring Security OAuth remote code execution attempt - SourceFire (IP=221,NL)
165.232.91.198	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:01	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=198,NL)
165.232.92.61	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:09	Exploit.Log4Shell.CVE-2021-44228 (IP=61,NL)
165.232.93.197	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:48	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=197,NL)
165.232.94.252	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:54	SERVER-APACHE Apache Struts2 remote code execution attempt - SourceFire (IP=252,NL)
165.255.66.132	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
165.255.73.233	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
165.255.92.7	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
165.3.86.0	23	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,GB) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,GB)
165.90.239.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
165.90.72.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MZ TO-S-2021-1037 Hive Case 4785 Malware Activity
165.90.73.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MZ TO-S-2021-1050 Hive Case 4821 Malware Activity
166.125.252.155	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=155,KR)
166.249.213.113	32	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:51	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - SourceFire (IP=113,US)
166.254.206.251	32	RS	None	2022-07-18 00:00:00	2022-10-17 00:00:00	2022-07-19 13:47:51	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=251,US) | updated by RR Block expiration extended with reason ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=251,US) ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=251,US)
166.254.206.251	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:47:51	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=251,US) | updated by RR Block expiration extended with reason ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=251,US) ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=251,US)
166.62.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
166.62.10.141	32	AS	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 17:24:49	HIVE Case #8218 COLS-NA TIP 22-0304 (IP=141,SG)
166.62.10.185	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 20:26:09	HIVE Case #8166 COLS-NA TIP 21-0386 (IP=185,SG)
166.62.26.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
166.62.27.150	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
166.62.27.173	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
166.62.27.186	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
166.62.27.55	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
166.62.28.139	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
166.62.28.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
166.62.30.156	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
166.62.6.101	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
166.70.207.2	32	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	corpslocks/TOR (ip=2, US) | updated by DT Block was inactive. Reactivated on 20200716 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=2,US) | updated by GM Block was inactive. Reactivated on 20210309 with reason H | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=2,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=2,US)
166.70.207.2	32	tpr	None	2015-03-17 05:00:00	2022-05-17 00:00:00	None	corpslocks/TOR (ip=2, US) | updated by DT Block was inactive. Reactivated on 20200716 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=2,US) | updated by GM Block was inactive. Reactivated on 20210309 with reason H | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=2,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=2,US)
166.70.207.2	32	GM	None	2021-03-09 00:00:00	2022-05-17 00:00:00	None	corpslocks/TOR (ip=2, US) | updated by DT Block was inactive. Reactivated on 20200716 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=2,US) | updated by GM Block was inactive. Reactivated on 20210309 with reason H | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=2,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=2,US)
167.114.101.65	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=65,CA)
167.114.101.65	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=65,CA)
167.114.116.25	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=25,CA)
167.114.116.25	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=25,CA)
167.114.138.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
167.114.150.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
167.114.163.124	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
167.114.177.151	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
167.114.227.178	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
167.160.166.177	32	jkc	None	2021-05-04 00:00:00	2022-02-10 00:00:00	None	Case # 5383 - IOC_ TO-S-2021-1264 malicious callback IP (IP=177,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=177,US)
167.160.21.190	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
167.172.103.43	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:54	SQL injection - 6hr web attacks (IP=43,DE)
167.172.105.102	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:54	SQL injection - 6hr web attacks (IP=102,DE)
167.172.106.173	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:54:24	SQL Injection - 6Hr Web Attacks (IP=173,DE)
167.172.107.137	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection - WebAttacks (IP=137,US)
167.172.107.137	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection - WebAttacks (IP=137,US)
167.172.107.146	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:12	SQL injection - WebAttacks (IP=146,US)
167.172.107.22	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:07	SQL injection - Web Attacks (IP=22,US)
167.172.107.22	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:29	SQL injection - Web Attacks (IP=22,US)
167.172.108.64	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:54	SERVER-WEBAPP Cisco ASA cross site scripting attempt - SourceFire (IP=64,DE)
167.172.110.10	32	RR	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	SQL injection - Web Attacks (IP=10,US)
167.172.110.48	32	TLM	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 16:00:00	HIVE Case #7988 Pulse Report 140373-22 (IP=48,DE)
167.172.111.207	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:45	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=207, DE)
167.172.128.251	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:14	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=251, US)
167.172.130.234	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:29	SQL injection - Web Attacks (IP=234,US)
167.172.130.250	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=250,US)
167.172.132.124	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:09	SQL injection - 6hr Web Attacks (IP=124,US)
167.172.133.144	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:18	SQL injection - WebAttacks (IP=144,US)
167.172.133.59	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=59,US)
167.172.134.192	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:20	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=192,US)
167.172.134.31	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:44	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=31, US)
167.172.134.6	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:40	SQL injection - Web Attacks (IP=6,US)
167.172.135.90	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:41	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=90,US)
167.172.136.197	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:55	SQL injection - 6 Hr Web Report (IP=197,US)
167.172.138.172	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:54	SQL injection - 6Hr Web Attacks (IP=172,US)
167.172.139.177	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:45	SQL injection - Web Attacks (IP=177,US)
167.172.140.139	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:20	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (1:55778:1) - SourceFire (IP=139,US)
167.172.140.155	32	AR	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00188 (IP=155,US)
167.172.140.249	32	KD	None	2021-10-14 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# PAPER TICKET 2 (IP=249,US) | updated by ZH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=249,US)
167.172.140.77	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=77,US)
167.172.140.81	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:08	SQL injection - Web Attacks (IP=81,US)
167.172.141.234	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:30	SERVER-WEBAPP Facade Ignition remote code execution attempt - SourceFire (IP=234,US)
167.172.141.26	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:26	SQL injection - WebAttacks (IP=26,US)
167.172.143.203	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:59	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=203,US)
167.172.144.141	32	TH	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:58	SQL injection - 6 Hr Web Report (IP=141,US)
167.172.145.129	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:10	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=129, US)
167.172.145.206	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:51	HTTP SQL Injection Attempt - Web Attacks (IP=206,US)
167.172.145.210	32	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:09	SQL injection - Web Attacks (IP=210,US)
167.172.146.225	32	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 13:50:55	SQL injection - 6HR Web Attacks (IP=225,US)
167.172.147.80	32	SW	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=80, US)
167.172.149.154	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:11	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt (1:57438:1) - SourceFire Report (IP=154,US)
167.172.151.137	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:09	OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution Attempt (IP=137,US)
167.172.152.189	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:40	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=189, US)
167.172.152.79	32	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:19	SQL injection - Web Attacks (IP=79,US)
167.172.153.87	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:59	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=87,US)
167.172.158.22	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:05	SQL injection - WebAttacks (IP=22,US)
167.172.159.233	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:47	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=233,US)
167.172.16.169	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:23	SQL injection - Web Attacks (IP=169,US)
167.172.16.172	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:04	SQL injection - Web Attacks (IP=172,US)
167.172.16.20	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:46	SQL injection - Web Attacks (IP=20,US)
167.172.16.217	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:11	SQL injection - WebAttacks (IP=217,US)
167.172.16.27	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:22	SQL injection - Web Attacks (IP=27,US)
167.172.16.59	32	RR	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:28	SQL injection - Web Attacks (IP=59,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=59,US)
167.172.16.73	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:22	SQL injection - Web Attacks (IP=73,US)
167.172.162.241	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:41	SQL injection - Web Attacks (IP=241,US)
167.172.163.221	24	SW	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-25 13:54:27	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=221, DE)
167.172.164.134	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:01	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=134,DE)
167.172.166.193	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:02	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) SourceFire (IP=193,DE)
167.172.167.39	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:52	SIPVicious Security Scanner - IPS Events (IP=39,DE)
167.172.167.97	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:12	SQL injection - WebAttacks (IP=97,US)
167.172.168.163	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:40	rConfig SQL Injection Vulnerability - 6Hr Web Attacks (IP=163,DE)
167.172.168.205	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:57	SQL Injection- Web Attacks (IP=205,US)
167.172.170.219	24	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:11	SQL injection - 6 Hr Web Report (IP=219,DE)
167.172.176.70	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:37	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=70,DE)
167.172.18.182	32	TH	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:46	SQL injection - 6 Hr Web Report (IP=182,US)
167.172.18.55	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=55,US)
167.172.18.6	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:24	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=6,US)
167.172.182.108	24	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:39	SQL injection - 6hr Web Attacks (IP=108,DE)
167.172.183.0	32	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:47	SQL Injection - Web Attacks(IP=0,US)
167.172.184.193	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:55	SERVER-WEBAPP Buffalo WSR router configuration injection attempt (1:58531:1) - SourceFire (IP=193,DE)
167.172.185.69	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:11	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=69,DE)
167.172.188.242	24	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:55:55	SQL injection - 6 Hr Web Report (IP=242,DE)
167.172.189.195	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:13	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=195,US)
167.172.189.195	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:37	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - SourceFire (IP=195,DE)
167.172.19.62	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:26	SQL injection - Web Attacks (IP=62,US)
167.172.19.65	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:12	SQL injection - 6Hr Web Attacks (IP=65,US)
167.172.20.139	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:57	SQL injection - WebAttacks (IP=139,US)
167.172.20.238	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:39	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=238,US)
167.172.20.250	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:55	SQL injection - 6hr Web Attacks (IP=250,US)
167.172.207.189	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:39	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01552 (IP=189,US)
167.172.21.170	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:56	SQL injection - WebAttacks (IP=170,US)
167.172.22.180	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:14	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=180,US)
167.172.224.41	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:04	SQL injection - 6Hr Web Attacks (IP=41,US)
167.172.224.63	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:18	SERVER-WEBAPP generic SQL select statement possible sql injection - SourceFire (IP=63,US)
167.172.224.65	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:29	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=65,US)
167.172.225.67	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:28	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=67,US)
167.172.226.117	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:47	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=117,US)
167.172.226.133	32	SW	None	2022-06-22 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:25	SQL injection - WebAttacks (IP=133,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=133,US)
167.172.227.29	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:57	SQL injection - WebAttacks (IP=29,US)
167.172.228.166	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:50	SQL injection - Web Attacks (IP=166,US)
167.172.229.43	32	TC	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:35	SQL injection - WebAttacks (IP=43,US)
167.172.23.43	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:31	SQL injection - Web Attacks (IP=43,US)
167.172.230.246	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:15	SQL injection - Web Attacks (IP=246,US)
167.172.230.48	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:38	HTTP SQL Injection Attempt - WebAttacks (IP=48,US)
167.172.231.142	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:21	SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt - SourceFire (IP=142,US)
167.172.232.213	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:13	SQL injection - WebAttacks (IP=213,US)
167.172.233.135	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:43	SQL injection - WebAttacks (IP=135,US)
167.172.233.14	32	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:40	SQL injection - WebAttacks (IP=14,US)
167.172.233.173	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:23	SQL injection - WebAttacks (IP=173,US)
167.172.233.2	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:04	SQL injection - WebAttacks (IP=2,US)
167.172.234.11	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=11,US)
167.172.234.134	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=134,US)
167.172.235.187	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:42	SQL injection - Web Attacks (IP=232,NL)
167.172.235.43	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:39	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=43,US)
167.172.236.112	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:23	SQL injection - Web Attacks (IP=112,US)
167.172.237.46	32	TC	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:36	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=46,US)
167.172.238.116	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:15	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=116,US)
167.172.238.159	32	AR	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 13:43:38	SQL injection - Web Attacks (IP=159,US)
167.172.239.35	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:02	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire Rpt (IP=35,US)
167.172.239.45	32	TH	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 13:49:08	SQL injection - 6 Hr Web Report (IP=45,US)
167.172.24.247	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:05	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (1:49499:1) - SourceFire (IP=247, US)
167.172.240.124	32	AR	None	2022-05-13 00:00:00	2022-08-13 00:00:00	2022-05-16 15:21:20	SQL injection - WebAttacks (IP=124,US)
167.172.240.233	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:41	SQL injection - Web Attacks (IP=233,US)
167.172.241.110	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 13:49:54	SQL injection - 6HR Web Attacks (IP=110, US)
167.172.242.133	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:15	SQL injection - Web Attacks (IP=133,US)
167.172.243.210	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:24	SQL injection - Web Attacks (IP=210,US)
167.172.243.231	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:25	SQL injection - Web Attacks (IP=231,US)
167.172.243.62	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:38	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) - SourceFire (IP=62,US)
167.172.243.79	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:24	SQL injection - Web Attacks (IP=79,US)
167.172.246.16	32	KH	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 (IP=16,US)
167.172.246.74	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:03	SQL injection - Web Attacks (IP=74,US)
167.172.248.104	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:05	SQL Injection - 6hr Web Attacks (IP=104,US)
167.172.248.247	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:25	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Sourcefire (IP=247,US)
167.172.249.0	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:56	SQL injection - 6 Hr Web Report (IP=0,US)
167.172.249.38	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:17	SQL Injection Attempt - 6HR WebAttacks (IP=38,US)
167.172.250.102	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:41	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - Source Fire (IP=102,US)
167.172.251.84	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:46	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=84,US)
167.172.252.187	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:01	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=187,US)
167.172.253.174	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:06	SQL injection - WebAttacks (IP=174,US)
167.172.253.226	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:24	SQL injection - Web Attacks (IP=226,US)
167.172.253.228	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:05	SQL injection - 6Hr Web Attacks (IP=228,US)
167.172.254.72	32	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:37	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=72,US)
167.172.255.228	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:05	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=228, US)
167.172.26.51	32	KD	None	2021-12-03 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:20	HTTP Request Brute Force Attack- 6 hr Failed Logons (IP=51,US) | updated by KH Block was inactive. Reactivated on 20220420 with reason SQL injection - Web Attacks (IP=51,US) | updated by RR Block expiration extended with reason SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=51,US)
167.172.28.134	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:55:03	SQL injection - Web Attacks (IP=134,US)
167.172.28.20	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:04	File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=20,US)
167.172.28.77	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:12	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt - SourceFire (IP=77,US)
167.172.31.48	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:35	SQL injection - Web Attacks (IP=48,US)
167.172.31.64	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:48:56	SQL injection - WebAttacks (IP=64,US)
167.172.32.23	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:25	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - Sourcefire Report (IP=,NL)
167.172.32.23	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:57	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=23,US)
167.172.32.34	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:27	SQL injection - Web Attacks (IP=34,US)
167.172.33.149	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:04	SQL injection - WebAttacks (IP=149,US)
167.172.33.242	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:15	SQL injection - Web Attacks (IP=242,NL)
167.172.36.55	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:49:00	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=55,NL)
167.172.37.186	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 22:48:04	SQL injection - 6 HR WebAttack (IP=186,NL)
167.172.38.173	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:08	HTTP SQL Injection Attempt - Web Attacks (IP=173,US)
167.172.38.249	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:50	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=249,NL)
167.172.39.172	24	DT	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:38	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=172,NL)
167.172.41.206	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
167.172.43.101	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:59	SQL injection - 6Hr Web Attacks (IP=101,NL)
167.172.43.151	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 22:47:38	SQL injection - Web Attacks (IP=151,US)
167.172.43.204	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:05	SQL injection - WebAttacks (IP=204,US)
167.172.46.199	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:41	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=199,NL)
167.172.47.152	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:01	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=152,NL)
167.172.47.230	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:35	SQL injection - Web Attacks (IP=230,US)
167.172.50.8	24	KH	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 22:55:18	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Sourcefire (IP=8,GB)
167.172.50.91	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:31	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=91,US)
167.172.51.9	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:03	SQL injection - Web Attacks (IP=9,US)
167.172.52.169	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:52	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire (IP=169,GB)
167.172.53.237	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:54	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=237,GB)
167.172.53.85	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:59	SQL injection - Web Attacks (IP=85,US)
167.172.55.39	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:19	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=39, GB)
167.172.56.134	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:54	DoctorAppointmentSystem SQL Injection Vulnerability- 6Hr Web Attacks (IP=134,GB)
167.172.56.158	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:41	SQL injection - Web Attacks (IP=158,US)
167.172.56.76	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:24	SQL injection - WebAttacks (IP=76,US)
167.172.57.195	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:42	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=195,US)
167.172.59.163	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:22	SQL injection - WebAttacks (IP=163,US)
167.172.59.207	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:04	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=207,US)
167.172.6.154	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:28	HIVE Case #7387 CTO 22-103(IP=154,SG)
167.172.60.74	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:18	SQL injection - 6 Hr Web Report (IP=74,GB)
167.172.61.141	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:11	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=141,GB)
167.172.62.39	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:38	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - SourceFire (IP=39,GB)
167.172.63.158	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=158,US)
167.172.63.200	32	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:15	SQL injection - Web Attacks (IP=200,US)
167.172.63.213	32	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:15	SQL injection - Web Attacks (IP=213,US)
167.172.63.33	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:23	HTTP SQL Injection Attempt - WebAttacks (IP=33,US)
167.172.64.91	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:44	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=91,SG)
167.172.65.183	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:52	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=183,SG)
167.172.66.42	32	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:30	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=42,US)
167.172.67.101	24	NAB	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:02	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=101,SG)
167.172.68.151	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=151,US)
167.172.68.33	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:59	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (1:58594:1) - SourceFire Report (IP=33,SG)
167.172.69.227	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:01	SQL injection - 6Hr Web Attacks (IP=227,SG)
167.172.70.148	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:36	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=148, SG)
167.172.71.208	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:06	SERVER-WEBAPP WebSVN search command injection attempt (1:58821:1) - SourceFire (IP=208,SG)
167.172.72.15	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:26	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56917:1) - Source Fire (IP=15,SG)
167.172.73.239	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:52	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=239,SG)
167.172.74.15	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:02	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=15,SG)
167.172.74.53	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:27	SQL injection - Web Attacks (IP=53,US)
167.172.75.210	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:41	SQL injection - 6hr Web Attacks (IP=210,SG)
167.172.76.15	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:32	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt - SourceFire (IP=15,SG)
167.172.76.182	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=182,SG)
167.172.78.91	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:06	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=91,SG)
167.172.79.246	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=246,SG)
167.172.79.32	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:46	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=32, SG)
167.172.80.199	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:41	SQL injection - 6hr Web Attacks (IP=199,SG)
167.172.81.146	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:06	SQL injection - WebAttacks (IP=146,US)
167.172.81.78	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:40	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=78,SG)
167.172.82.22	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:23	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (3:57769:1) - SourceFire (IP=22, SG)
167.172.83.140	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:07	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=140,SG)
167.172.85.234	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:07	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=234,SG)
167.172.87.137	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:13	SERVER-OTHER PHP webshell upload attempt (1:49457:2) - SourceFire (IP=137, SG)
167.172.88.11	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:42	SQL injection - 6hr Web Attacks (IP=11,SG)
167.172.89.16	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:12	HTTP: Adobe ColdFusion File Upload Vulnerability (CVE-2018-15961) - 6hr web attacks (IP=16,SG)
167.172.90.64	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:51	SQL injection - 6hr Web Attacks (IP=64,SG)
167.172.93.225	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:08	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=225,SG)
167.172.94.104	24	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:06	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=104,SG)
167.172.95.105	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:09	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=105,SG)
167.172.99.128	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:26	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - Sourcefire (IP=128,DE)
167.179.101.127	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:41	HIVE Case #7793 CTO 22-168 (IP=127,JP)
167.179.110.222	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=222,JP)
167.179.69.159	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=159,JP)
167.179.69.205	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=205,JP)
167.179.81.82	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:21	HIVE Case #8395 TO-S-2022-0233 (IP=82,JP)
167.179.89.244	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:26:08	HIVE Case #7150 CTO 22-064 (IP=244,JP)
167.235.132.193	32	KH	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:27	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=193,US)
167.235.51.219	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:36	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=219,DE)
167.235.9.111	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:15	HIVE Case #8395 TO-S-2022-0233 (IP=111,DE)
167.248.133.113	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=113,US)
167.248.133.114	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=114,US)
167.248.133.115	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=115,US)
167.248.133.116	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=116,US)
167.248.133.156	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:06	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=156,US)
167.248.133.156	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:40:38	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=156,US)
167.248.133.156	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 15:25:56	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=156,US)
167.248.133.41	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=41,US)
167.248.133.43	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=43,US)
167.248.133.44	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=44,US)
167.248.133.57	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=57,US)
167.248.133.58	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=58,US)
167.248.133.59	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=59,US)
167.248.133.60	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=60,US)
167.248.133.71	32	KH	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=71,US)
167.249.168.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
167.249.242.8	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=8,BR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=8,BR)
167.250.149.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
167.250.164.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
167.250.165.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
167.250.189.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
167.250.200.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
167.250.220.220	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=220,GT)
167.250.48.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VE TO-S-2021-1037 Hive Case 4785 Malware Activity
167.71.0.28	24	KD	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-16 14:40:53	SQL injection- Web Attacks (IP=28,NL)
167.71.1.6	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:46	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=6,NL)
167.71.10.182	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:12	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Sourcefire (IP=182,NL)
167.71.100.88	32	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 22:50:44	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - Sourcefire (IP=88,US)
167.71.101.134	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:38	SQL injection - Web Attacks (IP=134,US)
167.71.102.195	32	jkc	None	2021-08-20 00:00:00	2022-08-20 00:00:00	None	HIVE Case #NA excessive cross site scripting attack (IP=195, US)
167.71.102.37	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 13:54:47	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=37,US)
167.71.102.83	32	AR	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 13:55:14	SQL injection - 6Hr Web Attack (IP=83,US)
167.71.103.199	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:54	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=199,US)
167.71.103.243	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:52	SQL injection - Web Attacks (IP=243,US)
167.71.103.248	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:45	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=248,US)
167.71.106.96	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:50	SQL injection - 6 Hr Web Report (IP=96,US)
167.71.108.165	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:24	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58743:6) - SourceFire Report (IP=165,US)
167.71.109.181	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:31	SQL injection - Web Attacks (IP=181,US)
167.71.11.70	24	DT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:46	FIREEYE Web: Log4j attempt (IP=70,NL)
167.71.111.108	32	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:38	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=108,US)
167.71.111.110	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:10	SQL injection - WebAttacks (IP=110,US)
167.71.111.12	32	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 22:50:44	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - Sourcefire (IP=12,US)
167.71.111.205	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:42	SQL injection - Web Attacks (IP=205,US)
167.71.111.220	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:56	SQL injection - WebAttacks (IP=220,US)
167.71.12.41	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:02	SERVER-WEBAPP SolarWinds Orion auSAentication bypass attempt (1:56916:1) - SourceFire Report (IP=41,NL)
167.71.128.88	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:19	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=88,GB)
167.71.129.35	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:19	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attacks (IP=35,GB)
167.71.13.196	32	wmp	None	2021-03-11 00:00:00	2022-06-13 00:00:00	None	ArcSight High Attacker (IP=196,NL) | updated by wmp Block was inactive. Reactivated on 20210614 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=196,NL) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=196,NL)
167.71.130.31	24	NAB	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-28 13:41:35	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=31,GB)
167.71.131.149	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:07	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=149,GB)
167.71.132.89	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:30	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - Sourcefire Rpt (IP=89,GB)
167.71.133.75	24	KD	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-19 13:52:38	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt- Sourcefire (IP=75,GB)
167.71.135.17	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:19	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=17,GB)
167.71.136.121	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:53	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=121,GB)
167.71.137.20	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:34	SQL use of sleep function with select - likely SQL injection (1:37443:2) - Sourcefire (IP=20,GB)
167.71.138.250	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:50	SQL injection - 6hr Web Attacks (IP=250,GB)
167.71.139.143	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:09	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttacks (IP=143,GB)
167.71.141.46	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:02	SQL injection - 6hr Web Attacks (IP=46,GB)
167.71.142.67	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:30	SQL injection - 6hr Web Attacks (IP=67,GB)
167.71.143.247	24	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:12	SQL injection - Web Attacks (IP=19,GB)
167.71.160.149	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:46	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=149,US)
167.71.160.198	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:42	SQL injection - 6Hr Web Attacks (IP=198,US)
167.71.160.21	32	ZH	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 13:55:06	Webshell.Binary.php.FEC2 (IP=21,US)
167.71.163.111	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:32	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=111,US)
167.71.163.214	32	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-04 00:19:34	SQL injection - 6hr Web Attacks (IP=214,US)
167.71.163.48	32	WR	None	2022-02-27 00:00:00	2022-05-27 00:00:00	2022-02-27 15:53:38	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=48,US)
167.71.164.181	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:34	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=181,US)
167.71.164.205	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:31	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=205,US)
167.71.164.252	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:16	SQL injection - WebAttacks (IP=252,US)
167.71.165.102	32	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:37	SQL injection - Web Attacks (IP=102,US)
167.71.165.22	32	SQL	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:39	injection - WebAttacks (IP=22,US)
167.71.165.73	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:54	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=73,US)
167.71.166.120	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:49	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=120,US)
167.71.166.186	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:27	SQL injection - Web Attacks (IP=186,US)
167.71.168.133	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:48	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=133,US)
167.71.168.189	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:37	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire (IP=189,US)
167.71.168.247	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:13	SSLv2 Client Hello Request Detected - IPS Events (IP=247,US)
167.71.169.130	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:44	SERVER-WEBAPP Zimbra remote code execution attempt (1:29027:6) - SourceFire (IP=130, US)
167.71.169.222	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=222,US)
167.71.171.119	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:34	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=119,US)
167.71.171.227	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:59	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=227,US)
167.71.171.233	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=233,US)
167.71.171.251	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:04	SQL injection - Web Attacks (IP=251,US)
167.71.171.59	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:31	SQL injection - 6hr Web Attacks (IP=59,US)
167.71.171.90	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:30	SQL injection - Web Attacks (IP=90,US)
167.71.172.133	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:08	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt - SourceFire (IP=133,US)
167.71.172.49	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:48	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=49,US)
167.71.173.46	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:14	SQL injection - 6hr Web Attacks (IP=46,US)
167.71.174.251	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:41	SQL injection - 6Hr Web Attacks (IP=251,US)
167.71.175.10	32	NAB	None	2021-12-15 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=10,US)
167.71.175.174	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:56:01	SQL injection - Web Attacks (IP=174,US)
167.71.175.224	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:37	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58727:5) - SourceFire (IP=224,US)
167.71.176.224	32	AR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:49	SQL injection - 6Hr Web Attack (IP=224,US)
167.71.177.187	32	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:52	SQL injection - WebAttacks (IP=187,US)
167.71.177.241	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:56:01	SQL injection - Web Attacks (IP=241,US)
167.71.178.177	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:56	SERVER-WEBAPP WordPress get_post authentication bypass attempt - SourceFire (IP=177,US)
167.71.178.8	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:54	HTTP SQL Injection Attempt - 6 HR WebAttacks (IP=8,US)
167.71.179.148	32	TC	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:16	SQL injection - Web Attacks (IP=148,US)
167.71.180.238	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:24	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58723:5) - SourceFire (IP=238, US)
167.71.182.136	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:44	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=136,US)
167.71.182.250	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:09	SQL injection - Web Attacks (IP=250,US)
167.71.182.78	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:36	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=78,US)
167.71.184.108	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:32	SQL injection - 6hr Web Attacks (IP=108,US)
167.71.184.148	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:08	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=148,US)
167.71.184.203	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:31	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=203,US)
167.71.185.105	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:59	SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt (1:59934:2) - SourceFire (IP=105,US)
167.71.186.104	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:21	SQL injection - WebAttacks (IP=104,US)
167.71.186.112	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:16	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire Report (IP=112,US)
167.71.187.152	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=152,US)
167.71.187.214	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:03	SQL use of concat function with select - likely SQL injection (1:24172:2) - Sourcefire Rpt (IP=214,US)
167.71.188.199	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:44	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=199,US)
167.71.189.66	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:05	SQL injection - Web Attacks (IP=66,US)
167.71.190.200	32	SW	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-20 13:23:18	SQL injection - WebAttacks (IP=200,US)
167.71.191.105	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:29	SQL injection - 6hr Web Attacks (IP=105,US)
167.71.191.146	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:26	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - Sourcefire (IP=146,US)
167.71.192.202	24	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:26	SERVER-WEBAPP RevSlider information disclosure attempt (1:34194:4) - Sourcefire (IP=202,SG)
167.71.193.146	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:11	SQL injection - 6Hr Web Attacks (IP=146,SG)
167.71.194.73	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:21	SQL injection - 6Hr Web Attacks (IP=73,SG)
167.71.195.166	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:32	SQL Injection - Web Attacks(IP=166,SG)
167.71.197.201	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:03	SQL injection - 6hr Web Attacks (IP=201,SG)
167.71.198.183	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
167.71.198.49	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:39	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt (1:54824:1) - SourceFire (IP=49,SG)
167.71.2.235	24	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 22:46:06	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=235,NL)
167.71.200.131	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:41	SQL injection - 6Hr Web Attack (IP=131,SG)
167.71.201.157	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:08	SQL injection - 6hr Web Attacks (IP=157,SG)
167.71.203.22	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:12	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - SourceFire (IP=22,SG)
167.71.204.147	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:36	SQL injection - Web Attacks (IP=147,SG)
167.71.205.186	24	AR	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 13:51:58	SERVER-WEBAPP Multiple PACS Server directory traversal attempt - SourceFire (IP=186,SG)
167.71.206.58	24	DT	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-05 13:48:47	SERVER-OTHER Apache Log4j logging remote code execution attempt - Source Fire (IP=58,SG)
167.71.207.45	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=45,SG)
167.71.208.226	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:09	HTTP: PHP File Inclusion Vulnerability - 6HR WebAttacks (IP=226,SG)
167.71.209.104	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:36	SQL injection - Web Attacks (IP=104,SG)
167.71.210.87	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:54	HTTP SQL Injection Attempt - 6 HR WebAttack (IP=87,SG)
167.71.211.24	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:55	SQL injection - 6Hr Web Attacks (IP=24,SG)
167.71.212.22	24	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:29	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=22,SG)
167.71.213.102	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=102,SG)
167.71.214.148	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:53	SQL injection - Web Attacks (IP=148,SG)
167.71.215.156	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:06	SQL injection - Web Attacks (IP=156,SG)
167.71.216.33	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:37	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - Sourcefire (IP=33,SG)
167.71.217.45	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:27	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (1:57495:1) - Source Fire (IP=45,SG)
167.71.221.90	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:55	SQL injection - Web Attacks (IP=90,SG)
167.71.222.104	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:54	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=104,SG)
167.71.223.63	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:27	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - Sourcefire (IP=63,SG)
167.71.224.225	24	KD	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:46	SQL injection- Web Attacks (IP=225,IN) | updated by RR Block expiration extended with reason SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=225,IN)
167.71.225.209	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:30	SQL injection - 6 Hr Web Report (IP=209,IN)
167.71.226.16	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:47	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=16,IN)
167.71.228.91	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:27	SQL use of concat function with select - likely SQL injection (1:24172:2) - Sourcefire (IP=91,IN)
167.71.229.166	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:10	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=166,IN)
167.71.230.115	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:04	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=115,IN)
167.71.232.97	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:47	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=97,IN)
167.71.233.212	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:40	SQL injection - 6HR WebAttack (IP=212,IN)
167.71.234.246	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:11	SQL injection - 6Hr Web Attacks (IP=246,IN)
167.71.235.133	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:47	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=133,IN)
167.71.235.30	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=30,IN)
167.71.236.45	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:06	HTTP: PHP File Inclusion Vulnerability - 6HR web Attacks (IP=45,IN)
167.71.236.49	24	KH	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:28	SolarView Compact CVE-2022-29303 OS Command Injection - FE CMS (IP=49,IN)
167.71.238.63	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:58	SQL injection - Web Attacks (IP=63,IN)
167.71.239.102	24	RS	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:08	Exploit.Log4Shell.CVE-2021-44228 - FE CMS Alerts (IP=102,IN)
167.71.240.169	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:45	SQL injection - Web Attacks (IP=169,US)
167.71.240.17	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:21	SQL injection - Web Attacks (IP=17,US)
167.71.240.246	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:50	SQL injection - 6hr Web Attacks (IP=246,US)
167.71.241.8	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:03	SQL injection - 6Hr Web Attacks (IP=8,US)
167.71.242.10	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 22:27:57	SQL injection - WebAttacks (IP=10,US)
167.71.242.140	32	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:54	SERVER-WEBAPP RevSlider information disclosure attempt - WebAttacks (IP=140,US)
167.71.243.9	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:05	Malicious activity IR#: 22C01951 (IP=9,US)
167.71.244.0	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:45	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=0, US)
167.71.244.205	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:21	SQL injection - Web Attacks (IP=205,US)
167.71.245.101	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:27	SQL injection - WebAttacks (IP=101,US)
167.71.245.141	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:03	SQL injection - Web Attacks (IP=141,US)
167.71.245.19	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:13	SQL injection - Web Attacks (IP=161,US)
167.71.246.115	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:21	SQL injection - WebAttacks (IP=115,US)
167.71.247.122	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:56	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=122,US)
167.71.247.43	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:11	SQL injection - Web Attacks (IP=43,US)
167.71.248.47	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:52	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=47,US)
167.71.248.78	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:14	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=78,US)
167.71.249.11	32	AR	None	2022-03-06 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:04	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire (IP=11,US) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=11,US)
167.71.249.202	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:57	SQL injection - WebAttacks (IP=202,US)
167.71.252.117	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=117,US)
167.71.253.139	32	RR	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:35	SQL injection - Web Attacks (IP=139,US)
167.71.253.163	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:56	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=163,US)
167.71.253.237	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:41	SQL injection - WebAttack (IP=237,US)
167.71.253.49	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:24	SQL injection - Web Attacks (IP=49,US)
167.71.253.94	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:42	SQL injection - WebAttack (IP=94,US)
167.71.254.103	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:41	rConfig SQL Injection Vulnerability - 6Hr Web Attacks (IP=103,US)
167.71.255.155	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:19	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=155,US)
167.71.3.175	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:38	SQL injection - 6 HR WebAttack (IP=175,NL)
167.71.35.14	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:50	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=14,DE)
167.71.46.56	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:28	HIVE Case #7227 CTO 22-076 (IP=56,DE)
167.71.50.129	32	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=129,DE) | updated by ZH Block expiration extended with reason SQL HTTP URI blind injection attempt (1:49666:2) - Sourcefire Report (IP=129,US) | updated by ZH Block was inactive. Reactivated on 20220111 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Rpt (IP=129,US) SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Rpt (IP=129,US)
167.71.50.129	32	wmp	None	2021-04-23 00:00:00	2022-04-11 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=129,DE) | updated by ZH Block expiration extended with reason SQL HTTP URI blind injection attempt (1:49666:2) - Sourcefire Report (IP=129,US) | updated by ZH Block was inactive. Reactivated on 20220111 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Rpt (IP=129,US) SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Rpt (IP=129,US)
167.71.51.244	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:32	SQL injection - Web Attacks (IP=244,DE)
167.71.52.201	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:36	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=201,DE)
167.71.58.12	24	RR	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	SQL injection - Web Attacks (IP=12,DE)
167.71.6.234	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:05	SQL Injection - 6hr Web Attacks (IP=234,NL)
167.71.60.186	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:03	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=186,DE)
167.71.64.129	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:37	SQL injection - 6Hr Web Attacks (IP=129,NL)
167.71.66.148	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:48	HTTP: SQL Injection - Exploit - 6Hr Web Attacks (IP=148,NL)
167.71.67.196	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=196,NL)
167.71.68.64	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:15	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=64,NL)
167.71.69.179	24	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:09	SQL injection - Web Attacks (IP=179,NL)
167.71.70.232	24	NAB	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:03	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=232,NL)
167.71.72.126	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:58	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire Report (IP=126,NL)
167.71.74.88	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:38	HTTP SQL Injection Attempt - 6 HR WebAttack (IP=88,NL)
167.71.75.208	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:55	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=208,NL)
167.71.76.118	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:29	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=118,NL)
167.71.77.215	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:06	SQL injection - Web Attacks (IP=215,NL)
167.71.77.65	24	JY	None	2022-09-26 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:34	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr web attacks (IP=65,NL)
167.71.77.65	24	JY	None	2022-09-26 00:00:00	2022-12-26 00:00:00	2022-09-26 22:53:34	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr web attacks (IP=65,NL) SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr web attacks (IP=65,NL)
167.71.79.227	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:28	SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (3:56220:1) - Sourcefire (IP=227,NL)
167.71.8.153	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:57	SQL injection - 6Hr Web Attacks (IP=153,NL)
167.71.80.33	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:20	SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt - SourceFire (IP=33,US)
167.71.80.98	32	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:49	SQL injection - WebAttacks (IP=98,US)
167.71.81.79	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:04	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=79,US)
167.71.83.232	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:33	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=232,US)
167.71.84.242	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:47	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=242,US)
167.71.85.216	32	TC	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:59:02	SQL injection - WebAttacks (IP=216,US)
167.71.85.237	32	KH	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 22:50:45	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=237,US)
167.71.87.14	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:05	SQL injection - WebAttacks (IP=14,US)
167.71.88.211	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:38	SQL injection - 6 Hr Web Report (IP=211,US)
167.71.89.207	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:57	SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt (1:48206:1) - SourceFire (IP=207,US)
167.71.89.215	32	AR	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 13:59:33	SQL injection - Web Attack (IP=215,US)
167.71.89.85	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:47	SQL injection - 6hr Web Attacks (IP=85,US)
167.71.9.249	24	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:23	SQL injection - Web Attacks (IP=249,NL)
167.71.90.42	32	RB	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:08	SQL injection - WebAttacks (IP=42,US)
167.71.91.152	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:07	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=152,US)
167.71.93.191	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=191, US)
167.71.93.238	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:42	SQL injection - Web Attacks (IP=238,US)
167.71.93.253	32	RR	None	2022-05-08 00:00:00	2022-08-08 00:00:00	2022-05-08 12:51:41	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=253,US)
167.71.93.73	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:56	SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - SourceFire (IP=73,US)
167.71.95.0	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:52	SQL injection - 6 Hr Web Report (IP=0,US)
167.71.95.163	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:32	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=163,US)
167.71.95.202	32	JP	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 22:41:06	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=202,US)
167.71.98.191	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:16	SQL injection - Web Attacks (IP=191,US)
167.86.105.137	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
167.86.112.62	32	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:46	SQL Injection - Web Attacks(IP=62,US)
167.86.112.62	24	KH	None	2021-12-19 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:42	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=62,DE) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=62,DE) | updated by RR Block was inactive. Reactivated on 20220428 with reason SQL injection - Web Attacks (IP=62,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=62,DE)
167.86.112.84	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=84,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=84,DE)
167.86.115.114	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
167.86.123.174	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=174,DE)
167.86.67.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
167.86.68.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
167.86.69.178	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
167.86.70.252	24	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP= 252, DE)
167.86.71.214	32	wmp	None	2020-09-03 00:00:00	2022-06-15 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=214,DE) | updated by TLM Block was inactive. Reactivated on 20211215 with reason HIVE Case #6667 TO-S-2022-0091 (IP=214,DE)
167.86.74.24	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:50	HIVE Case #7282 CTO 22-085 (IP=24,DE)
167.86.76.55	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=55,DE)
167.86.77.178	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
167.86.83.242	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=242,DE)
167.86.86.24	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
167.86.94.213	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=213,DE)
167.86.99.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
167.88.113.67	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=67,US)
167.88.15.115	32	EE	None	2021-09-20 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6205 IOC_Solarmarker (IP=115,US) | updated by TLM Block was inactive. Reactivated on 20220211 with reason HIVE Case #6973 TO-S-2022-0128 (IP=115,US)
167.88.166.43	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=43,US)
167.88.170.14	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
167.88.176.205	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:08	HIVE Case #7104 TO-S-2022-0138 (IP=205,CA)
167.88.177.232	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=232,CA)
167.88.177.232	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=232,CA)
167.88.182.166	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:51	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=166,CA)
167.88.61.164	32	TH	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:54	SIPVicious Security Scanner - FE CMS IPS Events (IP=164,US)
167.88.63.73	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=73,US)
167.88.63.96	32	SW	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00455(IP=96,US)
167.89.115.56	32	dbc	None	2019-12-17 00:00:00	2022-01-19 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity | updated by SW Block was inactive. Reactivated on 20211021 with reason HIVE Case #6377 phishing emails (IP=56,US)
167.94.138.113	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=113,US)
167.94.138.114	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=114,US)
167.94.138.116	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=116,US)
167.94.138.131	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:09	File /etc/passwd Access Attempt Detect - IPS Events (IP=131,US)
167.94.138.137	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:36	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=137,US)
167.94.138.139	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:01	SIPVicious Security Scanner - IPS Events (IP=139,US)
167.94.138.41	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=41,US)
167.94.138.42	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=42,US)
167.94.138.43	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=43,US)
167.94.138.44	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=44,US)
167.94.138.57	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=57,US)
167.94.138.58	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=58,US)
167.94.138.59	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=59,US)
167.94.138.60	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=60,US)
167.94.138.71	32	KH	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=71,US)
167.94.145.60	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=60,US)
167.99.1.170	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:11	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire Report (IP=170,US)
167.99.10.168	32	BMP	None	2021-05-08 00:00:00	2022-03-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=168,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=168,US) | updated by RB Block expirati | updated by AR Block was inactive. Reactivated on 20210908 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT#21C01776 (IP=168,US) | updated by AR Block was inactive. Reactivated on 20211214 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=168,US)
167.99.11.157	32	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:43	SQL injection - Web Attacks (IP=157,US)
167.99.11.85	32	AR	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:15	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=85,US)
167.99.112.7	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:26	SQL injection - 6Hr Web Attacks (IP=7,US)
167.99.114.148	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:57	SQL injection - 6 hr Web Attacks (IP=148,US)
167.99.114.205	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:45	SQL injection - 6hr Web Attacks (IP=205,US)
167.99.114.43	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:12	WordPress Perfect Survey Plugin SQL Injection Vulnerability - 6Hr Web Attacks (IP=43,US)
167.99.114.6	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:39	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=6,US)
167.99.115.104	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:25	SQL injection - WebAttacks (IP=104,US)
167.99.115.152	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:52	SQL injection - Web Attacks (IP=152,US)
167.99.115.154	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=154,US)
167.99.115.35	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:18	HIVE Case #7535 TO-S-2022-0176 (IP=35,US)
167.99.116.29	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:35	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=29,US)
167.99.116.87	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:22	SQL injection - 6Hr Web Attacks (IP=87,US)
167.99.117.106	32	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:10	SQL injection - Web Attacks (IP=106,US)
167.99.117.153	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:06	SQL injection - WebAttacks (IP=153,US)
167.99.119.250	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:35	SQL injection - WebAttacks (IP=250,US)
167.99.119.253	32	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 13:54:43	SQL injection - WebAttacks (IP=253,US)
167.99.12.177	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:45	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - SourceFire (IP=177,US)
167.99.120.131	32	KH	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:29	File /etc/passwd Access Attempt Detect - FE CMS (IP=131,US)
167.99.122.140	32	AR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:53	POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (1:52561:2) - SourceFire (IP=140,US)
167.99.122.64	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:38	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - Sourcefire (IP=64,US)
167.99.123.149	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:42	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=149,US)
167.99.124.215	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:51	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=215,US)
167.99.124.218	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:07	SQL injection - 6Hr Web Attacks (IP=218,US)
167.99.125.103	32	TH	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:56	SQL injection - 6 Hr Web Report (IP=103,US)
167.99.125.95	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:48	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt ) - Source Fire (IP=95,US)
167.99.126.216	32	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:44	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=216,US)
167.99.129.164	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:33	SQL Injection - Web Attacks(IP=164,DE)
167.99.13.45	32	JP	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-22 13:55:00	Atlassian Confluence CVE-2022-26134 RCE - IPS Events (IP=45,US)
167.99.13.73	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
167.99.130.240	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:14	SQL injection - Web Attacks (IP=240,DE)
167.99.133.185	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:44	SQL injection - Web Attacks (IP=185,DE)
167.99.137.91	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:22	SQL injection - Web Attacks (IP=91,DE)
167.99.14.20	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=20,US)
167.99.14.42	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:07	HTTP: SQL Injection - Exploit - Web Attacks (IP=.42,US)
167.99.140.80	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:03	SQL injection - WebAttacks (IP=80,DE)
167.99.141.210	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:33	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=210,DE)
167.99.144.251	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:21	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Web Attacks (IP=251,US)
167.99.145.255	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:13	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=255,US)
167.99.145.67	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:45	SQL injection - Web Attacks (IP=67,US)
167.99.147.105	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:38:43	INDICATOR-OBFUSCATION select concat statement - possible sql injection - SourceFire Report (IP=105,US)
167.99.147.17	32	AR	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 13:55:05	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=17,US)
167.99.147.39	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:46	SQL injection - Web Attacks (IP=39,US)
167.99.151.122	32	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:26	SQL injection- Web Attacks (IP=122,US)
167.99.153.156	32	SW	None	2022-07-15 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:08	SQL injection - WebAttack (IP=156,US) | updated by RR Block expiration extended with reason POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=156,US)
167.99.153.57	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:59	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=57,US)
167.99.154.47	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:22	SQL injection - 6hr Web Attacks (IP=47,US)
167.99.156.97	32	RR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=97,US)
167.99.158.126	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:52	SQL injection - Web Attcks (IP=126,US)
167.99.159.106	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:07	SERVER-WEBAPP D-Link Routers command injection attempt (1:59072:1) - SourceFire Report (IP=106,US)
167.99.159.164	32	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:06	Possible Cross-site Scripting Attack IPS Events (IP=164,US)
167.99.159.8	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:43	SQL injection - WebAttacks (IP=8,US)
167.99.162.76	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=76,US)
167.99.164.171	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=171,US)
167.99.164.171	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=171,US)
167.99.164.173	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=173,US)
167.99.164.173	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=173,US)
167.99.164.196	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=196,US)
167.99.164.196	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=196,US)
167.99.164.201	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=201,US)
167.99.171.156	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:19	Infection Match (blocked)- FIREEYE Web(IP=156,US)
167.99.172.148	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=148,US)
167.99.172.213	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=213,US)
167.99.172.58	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=58,US)
167.99.172.79	32	AS	None	2021-12-16 00:00:00	2022-06-16 00:00:00	None	HIVE Case #6671 CTO 21-350 (IP=79,US)
167.99.176.75	24	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=75,CA)
167.99.177.183	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:06	SQL injection - 6Hr Web Attacks (IP=183,CA)
167.99.178.119	24	SW	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:44	SQL injection - WebAttacks (IP=119,CA)
167.99.179.13	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:07	SQL injection - WebAttacks (IP=13,CA)
167.99.180.244	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:53	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=244,CA)
167.99.182.11	32	JP	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:23	Multiple IPs Block - IR# 22C01923 (IP=11,CA)
167.99.182.127	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:45	SQL injection - Web Attacks (IP=127,CA)
167.99.183.65	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:45	SQL injection - WebAttacks (IP=65,CA)
167.99.184.219	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:28	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=219, CA)
167.99.185.252	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:04	HIVE Case #7668 CTO 22-146 (IP=252,CA)
167.99.186.4	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:48	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt- Sourcefire(IP=4,CA)
167.99.187.183	24	ZH	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:38:57	File /etc/passwd Access Attempt Detect - IPS Events (IP=183,CA)
167.99.188.76	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:17	SQL injection - 6HR WebAttacks (IP=76,CA)
167.99.189.103	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:53	SQL injection - 6HR Web Attacks (IP=103,CA)
167.99.190.228	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:34	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - SourceFire (IP=228,CA)
167.99.191.78	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:05:04	SQL injection - 6hr Web Attacks (IP=78,CA)
167.99.193.161	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=161,GB)
167.99.193.225	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=225,GB)
167.99.195.25	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=25,GB)
167.99.196.240	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:54	SQL injection - 6HR Web Attacks (IP=240,GB)
167.99.197.92	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:08	rConfig SQL Injection Vulnerability - 6 HR WebAttack (IP=92,GB)
167.99.198.155	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:48	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=155,GB)
167.99.199.68	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:34	SQL injection - Web Attacks (IP=68,GB)
167.99.200.176	24	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-05 00:07:03	SQL injection- Web Attacks (IP=176,GB)
167.99.201.105	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
167.99.202.9	24	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	Adobe ColdFusion Administrator Access Restriction- 6hr web attacks (IP=9,GB)
167.99.203.10	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:09	SQL injection - 6 HR WebAttack (IP=10,GB)
167.99.205.56	24	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:46	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=56,GB)
167.99.206.226	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:20	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) - Source Fire (IP=226,GB)
167.99.207.109	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:22	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=109,GB)
167.99.207.80	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=80,GB)
167.99.209.9	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:05	SQL injection - 6hr web attacks (IP=9,NL)
167.99.210.71	24	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:07	SQL injection - WebAttacks (IP=71,NL)
167.99.211.218	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:56	SQL injection - 6 HR WebAttack (IP=218,NL)
167.99.213.169	24	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:26	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=169,NL)
167.99.214.101	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:09	Case #6651 Exploit.Log4Shell.CVE-2021-44228 (IP=101,NL) | updated by DT Block expiration extended with reason SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=101,NL) SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=101,NL) | updated by TH Block was inactive. Reactivated on 20220428 with reason SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire Report (IP=101,NL) SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire Report (IP=101,NL)
167.99.214.101	24	KH	None	2022-01-24 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:09	Case #6651 Exploit.Log4Shell.CVE-2021-44228 (IP=101,NL) | updated by DT Block expiration extended with reason SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=101,NL) SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=101,NL) | updated by TH Block was inactive. Reactivated on 20220428 with reason SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire Report (IP=101,NL) SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire Report (IP=101,NL)
167.99.214.101	24	DT	None	2022-01-25 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:09	Case #6651 Exploit.Log4Shell.CVE-2021-44228 (IP=101,NL) | updated by DT Block expiration extended with reason SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=101,NL) SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=101,NL) | updated by TH Block was inactive. Reactivated on 20220428 with reason SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire Report (IP=101,NL) SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire Report (IP=101,NL)
167.99.215.60	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:49	SQL injection - 6Hr Web Attacks (IP=60,NL)
167.99.216.66	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:44	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=66,NL)
167.99.217.99	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:38	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (1:21072:8) - SourceFire (IP=99,NL)
167.99.218.111	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:22	Django SQL Injection Vulnerability - Web Attacks (IP=111,NL)
167.99.219.171	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:57	SQL injection - 6 HR WebAttack (IP=171,NL)
167.99.220.159	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:41	SQL injection - Web Attacks (IP=159,NL)
167.99.220.93	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:46	SQL injection - Web Attacks (IP=93,NL)
167.99.221.217	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=217,NL)
167.99.222.3	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:56:01	SQL injection - Web Attacks (IP=3,NL)
167.99.224.225	32	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:52	SQL injection - WebAttacks (IP=225,US)
167.99.225.119	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:44:58	SQL injection - Web Attacks (IP=119,US)
167.99.226.63	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:28	SERVER-WEBAPP Trend Micro Threat Discovery Appliance logoff.cgi directory traversal attempt (1:42336:2) - Sourcefire (IP=63,US)
167.99.227.19	32	RB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SQL injection - 6hr web attacks (IP=19,US)
167.99.228.180	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:36	SQL injection - Web Attacks (IP=180,US)
167.99.229.170	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:26	SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (1:41642:2) - SourceFire (IP=170,US)
167.99.229.222	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:39	SQL injection - Web Attacks (IP=222,US)
167.99.231.169	32	TH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-26 13:48:05	SQL injection - 6 Hr Web Report (IP=169,US)
167.99.233.0	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:47	SQL injection - Web Attacks (IP=0,US)
167.99.233.74	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:58	SQL injection - 6 hr Web Attacks (IP=74,US)
167.99.234.30	32	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:38	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (1:44472:3) - SourceFire (IP=30,US)
167.99.240.228	24	DT	None	2022-01-04 00:00:00	2022-04-05 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=228,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP generic SQL select statement possible sql injection - SourceFire (IP=228,DE) SERVER-WEBAPP generic SQL select statement possible sql injection - SourceFire (IP=228,DE)
167.99.240.228	24	RR	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=228,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP generic SQL select statement possible sql injection - SourceFire (IP=228,DE) SERVER-WEBAPP generic SQL select statement possible sql injection - SourceFire (IP=228,DE)
167.99.241.120	24	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:22	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=120,DE)
167.99.242.78	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:27	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=78,DE)
167.99.245.223	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:09	SQL generic sql insert injection attempt - POST parameter (1:15875:12) - SourceFire Report (IP=223,DE)
167.99.246.105	24	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:15:15	Phish.LIVE.DTI.URL Case # 7675(IP=105,DE)
167.99.248.195	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:48	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=195,DE)
167.99.250.149	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:14	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=149, DE)
167.99.251.135	32	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=135,US)
167.99.251.89	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:47:21	SQL injection - 6Hr Web Attacks (IP=89,DE)
167.99.252.68	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:52:03	PHP Upload attempt - FireEye NX (IP=68,DE)
167.99.253.177	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:09	DoctorAppointmentSystem SQLInjection Vulnerability- Web Attacks (IP=177,US)
167.99.3.171	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:34	SQL injection - WebAttacks (IP=171,US)
167.99.33.176	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:44	SQL injection - WebAttacks (IP=176,NL)
167.99.34.74	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:08	SQL injection - 6hr Web Attacks (IP=74,NL)
167.99.35.175	24	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:43	SQL injection - Web Attacks (IP=175,NL)
167.99.37.110	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:47	SQL injection - Web Attacks (IP=110,NL)
167.99.38.20	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:28	SQL injection - Web Attacks (IP=20,NL)
167.99.39.240	24	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 22:46:06	SQL injection - WebAttacks (IP=240,NL)
167.99.4.40	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:08	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=40,US)
167.99.40.124	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:26	SQL injection - Web Attacks (IP=124,NL)
167.99.41.183	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:30	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=183,NL)
167.99.41.54	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:06	SQL injection - Web Attacks (IP=54,NL)
167.99.42.185	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:23	SQL injection - Web Attacks (IP=185,NL)
167.99.43.118	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:46	SQL injection - Web Attacks (IP=118,NL)
167.99.44.32	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=32,NL)
167.99.46.221	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:18	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=221,NL)
167.99.47.145	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:48	SQL injection - Web Attacks (IP=145,NL)
167.99.48.84	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:21	SQL injection - 6 Hr Web Report (IP=84,US)
167.99.49.25	32	KD	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=25,US)
167.99.50.240	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:25	SQL injection - 6 Hr Web Report (IP=240,US)
167.99.50.62	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:09	SQL injection - 6Hr Web Attacks (IP=62,US)
167.99.51.62	32	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-13 22:55:47	SQL injection - WebAttacks (IP=62,US)
167.99.52.132	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:39	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7)- Sourcefire Rpt (IP=132,US)
167.99.53.120	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=120,US)
167.99.53.131	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:03	PHP File Inclusion Vulnerability - IR # 22C01188 (IP=131,US)
167.99.53.21	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:13	SQL injection - WebAttacks (IP=21,US)
167.99.54.13	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:20	SQL injection - 6 Hr Web Report (IP=13,US)
167.99.54.91	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:26	SQL injection - Web Attacks (IP=91,US)
167.99.56.228	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:08	SQL injection - Web Attacks (IP=228,US)
167.99.56.94	32	TH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-16 13:52:01	SQL injection - 6 Hr Web Report (IP=94,US)
167.99.57.11	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:25	HIVE Case #7767 TO-S-2022-0197 (IP=11,US)
167.99.57.141	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:39	SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (1:58834:1) - SourceFire (IP=141,US)
167.99.57.26	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:49	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - Sourcefire Rpt (IP=26,US)
167.99.58.125	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:03	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=125,US)
167.99.58.130	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:19	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=130,US)
167.99.59.9	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:27	SQL injection - Web Attacks (IP=9,US)
167.99.6.246	32	TH	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:14	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=246,US)
167.99.60.62	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:21	SQL injection - WebAttacks (IP=62,US)
167.99.62.49	32	KD	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt- SourceFire(IP=49,US)
167.99.63.116	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:57	SQL Injection- Web Attacks (IP=116,US)
167.99.63.148	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 13:55:10	SQL injection - Web Attacks (IP=148,US)
167.99.63.188	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:20	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=188,US)
167.99.63.88	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:34	SQL injection- 6 hour Web Attacks (IP=88,US)
167.99.64.241	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:26	SQL injection - 6Hr Web Attacks (IP=241,SG)
167.99.67.255	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:57	Artica Web Proxy SQL Injection Vulnerability - WebAttacks (IP=255,SG)
167.99.67.38	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:37	SQL injection - Web Attacks (IP=38,SG)
167.99.68.135	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:35	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=135,SG)
167.99.69.236	24	NAB	None	2022-01-20 00:00:00	2022-11-13 00:00:00	2022-08-15 13:56:57	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=236,SG) | updated by BMP Block was inactive. Reactivated on 20220815 with reason Exploit.Log4Shell.CVE-2021-44228 (IP=236,SG)
167.99.7.137	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:07	SQL injection - Web Attacks (IP=137,US)
167.99.7.98	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:35	SQL injection - Web Attacks (IP=98,US)
167.99.71.252	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 13:48:59	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=252,SG)
167.99.73.165	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
167.99.73.232	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:47	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire Report (IP=232,SG)
167.99.74.117	24	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 22:41:20	SQL injection - 6hr Web Attacks (IP=117,SG)
167.99.75.187	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:09	SQL injection - 6hr Web Attacks (IP=187,SG)
167.99.77.128	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:12	SQL injection - Web Attacks (IP=128,SG)
167.99.78.190	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:54	SQL injection - 6Hr Web Attacks (IP=190,SG)
167.99.8.100	32	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:36	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=100,US)
167.99.8.48	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:53	SQL injection - Web Attcks (IP=48,US)
167.99.80.182	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:04	SERVER-OTHER Supervisord remote code execution attempt - SourceFire (IP=182,GB)
167.99.81.237	24	RB	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-25 14:09:16	SQL injection - WebAttacks (IP=237,GB)
167.99.82.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
167.99.82.186	24	RR	None	2022-04-09 00:00:00	2022-07-09 00:00:00	2022-04-09 13:49:45	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=186,GB)
167.99.83.123	24	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:24	SQL injection - 6 Hr Web Report (IP=123,GB)
167.99.84.142	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:02	HTTP PHP File InclusionVulnerability- Web Attacks (IP=142,US)
167.99.84.185	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:34	SQL injection - WebAttacks (IP=185,GB)
167.99.84.40	24	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=40,GB)
167.99.84.40	24	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=40,GB) HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=40,GB)
167.99.86.185	24	BMP	None	2021-12-15 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 - kryptoslogic-cve-2021-44228.com (IP=185,GB)
167.99.87.62	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:40	SQL injection- 6hr Web Attacks (IP=62,GB)
167.99.88.81	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:53	SQL union select - possible sql injection attempt - GET parameter - Source Fire (IP=81,GB)
167.99.89.122	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:40	SQL injection- 6hr Web Attacks (IP=122,GB)
167.99.90.108	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=108,GB)
167.99.91.90	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:43	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=90,GB)
167.99.92.50	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:35	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=50,GB)
167.99.93.43	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:59	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=43,GB)
167.99.95.196	24	RR	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:49:02	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=196,GB)
168.1.206.86	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=86,AU)
168.1.206.90	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=90,AU)
168.1.216.11	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:25	HIVE Case #7904 CTO 22-189 (IP=11,AU)
168.1.216.66	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:04	HIVE Case #7696 CTO 22-152 (IP=66,AU)
168.1.216.8	32	TLM	None	2021-12-09 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:24	HIVE Case #6625 CTO 21-342 (IP=8,AU) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=8,AU)
168.1.42.234	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:56	HIVE Case #7380 CTO 22-099 (IP=234,AU)
168.1.42.238	32	TLM	None	2022-03-30 00:00:00	2022-09-30 00:00:00	2022-03-30 13:05:07	HIVE Case #7300 CTO 22-089 (IP=238,AU)
168.100.10.19	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:48:00	HIVE Case #7356 CTO 22-096 (IP=19,NL)
168.100.11.133	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=133,NL)
168.100.11.142	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:22	HIVE Case #8395 TO-S-2022-0233 (IP=142,NL)
168.100.11.72	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=72,NL) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=72,NL)
168.100.11.99	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=99,NL)
168.100.8.38	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:45	HIVE Case #7361 CTO 22-098 (IP=38,NL)
168.100.8.42	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:20	HIVE Case #8395 TO-S-2022-0233 (IP=42,NL)
168.100.9.140	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=140,NL)
168.119.152.28	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=28,DE)
168.119.2.96	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=96,DE)
168.119.228.72	32	TLM	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 22:29:43	HIVE Case #7139 TO-S-2022-0140 (IP=72,DE)
168.119.47.242	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=242,DE)
168.119.5.188	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
168.119.62.39	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:11	HIVE Case #7669 TO-S-2022-0187 (IP=39,DE)
168.119.83.181	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=181,DE)
168.121.184.2	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:50	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=2,UG)
168.121.49.115	32	RB	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00785 (IP=115,PE)
168.121.8.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.121.88.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.121.95.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
168.138.128.171	24	RS	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:52:57	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=171,BR)
168.138.137.235	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
168.138.178.231	24	AR	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 13:43:39	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=231,SG)
168.149.127.163	24	RR	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 13:48:14	SERVER-WEBAPP VMware vCenter Server file upload attempt - SourceFire (IP=163,SA)
168.156.9.172	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=172,US)
168.181.172.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.187.87.20	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:19	HIVE Case #7862 CTO 22-176 (IP=20,KW)
168.195.168.80	24	RR	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - SourceFire (IP=80,BR)
168.196.0.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
168.196.128.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.196.176.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.197.220.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
168.197.250.14	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=14,AR)
168.205.133.39	32	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00749 (IP=39,PE)
168.205.177.152	24	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:44	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=152,BR)
168.205.219.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
168.205.94.56	32	RT	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00342 (IP=56,AR)
168.227.116.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
168.228.220.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.228.228.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.232.165.225	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
168.232.188.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
168.232.84.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.232.87.91	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=91,BR)
168.235.69.123	32	RR	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	SQL injection - Web Attacks (IP=123,US)
168.235.85.18	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:49	SQL injection - 6 Hr Web Report (IP=18,US)
168.235.85.31	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=31,US)
168.235.86.31	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:19	HIVE Case #7458 CTO 22-113 (IP=31,US)
168.61.187.15	32	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:24	SIPVicious Security Scanner - IPS Events (IP=15,US)
168.61.51.194	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=194,US)
168.61.94.169	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:37	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=169,IE)
168.63.135.64	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:05	HIVE Case #7705 CTO 22-153 (IP=64,HK)
168.70.4.207	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:38	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=207,HK)
168.70.42.173	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:58	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=173,HK)
168.90.136.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.90.142.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
168.90.251.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
168.90.68.215	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:29	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=215,MX)
168.90.88.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
1684488034.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:20	HIVE Case #5940 TO-S-2021-1447
169.0.235.68	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
169.148.100.12	24	ZH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=12,SA)
169.148.125.165	24	RB	None	2022-01-08 00:00:00	2022-04-08 00:00:00	None	SQL injection - 6hr web attacks (IP=165,SA)
169.148.37.182	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt - SourceFire (IP=182,SA)
169.148.84.52	24	RB	None	2021-12-28 00:00:00	2022-03-29 00:00:00	None	Malicious IP (IP=52,SA) | updated by RB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=52,SA)
169.197.108.163	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
169.197.108.186	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
169.197.108.202	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
169.197.108.50	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
169.197.142.31	24	BB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - Sourcefire (IP=31,CA)
169.197.142.86	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:43	SIPVicious Security Scanner - IPS Events (IP=86,US)
169.197.142.98	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:42	SIPVicious Security Scanner - IPS Events (IP=98,US)
169.239.212.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CG TO-S-2021-1037 Hive Case 4785 Malware Activity
169.239.40.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CM TO-S-2021-1050 Hive Case 4821 Malware Activity
169.255.100.122	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=122,undefined)
169.255.100.152	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=152,undefined)
169.255.101.65	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=65,undefined)
169.255.102.240	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=240,undefined)
169.255.62.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
169.38.141.93	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=93,US)
169.38.65.12	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=12,IN)
169.38.68.188	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=188,IN)
169.38.70.104	32	JP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:10	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR #22C01786 (IP=104,US)
169.38.71.106	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:45	HIVE Case #7652 CTO 22-141 (IP=106,IN)
169.50.64.11	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:34	HIVE Case #7904 CTO 22-189 (IP=11,US)
169.50.64.13	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:35	HIVE Case #7904 CTO 22-189 (IP=13,US)
169.50.64.7	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:35	HIVE Case #7904 CTO 22-189 (IP=7,US)
169.50.64.8	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:36	HIVE Case #7904 CTO 22-189 (IP=8,US)
169.50.64.9	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:36	HIVE Case #7904 CTO 22-189 (IP=9,US)
169.51.62.114	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=114,undefined)
169.51.62.117	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=117,undefined)
169.51.62.118	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=118,undefined)
169.56.112.125	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=125,KR)
169.56.130.115	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=115,US)
169.56.130.119	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=119,US)
169.56.130.126	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:17	HIVE Case #6729 CTO 22-004 (IP=126,US) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=126,US)
169.56.141.3	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:21	HIVE Case #7227 CTO 22-076 (IP=3,US)
169.56.141.5	32	TLM	None	2022-04-26 00:00:00	2022-10-25 00:00:00	2022-04-27 18:49:26	HIVE Case #7465 CTO 22-116 (IP=5,US)
169.56.146.52	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:49	HIVE Case #7874 CTO 22-181 (IP=52,US)
169.56.146.59	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:13	HIVE Case #7696 CTO 22-152 (IP=59,US)
169.56.82.74	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:13	HIVE Case #7696 CTO 22-152 (IP=74,KR)
169.56.94.132	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:24	HIVE Case #7198 CTO 22-071 (IP=132,KR)
169.56.94.134	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=134,KR)
169.56.94.142	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:25	HIVE Case #7198 CTO 22-071 (IP=142,KR)
169.56.95.133	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:16	HIVE Case #7904 CTO 22-189 (IP=133,KR)
169.56.95.135	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:17	HIVE Case #7904 CTO 22-189 (IP=135,KR)
169.60.153.60	32	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:18	EXPLOIT-KIT Rig Exploit Kit redirection attempt (1:43217:1) - SourceFire (IP=60,US)
169.62.125.210	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=210,US)
169.62.125.222	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=222,US)
169.63.93.185	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=185,US)
1691721061.ujsd.normmavec.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:35	HIVE Case #6042 TO-S-2021-1484
170.0.105.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.0.24.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.0.68.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.0.8.0	23	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CO TO-S-2021-1092 Hive Case 4875 Malware Activity
170.10.160.75	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
170.10.164.86	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=86,US)
170.10.164.88	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=88,US)
170.10.164.91	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=91,US)
170.106.115.15	32	WR	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=15,US)
170.106.115.253	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:50	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=253,US)
170.106.115.39	32	WR	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=39,US)
170.106.115.55	32	WR	None	2022-02-22 00:00:00	2022-05-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=55,US)
170.106.163.181	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=181,US)
170.106.174.246	32	WR	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 14:45:03	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=246,US)
170.106.38.98	32	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=98,US)
170.106.8.142	32	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	Nmap Scanner Traffic Detected - IPS Events (IP=142,US)
170.130.28.39	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=39,US)
170.135.240.25	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:51	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=25,US)
170.150.154.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
170.150.237.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.160.100.10	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) SourceFire (IP=10,US)
170.160.36.10	32	SA	None	2022-06-06 00:00:00	2022-08-28 00:00:00	2022-06-06 22:55:52	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,US) | This site is used for All Chief of Operations in 16 Dams use this site to report and schedule outages INC0331366 by DT
170.178.168.203	32	NAB	None	2020-10-30 00:00:00	2022-11-28 00:00:00	2022-08-31 20:45:26	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=203,US) | updated by JKC Block was inactive. Reactivated on 20220830 with reason Case # 8219 - Internal USACE Document with Redirect US
170.187.153.125	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=125,US)
170.187.181.87	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:05	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=87,CA)
170.187.185.108	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:01	HIVE Case #7381 CTO 22-102 v2 (IP=108,DE)
170.210.45.163	24	BB	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=163,AR)
170.210.45.163	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:43	HIVE Case #7704 TO-S-2022-0190 (IP=163,AR)
170.231.236.42	24	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:56	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=42,PA)
170.233.216.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PY TO-S-2021-1117 DOS-DDOS Activity
170.233.4.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,BR)
170.233.68.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
170.233.71.169	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.233.96.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.238.137.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.238.180.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.238.216.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.238.66.50	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=50,AR)
170.239.18.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.239.220.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
170.244.16.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.246.204.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.249.129.138	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=138,US)
170.249.206.66	32	TLM	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-09 18:53:33	HIVE Case #8250 COLS-NA-TIP 22-0310 (IP=66,US)
170.253.50.253	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=253,ES)
170.254.224.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.78.135.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.78.244.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.79.112.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.80.20.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
170.80.40.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
170.81.108.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
170.81.144.22	32	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:41	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01490 (IP=22,VE)
170.82.148.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.82.204.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
170.84.28.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
170.84.57.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
17050412.ujsd.setmakersl.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:35	HIVE Case #6042 TO-S-2021-1484
171.100.18.215	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
171.100.30.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
171.103.163.250	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=250,TH)
171.125.34.26	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:52	SIPVicious Security Scanner - IPS Events (IP=26,CN)
171.22.30.130	24	AR	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:47	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=130,BG)
171.22.76.50	32	AS	None	2022-03-16 00:00:00	2022-09-16 00:00:00	2022-03-16 13:10:10	HIVE Case #7207 TO-S-2022-0149 (IP=50,US)
171.223.209.166	24	SW	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=166,CN)
171.224.188.120	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=120,VN)
171.225.38.250	32	RR	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 14:56:21	Attempted Access -SSH Inbound Brute Force - TT# 22C00968 (IP=250,VN)
171.244.15.53	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:41	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01522(IP=53,VN)
171.244.27.200	24	RT	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attacks (IP=200,VN)
171.25.193.20	32	DT	None	2021-03-14 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00695 (IP=20,AU) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=20,SE) HIVE Case #6652 CTO 21-345 F1 (IP=20,SE)
171.25.193.20	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00695 (IP=20,AU) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=20,SE) HIVE Case #6652 CTO 21-345 F1 (IP=20,SE)
171.25.193.235	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=235,SE)
171.25.193.25	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:36	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00583 (IP=25,SE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=25,SE) HIVE Case #6652 CTO 21-345 F1 (IP=25,SE) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=25,SE) HIVE Case #7894 CTO 22-187 (IP=25,SE)
171.25.193.25	32	RR	None	2021-03-09 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:36	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00583 (IP=25,SE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=25,SE) HIVE Case #6652 CTO 21-345 F1 (IP=25,SE) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=25,SE) HIVE Case #7894 CTO 22-187 (IP=25,SE)
171.25.193.25	32	TLM	None	2021-12-13 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:36	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00583 (IP=25,SE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=25,SE) HIVE Case #6652 CTO 21-345 F1 (IP=25,SE) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=25,SE) HIVE Case #7894 CTO 22-187 (IP=25,SE)
171.25.193.77	32	GM	None	2021-03-09 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00608 (IP=77,AU) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=77,SE) HIVE Case #6652 CTO 21-345 F1 (IP=77,SE)
171.25.193.77	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00608 (IP=77,AU) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=77,SE) HIVE Case #6652 CTO 21-345 F1 (IP=77,SE)
171.25.193.78	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:36	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=78,SE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=78,SE) HIVE Case #6652 CTO 21-345 F1 (IP=78,SE) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=78,SE) HIVE Case #7894 CTO 22-187 (IP=78,SE)
171.25.193.78	32	DT	None	2021-03-14 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:36	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=78,SE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=78,SE) HIVE Case #6652 CTO 21-345 F1 (IP=78,SE) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=78,SE) HIVE Case #7894 CTO 22-187 (IP=78,SE)
171.25.193.78	32	TLM	None	2021-12-13 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:36	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=78,SE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=78,SE) HIVE Case #6652 CTO 21-345 F1 (IP=78,SE) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=78,SE) HIVE Case #7894 CTO 22-187 (IP=78,SE)
171.25.198.21	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
171.250.162.70	24	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:13	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=70,VN)
171.250.162.70	24	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:40:45	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=70,VN)
171.250.162.70	24	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 15:26:03	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=70,VN)
171.250.165.22	24	AR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:4) - SourceFire (IP=22,VN)
171.33.235.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
171.33.238.172	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
171.5.213.70	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
171.7.65.251	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
171.8.203.91	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:18	HIVE Case #7894 CTO 22-187 (IP=91,CN)
171.80.234.122	24	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:42	SIPVicious Security Scanner - IPS Events (IP=122,CN)
171.81.125.187	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:52	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=187,CH)
171.97.100.81	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
1710atualtarradial.com	---	TLM	None	2021-09-14 00:00:00	2022-09-14 00:00:00	2023-01-19 23:02:19	HIVE Case #6164 TO-S-2021-1528
172.104.109.12	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=12,JP)
172.104.109.21	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6643 TO-S-2022-0073 (IP=21,JP)
172.104.110.20	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=20,JP)
172.104.116.210	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:42	HIVE Case #7458 CTO 22-113 (IP=210,JP)
172.104.13.152	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:05	SQL injection - WebAttacks (IP=152,US)
172.104.13.210	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:04	SQL injection - WebAttacks (IP=210,US)
172.104.13.51	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:04	SQL injection - WebAttacks (IP=51,US)
172.104.13.83	32	TC	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:56	Webshell.Binary.php.FEC2 - FE NX (IP=83,US)
172.104.13.96	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:03	SQL injection - WebAttacks (IP=96,US)
172.104.130.110	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
172.104.140.107	24	RR	None	2022-04-13 00:00:00	2022-07-13 00:00:00	2022-04-13 13:46:20	Spring Core CVE-2022-22965 Spring4Shell Remote Code Execution Vulnerability (IP=107,DE)
172.104.15.146	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:40	HIVE Case #7676 CTO 22-147 (IP=146,US)
172.104.15.181	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:42	HIVE Case #7676 CTO 22-147 (IP=181,US)
172.104.15.57	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:41	HIVE Case #7676 CTO 22-147 (IP=57,US)
172.104.152.7	24	GM	None	2020-12-19 00:00:00	2022-03-16 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=7,DE) | updated by BMP Block was inactive. Reactivated on 20210514 with reason SQL injection - 6hr Web Attacks (IP=7,DE) | updated by ZH Block expiration extended with reason HTTP: SQL Injection | updated by NAB Block was inactive. Reactivated on 20211216 with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=7,DE)
172.104.159.48	24	WR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:49	Exploit.CVE-2022-22963 - FE CMS (IP=48,DE)
172.104.161.141	24	RT	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 (IP=141,SG)
172.104.164.197	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:27	HIVE Case #7495 CTO 22-120 (IP=197,SG)
172.104.169.117	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=117,SG)
172.104.179.117	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:59	HIVE Case #7904 CTO 22-189 (IP=117,SG)
172.104.184.100	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 22:36:49	FTP Login Failed- 6 hour failed Login(IP=100,SG)
172.104.189.197	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:43	HIVE Case #7458 CTO 22-113 (IP=197,SG)
172.104.198.233	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=233,US)
172.104.206.48	24	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:34	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=48,IN)
172.104.208.229	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:25	HTTP: PHP File Inclusion Vulnerability - IR#: 22C01886(IP=229,US)
172.104.208.75	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:27	HTTP: PHP File Inclusion Vulnerability - IR# 22C01888(IP=75,US)
172.104.211.156	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:05	SQL injection - WebAttacks (IP=156,US)
172.104.248.192	24	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 192, DE)
172.104.251.154	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:19	HIVE Case #7535 TO-S-2022-0176 (IP=154,DE)
172.104.31.117	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:21	HIVE Case #7767 TO-S-2022-0197 (IP=117,US)
172.104.40.165	32	AR	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:18	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01501 (IP=165,US)
172.104.41.240	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SG TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
172.104.44.165	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=165,SG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=165,SG)
172.104.50.245	24	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:46	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=245,SG)
172.104.64.123	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication - TT# 22C00045 (IP=123,US)
172.104.7.246	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=246,US)
172.104.78.219	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:46	HIVE Case #7416 CTO 22-106 (IP=219,JP)
172.104.8.166	32	KD	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SQL injection - Web Attacks (IP=166,US)
172.104.93.43	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	Nmap Scanner Traffic Detected - IPS Events (IP=43,JP)
172.105.102.247	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:54	HIVE Case #7904 CTO 22-189 (IP=247,CA)
172.105.114.27	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:14	HIVE Case #8328 TO-S-2022-0230 (IP=27,SG)
172.105.124.177	24	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:21	SQL injection - Web Attacks (IP=177,SG)
172.105.147.109	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:07	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.147.124	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:04	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.147.131	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:58	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=131,US)
172.105.147.144	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:54	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=144,US)
172.105.147.165	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:08	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.147.175	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:00	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=175,US)
172.105.147.178	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:07	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.147.186	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:03	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=186,US)
172.105.147.203	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:02	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=203,US)
172.105.147.204	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:06	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.147.209	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:00	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=209,US)
172.105.147.213	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:02	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=213,US)
172.105.147.214	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:57	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=214,US)
172.105.147.234	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:59	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=234,US)
172.105.147.240	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:04	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=240,US)
172.105.147.247	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:01	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=247,US)
172.105.147.251	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:57	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=251,US)
172.105.147.34	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:53	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=34,US)
172.105.147.39	32	GM	None	2020-09-15 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:05	Unauthorized Access-Probe: UDP Host Sweep - TT# 20C03911 (IP=39,US) | updated by SA Block was inactive. Reactivated on 20220525 with reason SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US) SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.147.39	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:05	Unauthorized Access-Probe: UDP Host Sweep - TT# 20C03911 (IP=39,US) | updated by SA Block was inactive. Reactivated on 20220525 with reason SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US) SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.147.40	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:55	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=40,US)
172.105.147.46	32	CR	None	2021-05-13 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:56	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=46,US) | updated by SA Block was inactive. Reactivated on 20220525 with reason SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=46,US) SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=46,US)
172.105.147.46	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:56	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=46,US) | updated by SA Block was inactive. Reactivated on 20220525 with reason SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=46,US) SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=46,US)
172.105.147.49	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:58	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=49,US)
172.105.147.66	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:06	SSLv2 Client Hello Request Detected - FE IPS Alerts (IP=121,US)
172.105.151.146	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=146,US)
172.105.156.28	32	AS	None	2021-12-16 00:00:00	2022-06-16 00:00:00	None	HIVE Case #6671 CTO 21-350 (IP=28,US)
172.105.173.201	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=201,AU)
172.105.178.119	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=119,AU)
172.105.189.138	24	BB	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt - Sourcefire (IP=138,AU)
172.105.190.57	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=57,AU)
172.105.197.214	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:50	HIVE Case #7380 CTO 22-099 (IP=214,JP)
172.105.228.71	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=71,JP)
172.105.229.30	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:20	HIVE Case #7862 CTO 22-176 (IP=30,JP)
172.105.23.140	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=140,CA)
172.105.252.9	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:54	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=9,IN)
172.105.27.133	24	SW	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-28 16:36:36	Suspicious Telerik UI Request - IPS Events (IP=133,CA)
172.105.27.36	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:00	HIVE Case #7881 CTO 22-182 (IP=36,CA)
172.105.42.30	24	ZH	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - Sourcefire Rpt (IP=30,IN)
172.105.48.33	24	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=33,IN)
172.105.59.163	24	ZH	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=163,IN)
172.105.62.45	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=45,IN)
172.105.69.5	24	TH	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	Masscan TCP Port Scanner- IPS Events (IP=5,DE)
172.105.70.225	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	DE TO-S-2021-1143 Malicious Email Activity
172.105.8.137	24	SW	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-31 17:30:56	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=137,CA)
172.105.82.113	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	Nmap Scanner Traffic Detected - IPS Events (IP=113,DE)
172.105.87.91	24	RB	None	2022-01-24 00:00:00	2022-04-24 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=101,DE)
172.106.134.201	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=201,US)
172.107.201.134	24	TH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	HTTP: SQL Injection - Exploit II - 6 Hr Web Report (IP=134,JP)
172.107.231.236	32	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=236,US)
172.111.133.112	32	ZH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:15	ColdFusion Error reporting / Self Report IR# 22C01622 (IP=112,US)
172.111.133.35	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:36	SQL injection - 6hr Web Attacks (IP=35,US)
172.111.133.52	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:36	SQL injection - 6hr Web Attacks (IP=52,US)
172.111.133.59	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:30:38	Self Report / ColdFusion Error Reporting - IR#22C1602 (IP=59,TX)
172.111.133.93	32	TH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-09 13:27:15	SQL injection - 6 Hr Web Report (IP=93,US)
172.111.144.26	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=26,DE)
172.111.144.88	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:57	HIVE Case #7731 CTO 22-158 (IP=88,DE)
172.111.151.218	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=218,US)
172.111.151.58	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=58,US)
172.111.151.8	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=8,US)
172.111.153.207	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 19:45:38	HIVE Case #7902 COLS-NA TIP 22-0238 (IP=207,GB)
172.111.36.142	24	NAB	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=142,CA)
172.113.149.238	32	SW	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire (IP=238, US)
172.114.191.55	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:18	HIVE Case #7894 CTO 22-187 (IP=55,US)
172.115.107.11	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:29	ColdFusion Error reporting - IR# 22C01134 (IP=11,US)
172.125.124.159	32	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:42	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Report (IP=159,US)
172.241.27.113	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=113,US)
172.241.27.120	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=120,US)
172.241.27.125	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=125,US)
172.241.27.145	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=145,US)
172.241.27.146	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:11	HIVE Case #7669 TO-S-2022-0187 (IP=146,US)
172.241.27.18	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=18,US)
172.241.27.209	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:11	HIVE Case #8328 TO-S-2022-0230 (IP=209,US)
172.241.27.214	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=214,US)
172.241.27.22	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=22,US)
172.241.27.230	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=230,US)
172.241.27.233	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=233,US)
172.241.27.27	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=27,US)
172.241.27.37	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=37,US)
172.241.27.46	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=46,US)
172.241.27.57	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=57,US)
172.241.27.65	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=65,US)
172.241.27.70	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=70,US)
172.241.29.110	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=110,US)
172.241.29.136	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=136,US)
172.241.29.169	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:12	HIVE Case #7669 TO-S-2022-0187 (IP=169,US)
172.241.29.47	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=47,US)
172.245.110.153	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=153,US)
172.245.119.43	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=43,US)
172.245.177.28	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=28,US)
172.245.6.134	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=134,US)
172.245.7.175	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
172.245.8.158	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
172.245.81.111	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
172.246.109.27	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:19	HIVE Case #7816 TO-S-2022-0202 (IP=27,US)
172.246.40.114	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:19	HIVE Case #7816 TO-S-2022-0202 (IP=114,US)
172.247.225.246	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:04	HIVE Case #7104 TO-S-2022-0138 (IP=246,US)
172.247.38.230	32	RB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:16	RTO 2022-752.0/Pulse 141423.22/PHP file - IR#22C01240 (IP=230,US)
172.61.192.102	32	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6198 TO-S-2021-1556 (IP=102,US)
172.64.144.133	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:01	26332 HTTP JavaScript createImageBitmap Method - IR# 22C01662 (IP=133,US)
172.64.155.188	32	AS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 20:19:22	HIVE Case #7930 TO-S-2022-0209 (IP=188,US)
172.64.80.180	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:37	HIVE Case #7813 CTO 22-173 (IP=180,US)
172.65.39.88	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:38	HIVE Case #7769 CTO 22-165 (IP=88,US)
172.67.131.217	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:22	HIVE Case #7199 CTO 22-074 (IP=217,US)
172.67.133.61	32	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=61,US)
172.67.135.126	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=126,US)
172.67.137.234	32	RR	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:44	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - SourceFire (IP=234,US)
172.67.138.55	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=55,US)
172.67.146.55	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6806 CTO 22-013 (IP=55,US)
172.67.151.5	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=5,US)
172.67.156.203	32	srm	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 13:49:02	HIVE Case #NA FP Security (IP=203,US)
172.67.159.40	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6984 (IP=40,US)
172.67.167.207	32	SW	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 13:43:38	Case # 7559 (IP=207,US)
172.67.168.123	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 19:15:22	HIVE Case #7897 TO-S-2022-0205 (IP=123,US)
172.67.170.10	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:17	HIVE Case #8395 TO-S-2022-0233 (IP=10,US)
172.67.173.160	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=160,US)
172.67.177.141	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=141,US)
172.67.180.75	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6513 CTO 21-309 (IP=75,US)
172.67.189.133	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=133,US)
172.67.189.23	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=23,US)
172.67.191.134	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:54	HIVE Case #7381 CTO 22-102 v2 (IP=134,US)
172.67.196.119	32	RS	None	2022-11-03 00:00:00	2022-02-01 00:00:00	2022-12-14 22:51:22	Malicious Domain - Hive Case # 8531
172.67.198.172	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:39	HIVE Case #7673 TO-S-2022-0189 (IP=172,US)
172.67.202.147	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
172.67.211.159	32	TLM	None	2021-12-06 00:00:00	2022-06-06 00:00:00	None	HIVE Case #6612 CTO 21-336 (IP=159,US)
172.67.211.205	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=205,US)
172.67.214.241	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6037 CTO 21-226 (IP=241,US)
172.67.214.78	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:17	HIVE Case #8395 TO-S-2022-0233 (IP=78,US)
172.67.215.75	32	TLM	None	2022-05-06 00:00:00	2022-11-05 00:00:00	2022-05-06 18:07:10	HIVE Case #7533 CTO 22-126 (IP=75,US)
172.67.218.221	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:13:03	HIVE Case #8259 TO-S-2022-0228 (IP=221,US)
172.67.221.66	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:36:56	HIVE Case #7449 CTO 22-112 (IP=66,US)
172.67.71.25	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:00	HIVE Case #7820 CTO 22-174 (IP=25,US)
172.67.75.96	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (1:3088:11) - Sourcefire Report (IP=96,US)
172.69.182.169	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6626 CTO 21-343 (IP=169,TR)
172.70.142.230	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=230,SG)
172.70.142.62	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=62,SG)
172.70.242.14	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:47	HIVE Case #7898 CTO 22-188 (IP=14,DE)
172.81.116.159	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
172.81.116.160	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
172.81.116.51	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
172.81.118.1	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=1,US)
172.81.118.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
172.81.118.57	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=57,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=57,US)
172.81.119.78	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
172.81.129.138	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:29	APP-DETECT Oracle Java debug wire protocol remote debugging attempt (1:31302:5) - Sourcefire (IP=138,US)
172.81.179.68	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
172.81.41.196	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:05	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=196,US)
172.81.62.82	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:54	HIVE Case #7904 CTO 22-189 (IP=82,US)
172.82.148.202	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=202,US)
172.82.179.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
172.83.156.211	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:19	HIVE Case #7894 CTO 22-187 (IP=211,US)
172.84.101.97	32	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:40:36	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638)-TT# 22C01014 (IP=97,US)
172.84.132.151	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=151,US)
172.86.126.96	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=96,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=96,US)
172.86.127.224	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:58	HIVE Case #7271 CTO 22-083 (IP=224,US)
172.86.75.128	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=128,NL)
172.86.75.161	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=161,NL)
172.86.75.174	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:37	HIVE Case #7769 CTO 22-165 (IP=174,NL)
172.86.75.239	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=239,NL)
172.86.75.33	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=33,NL)
172.87.25.7	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6173 CTO 21-251 (IP=7,US)
172.87.9.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
172.90.190.49	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:28	HIVE Case #7705 CTO 22-153 (IP=49,US)
172.92.201.99	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=99,US)
172.93.100.122	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=122,US)
172.93.100.155	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=155,US)
172.93.101.35	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=35,US)
172.93.102.117	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=117,US)
172.93.102.164	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=164,US)
172.93.102.19	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=19,US)
172.93.102.50	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=50,US)
172.93.103.175	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=175,US)
172.93.105.2	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=2,US)
172.93.109.18	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=18,US)
172.93.109.82	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=82,US)
172.93.110.138	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=138,US)
172.93.110.218	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=218,US)
172.93.120.163	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
172.93.120.18	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=18,US)
172.93.121.8	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=8,US)
172.93.165.208	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:40	HIVE Case #7769 CTO 22-165 (IP=208,HK)
172.93.201.123	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6411 CTO 21-294 (IP=123,US)
172.93.201.138	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=138,US)
172.93.201.14	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=14,US)
172.93.201.193	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=193,US)
172.93.201.197	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=197,US)
172.93.201.239	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=239,US)
172.93.201.252	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=252,US)
172.93.201.32	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=32,US)
172.93.201.38	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=38,US)
172.93.201.45	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=45,US)
172.93.201.61	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=61,US)
172.93.201.63	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=63,US)
172.93.201.67	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6599 CTO 21-335 (IP=67,US)
172.93.201.88	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:22	HIVE Case #7115 CTO 22-060 (IP=88,US)
172.93.222.130	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=130,US)
172.93.96.194	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=194,US)
172.93.99.178	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
172.94.41.87	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=87,US)
172.94.78.140	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=140,NL)
172.94.89.112	32	wmp	None	2022-05-05 00:00:00	2022-08-05 00:00:00	2022-05-05 22:44:32	HIVE Case #7509 IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=112,US)
172.96.12.178	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:47	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=178,US)
172.96.143.178	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=178,US)
172.96.143.50	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=50,US)
172.96.160.178	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=178,US)
172.96.160.218	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=218,US)
172.96.160.48	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=48,US)
172.96.161.210	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
172.96.172.218	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=218,US)
172.96.179.189	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CA TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
172.96.190.183	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:19	HIVE Case #7894 CTO 22-187 (IP=183,SG)
172.96.231.69	32	EE	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	HIVE Case #6451 IOC_FontOnLake (IP=69,US)
172.97.71.133	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=133,US)
172.97.71.156	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=156,US)
172.98.141.57	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:20	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=57,US)
172.98.192.126	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=126,US)
172.98.201.154	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=154,US)
172.98.201.38	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=38,US)
172.98.202.94	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=94,US)
172.98.71.184	24	ZH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=184,CA)
172.99.188.246	24	JP	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-04 22:59:39	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58743:6) - SourceFire (IP=246,NL)
172.99.190.49	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:09	HIVE Case #7705 CTO 22-153 (IP=49,GB)
173.11.166.225	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=225,US)
173.11.196.29	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=29,US)
173.178.159.97	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
173.194.142.140	32	ZH	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Rpt (IP=140,US)
173.194.144.200	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:04	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Rpt (IP=200,US)
173.194.144.200	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:29	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Rpt (IP=200,US)
173.201.186.129	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
173.201.186.32	32	DT	None	2022-02-22 00:00:00	2022-05-22 00:00:00	None	Hive Case #6981 (IP=32,US)
173.201.189.49	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
173.203.78.138	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:19	HIVE Case #7535 TO-S-2022-0176 (IP=138,US)
173.205.92.86	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:09	SIPVicious Security Scanner - IPS Events (IP=86,US)
173.208.187.66	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=66,US)
173.208.198.2	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	SERVER-WEBAPP backup access (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US)
173.208.198.2	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	SERVER-WEBAPP backup access (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US)
173.208.198.2	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	SERVER-WEBAPP backup access (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US)
173.208.198.2	32	RR	None	2017-01-09 06:00:00	2022-02-10 00:00:00	None	SERVER-WEBAPP backup access (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=2,US) HIVE Case #5969 TO-S-2021-1289 (IP=2,US)
173.208.235.235	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.21.10.71	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:46	HIVE Case #7199 CTO 22-074 (IP=71,US)
173.21.10.71	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:46	HIVE Case #7199 CTO 22-074 (IP=71,US)
173.212.192.14	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.212.193.243	24	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:02	SIPVicious Security Scanner - FE IPS (IP=243,DE)
173.212.200.13	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.204.184	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.204.194	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.205.58	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.212.208.172	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.209.119	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.209.234	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.214.68	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.215.164	24	RT	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00344 (IP=164,DE)
173.212.216.48	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:57	SIPVicious Security Scanner - IPS Events(IP=48,DE)
173.212.217.235	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
173.212.226.7	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.229.216	32	dbc	None	2021-01-20 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:44	DE TO-S-2021-1037 Hive Case 4785 Malware Activity | updated by TLM Block was inactive. Reactivated on 20220602 with reason HIVE Case #7704 TO-S-2022-0190 (IP=216,DE) HIVE Case #7704 TO-S-2022-0190 (IP=216,DE)
173.212.229.216	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:44	DE TO-S-2021-1037 Hive Case 4785 Malware Activity | updated by TLM Block was inactive. Reactivated on 20220602 with reason HIVE Case #7704 TO-S-2022-0190 (IP=216,DE) HIVE Case #7704 TO-S-2022-0190 (IP=216,DE)
173.212.229.76	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=76,DE)
173.212.233.116	24	RR	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 18:08:56	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=116,DE)
173.212.233.116	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:08:59	FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt - SourceFire (IP=116,DE)
173.212.233.69	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.233.69	32	RW	None	2019-11-05 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent / 28744: HTTP: MASSCAN Tool Usage - TT# 20C00857 (IP=69,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.236.217	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:56	SIPVicious Security Scanner - FE CMS IPS Events (IP=217,DE)
173.212.236.217	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:55:02	SIPVicious Security Scanner - FE CMS IPS Events (IP=217,DE)
173.212.240.178	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=178,DE)
173.212.245.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.245.135	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:50	HIVE Case #7898 CTO 22-188 (IP=135,DE)
173.212.246.14	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.246.14	32	RW	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	28744: HTTP: MASSCAN Tool Usage - TT# 20C00894 (IP=14,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.212.246.178	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-02 12:29:07	HIVE Case #7494 CTO 22-119 (IP=178,DE)
173.212.250.114	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:34	HIVE Case #7894 CTO 22-187 (IP=114,DE)
173.212.252.245	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.214.169.117	32	KD	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	Signature: HTTP: Apache Struts2 XML Deserialization Remote Code Execution- TT# 22C00709 (IP=117,US)
173.214.169.25	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=25,US)
173.214.174.38	32	DT	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=38,US)
173.215.113.113	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.215.113.141	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.215.113.162	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.215.43.141	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.225.100.241	32	WR	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=241,US)
173.225.107.125	32	AR	None	2021-11-23 00:00:00	2022-05-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=125,US) | updated by DT Block was inactive. Reactivated on 20220222 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=125,US) SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=125,US)
173.225.107.125	32	DT	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=125,US) | updated by DT Block was inactive. Reactivated on 20220222 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=125,US) SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=125,US)
173.225.206.114	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=114,US)
173.226.254.37	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=37,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=37,US) HIVE Case #5968 TO-S-2021-1276 (IP=37,US)
173.226.254.37	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=37,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=37,US) HIVE Case #5968 TO-S-2021-1276 (IP=37,US)
173.230.156.143	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=143,US)
173.230.157.88	32	srm	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	HIVE Case #NA FP Security (IP=88,US)
173.231.189.15	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:32	HIVE Case #7404 CTO 22-105 (IP=15,US)
173.231.192.41	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.231.192.41	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.231.197.134	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.231.197.134	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.231.197.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
173.231.199.92	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
173.231.206.173	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=173,US)
173.231.215.117	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.231.221.252	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=252,US)
173.231.222.245	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
173.231.245.32	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=32,US)
173.232.146.125	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=125,US)
173.234.27.219	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.236.113.146	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.236.113.146	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.236.144.188	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
173.236.158.152	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
173.236.158.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.236.16.182	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=182,NL)
173.236.177.190	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
173.236.184.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.236.186.125	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
173.236.189.75	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
173.236.190.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
173.236.227.130	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:40	HIVE Case #7673 TO-S-2022-0189 (IP=130,US)
173.236.240.88	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
173.237.215.114	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=114,CA)
173.239.197.201	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:25	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58724:5) - SourceFire (IP=201, US)
173.239.197.208	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:26	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=208, US)
173.239.197.215	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:26	SERVER-WEBAPP LG N1A1 NAS command injection attempt (1:59809:1) - SourceFire (IP=215, US)
173.239.198.46	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:12	HIVE Case #7237 CTO 22-077 (IP=46,US)
173.239.240.25	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
173.240.91.40	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.241.113.210	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=210,US)
173.243.64.2	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:53	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=2,US)
173.245.209.178	24	ZH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=178,AU)
173.245.209.178	24	ZH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=178,AU)
173.246.36.121	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.247.240.5	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=5,US)
173.247.246.201	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.247.246.201	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.248.138.170	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.249.1.197	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.12.113	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.14.178	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.249.14.178	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
173.249.144.98	32	srm	None	2022-03-16 00:00:00	2022-06-14 00:00:00	2022-03-16 13:45:44	HIVE Case #NA FP Security (IP=98,US)
173.249.15.152	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-26 22:35:48	HIVE Case #8170 COLS-NA TIP 22-0284 (IP=152,DE)
173.249.16.234	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.19.100	24	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- TT# 22C00309 (IP=100,DE)
173.249.2.122	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.2.130	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.21.119	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.24.31	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.26.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,DE)
173.249.28.191	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.30.59	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.31.123	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.33.187	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.35.204	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=204,DE)
173.249.36.111	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.41.105	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.43.72	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=72,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=72,DE) HIVE Case #5969 TO-S-2021-1289 (IP=72,DE)
173.249.43.72	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=72,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=72,DE) HIVE Case #5969 TO-S-2021-1289 (IP=72,DE)
173.249.43.72	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=72,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=72,DE) HIVE Case #5969 TO-S-2021-1289 (IP=72,DE)
173.249.47.56	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.49.151	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.5.253	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:44	SIPVicious Security Scanner - IPS Events(IP=253,DE)
173.249.51.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.51.143	32	RR	None	2019-11-28 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent / 28744: HTTP: MASSCAN Tool Usage - TT #20C01072 (IP=143,DE) | updated by dbc Block was inactive. Reactivated on 20210120 with reason DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.53.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.55.131	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-08-02 21:00:35	HIVE Case #7281 COLS-NA TIP 22-0103 (IP=131,DE)
173.249.57.253	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=253,DE)
173.249.6.245	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.6.245	32	RW	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	28744: HTTP: MASSCAN Tool Usage - TT# 28744 (IP=245,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.249.60.146	24	RB	None	2022-07-31 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:07	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=146,DE) | updated by RB Block expiration extended with reason POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=146, DE) POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=146, DE)
173.249.60.146	24	RB	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:07	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=146,DE) | updated by RB Block expiration extended with reason POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=146, DE) POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=146, DE)
173.249.60.176	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
173.254.126.118	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=118,US)
173.254.235.9	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=9,US)
173.254.28.231	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=231,US)
173.254.29.134	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
173.254.31.14	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
173.254.56.14	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
173.255.200.99	32	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:42:58	SQL injection - Web Attacks (IP=99,US)
173.255.227.235	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:43	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01528(IP=235,US)
173.255.229.95	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:24	SQL injection - Web Attacks (IP=95,US)
173.44.43.153	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:38	Self Report / ColdFusion - IR# 22C01565 (IP=153,US)
173.47.252.241	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
173.53.37.229	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:06	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=229,US)
173.56.209.95	32	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:14	Shenzhen TVT DVR Remote Code Execution Vulnerability - FE CMS IPS Events (IP=95,US)
173.76.16.169	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	CSCOacs_Failed_Attempts - Failed logons (IP=169,US)
173.79.68.114	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:27	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=114,US)
173.82.134.111	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:24	HIVE Case #7881 CTO 22-182 (IP=111,US)
173.82.168.200	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=200,US)
173.82.169.146	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=146,US)
173.82.173.139	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
173.82.173.40	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=40,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=40,US) HIVE Case #5968 TO-S-2021-1276 (IP=40,US)
173.82.173.40	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=40,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=40,US) HIVE Case #5968 TO-S-2021-1276 (IP=40,US)
173.82.182.110	32	SW	None	2022-02-04 00:00:00	2022-05-05 00:00:00	None	Masscan TCP Port Scanner - IPS Events(IP=110,US)
173.82.227.249	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=249,US)
173.82.243.199	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=199,US)
173.82.57.207	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=207,US)
173.82.57.212	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
173.82.57.247	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=247,US)
174.128.239.226	32	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:56	SIPVicious Security Scanner - IPS Events (IP=226,US)
174.129.105.190	32	DT	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=190,US)
174.129.107.211	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:58	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=211,US)
174.129.118.117	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:30	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=117,US)
174.129.121.108	32	RW	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=108,US)
174.129.142.223	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:30	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=223,US)
174.129.153.127	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=127,US)
174.129.157.251	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:55	HIVE Case #7904 CTO 22-189 (IP=251,US)
174.135.146.66	32	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=66,US)
174.136.25.206	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
174.136.29.66	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=66,US)
174.138.1.193	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:47	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=193,NL)
174.138.11.166	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:24	SQL injection - Web Attacks (IP=166,NL)
174.138.11.59	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:39	HIVE Case #7227 CTO 22-076 (IP=59,NL)
174.138.13.58	32	RS	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:34	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=58,NL)
174.138.15.150	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:58	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=150,NL)
174.138.15.219	32	JP	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 22:50:41	DT Attempts/Hunt Team Submission - IR# 22C01903 (IP=219,NL)
174.138.16.221	24	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:07	SQL injection - WebAttacks (IP=221,SG)
174.138.174.43	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:20	HIVE Case #7816 TO-S-2022-0202 (IP=43,US)
174.138.18.165	24	KH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:09	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) -Sourcefire (IP=165,SG)
174.138.19.124	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:09	SQL injection - 6 HR WebAttack (IP=124,SG)
174.138.2.166	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:14	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=166,NL)
174.138.20.50	32	RB	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:13	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=50,SG)
174.138.20.58	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
174.138.21.45	24	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:42	SQL injection - WebAttacks (IP=45,SG)
174.138.23.119	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:44	HTTP: PHP File Inclusion Vulnerability - IR# 22C01548 (IP=119,SG)
174.138.23.58	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:29	SQL injection - Web Attacks (IP=58,SG)
174.138.24.35	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:31	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=35,SG)
174.138.25.138	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:49	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=138,SG)
174.138.26.228	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:29	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=228,SG)
174.138.28.151	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:20	SQL use of concat function with select - likely SQL injection - Source Fire (IP=151,SG)
174.138.29.96	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:57	SERVER-WEBAPP Sitecore XP insecure deserialization attempt - SourceFire (IP=96,SG)
174.138.3.237	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:41	SQL injection- 6hr Web Attacks (IP=237,NL)
174.138.30.14	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:59	SQL injection - 6 HR WebAttack (IP=14,SG)
174.138.31.146	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:12	SQL HTTP URI blind injection attempt (1:49666:2) - Sourcefire Report (IP=146,SG)
174.138.34.165	32	ZH	None	2022-05-14 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:15	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=165,US) | updated by SW Block expiration extended with reason ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=165, US)
174.138.34.82	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:43	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=82,US)
174.138.36.230	32	AR	None	2022-05-13 00:00:00	2022-08-13 00:00:00	2022-05-16 15:21:21	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=230,US)
174.138.36.32	32	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:08	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=32,US)
174.138.36.37	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:05	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) - SourceFire (IP=37,US)
174.138.37.147	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:52	SQL injection - 6hr Web Attacks (IP=147,US)
174.138.37.42	32	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:40	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01488 (IP=42,US)
174.138.38.157	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:05	SQL injection - Web Attacks (IP=157,US)
174.138.39.24	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:35	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58722:5) - SourceFire (IP=24,US)
174.138.4.0	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:24	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=0,NL)
174.138.41.121	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:15	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (1:45421:2) - SourceFire (IP=121, US)
174.138.41.78	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:10	SQL injection - 6hr Web Attacks (IP=78,US)
174.138.43.13	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:41	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=13,US)
174.138.43.189	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:58	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt - SourceFire (IP=189,US)
174.138.43.88	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:20	SQL injection - 6Hr Web Attacks (IP=88,US)
174.138.46.10	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:38	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=10,US)
174.138.46.199	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:00	SQL injection - Web Attacks (IP=199,US)
174.138.47.153	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:04	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=153,US)
174.138.47.177	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:04	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=177,US)
174.138.48.31	32	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:15	SQL injection - 6hr web attacks (IP=31,US)
174.138.48.31	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:03	SERVER-WEBAPP Movable Type CMS command injection attempt - Sourcefire (IP=31,US)
174.138.49.187	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:12	rConfig SQL Injection Vulnerability - 6 Hr Web Report (IP=187,US)
174.138.49.27	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:45	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=27,US)
174.138.5.91	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:51	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - Sourcefire (IP=91,NL)
174.138.50.81	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:51	SQL injection - 6hr Web Attacks (IP=81,US)
174.138.51.24	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:13	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=24,US)
174.138.51.92	32	RR	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 13:53:23	SQL injection - Web Attacks (IP=92,US)
174.138.52.236	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:07	SQL injection - Web Attacks (IP=236,US)
174.138.53.127	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-16 13:49:20	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=127, US)
174.138.53.157	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:12	SQL injection - Web Attacks (IP=157,US)
174.138.53.17	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:14	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=17,US)
174.138.54.31	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:42	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=31,US)
174.138.57.192	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:12	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=192,US)
174.138.59.14	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:56	HIVE Case #7820 CTO 22-174 (IP=14,US)
174.138.6.86	24	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:50:22	SQL Injection - Web Attacks(IP=86,DE)
174.138.60.53	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:51	SQL injection - 6hr Web Attacks (IP=53,US)
174.138.60.94	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:46	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=94,US)
174.138.61.153	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:19	SQL injection - 6 Hr Web Report (IP=153,US)
174.138.61.178	32	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:56	SQL injection - Web Attacks (IP=178,US)
174.138.62.122	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:16	SQL injection - Web Attacks (IP=122,US)
174.138.62.35	32	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=35,US) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=35,US)
174.138.62.9	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:32	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=9,US)
174.138.63.156	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:25	SQL injection - Web Attacks (IP=156,US)
174.138.63.161	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:59	SQL injection - Web Attacks (IP=161,US)
174.138.63.48	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:17	SQL injection - WebAttacks (IP=48,US)
174.138.7.121	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:05	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt - SourceFire (IP=121,NL)
174.138.7.121	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:31	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt - SourceFire (IP=121,NL)
174.140.86.136	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
174.142.249.36	24	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=36,CA)
174.142.53.46	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
174.142.60.48	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=48,CA)
174.36.246.55	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=55,US)
174.79.152.11	32	wmp	None	2020-07-07 00:00:00	2022-01-20 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=11,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
175.0.236.159	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:28	SIPVicious Security Scanner - IPS Events (IP=159,CN)
175.10.110.103	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:51:59	Generic URI Injection wget Attempt - FE IPS Events (IP=103,CN)
175.10.184.160	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:45	SIPVicious Security Scanner - IPS Events (IP=160,CN)
175.100.20.229	24	AR	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 Hr Web Attacks (IP=229,KH)
175.101.12.13	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=13,IN)
175.101.99.169	24	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:54	SQL injection - 6hr Web Attacks (IP=169,IN)
175.101.99.176	24	RR	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:31	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt - SourceFire (IP=176,IN)
175.107.0.167	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:34	HIVE Case #7557 CTO 22-130 (IP=167,PK)
175.107.13.141	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:10	Generic URI Injection wget Attempt - CMS IPS Events (IP=141,PK)
175.107.16.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PK TO-S-2021-1050 Hive Case 4821 Malware Activity
175.107.36.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,PK)
175.114.229.151	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:09	HIVE Case #7133 CTO 22-062 (IP=151,KR)
175.119.10.231	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=231,KR)
175.120.254.9	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=9,KR)
175.125.21.149	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:01	SERVER-WEBAPP Atlassian Jira Seraph authentication bypass attempt - SourceFire (IP=149,KR)
175.126.109.15	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=15,KR)
175.139.25.44	24	BB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=44,MY)
175.144.149.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
175.147.183.126	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:57	PHP PHP-CGI Query String Argument Injection - IPS Events (IP=126,CN)
175.157.75.201	24	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:42:56	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=201,LK)
175.158.49.95	32	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 22:47:26	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01186 (IP=95,ID)
175.165.65.32	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:41	Directory Traversal Attempt - IPS Events (IP=32,CN)
175.183.16.135	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=135,TW)
175.202.40.18	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=18,KR)
175.203.76.251	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
175.204.204.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
175.207.13.109	24	RR	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=109,KR)
175.215.234.245	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
175.23.169.20	24	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - SourceFire (IP=20,CN)
175.24.11.92	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:52	HIVE Case #7380 CTO 22-099 (IP=92,CN)
175.24.119.53	24	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:47:53	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 22C01037 (IP=53,CN)
175.24.134.149	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:08	HIVE Case #7881 CTO 22-182 (IP=149,CN)
175.24.179.175	24	TH	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution- IPS Events (IP=175,CN)
175.24.191.9	32	RT	None	2021-11-30 00:00:00	2022-02-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00444 (IP=9,CN)
175.24.230.83	32	AR	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 13:32:47	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 23C01982 (IP=83,CN)
175.28.4.8	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=8,JP)
175.29.121.198	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:47	HIVE Case #7380 CTO 22-099 (IP=198,BD)
175.37.89.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
175.41.40.70	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=70,AU) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=70,AU)
175.45.178.19	32	tjh	None	2014-06-25 05:00:00	2022-10-07 00:00:00	2022-04-07 19:47:51	KP TO-S-2014-0807 | updated by AS Block was inactive. Reactivated on 20220407 with reason HIVE Case #7356 CTO 22-096 (IP=19,KP)
175.6.40.66	24	RW	None	2020-04-11 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:36	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=66,CN) | updated by WR Block was inactive. Reactivated on 20220424 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=66,CN)
1755417-tapapp.me	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:53	HIVE Case #5637 TO-S-2021-1321
176.10.104.240	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=240,CH) | updated by RB Block was inactive. Reactivated on 20200716 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6h failed logon (IP=240,CH) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=240,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=240,CH)
176.10.104.240	24	EDBT	None	2017-10-01 05:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=240,CH) | updated by RB Block was inactive. Reactivated on 20200716 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6h failed logon (IP=240,CH) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=240,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=240,CH)
176.10.107.180	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=180,CH)
176.10.119.146	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6237 CTO 21-266 (IP=146,CH)
176.10.185.60	24	KH	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:07	Shenzhen TVT DVR Remote Code Execution Vulnerability - FE IPS (IP=60,SE)
176.10.99.200	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	corpslocks/TOR (ip=200, CH) | updated by jky with reason CH TO-S-2017-0138 Malicious Cyber Actors communicating with governmen | updated by EE Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vuln | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=200,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=200,CH)
176.10.99.200	24	tpr	None	2015-03-17 05:00:00	2022-05-17 00:00:00	None	corpslocks/TOR (ip=200, CH) | updated by jky with reason CH TO-S-2017-0138 Malicious Cyber Actors communicating with governmen | updated by EE Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vuln | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=200,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=200,CH)
176.10.99.200	24	EE	None	2021-03-10 00:00:00	2022-05-17 00:00:00	None	corpslocks/TOR (ip=200, CH) | updated by jky with reason CH TO-S-2017-0138 Malicious Cyber Actors communicating with governmen | updated by EE Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vuln | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=200,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=200,CH)
176.100.0.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.101.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	RU TO-S-2021-1117 DOS-DDOS Activity
176.102.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
176.103.20.5	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=5,UA)
176.104.106.96	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:31	HIVE Case #7535 TO-S-2022-0176 (IP=96,RS)
176.105.0.122	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.105.33.215	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.105.36.201	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.106.16.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
176.106.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
176.107.112.72	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:03	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=72,PL)
176.113.115.48	24	TH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:49	Masscan TCP Port Scanner - FE CMS IPS Events (IP=48,RU)
176.113.68.12	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:52	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=12,DE)
176.113.69.88	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=88,DE)
176.113.69.91	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:12	HIVE Case #7282 CTO 22-085 (IP=91,DE)
176.113.71.168	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:53	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=168,DE)
176.113.71.173	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=173,DE)
176.113.80.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,RU)
176.114.188.201	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:51	Suspicious Scan Activity (IP=201,RU)
176.114.238.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
176.117.190.147	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.117.190.188	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.117.190.46	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.117.190.50	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.117.191.200	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.117.191.234	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.117.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
176.118.164.124	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=124,RU)
176.118.164.124	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=124,RU)
176.118.164.124	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=124,RU)
176.118.165.76	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=76,RU)
176.119.231.124	24	BB	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=124,KZ)
176.122.0.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.123.8.0	22	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=0,MD)
176.124.192.4	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:52	Suspicious Scan Activity (IP=4,RU)
176.126.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.126.162.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
176.126.250.255	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PL TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
176.126.74.34	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=34,DE)
176.126.74.73	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:51	HIVE Case #7913 CTO 22-190 (IP=73,DE)
176.126.74.75	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=75,DE)
176.126.83.224	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:41	HIVE Case #7894 CTO 22-187 (IP=224,IT)
176.149.169.212	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
176.15.26.229	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:52	Suspicious Scan Activity (IP=229,RU)
176.155.144.45	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:41	Cross-site scripting - ArcSight (IP=45,FR)
176.161.221.61	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
176.162.145.41	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
176.162.160.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
176.173.221.125	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:54	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2022-1446 attack attempt (3:58926:1) - SourceFire (IP=125,FR)
176.176.79.220	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
176.176.79.221	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
176.185.185.93	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
176.192.99.26	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:34	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=26,RU)
176.193.186.240	24	WR	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 14:39:48	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=240,RU)
176.203.95.106	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:30:59	FireEye High Attacker (IP=106,QA)
176.216.219.221	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
176.221.119.122	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
176.221.183.218	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GE TO-S-2021-1037 Hive Case 4785 Malware Activity
176.232.181.220	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:20	SQL injection - 6HR Web Attacks (IP=220,TR)
176.235.190.107	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:23	HIVE Case #7277 CTO 22-084 (IP=107,TR)
176.235.190.108	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:23	HIVE Case #7277 CTO 22-084 (IP=108,TR)
176.235.190.109	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:24	HIVE Case #7277 CTO 22-084 (IP=109,TR)
176.235.190.110	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:24	HIVE Case #7277 CTO 22-084 (IP=110,TR)
176.235.190.111	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:50	HIVE Case #7308 CTO 22-090 (IP=111,TR)
176.235.190.112	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:51	HIVE Case #7308 CTO 22-090 (IP=112,TR)
176.235.190.113	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:25	HIVE Case #7277 CTO 22-084 (IP=113,TR)
176.235.190.114	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:25	HIVE Case #7277 CTO 22-084 (IP=114,TR)
176.235.190.115	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:26	HIVE Case #7277 CTO 22-084 (IP=115,TR)
176.235.190.116	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:26	HIVE Case #7277 CTO 22-084 (IP=116,TR)
176.235.190.87	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:16	HIVE Case #7862 CTO 22-176 (IP=87,TR)
176.235.190.90	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:52	HIVE Case #7308 CTO 22-090 (IP=90,TR)
176.236.24.18	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:52	HIVE Case #7308 CTO 22-090 (IP=18,TR)
176.24.26.220	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
176.241.95.186	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:50	SQL injection - Web Attacks (IP=186,IQ)
176.27.58.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
176.31.125.95	32	AS	None	2022-04-08 00:00:00	2022-10-04 00:00:00	2022-04-08 17:37:03	HIVE Case #7363 CTO 22-097 (IP=95,FR)
176.31.183.100	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:41	HIVE Case #7779 CTO 22-162 (IP=100,FR)
176.31.250.232	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:41	HIVE Case #7296 CTO 22-088 (IP=232,FR)
176.31.38.226	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=226,FR)
176.31.38.230	32	dbc	None	2020-08-04 00:00:00	2022-06-13 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=230,FR) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6654 CTO 21-345 (IP=230,FR) HIVE Case #6654 CTO 21-345 (IP=230,FR)
176.31.38.230	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=230,FR) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6654 CTO 21-345 (IP=230,FR) HIVE Case #6654 CTO 21-345 (IP=230,FR)
176.32.194.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AM TO-S-2021-1117 DOS-DDOS Activity
176.32.230.52	32	srm	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	HIVE Case #NA FP Security (IP=52,GB)
176.33.98.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
176.35.100.15	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
176.40.56.215	24	RR	None	2022-07-06 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:25	SQL injection - Web Attacks (IP=215,TR) | updated by ZH Block expiration extended with reason SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=215, TR) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=215,TR)
176.41.2.45	24	RB	None	2021-07-21 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:22	Webshell.Binary.php.FEC2 (IP=45,TR) | updated by TH Block was inactive. Reactivated on 20220710 with reason SQL injection - 6 Hr Web Report (IP=45,TR)
176.45.188.28	24	WR	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	SQL injection - Web Attacks (IP=28,SA)
176.45.28.216	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:47	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - Sourcefire (IP=216,SA)
176.47.0.30	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=30,SA)
176.52.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
176.56.105.79	24	RW	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=79,ES)
176.56.141.74	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:08	SIPVicious Security Scanner - IPS Events (IP=74,IT)
176.57.149.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
176.57.208.203	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=203,RU)
176.57.208.203	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=203,RU)
176.57.208.203	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=203,RU)
176.57.215.123	32	NAB	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HIVE Case #NA FP Security (IP=123,RU)
176.57.68.198	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
176.57.72.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
176.58.105.153	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=153,GB)
176.58.166.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
176.58.226.79	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
176.58.74.15	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=15,PS)
176.63.119.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
176.64.8.0	21	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,KZ) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,KZ)
176.67.168.144	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:40	HIVE Case #7296 CTO 22-088 (IP=144,FR)
176.67.221.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RS TO-S-2021-1037 Hive Case 4785 Malware Activity
176.67.229.194	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
176.74.216.29	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CZ TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
176.88.100.151	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:27	SQL union select - possible sql injection attempt - POST parameter (1:15874:14) - SourceFire (IP=151, TR)
176.88.229.11	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1081 Hive Case 4872 Malware Activity
176.88.249.107	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
176.9.102.110	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=110,DE)
176.9.102.112	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=112,DE)
176.9.157.245	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=245,DE)
176.9.158.133	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:17	HIVE Case #7458 CTO 22-113 (IP=133,DE)
176.9.19.209	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:26	HIVE Case #7432 CTO 22-110 (IP=209,DE)
176.9.190.20	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=20,DE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=20,DE)
176.9.2.178	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=178,DE)
176.9.208.67	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
176.9.226.171	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=171,DE)
176.9.24.244	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=244,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=244,DE) HIVE Case #5969 TO-S-2021-1289 (IP=244,DE)
176.9.24.244	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=244,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=244,DE) HIVE Case #5969 TO-S-2021-1289 (IP=244,DE)
176.9.24.244	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=244,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=244,DE) HIVE Case #5969 TO-S-2021-1289 (IP=244,DE)
176.9.31.46	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=46,DE)
176.9.44.108	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
176.9.56.119	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=119,DE)
176.9.61.71	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=71,DE)
176.9.61.71	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=71,DE)
176.9.61.71	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=71,DE)
176.9.63.82	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
176.9.65.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
176.9.78.116	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
176.9.9.25	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=25,DE)
176.96.169.10	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
176.96.240.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.97.160.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
176.97.210.201	32	KH	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 22:47:30	Hunt IP Block / DT Attempts - IR# 22C01978 (IP=201,NL)
176.97.210.244	24	BB	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=244,NL)
176.97.32.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
176.98.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
176.98.250.30	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:53	HIVE Case #7913 CTO 22-190 (IP=30,CZ)
176.99.130.184	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:50:58	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01632 (IP=184,RU)
176.99.138.90	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:40	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=90,RU)
176.99.159.66	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:53	Suspicious Scan Activity (IP=66,RU)
176.99.51.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
176.99.82.12	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:53	Suspicious Scan Activity (IP=12,RU)
177.10.89.58	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:37	SIPVicious Security Scanner - FE CMS IPS alert (IP=58,BR)
177.103.107.138	24	BB	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	SQL injection - Web Attacks (IP=138,BR)
177.11.52.0	22	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	BR TO-S-2021-1143 Malicious Email Activity
177.12.45.203	24	ZH	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 13:48:21	SQL injection - 6hr Web Attacks (IP=203,BR)
177.124.184.0	22	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,BR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,BR)
177.125.87.32	24	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:56	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=32,BR)
177.128.199.232	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:48	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=232,BR)
177.128.199.83	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:49	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=83,BR)
177.153.58.64	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:24	HIVE Case #7458 CTO 22-113 (IP=64,BR)
177.154.32.14	24	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:57	SIPVicious Security Scanner - IPS Events (IP=14,BR)
177.188.74.180	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:25	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=180,BR)
177.197.110.219	24	RR	None	2022-08-20 00:00:00	2022-11-21 00:00:00	2022-08-23 18:08:57	SERVER-WEBAPP Zimbra directory traversal remote code execution attempt - SourceFire (IP=219,BR) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=219,BR)
177.200.190.65	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 22:18:23	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01841 (IP=65,BR)
177.205.111.82	24	RW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - Web Attacks (IP=82,BR)
177.22.130.166	24	RR	None	2022-02-13 00:00:00	2022-05-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=166,BR)
177.220.138.12	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=12,BR)
177.221.140.0	24	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,CL)
177.23.88.40	24	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:34	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (1:39406:3) - SourceFire (IP=40,BR)
177.248.197.113	32	RW	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00207 (IP=113,MX)
177.249.47.186	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:19	Attempted Access - Inbound Brute Force - IR# 22C01599 (IP=186,MX)
177.38.36.194	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=194,BR)
177.53.48.0	21	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,BR)
177.53.66.164	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:16	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=164,BR)
177.53.80.34	24	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=34,BR)
177.54.127.111	32	TLM	None	2022-05-18 00:00:00	2022-11-17 00:00:00	2022-05-19 14:15:38	HIVE Case #7621 TO-S-2022-0182 (IP=111,BR)
177.66.29.201	24	RR	None	2022-02-24 00:00:00	2022-05-25 00:00:00	None	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery Web Attacks (IP=201,BR)
177.71.70.10	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=10,BR)
177.71.71.10	24	KD	None	2021-12-13 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:04	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=10,BR) | updated by SA Block was inactive. Reactivated on 20220602 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR) PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR)
177.71.71.10	24	KD	None	2021-12-13 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:04	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=10,BR) | updated by SA Block was inactive. Reactivated on 20220602 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR) PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR)
177.71.71.10	24	KD	None	2021-12-13 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:04	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=10,BR) | updated by SA Block was inactive. Reactivated on 20220602 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR) PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR)
177.71.71.10	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:04	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=10,BR) | updated by SA Block was inactive. Reactivated on 20220602 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR) PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=10,BR)
177.72.200.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,BR)
177.72.254.121	24	BMP	None	2021-06-26 00:00:00	2022-02-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=121,BR) | updated by KD Block was inactive. Reactivated on 20211110 with reason PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00331 (IP=BR)
177.72.80.14	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=14,BR)
177.73.108.98	24	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:59	Nmap Scanner Traffic Detected - FE CMS IPS Events (IP=98,BR)
177.73.111.5	24	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:06	SQL injection - WebAttacks (IP=5,BR)
177.73.198.15	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=15,BR)
177.8.240.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
177.81.74.31	24	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	SQL injection - Web Attacks (IP=31,BR)
177.94.143.240	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=240,BR)
177.94.99.219	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SQL injection - WebAttacks (IP=219,BR)
177.95.17.170	24	RR	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=170,BR)
177.95.250.11	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=11,BR)
178.10.133.75	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	Phish.URL (IP=75,DE)
178.128.100.48	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:46	SIPVicious Security Scanner - IPS Events (IP=48,SG)
178.128.104.19	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:48	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=19,SG)
178.128.108.145	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:22	SQL injection - 6hr web attacks (IP=145,SG)
178.128.109.147	24	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:53	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=147,SG)
178.128.110.0	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:17	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire Report (IP=0,SG)
178.128.111.228	24	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:46	SQL injection - 6Hr Web Attacks (IP=228,SG)
178.128.113.216	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:59	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=216,SG)
178.128.114.73	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:51	HTTP: SQL Injection - Exploit - Web Attacks (IP=73,SG)
178.128.115.182	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:29	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=182,SG)
178.128.116.7	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:50	SQL injection - 6hr web attacks (IP=7,SG)
178.128.117.136	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:53	SQL injection - 6Hr Web Attack (IP=136,SG)
178.128.119.202	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:43	HIVE Case #7227 CTO 22-076 (IP=202,SG)
178.128.120.11	24	TH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-26 13:48:08	SQL injection - 6 Hr Web Report (IP=11,SG)
178.128.121.246	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:10	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - 6HR Web Attacks (IP=246,SG)
178.128.123.120	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:15	HTTP: PHP File InclusionVulnerability- Web Attacks(IP=120,DE)
178.128.124.152	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:35	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt - Sourcefire (IP=152,SG)
178.128.125.47	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:19	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=47,SG)
178.128.126.15	24	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:23	SQL injection - 6 Hr Web Report (IP=15,SG)
178.128.127.179	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:58	SQL Injection- Web Attacks (IP=179,US)
178.128.144.149	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:42	SQL injection - 6hr Web Attacks (IP=149,US)
178.128.144.57	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:48	SQL injection - WebAttacks (IP=57,US)
178.128.144.69	32	DT	None	2021-03-14 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:10	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=69,US) | updated by RR Block was inactive. Reactivated on 20220508 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=69,US) SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=69,US) | updated by RB Block was inactive. Reactivated on 20220809 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - IR#: 22C01778 (IP=69,US) HTTP: ThinkPHP CMS Getshell Vulnerability - IR#: 22C01778 (IP=69,US)
178.128.144.69	32	RB	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:10	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=69,US) | updated by RR Block was inactive. Reactivated on 20220508 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=69,US) SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=69,US) | updated by RB Block was inactive. Reactivated on 20220809 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - IR#: 22C01778 (IP=69,US) HTTP: ThinkPHP CMS Getshell Vulnerability - IR#: 22C01778 (IP=69,US)
178.128.144.69	32	RB	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 22:12:49	HTTP: ThinkPHP CMS Getshell Vulnerability - IR#: 22C01778 (IP=69,US)
178.128.144.69	32	RR	None	2022-05-08 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:10	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=69,US) | updated by RR Block was inactive. Reactivated on 20220508 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=69,US) SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=69,US) | updated by RB Block was inactive. Reactivated on 20220809 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - IR#: 22C01778 (IP=69,US) HTTP: ThinkPHP CMS Getshell Vulnerability - IR#: 22C01778 (IP=69,US)
178.128.146.199	32	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:45:00	SQL injection - 6 HR WebAttacks (IP=199,US)
178.128.148.77	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:59	SQL injection - 6Hr Web Attacks (IP=77,US)
178.128.149.28	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:41	SQL injection - Web Attacks (IP=28,US)
178.128.151.113	32	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-09 13:49:44	HTTP SQL Injection Attempt - 6HR WebAttack (IP=113,US)
178.128.154.11	32	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:51	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt- Sourcefire(IP=11,US)
178.128.154.198	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:40	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=198,US)
178.128.154.92	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:52	SQL injection - 6hr Web Attacks (IP=92,US)
178.128.156.56	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:54	MALWARE-BACKDOOR DEWMODE webshell file download attempt (1:57288:1) - SourceFire (IP=56,US)
178.128.157.195	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:46	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=195,US)
178.128.159.119	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:21	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - SourceFire (IP=119,US)
178.128.159.178	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:04	SQL injection - 6hr Web Attacks (IP=178,US)
178.128.159.94	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:05	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57244:4) - SourceFire (IP=94,US)
178.128.16.233	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:20	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=233,SG)
178.128.16.97	32	RR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=97,US)
178.128.160.73	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:54	SQL injection - 6Hr Web Attack (IP=73,GB)
178.128.161.183	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:09	SQL injection - Web Attacks (IP=183,GB)
178.128.161.183	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:40:31	SQL injection - Web Attacks (IP=183,GB)
178.128.162.68	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:54	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - SourceFire (IP=68,GB)
178.128.163.222	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:28	SQL injection - Web Attacks (IP=222,GB)
178.128.164.228	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:55	SQL injection - 6hr web attacks (IP=228,GB)
178.128.165.96	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:30	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (3:49987:3) - SourceFire (IP=96,GB)
178.128.166.2	24	DT	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=2,GB)
178.128.167.45	32	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:29	Adobe ColdFusion Administrator Access Restriction- Web Attacks (IP=45,GB)
178.128.169.140	24	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:11	SQL injection - Web Attacks (IP=140,GB)
178.128.169.140	24	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:11	SQL injection - Web Attacks (IP=140,GB) SQL injection - Web Attacks (IP=140,GB)
178.128.169.97	24	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:49	SQL injection - WebAttacks (IP=97,GB)
178.128.17.8	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:42	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=8,SG)
178.128.17.8	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:39	SQL injection - 6Hr Web Attacks (IP=8,US)
178.128.17.8	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:39	SQL injection - 6Hr Web Attacks (IP=8,US) SQL injection - 6Hr Web Attacks (IP=8,US)
178.128.170.6	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:59	SQL Injection- Web Attacks (IP=6,US)
178.128.172.101	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:51	SQL injection - Web Attacks (IP=101,GB)
178.128.175.40	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:55	HTTP: PHP File Inclusion Vulnerability- 6Hr Web Attacks (IP=40,GB)
178.128.18.27	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:25	SQL injection - Web Attacks (IP=27,SG)
178.128.184.129	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:37	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01563 (IP=129,US)
178.128.19.130	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:21	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - SourceFire (IP=130,SG)
178.128.194.162	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:16	SQL injection - 6Hr Web Attacks (IP=162,DE)
178.128.195.242	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:01	SQL injection - Web Attacks (IP=242,DE)
178.128.196.127	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:04	Malicious activity IR#: 22C01951 (IP=127,DE)
178.128.198.210	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:34	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:8) - SourceFire (IP=210,DE)
178.128.198.210	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:40	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:8) - SourceFire (IP=210,DE)
178.128.20.34	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:26	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - Sourcefire Report (IP=,SG)
178.128.200.222	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:35	SQL injection - 6Hr Web Attacks (IP=222,DE)
178.128.201.103	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:56	SQL injection - 6hr web attacks (IP=103,DE)
178.128.202.187	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:30	SQL injection - 6hr Web Attacks (IP=187,DE)
178.128.203.164	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:43	SQL injection - 6hr Web Attacks (IP=164,DE)
178.128.205.132	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:43	SQL injection - Web Attacks (IP=132,DE)
178.128.207.4	24	ZH	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:36	Cross-site scripting - Imperva (IP=4,DE)
178.128.208.201	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:30	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=201,SG)
178.128.209.14	32	RR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=14,US)
178.128.21.34	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:37	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt - Sourcefire (IP=34,SG)
178.128.210.172	24	BMP	None	2022-01-20 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:48	Exploit.Log4Shell.CVE-2021-44228 - Interactsh Server (IP=172,SG) | updated by RR Block was inactive. Reactivated on 20220427 with reason Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=172,SG) Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=172,SG)
178.128.210.172	24	RR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:48	Exploit.Log4Shell.CVE-2021-44228 - Interactsh Server (IP=172,SG) | updated by RR Block was inactive. Reactivated on 20220427 with reason Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=172,SG) Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=172,SG)
178.128.212.209	32	RR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:09	Exploit.Log4Shell.CVE-2021-44228 - FireEye CMS (IP=209,US)
178.128.212.209	32	RR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:09	Exploit.Log4Shell.CVE-2021-44228 - FireEye CMS (IP=209,US) Exploit.Log4Shell.CVE-2021-44228 - FireEye CMS (IP=209,US)
178.128.212.209	24	RR	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=209,SG)
178.128.212.209	24	RR	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=209,SG)
178.128.212.209	24	RR	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=209,SG)
178.128.212.209	24	RR	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=209,SG)
178.128.213.5	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:03	HTTP PHP File InclusionVulnerability- Web Attacks (IP=5,US)
178.128.213.99	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:06	SQL injection - WebAttacks (IP=99,SG)
178.128.214.212	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:49	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - Source Fire (IP=212,SG)
178.128.215.207	24	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:41	SQL injection - 6 Hr Web Report (IP=207,SG)
178.128.216.67	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:39	SQL injection - 6 HR WebAttack (IP=67,SG)
178.128.217.134	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:32	SERVER-WEBAPP Yealink VoIP phone directory traversal attempt - SourceFire (IP=134,SG)
178.128.218.65	24	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:15	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - SourceFire (IP=65, SG)
178.128.219.183	24	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 22:27:58	SQL injection - WebAttacks (IP=183,SG)
178.128.22.116	24	SW	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:48	FE CMS web alert (IP=116,SG)
178.128.220.120	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:54	SQL injection - 6hr Web Attacks (IP=120,SG)
178.128.220.120	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:29	SQL injection - 6hr Web Attacks (IP=120,SG)
178.128.223.145	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:38	SQL injection - Web Attacks (IP=145,US)
178.128.223.205	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:16	Automattic WooCommerce Blocks WordPress Plugin Store API SQL Injection Vulnerability - WebAttacks (IP=205,SG)
178.128.224.62	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:37	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=62,CA)
178.128.225.181	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:18	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SourceFire (IP=181,CA)
178.128.226.93	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:44	SQL injection - Web Attacks (IP=93,CA)
178.128.227.64	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:26	SQL injection- 6hr Web Attacks (IP=64,CA)
178.128.228.39	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:12	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) (1:2034661:1) - Sourcefire (IP=39,NL)
178.128.229.214	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:50	HIVE Case #7904 CTO 22-189 (IP=214,CA)
178.128.23.20	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:42	SQL injection - Web Attacks (IP=20,SG)
178.128.230.78	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:50	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=78,CA)
178.128.231.23	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:20	SQL injection - Web Attacks (IP=23,CA)
178.128.232.138	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:07	SQL injection - 6hr web attacks (IP=138,CA)
178.128.232.228	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:54:50	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01473 (IP=228,CA)
178.128.232.237	24	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:45	SQL injection - Web Attacks (IP=237,CA)
178.128.233.3	24	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:24	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=3,CA)
178.128.233.38	32	RB	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:26	SQL injection - 6hr web attacks (IP=38,CA)
178.128.233.42	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:06	SERVER-WEBAPP D-Link DNS-320 Firewall command injection attempt (1:57330:1) - Sourcefire (IP=42,CA)
178.128.234.190	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:16	SQL injection (IP=190,CA)
178.128.236.59	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:11	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (1:50646:1) - SourceFire Report (IP=59,CA)
178.128.236.59	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:47	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - SourceFire (IP=59,CA)
178.128.237.155	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:07	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - Sourcefire (IP=155,CA)
178.128.238.131	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:13	HIVE Case #7458 CTO 22-113 (IP=131,CA)
178.128.238.131	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:13	HIVE Case #7458 CTO 22-113 (IP=131,CA) HIVE Case #7458 CTO 22-113 (IP=131,CA)
178.128.238.220	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:57	SERVER-WEBAPP Movable Type CMS command injection attempt - SourceFire (IP=220,CA)
178.128.239.184	24	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:51	SQL injection - Web Attacks (IP=184,CA)
178.128.24.46	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:04	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire Rpt (IP=46,SG)
178.128.24.46	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:30	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire Rpt (IP=46,SG)
178.128.241.225	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:44	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=225,NL)
178.128.242.49	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:45	HTTP SQL Injection Attempt - WebAttacks (IP=49,NL)
178.128.244.229	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:48:16	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=229,NL)
178.128.245.161	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:16	SQL injection - Web Attacks (IP=161,NL)
178.128.246.10	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:44	SQL injection - Web Attacks (IP=10,NL)
178.128.247.154	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:45	SQL injection - Web Attacks (IP=154,NL)
178.128.247.53	24	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:45	SERVER-WEBAPP Pulse Secure SSL VPN version check attempt - Sourcefire (IP=53,NL)
178.128.248.183	24	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:55	SQL injection - 6 Hr Web Report (IP=183,NL)
178.128.249.141	24	TH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-18 13:49:17	HTTP SQL Injection Attempt - 6 Hr Web Report (IP=141,NL)
178.128.25.71	24	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:09	SQL injection - Web Attacks (IP=71,SG)
178.128.250.108	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:23	SQL Injection - 6Hr Web Attacks (IP=108,NL)
178.128.252.181	24	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:21	SQL injection - Web Attacks (IP=181,NL)
178.128.253.33	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:22	SQL injection - Web Attacks (IP=33,NL)
178.128.254.223	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:07	SQL injection - Web Attacks (IP=223,NL)
178.128.255.158	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:44	SQL injection - 6Hr Web Attacks (IP=158,NL)
178.128.26.98	24	DT	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-05 13:48:47	SERVER-APACHE Apache HTTP server SSRF attempt - Source Fire (IP=98,SG)
178.128.27.107	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=107,SG)
178.128.27.28	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:54	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=28,SG)
178.128.28.217	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:00	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=217,SG)
178.128.29.31	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:40	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=31,SG)
178.128.30.84	24	AR	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-18 13:49:58	SQL injection - Web Attack (IP=84,SG)
178.128.31.244	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:10	SQL injection - Web Attacks (IP=244,SG)
178.128.33.104	24	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:34	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=104,GB)
178.128.34.214	24	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:31	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=214,GB)
178.128.35.132	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:15	SQL injection (IP=132,GB)
178.128.37.53	24	RT	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:40	SQL injection - 6 HR WebAttack (IP=53,UK)
178.128.38.192	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:31	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=192,GB)
178.128.39.248	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:17	SQL injection - WebAttacks (IP=248,GB)
178.128.40.188	24	RB	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 22:41:30	Adobe ColdFusion Administrator Access Restriction (IP=188,GB)
178.128.40.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
178.128.41.78	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:13	SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt - Sourcefire (IP=78,GB)
178.128.41.78	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:43:58	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=78,GB)
178.128.42.12	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:26	SQL injection- 6hr Web Attacks (IP=12,GB)
178.128.43.7	24	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:38	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=7,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=7,GB) SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=7,GB)
178.128.43.7	24	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:38	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=7,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=7,GB) SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=7,GB)
178.128.43.7	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:38	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire (IP=7,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=7,GB) SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=7,GB)
178.128.44.182	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:48	SQL injection- Web Attacks (IP=182,GB)
178.128.46.125	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:49	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=125,GB)
178.128.48.118	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:25	SQL injection - 6Hr Web Attacks (IP=118,SG)
178.128.49.102	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:14	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=102,SG)
178.128.49.102	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:35	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=102,SG)
178.128.50.55	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:32	SQL injection - 6hr Web Attacks (IP=55,SG)
178.128.51.74	24	RB	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:36:41	Hive Case #6651 (IP=74,SG)
178.128.51.74	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:05	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57244:4) - SourceFire (IP=74,SG)
178.128.52.16	24	AR	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:15	SQL injection - Web Attacks (IP=16,SG)
178.128.53.104	24	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:55	SQL injection - 6hr Web Attacks (IP=104,SG)
178.128.54.242	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:53	SQL injection - 6Hr Web Attacks (IP=242,SG)
178.128.56.101	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:54	SQL injection - Web Attcks (IP=101,SG)
178.128.56.148	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=148,SG)
178.128.57.111	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:43	SQL injection - Web Attacks (IP=111,SG)
178.128.58.199	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-02 13:40:45	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=199,SG)
178.128.59.88	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:14	SQL injection - WebAttacks (IP=88,SG)
178.128.60.84	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:41	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt - SourceFire (IP=84,SG)
178.128.61.120	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:21	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=120,SG)
178.128.63.224	24	WR	None	2022-04-05 00:00:00	2022-07-03 00:00:00	2022-04-05 14:31:54	Webshell.Binary.php.FEC2- FE Malicious IPs (IP=224,SG)
178.128.80.50	24	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:54	SERVER-WEBAPP Tendar Router AC11 stack buffer overflow attempt (1:58857:1) - SourceFire (IP=50,SG)
178.128.81.24	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:31	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=24,SG)
178.128.82.7	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:07	SSERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - Sourcefire (IP=7,SG)
178.128.84.144	24	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:43	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=144,SG)
178.128.85.19	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:43	SQL injection - Web Attacks (IP=19,SG)
178.128.86.29	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:58	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=29,SG)
178.128.87.101	24	RT	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:16	Exploit.Spring4Shell.CVE-2022-22965 - FireEye NX (IP=101,SG)
178.128.88.72	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:50	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Sourcefire (IP=72,SG)
178.128.89.44	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:24	SQL Injection - 6Hr Web Attacks (IP=44,SG)
178.128.90.169	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:55	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=169,SG)
178.128.91.115	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:22	SQL injection - 6 Hr Web Report (IP=115,SG)
178.128.92.177	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:42	File /etc/passwd Access Attempt Detect - IPS Events(IP=177,SG)
178.128.93.58	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:35	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=58,SG)
178.128.96.249	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:42	Artica Web Proxy SQL Injection Vulnerability- 6hr Web Attacks (IP=249,SG)
178.128.97.49	24	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:31	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=49,SG)
178.128.98.85	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:59	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=85,SG)
178.128.99.88	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:30	SQL injection - 6 Hr Web Report (IP=88,SG)
178.132.216.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AL TO-S-2021-1117 DOS-DDOS Activity
178.138.192.165	24	TC	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-18 13:33:53	SQL injection - WebAttacks (IP=165,RO)
178.138.194.165	24	TC	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-18 13:33:53	SQL injection - WebAttacks (IP=165,RO)
178.141.210.139	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:54	Suspicious Scan Activity (IP=139,RU)
178.148.38.212	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	RS TO-S-2021-1117 DOS-DDOS Activity
178.150.214.53	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:50	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=53, UA)
178.151.205.154	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:29	HIVE Case #6585 CTO 21-323 (IP=154,UA) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=154,UA)
178.153.176.219	32	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00439 (IP=219,QA)
178.153.224.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	QA TO-S-2021-1037 Hive Case 4785 Malware Activity
178.155.156.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DK TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
178.156.230.2	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=2,DE)
178.156.77.174	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=174,ES)
178.156.77.177	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=177,ES)
178.156.82.42	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
178.156.82.88	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
178.159.112.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,UA)
178.159.28.62	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:54	Suspicious Scan Activity (IP=62,RU)
178.160.248.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	AM TO-S-2021-1081 Hive Case 4872 Malware Activity
178.162.200.99	24	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:20	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - SourceFire Report (IP=99,DE)
178.162.203.202	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=202,DE)
178.162.203.202	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:52	HIVE Case #7768 CTO 22-161 (IP=202,DE)
178.162.217.107	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=107,DE)
178.163.23.220	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
178.163.41.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
178.164.134.203	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
178.164.226.165	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.164.242.181	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.164.28.76	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NO TO-S-2021-1117 DOS-DDOS Activity
178.164.30.29	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NO TO-S-2021-1117 DOS-DDOS Activity
178.168.112.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MD TO-S-2021-1050 Hive Case 4821 Malware Activity
178.168.116.174	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MD TO-S-2021-1050 Hive Case 4821 Malware Activity
178.17.170.135	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=135,MD)
178.17.170.23	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=23,MD)
178.17.171.102	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=102,MD)
178.17.171.197	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=197,MD)
178.17.174.196	24	RR	None	2020-07-19 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=196,MD) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=196,MD) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=196,MD)
178.17.174.196	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=196,MD) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=196,MD) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=196,MD)
178.170.13.126	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=126,FR)
178.170.156.69	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
178.170.158.172	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
178.170.37.11	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:44	High Severity IDS Event - ArcSight (IP=11,FR)
178.170.41.77	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=77,FR)
178.173.229.12	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:20	HIVE Case #7894 CTO 22-187 (IP=12,JP)
178.175.1.131	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=131,AL)
178.175.102.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,AL)
178.175.105.204	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=204,AL)
178.175.11.58	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=58,AL)
178.175.110.77	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=77,AL)
178.175.112.17	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=17,AL)
178.175.112.218	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=218,AL)
178.175.113.178	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=178,AL)
178.175.126.64	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=64,AL)
178.175.131.194	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=194,MD)
178.175.148.224	24	GM	None	2020-07-20 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=148,MD) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=224,MD) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=224,MD)
178.175.148.224	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=148,MD) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=224,MD) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=224,MD)
178.175.16.237	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=237,AL)
178.175.21.173	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=173,AL)
178.175.23.178	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=178,AL)
178.175.27.144	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=144,AL)
178.175.29.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=68,AL)
178.175.31.254	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=254,AL)
178.175.32.206	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=206,undefined)
178.175.4.137	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=137,AL)
178.175.55.15	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=15,undefined)
178.175.56.158	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=158,undefined)
178.175.58.117	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=117,undefined)
178.175.61.121	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=121,undefined)
178.175.63.240	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=240,undefined)
178.175.67.167	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=167,AL)
178.175.70.12	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=12,AL)
178.175.8.246	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=246,AL)
178.175.80.167	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=167,AL)
178.175.81.92	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=92,AL)
178.175.95.106	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=106,AL)
178.176.160.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1092 Hive Case 4875 Malware Activity
178.176.18.154	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:48	HIVE Case #7894 CTO 22-187 (IP=154,RU)
178.18.193.0	24	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=0,TR)
178.18.207.126	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=126,TR)
178.18.241.251	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:00	SIPVicious Security Scanner - FE IPS Events (IP=251,DE)
178.18.244.75	24	ZH	None	2022-09-20 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:14	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=75,DE) | updated by ZH Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=75,DE)
178.18.253.5	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:28	SQL injection - 6Hr Web Attacks (IP=5,DE)
178.182.254.64	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:27	HIVE Case #7904 CTO 22-189 (IP=64,PL)
178.185.108.150	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:49	HIVE Case #7894 CTO 22-187 (IP=150,RU)
178.186.143.165	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.186.53.86	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.188.172.14	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:04	HIVE Case #7807 CTO 22-169 (IP=14,AT)
178.19.109.2	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=2,PL)
178.19.158.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
178.19.16.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LT TO-S-2021-1117 DOS-DDOS Activity
178.20.136.177	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
178.20.212.92	24	NAB	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=92,MX)
178.20.213.122	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=122,MX)
178.20.31.56	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=56,GB)
178.20.40.82	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=82,RU)
178.20.44.214	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=214,RU)
178.20.46.22	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=22,RU)
178.204.60.125	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:55	Suspicious Scan Activity (IP=125,RU)
178.208.160.225	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=225,GB)
178.208.95.22	24	RR	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-26 14:44:15	SQL injection Web Attacks (IP=22,RU)
178.209.64.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
178.21.11.23	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=23,RU)
178.210.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
178.211.139.4	24	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:06	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - SourceFire (IP=4,PL)
178.211.184.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.211.39.6	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
178.212.199.95	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:03	HIVE Case #7881 CTO 22-182 (IP=95,UA)
178.212.49.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.212.51.158	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.212.53.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.212.64.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	RU TO-S-2021-1117 DOS-DDOS Activity
178.213.112.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.216.11.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
178.216.26.175	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.216.26.177	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.216.26.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
178.217.117.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.217.224.0	21	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,RU)
178.218.200.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UZ TO-S-2021-1117 DOS-DDOS Activity
178.218.218.8	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:55	Suspicious Scan Activity (IP=8,RU)
178.218.225.157	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
178.218.96.0	20	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	RU TO-S-2021-1156 Malware Activity
178.219.28.96	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.219.68.242	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=242,IT)
178.22.112.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
178.22.112.62	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
178.22.116.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
178.23.190.184	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:59	SQL injection - 6Hr Web Attacks (IP=164,NL)
178.23.211.50	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
178.23.228.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
178.233.128.21	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
178.233.194.212	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
178.235.240.178	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
178.236.107.115	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=115,IR)
178.236.114.175	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
178.236.44.113	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=113,HK)
178.236.44.204	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:09	HIVE Case #7881 CTO 22-182 (IP=204,HK)
178.238.225.230	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
178.238.226.57	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
178.238.227.208	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
178.238.232.221	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=221,DE)
178.238.238.20	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
178.238.238.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
178.239.161.226	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
178.239.161.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
178.239.161.248	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
178.239.161.253	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
178.239.166.241	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
178.239.21.177	24	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:56	SIPVicious Security Scanner - IPS Events (IP=177,CN)
178.253.241.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RS TO-S-2021-1050 Hive Case 4821 Malware Activity
178.254.198.103	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.254.198.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.254.198.4	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.254.199.208	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.254.202.125	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.254.202.92	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.254.204.70	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.254.254.45	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
178.31.115.10	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:01	HIVE Case #7458 CTO 22-113 (IP=10,SE)
178.32.111.241	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=241,FR)
178.32.123.220	24	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2)- Sourcefire Rpt (IP=220,FR)
178.32.136.23	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6512 CTO 21-308 (IP=23,FR)
178.32.138.103	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6237 CTO 21-266 (IP=103,FR)
178.32.140.59	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
178.32.197.94	24	WR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	FTP Login Failed - Failed Logons (IP=94,FR)
178.32.208.60	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:18	HIVE Case #7894 CTO 22-187 (IP=60,FR)
178.32.222.98	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:37	HIVE Case #7189 CTO 22-068.1 (IP=98,FR)
178.32.43.98	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=98,FR)
178.33.122.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
178.33.144.178	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=178,FR)
178.33.150.77	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=77,FR)
178.33.213.177	32	AR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-28 13:41:30	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01091 (IP=177,FR)
178.33.213.177	24	RR	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 13:47:05	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=177,FR)
178.33.52.2	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=2,FR)
178.33.66.25	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	FR TO-S-2021-1102 Malware Activity
178.34.144.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
178.34.176.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.43.61.206	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.43.65.64	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
178.46.212.0	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:35	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=0,RU)
178.48.131.3	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	HU TO-S-2021-1081 Hive Case 4872 Malware Activity
178.49.133.3	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:35	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=3,RU)
178.54.60.51	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:45	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25886:3) - SourceFire (IP=51, UA)
178.54.63.218	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:27	HIVE Case #7277 CTO 22-084 (IP=218,UA)
178.62.0.62	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:55	SQL injection - Web Attcks (IP=62,GB)
178.62.1.150	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:08	SQL use of concat function with select - likely SQL injection (1:24172:2) - Sourcefire (IP=150,GB)
178.62.10.64	24	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:31	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=64,GB)
178.62.100.32	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:59	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) - SourceFire (IP=32,GB)
178.62.101.86	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:16	SQL injection - Web Attacks (IP=86,GB)
178.62.102.16	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:43	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=16,GB)
178.62.103.191	24	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:31	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=191,GB)
178.62.104.234	24	RT	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-21 13:44:41	Adobe ColdFusion Administrator Access Restriction - 6 HR WebAttack (IP=234,GB)
178.62.105.160	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:42	SQL injection - 6hr web attacks (IP=160,GB)
178.62.106.225	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:01	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=225,GB)
178.62.108.249	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:53	SQL injection - Web Attacks (IP=249,GB)
178.62.11.105	24	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:15	SQL injection - 6hr Web Attacks (IP=105,GB)
178.62.110.68	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:07	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=68,GB)
178.62.111.173	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:32	SQL injection - Web Attacks (IP=173,GB)
178.62.112.96	24	RB	None	2022-04-16 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:33	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=96,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=96,GB)
178.62.113.205	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-07 02:17:58	NullMixer Malware - IR# 23C02034 (IP=205,GB) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=205,GB) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=205,GB) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=205,GB)
178.62.114.33	24	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:16	SERVER-OTHER MongoDB mongo-express insecure document processing code execution attempt (1:58834:1) - Sourcefire (IP=33,GB)
178.62.115.192	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:07	SQL injection - 6HR web Attacks (IP=192,GB)
178.62.116.156	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:50	SQL injection - Web Attacks (IP=156,GB)
178.62.117.210	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:17	SQL injection - 6 Hr Web Report (IP=210,GB)
178.62.118.87	24	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 22:41:20	SQL injection - 6hr Web Attacks (IP=87,GB)
178.62.119.185	24	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:21	SQL injection - Web Attacks (IP=185,GB)
178.62.12.34	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:26	SQL injection - 6Hr Web Attacks (IP=34,GB)
178.62.120.189	24	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:56	SQL generic sql with comments injection attempt - GET parameter (1:16431:6) - SourceFire (IP=189, GB)
178.62.121.190	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:28	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=190,GB)
178.62.122.79	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:24	SQL injection - 6hr web attacks (IP=79,GB)
178.62.123.33	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:19	SQL injection - 6 Hr Web Report (IP=33,GB)
178.62.124.36	24	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:50	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - SourceFire (IP=36,GB)
178.62.125.229	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=229,GB)
178.62.126.57	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:11	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=57,GB)
178.62.127.125	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:28	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=125,GB)
178.62.13.37	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:05	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Sourcefire Rpt (IP=37,GB)
178.62.14.26	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:14	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=26,GB)
178.62.15.137	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:55	SQL injection - 6 Hr Web Report (IP=137,GB)
178.62.16.8	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:48	SQL injection - Web Attacks (IP=8,GB)
178.62.17.234	24	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=234,GB)
178.62.18.113	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:14:38	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - SourceFire (IP=113,GB)
178.62.19.81	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:35	SQL injection - WebAttacks (IP=81,GB)
178.62.192.160	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:22	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=160,NL)
178.62.193.96	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:41	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (1:47831:1) - Source Fire (IP=96,NL)
178.62.194.122	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:35	HIVE Case #7853 CTO 22-179 (IP=122,NL
178.62.194.185	32	JP	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 22:50:43	DT Attempts/Hunt Team Submission - IR# 22C01903 (IP=185,NL)
178.62.195.14	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:18	SERVER-WEBAPP VMware Workspace ONE Access server side template injection attempt - SourceFire (IP=14,NL)
178.62.195.14	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:31	SERVER-WEBAPP VMware Workspace ONE Access server side template injection attempt - SourceFire (IP=14,NL)
178.62.196.118	24	NAB	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:34	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=118,NL)
178.62.197.187	24	KH	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 22:48:03	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - Sourcefire (IP=187,NL)
178.62.198.167	24	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:41	SQL injection - WebAttacks (IP=167,NL)
178.62.199.118	24	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:09	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=118,NL)
178.62.2.53	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:47	SQL injection - 6hr Web Attacks (IP=53,GB)
178.62.20.4	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:58	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=4,GB)
178.62.20.54	32	JP	None	2022-08-31 00:00:00	2022-11-29 00:00:00	2022-08-31 22:50:42	DT Attempts/Hunt Team Submission - IR# 22C01903 (IP=54,GB)
178.62.200.89	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:55	HTTP SQL Injection Attempt - Web Attcks (IP=89,NL)
178.62.201.235	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:25	SQL injection - Web Attacks (IP=235,NL)
178.62.202.50	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:42	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=50,NL)
178.62.203.194	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:39	ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228) - SourceFire (IP=194,NL)
178.62.206.68	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:05	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=68,NL)
178.62.207.62	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:28	HTTP SQL Injection Attempt- 6hr Web Attacks (IP=62,NL)
178.62.208.55	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:45	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=55,NL)
178.62.209.72	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:54:25	SQL Injection - 6Hr Web Attacks (IP=72,NL)
178.62.21.83	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:07	SQL injection - WebAttacks (IP=83,GB)
178.62.210.30	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:24	SQL injection - WebAttacks (IP=30,NL)
178.62.211.72	24	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:23	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=72,NL)
178.62.212.144	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:32	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - SourceFire (IP=144,NL)
178.62.213.185	24	JP	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:19	Webshell.Binary.php.FEC2 - FE NX (IP=185,NL)
178.62.214.40	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:21	SQL injection - 6hr web attacks (IP=40,NL)
178.62.215.134	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:45	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=134,NL)
178.62.215.134	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:51	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=134,NL)
178.62.215.9	24	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:10	SQL injection - 6hr Web Attacks (IP=9,NL)
178.62.217.45	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:43	SQL injection - Web Attacks (IP=45,NL)
178.62.219.117	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:37:00	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=117,NL)
178.62.22.56	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:24	SQL injection - Web Attacks (IP=56,GB)
178.62.220.222	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:40	HIVE Case #7227 CTO 22-076 (IP=222,NL)
178.62.222.13	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:29	SQL injection- 6hr Web Attacks (IP=13,NL)
178.62.223.129	24	AR	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:14	SQL injection - 6HR Web Attacks (IP=129,NL)
178.62.224.122	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:48	SQL injection- 6hr Web Attacks (IP=122,NL)
178.62.225.217	24	KH	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 22:55:20	SQL injection - Web Attacks (IP=217,NL)
178.62.227.102	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:49	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=102,NL)
178.62.228.64	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:18	vBulletin SQL Injection Vulnerability - 6HR WebAttacks (IP=64,NL)
178.62.23.95	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:38	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire Report (IP=95,GB)
178.62.230.111	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:36	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attack (IP=111,NL
178.62.230.62	24	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:15	SQL injection - Web Attacks (IP=62,NL)
178.62.230.62	24	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:15	SQL injection - Web Attacks (IP=62,NL)
178.62.231.116	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:32	SQL injection - WebAttacks (IP=116,NL)
178.62.231.116	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:32	SQL injection - WebAttacks (IP=116,NL)
178.62.232.229	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:26	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=229,NL)
178.62.233.202	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:54	SQL injection - Web Attacks (IP=202,NL)
178.62.234.69	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:44	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - SourceFire (IP=69,NL)
178.62.235.108	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:55	SQL injection - Web Attacks (IP=108,NL)
178.62.236.216	24	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:44	SQL injection - Web Attacks (IP=216,NL)
178.62.236.43	24	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:08	SQL injection - Web Attacks (IP=43,NL)
178.62.236.43	24	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:08	SQL injection - Web Attacks (IP=43,NL) SQL injection - Web Attacks (IP=43,NL)
178.62.237.122	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:35	SQL injection - Web Attacks (IP=122,NL)
178.62.239.243	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:55:05	SQL injection - 6hr web attacks (IP=243,NL)
178.62.24.206	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:05	SQL injection - WebAttacks (IP=206,GB)
178.62.240.109	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:57	Artica Web Proxy SQL Injection Vulnerability - WebAttacks (IP=109,NL)
178.62.242.250	24	RT	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-21 13:44:41	SQL injection - 6 HR WebAttack (IP=250,NL)
178.62.243.162	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:16	SQL injection - 6 Hr Web Report (IP=162,NL)
178.62.244.71	24	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:03	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire Report (IP=71,NL)
178.62.245.210	24	TH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-26 13:48:07	SQL injection - 6 Hr Web Report (IP=210,NL)
178.62.247.4	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:52	SQL injection - WebAttacks (IP=4,NL)
178.62.248.249	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:35	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=249,NL)
178.62.249.225	24	KF	None	2018-07-17 05:00:00	2022-08-20 00:00:00	2022-05-22 22:24:26	Illegal User (IP=225, GB) | updated by RS Block was inactive. Reactivated on 20220522 with reason SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt (1:49899:1) - SourceFire (IP=224,NL)
178.62.25.70	24	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:45	SQL injection - Web Attacks (IP=70,GB)
178.62.250.213	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:44	SQL injection - Web Attacks (IP=213,NL)
178.62.251.182	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:59	SQL injection - 6 Hr Web Report (IP=182,NL)
178.62.252.173	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:14	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=173,NL)
178.62.254.107	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:36	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=107,NL)
178.62.26.206	24	KH	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:08	File /etc/passwd Access Attempt Detect - FE IPS (IP=206,GB)
178.62.28.121	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:21	SQL injection - 6 Hr Web Report (IP=121,GB)
178.62.29.28	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:36	SERVER-WEBAPP WSO2 multiple products directory traversal attempt - SourceFire (IP=28,GB)
178.62.3.61	24	TH	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 22:46:37	Malware.Parent.DUAL - FireEye CMS (IP=61,GB)
178.62.30.147	24	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:00	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=147,GB)
178.62.32.218	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:29	Layer5 Meshery SQL Injection Vulnerability - Web Attacks (IP=218,GB)
178.62.33.149	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:50	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=149,GB)
178.62.34.174	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:46	SQL injection - Web Attacks (IP=174,GB)
178.62.35.200	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:41	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (1:47634:1) - Source Fire (IP=200,GB)
178.62.36.150	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:56	SQL injection - Web Attacks (IP=150,GB)
178.62.38.199	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:36	Adobe ColdFusion AdministratorAccess Restriction - Web Attacks (IP=199,GB)
178.62.39.9	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:49	Adobe ColdFusion Administrator Access Restriction- 6hr Web Attacks (IP=9,GB)
178.62.4.123	24	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-05 00:07:04	HTTP: SQL Injection - Exploit- Web Attacks (IP=123,GB)
178.62.40.126	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:47	SQL injection - 6hr Web Attacks (IP=126,GB)
178.62.41.18	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:51	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - Sourcefire Rpt (IP=18,GB)
178.62.41.99	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:05	SERVER-WEBAPP System Information Library for node.js command injection attempt (1:58980:1) - Sourcefire Rpt (IP=99,US)
178.62.41.99	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:31	SERVER-WEBAPP System Information Library for node.js command injection attempt (1:58980:1) - Sourcefire Rpt (IP=99,US)
178.62.42.198	32	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:48	DT/SQLI Attempts - IR# 22C01823 (IP=198,GB)
178.62.42.68	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:20	HTTP SQL Injection Attempt HTTP: PHP File Inclusion Vulnerability (IP=68,GB)
178.62.43.234	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:52	SQL injection - 6hr Web Attacks (IP=234,GB)
178.62.45.206	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:31	WordPress CodePeople Payment Form SQL Injection Vulnerability - 6hr Web Attacks (IP=206,GB)
178.62.45.62	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:39	SQL injection - WebAttacks (IP=62,GB)
178.62.46.156	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:14	SQL injection (IP=156,GB)
178.62.47.195	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:23	SQL injection - 6Hr Web Attacks (IP=195,GB)
178.62.48.245	24	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 13:50:57	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - 6HR Web Attacks (IP=245,GB)
178.62.49.237	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:54	SQL injection - 6HR Web Attacks (IP=237,GB)
178.62.50.118	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:12	SQL injection - Web Attacks (IP=118,GB)
178.62.52.83	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:27	SQL injection - WebAttacks (IP=83,GB)
178.62.53.195	24	RT	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-21 13:44:40	SQL injection - 6 HR WebAttack (IP=195,GB)
178.62.54.171	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:04	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) SourceFire (IP=171,GB)
178.62.56.16	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:36	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire Report (IP=16,GB)
178.62.57.41	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:51	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - Sourcefire Rpt (IP=41,GB)
178.62.58.5	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:36	SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt - SourceFire (IP=5,GB)
178.62.59.138	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:34	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=138,GB)
178.62.60.62	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:18	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=62,GB)
178.62.62.100	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:57	SQL injection - 6Hr Web Attacks (IP=100,GB)
178.62.65.248	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:51	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=248,GB)
178.62.66.36	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:17	SQL injection - Web Attacks (IP=36,GB)
178.62.67.177	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:44	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=177,GB)
178.62.68.192	24	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:23	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=192,GB)
178.62.69.190	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:57	SQL injection - Web Attacks (IP=190,GB)
178.62.7.55	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:00	SIPVicious Security Scanner - IPS Events (IP=55,GB)
178.62.70.133	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:45	HTTP SQL Injection Attempt - Web Attacks (IP=133,GB)
178.62.71.181	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:58	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=181,GB)
178.62.72.9	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:06	SQL injection - Web Attacks (IP=9,GB)
178.62.73.132	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:32	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - Sourcefire Rpt (IP=132,GB)
178.62.74.181	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:36	SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (1:48256:1) - SourceFire (IP=181, GB)
178.62.75.112	32	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:27	SQL injection- Web Attacks (IP=112,GB)
178.62.75.193	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:42	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=193,GB)
178.62.79.49	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=49,GB)
178.62.8.121	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:40	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=121,GB)
178.62.81.203	24	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:51	SQL injection - 6 Hr Web Report (IP=203,GB)
178.62.82.172	24	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:00	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=172,GB)
178.62.83.240	24	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:51	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=240,GB)
178.62.84.34	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:44:59	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter - SourceFire (IP=34,GB)
178.62.84.52	24	KD	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:50	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=52,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - SourceFire (IP=52,GB)
178.62.85.168	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:48	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=168,GB)
178.62.86.170	24	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:14	SQL injection - WebAttacks (IP=170,GB)
178.62.86.31	24	AR	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:52	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attack (IP=31,GB)
178.62.87.50	24	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:32	SERVER-WEBAPP VMware vCenter Server file upload attempt - Source Fire (IP=50,GB)
178.62.88.186	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:45	HTTP: SQL Injection - Exploit - Web Attacks (IP=186,GB)
178.62.89.21	24	WR	None	2022-04-16 00:00:00	2022-07-14 00:00:00	2022-04-16 14:47:01	Webshell.Binary.php.FEC2 - FireEye CMS (IP=21,GB)
178.62.9.36	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:20	SQL injection - WebAttacks (IP=36,GB)
178.62.90.181	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:58	HTTP SQL Injection Attempt - Web Attacks (IP=181,GB)
178.62.91.149	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=149,GB)
178.62.91.184	32	TLM	None	2022-03-09 00:00:00	2022-09-09 00:00:00	2022-03-09 15:43:40	HIVE Case #7169 TO-S-2022-0145 (IP=184,GB)
178.62.91.92	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:55	SQL injection - 6 Hr Web Report (IP=92,GB)
178.62.92.180	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:45	SQL injection - Web Attacks (IP=180,GB)
178.62.93.207	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:24	SQL injection - WebAttacks (IP=207,GB)
178.62.94.21	24	DT	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 13:31:18	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - Sourcefire (IP=21,GB)
178.62.95.208	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:18	SQL injection - Web Attacks (IP=208,GB)
178.62.96.205	32	RR	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:54	Attempted Access - Inbound Brute Force - TT#: 22C01055 (IP=205,GB)
178.62.96.207	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:46	SERVER-WEBAPP Zimbra remote code execution attempt (1:29027:6) - SourceFire (IP=207,GB)
178.62.98.250	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:17	SQL injection - WebAttacks (IP=250,GB)
178.62.99.61	24	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:33	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Source Fire (IP=61,GB)
178.63.132.198	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=198,DE)
178.63.172.9	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=9,DE)
178.63.21.13	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=13,DE)
178.63.26.114	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:58	HIVE Case #7308 CTO 22-090 (IP=114,DE)
178.63.37.86	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=86,DE)
178.63.82.7	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=7,DE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=7,DE)
178.69.117.201	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:56	Suspicious Scan Activity (IP=201,RU)
178.72.100.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.72.69.234	32	wmp	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=234,RU)
178.72.71.212	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:49	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=212,RU)
178.72.76.67	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:48	SIPVicious Security Scanner - IPS Events (IP=67,RU)
178.72.78.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
178.74.215.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
178.75.96.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
178.79.131.114	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:57	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=114,GB)
178.79.143.149	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:56	HIVE Case #7904 CTO 22-189 (IP=149,GB)
178.79.145.21	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
178.79.148.229	24	RB	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	SERVER-WEBAPP Multiple products invalid HTTP request attempt - 6hr web attacks (IP=229,GB)
178.79.168.110	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:56	HIVE Case #7904 CTO 22-189 (IP=110,GB)
178.79.172.35	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:57	HIVE Case #7904 CTO 22-189 (IP=35,GB)
178.79.186.199	24	JY	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 16:36:37	SERVER-WEBAPP Atlassian Confluence information disclosure attempt- 6 hr web attacks (IP=199,GB)
178.79.189.136	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:53	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=136,GB)
178.86.69.14	24	TH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	SQL injection - 6 Hr Web Report (IP=14,SA)
178.87.185.208	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SA TO-S-2021-1050 Hive Case 4821 Malware Activity
178.89.148.81	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:41	FTP Login Failed - Failed Logons (IP=81,KZ)
178.94.146.28	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=28,UA)
179.1.10.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
179.1.83.56	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
179.104.174.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.107.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.108.248.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.108.45.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.108.59.245	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=245,BR)
179.108.72.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.110.108.31	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - SourceFire (IP=31,BR)
179.110.139.57	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SQL injection - Web Attacks (IP=57,BR)
179.110.139.58	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt - Web Attacks (IP=58,BR)
179.110.149.145	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt - SourceFire (IP=145,BR)
179.110.162.170	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SQL injection - Web Attacks (IP=170,BR)
179.110.215.126	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=126,BR)
179.113.38.101	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:55	HTTP: SQL Injection - Exploit- 6Hr Web Attacks (IP=101,BR)
179.127.152.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.145.44.7	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.162.43.108	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=108,BR)
179.189.96.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.225.232.84	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:26	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=84, BR)
179.247.133.46	24	DT	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SQL injection - Web Attacks (IP=46,BR)
179.247.134.163	24	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:49	SERVER-WEBAPP Harbor Project Harbor admin account creation attempt - SourceFire (IP=163,BR)
179.247.170.54	24	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:19	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M1 (CVE-2021-44228) (1:2034659:2) - SourceFire (IP=54,BR)
179.247.171.217	24	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:37	WordPress Plugin Duplicator CVE-2022-2551 Unauthenticated Backup Download - IPS Events (IP=217,BR)
179.253.10.90	24	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Report (IP=90,BR)
179.36.27.195	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
179.41.28.140	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.42.56.15	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=15,BR)
179.43.133.218	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:42	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - Source Fire (IP=218,CH)
179.43.139.202	24	JP	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-23 13:58:34	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - SourceFire (IP=202,CH)
179.43.150.83	24	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:55	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=83,CH)
179.43.155.165	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:57	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=165,CH)
179.43.156.30	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=30,CH)
179.43.169.178	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=178,CH)
179.43.169.30	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:35	HIVE Case #7296 CTO 22-088 (IP=30,CH)
179.43.169.31	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:35	HIVE Case #7296 CTO 22-088 (IP=31,CH)
179.43.169.32	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:36	HIVE Case #7296 CTO 22-088 (IP=32,CH)
179.43.175.101	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=101,CH)
179.43.175.178	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:18	HIVE Case #7341 CTO 22-092 (IP=178,CH)
179.43.176.35	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:42	HIVE Case #7296 CTO 22-088 (IP=35,CH)
179.43.176.60	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:48	HIVE Case #7164 CTO 22-067.1 (IP=60,CH)
179.43.187.138	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=138,CH)
179.43.188.158	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:49	HIVE Case #7164 CTO 22-067.1 (IP=158,CH)
179.43.190.2	32	TLM	None	2022-06-23 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:46	HIVE Case #7820 CTO 22-174 (IP=2,CH) | updated by TLM Block expiration extended with reason HIVE Case #7840 CTO 22-175 (IP=2,CH)
179.48.22.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
179.51.113.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
179.51.114.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
179.56.200.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
179.58.95.214	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=214,BO)
179.60.147.11	24	WR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:47	Supicious application connections - Hive Case 7519 (IP=11,RU)
179.60.150.0	24	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=0,VE)
179.60.150.120	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:50	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=120,VE)
179.60.150.136	32	BB	None	2021-11-24 00:00:00	2022-02-22 00:00:00	None	Possible SQLi attempt - TT# 22C00413 (IP=136,BZ)
179.61.251.126	24	NAB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=126,DE)
179.66.222.154	24	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:23	SQL injection - 6hr Web Attacks (IP=154,BR)
179.7.48.184	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PE TO-S-2021-1050 Hive Case 4821 Malware Activity
179.95.176.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,BR)
179.96.16.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
179.96.160.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
179.96.240.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	BR TO-S-2021-1102 Malware Activity
179.97.112.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
179.97.179.175	24	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Report (IP=175,BR)
179.99.156.218	24	RR	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=218,BR)
18.116.193.181	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:55	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01448 (IP=181,US)
18.116.32.198	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:16	HIVE Case #7341 CTO 22-092 (IP=198,US)
18.117.132.199	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:58	HIVE Case #7282 CTO 22-085 (IP=199,US)
18.117.138.15	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:36	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=15,US)
18.117.19.14	32	ZH	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 22C00421 (IP=14,US)
18.118.102.201	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=201,US)
18.118.160.210	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:34	HIVE Case #7769 CTO 22-165 (IP=210,US)
18.118.3.51	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:15	HIVE Case #7341 CTO 22-092 (IP=51,US)
18.118.5.75	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:42	HIVE Case #7198 CTO 22-071 (IP=75,US)
18.119.11.115	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=115,US)
18.119.87.103	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=103,US)
18.130.114.61	24	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=61,GB)
18.130.14.211	24	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=211,GB)
18.130.141.45	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=45,GB)
18.130.214.2	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=2,GB)
18.130.226.214	24	KH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=214,GB)
18.130.233.249	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:58	HIVE Case #7904 CTO 22-189 (IP=249,GB)
18.132.114.170	24	KH	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=170,GB)
18.132.188.201	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=201,GB)
18.132.235.159	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:40	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR#22C01396 (IP=159,GB)
18.132.46.167	24	KH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=167,GB)
18.132.52.72	24	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=72,GB)
18.133.220.130	24	KH	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=130,GB)
18.133.222.146	24	KH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=146,GB)
18.133.243.52	32	WR	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=52,US)
18.133.249.238	32	AS	None	2022-03-22 00:00:00	2022-09-22 00:00:00	2022-03-22 14:48:49	HIVE Case #7254 CTO 22-078 (IP=238,GB)
18.133.26.247	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:57	HIVE Case #7904 CTO 22-189 (IP=247,GB)
18.134.185.164	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=164,GB)
18.134.39.73	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:36	HIVE Case #7198 CTO 22-071 (IP=73,GB)
18.135.102.94	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=94,GB)
18.135.28.6	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:59	HIVE Case #7282 CTO 22-085 (IP=6,GB)
18.138.107.235	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:56	HIVE Case #7546 CTO 22-127 (IP=235,SG)
18.141.205.196	32	AR	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-28 13:41:31	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR #22C01094 (IP=196,US)
18.142.143.39	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:48	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01469 (IP=39,SG)
18.158.183.250	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=250,DE)
18.158.248.164	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=164,DE)
18.159.252.220	32	SW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00370 (IP=220, DE)
18.162.125.210	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:02	HIVE Case #7705 CTO 22-153 (IP=210,HK)
18.162.168.122	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:24	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=122,HK)
18.162.34.60	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:01	SIPVicious Security Scanner - FE IPS Events (IP=60,HK)
18.162.56.153	32	TLM	None	2021-10-12 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:02	HIVE Case #6346 CTO 21-278 (IP=153,HK) | updated by TLM Block was inactive. Reactivated on 20220602 with reason HIVE Case #7705 CTO 22-153 (IP=153,HK)
18.162.56.88	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=88,HK)
18.163.117.54	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:03	HIVE Case #7705 CTO 22-153 (IP=54,HK)
18.163.55.217	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=217,HK)
18.167.84.215	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:04	HIVE Case #7705 CTO 22-153 (IP=215,HK)
18.169.166.1	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=1,GB)
18.169.193.62	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=62,GB)
18.170.213.100	24	KH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=100,GB)
18.170.99.92	24	KH	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=92,GB)
18.175.245.202	24	KD	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-18 13:56:53	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)-IR #22C01054 (IP=202,TH)
18.184.152.106	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:30	HIVE Case #7198 CTO 22-071 (IP=106,DE)
18.188.132.165	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=165,US)
18.191.121.162	32	RT	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00275 (IP=162,US)
18.191.154.153	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=153,US)
18.192.56.13	24	JP	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-04 22:59:40	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - SourceFire (IP=13,DE)
18.204.204.109	32	ZH	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 22:57:06	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=109,US)
18.204.217.99	32	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=99,US)
18.204.225.86	32	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=86,US)
18.205.194.143	32	ZH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) Sourcefire Rpt (IP=143,US)
18.205.238.181	32	TH	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=181,US)
18.205.247.154	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=154,US)
18.205.27.55	32	RB	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 22:50:12	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01429 (IP=55,US)
18.206.121.177	32	TC	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 22:53:09	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=177,US)
18.206.157.241	32	NAB	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=241,US)
18.206.180.197	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:05	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=197,US)
18.206.204.119	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=119,US)
18.206.216.148	32	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=148,US)
18.206.219.70	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:59	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=70,US)
18.206.237.188	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=188, US)
18.206.253.137	32	RT	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT(IP=137,US)
18.206.89.223	32	SW	None	2022-02-24 00:00:00	2022-05-25 00:00:00	2022-02-24 23:33:36	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=223,US)
18.207.114.29	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:33	HIVE Case #7813 CTO 22-173 (IP=29,US)
18.207.144.17	32	AR	None	2021-10-31 00:00:00	2022-01-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=17,US)
18.207.149.214	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:36	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=214,US)
18.207.197.3	32	RR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 14:46:02	Known Attack Tool - TT# 22C01009 (IP=3,US)
18.207.220.52	32	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=52,US)
18.208.135.51	32	DT	None	2021-10-17 00:00:00	2022-01-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=51,US)
18.208.160.22	32	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=22,US)
18.208.162.65	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:53	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=65,US)
18.208.164.195	32	AR	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=195,US)
18.208.164.23	32	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:42	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01511(IP=23,US)
18.208.189.159	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:31	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=159,US)
18.208.228.169	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:02	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=169,US)
18.208.60.216	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 13:59:29	HIVE Case #7147 COLS-NA-TIP 22-0076 (IP=216,US)
18.209.17.187	32	TH	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=187,US)
18.209.57.87	32	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:31	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=87,US)
18.210.30.163	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:23	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=163, US)
18.211.206.186	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs(IP=186,US)
18.212.16.208	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=208,US)
18.212.161.50	32	SW	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=50, US)
18.212.163.233	32	RW	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=233,US)
18.212.182.138	32	RT	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-08 18:08:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=138,US)
18.212.183.177	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:06	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=177,US)
18.212.212.184	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=184,US)
18.212.213.96	32	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=96,US)
18.212.248.137	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SQL injection - 6 HR WebAttack (IP=137,US)
18.212.248.16	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:34	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=16,US)
18.212.87.76	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:31	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=76,US)
18.213.113.236	32	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:36	Known Attack Tool / Name : UDS-WhatWeb_RC8766 - TT# 22C01010 (IP=236,US)
18.214.19.193	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=193,US)
18.214.203.115	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:35	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01734 (IP=115,US)
18.215.182.102	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:44	HIVE Case #7110 CTO 22-057 (IP=102,US)
18.216.223.145	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:40	HIVE Case #7198 CTO 22-071 (IP=145,US)
18.216.30.126	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=126,US)
18.216.60.22	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:41	HIVE Case #7198 CTO 22-071 (IP=22,US)
18.216.78.196	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:41	HIVE Case #7198 CTO 22-071 (IP=196,US)
18.217.166.80	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=80,US)
18.217.179.8	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:59	HIVE Case #7904 CTO 22-189 (IP=8,US)
18.217.225.111	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=111,US)
18.218.25.105	32	DT	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-11 13:46:50	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01355 (IP=105,US)
18.219.132.239	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:43	HIVE Case #7198 CTO 22-071 (IP=239,US)
18.219.180.158	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=158,US)
18.219.60.91	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=91,US)
18.220.219.143	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=143,US)
18.221.182.245	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=245,US)
18.221.190.193	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=193,US)
18.221.216.175	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=175,US)
18.222.119.113	32	RT	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00133 (IP=113,US)
18.222.162.20	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=20,US)
18.223.107.36	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=36,US)
18.223.157.134	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:48	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01468 (IP=134,US)
18.224.22.113	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:50	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=113,US)
18.232.114.253	32	DT	None	2021-10-17 00:00:00	2022-01-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=253,US)
18.232.135.25	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:31	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (1:51924:4) - SourceFire (IP=25,US)
18.232.160.23	32	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=23,US)
18.232.68.134	32	DT	None	2021-10-17 00:00:00	2022-01-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=134,US)
18.233.159.176	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:18	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=176,US)
18.233.166.97	32	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=97,US)
18.234.119.47	32	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=47,US)
18.234.137.16	32	TH	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=16,US)
18.234.182.167	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:06	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=167,US)
18.234.189.174	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:25	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=174,US)
18.234.214.239	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:26	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=239,US)
18.234.236.186	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:52	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=186,US)
18.234.42.237	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:24	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=237,US)
18.234.47.162	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:43:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=162,US)
18.234.60.205	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:20	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=205,US)
18.234.68.226	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=226,US)
18.234.73.197	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:42	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=197,US)
18.234.86.3	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:53	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=3,US)
18.236.92.31	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:14:59	HIVE Case #7904 CTO 22-189 (IP=31,US)
18.237.103.154	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=154,US)
18.252.176.240	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=240,US) | UNBLOCKED per CTO 22-305
18.252.207.121	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=121,US) | UNBLOCKED per CTO 22-305
18.253.157.54	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=54,US) | UNBLOCKED per CTO 22-305
18.253.181.48	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:18	HIVE Case #8100 CTO 22-211 (IP=48,US)
18.27.197.252	32	RW	None	2019-08-31 00:00:00	2022-06-13 00:00:00	None	Failed keyboard-interactive - 6 hr failed logons (IP=252,US) | updated by RW Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00665 (IP=252,US) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=252,US)
180.100.212.42	24	BB	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Web Attacks (IP=42,CN)
180.128.242.105	24	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:55	SIPVicious Security Scanner - FE CMS IPS Events (IP=105,TH)
180.131.208.54	24	RR	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-04-04 15:35:41	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=54,JP) | Please remove this IP from finder. Thanks by RBB
180.131.209.153	24	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:25	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=153,JP)
180.137.41.116	24	RW	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (1:50953:1) - Sourcefire (IP=116,CN)
180.142.107.151	24	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:11	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=151,CN)
180.148.134.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
180.148.134.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
180.149.38.136	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:32	HIVE Case #7853 CTO 22-179 (IP=136,DE)
180.150.157.106	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:45	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=106,HK)
180.150.254.37	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=37,PG)
180.150.89.167	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AU TO-S-2021-1117 DOS-DDOS Activity
180.152.11.165	24	RT	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attacks (IP=165,CN)
180.166.123.219	32	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C00682 (IP=219,CN)
180.167.163.59	32	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:45	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01569 (IP=59,CN)
180.167.246.226	32	KH	None	2021-10-04 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:13	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00034 (IP=226,CN) | updated by SW Block was inactive. Reactivated on 20220705 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01556 (IP=226,CN)
180.167.59.124	24	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=124,CN)
180.168.135.138	32	DT	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=138,CN)
180.178.75.192	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
180.178.96.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.179.207.191	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=191,IN)
180.18.108.84	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:19	HIVE Case #7894 CTO 22-187 (IP=84,JP)
180.180.146.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
180.180.174.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
180.180.175.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
180.180.216.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
180.182.141.117	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
180.182.228.202	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
180.182.229.194	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
180.182.54.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
180.182.54.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
180.182.54.14	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
180.182.54.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
180.182.81.102	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
180.184.69.31	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=31,CN)
180.188.237.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
180.188.243.0	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
180.188.243.229	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:03	Generic URI Injection wget Attempt - CMS IPS Events (IP=229,IN)
180.188.251.73	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:48	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=73,IN)
180.190.176.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.176.64	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.178.19	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.179.140	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.179.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.184.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.184.251	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.185.229	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.188.95	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.190.189.202	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.191.49.199	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
180.211.128.0	19	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,BD)
180.211.172.148	32	RW	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00223 (IP=148,BD)
180.211.91.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.211.92.70	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.214.246.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
180.215.1.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,HK) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,HK)
180.215.115.131	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=131,SG)
180.215.122.4	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=4,SG)
180.215.24.0	24	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,HK)
180.235.130.18	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
180.241.43.155	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.241.8.0	22	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,ID)
180.242.154.63	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.242.96.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malware Activity
180.243.102.75	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.243.4.48	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:04	SQL Injection - 6hr Web Attacks (IP=48,ID)
180.243.7.155	24	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:27	SQL injection - 6 HR Web Attacks (IP=155,ID)
180.244.158.181	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.244.235.31	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.244.248.202	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.244.97.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.245.112.0	23	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
180.245.115.231	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.245.64.0	21	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,ID)
180.246.147.244	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.246.204.15	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.246.3.135	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.247.144.10	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.248.219.0	24	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,ID)
180.248.32.0	20	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,ID) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,ID)
180.249.181.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.251.201.58	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.251.243.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.251.254.255	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.251.72.103	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malware Activity
180.252.208.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 Malware Activity
180.254.135.148	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
180.254.176.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malware Activity
180.254.22.225	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
180.43.154.67	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
180.43.31.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
180.46.199.89	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
180.66.111.36	24	JP	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:55	Shenzhen TVT DVR Remote Code Execution Vulnerability - IPS Events (IP=36,KR)
180.67.48.171	24	AR	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=171,KR)
180.69.193.102	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=102,KR)
180.76.105.82	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:13	HIVE Case #7807 CTO 22-169 (IP=82,CN)
180.76.112.61	24	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:38	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=61,CN)
180.76.139.223	24	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:55	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - WebAttacks (IP=223,CN)
180.76.157.58	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:12	SQL injection - 6Hr Web Attacks (IP=58,CN)
180.76.184.210	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:49	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01470 (IP=210,CN)
180.76.54.181	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:24	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=181,CN)
180.76.76.76	24	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:08	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire Report (IP=76,CN)
180.76.99.172	24	WR	None	2022-02-19 00:00:00	2022-05-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - Source Fire (172,CN)
180.92.238.227	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:41	HIVE Case #6585 CTO 21-323 (IP=227,BD) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=227,BD) HIVE Case #7904 CTO 22-189 (IP=227,BD)
180.92.238.227	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:41	HIVE Case #6585 CTO 21-323 (IP=227,BD) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=227,BD) HIVE Case #7904 CTO 22-189 (IP=227,BD)
180.92.87.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.110.250.210	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:10	SIPVicious Security Scanner - IPS Events (IP=210,AR)
181.111.233.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.112.145.118	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
181.112.155.132	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:26	SIPVicious Security Scanner - IPS Events (IP=132,EC)
181.112.155.226	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
181.112.221.122	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
181.112.39.246	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
181.114.131.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.114.132.155	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.114.132.229	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.114.136.178	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.114.144.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.114.149.64	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.114.181.193	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BO TO-S-2021-1050 Hive Case 4821 Malware Activity
181.115.144.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,BO)
181.118.183.103	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=103,AR)
181.137.124.154	24	RR	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=154,CO)
181.137.66.173	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:00	FireEye High Attacker (IP=173,CO)
181.143.166.211	24	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:56	SIPVicious Security Scanner - IPS Events (IP=211,CO)
181.16.181.110	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.16.181.120	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.164.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.165.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.170.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.174.205.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.177.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BO TO-S-2021-1117 DOS-DDOS Activity
181.189.236.82	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HN TO-S-2021-1050 Hive Case 4821 Malware Activity
181.191.18.250	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:36	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01561 (IP=250,BR)
181.191.242.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.191.25.216	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.192.32.0	19	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,AR) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,AR)
181.196.143.178	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
181.196.24.0	21	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,EC) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,EC)
181.196.240.102	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
181.199.154.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.199.224.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,GY)
181.199.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
181.209.64.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.209.80.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.209.96.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.21.9.107	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=107,AR)
181.211.244.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
181.211.248.0	22	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	EC TO-S-2021-1156 Malware Activity
181.214.142.156	32	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:21	SIPVicious Security Scanner - FE IPS (IP=156,US)
181.214.231.12	24	KD	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt- Sourcefire (IP=12,DE)
181.214.39.2	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=2,US)
181.215.178.225	32	TC	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 13:49:46	SERVER-WEBAPP Adminer port scan server side request forgery attempt (1:51899:2) - SourceFire (IP=225,US)
181.215.246.206	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=206,MY)
181.224.200.58	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PE TO-S-2021-1037 Hive Case 4785 Malware Activity
181.225.32.0	19	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	VE TO-S-2021-1102 Malware Activity
181.225.73.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VE TO-S-2021-1117 DOS-DDOS Activity
181.225.99.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VE TO-S-2021-1117 DOS-DDOS Activity
181.226.32.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	CL TO-S-2021-1102 Malware Activity
181.228.62.75	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.229.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.229.98.205	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.23.247.12	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=12,AR)
181.26.18.39	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=39,AR)
181.28.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.28.132.173	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=173,AR)
181.29.169.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.29.197.52	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.29.2.7	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=7,AR)
181.30.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.44.2.127	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.47.128.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
181.57.150.190	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CO TO-S-2021-1037 Hive Case 4785 Malware Activity
181.57.152.234	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
181.57.223.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
181.58.38.30	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:46	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=30,CO)
181.78.16.234	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=234,AR)
181.81.247.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
181.81.92.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.92.186.32	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.94.192.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.94.192.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
181.94.195.77	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
182.111.133.12	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:48	HIVE Case #7164 CTO 22-067.1 (IP=12,CN)
182.116.51.175	24	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:57	SIPVicious Security Scanner - IPS Events (IP=175,CN)
182.116.83.26	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:54	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=26,CN)
182.121.15.146	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:15	SSLv2 Client Hello Request Detected - IPS Events (IP=146,CN)
182.126.95.221	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:37	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=221,CN)
182.16.167.34	24	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 22:53:27	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=34,ID)
182.16.248.210	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:15	SERVER-WEBAPP Dicoogle directory traversal attempt (1:47664:1) - SourceFire (IP=210,ID)
182.16.249.10	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
182.16.71.234	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=234,HK)
182.16.71.236	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=236,HK)
182.16.71.237	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=237,HK)
182.16.71.238	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=238,HK)
182.160.111.82	24	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=82,BD)
182.160.5.102	32	AR	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-28 13:57:30	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01877 (IP=102,HK)
182.160.99.205	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:19	HIVE Case #6585 CTO 21-323 (IP=205,BD) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=205,BD) HIVE Case #7904 CTO 22-189 (IP=205,BD)
182.160.99.205	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:19	HIVE Case #6585 CTO 21-323 (IP=205,BD) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=205,BD) HIVE Case #7904 CTO 22-189 (IP=205,BD)
182.171.245.241	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
182.176.180.73	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:46	HIVE Case #7199 CTO 22-074 (IP=73,PK)
182.18.157.233	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:21	HIVE Case #7905 COLS-NA TIP 22-0239 (IP=233,IN)
182.18.209.6	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
182.224.99.251	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
182.23.104.231	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
182.23.81.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
182.23.9.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
182.23.94.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malware Activity
182.23.98.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
182.234.158.215	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
182.234.176.47	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	TW TO-S-2021-1102 Malware Activity
182.237.15.181	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:25	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire Rpt (IP=181,IN)
182.237.228.48	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=48,KR)
182.237.67.86	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6443 CTO 21-300 (IP=86,KR)
182.239.92.31	24	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:35	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=31,HK)
182.253.109.118	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:28	SQL injection - 6hr Web Attacks (IP=118,ID)
182.253.115.229	24	RT	None	2022-03-03 00:00:00	2022-06-02 00:00:00	2022-03-04 14:43:08	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) - Sourcefire Report (IP=229,ID) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=229,ID)
182.254.140.49	24	RW	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=49,CN)
182.254.216.217	24	TH	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:55	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire Report (IP=217,CN)
182.254.227.95	24	KH	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	Hello Peppa Scan - FE IPS (IP=95,CN)
182.255.60.0	24	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	CN TO-S-2021-1143 Command and Control Exploit
182.48.81.2	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
182.50.135.94	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SG TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
182.52.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
182.52.218.108	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
182.52.224.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
182.52.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
182.53.112.238	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
182.53.182.50	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=50,TH)
182.53.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
182.53.230.50	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
182.53.237.184	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
182.53.50.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
182.53.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
182.54.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MY TO-S-2021-1117 DOS-DDOS Activity
182.59.131.247	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=247,IN)
182.61.137.170	24	AR	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=170,CN)
182.72.231.115	32	BB	None	2021-12-15 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:39	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00593 (IP=115,IN) | updated by SW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00977(IP=115,IN) HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00977(IP=115,IN) | updated by KH Block was inactive. Reactivated on 20220704 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01536 (IP=115,IN) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01536 (IP=115,IN)
182.72.231.115	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:39	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00593 (IP=115,IN) | updated by SW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00977(IP=115,IN) HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00977(IP=115,IN) | updated by KH Block was inactive. Reactivated on 20220704 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01536 (IP=115,IN) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01536 (IP=115,IN)
182.72.231.115	32	SW	None	2022-02-28 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:39	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00593 (IP=115,IN) | updated by SW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00977(IP=115,IN) HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00977(IP=115,IN) | updated by KH Block was inactive. Reactivated on 20220704 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01536 (IP=115,IN) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01536 (IP=115,IN)
182.73.50.114	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:45	HIVE Case #7199 CTO 22-074 (IP=114,IN)
182.73.50.114	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:52	HIVE Case #7199 CTO 22-074 (IP=114,IN)
182.73.50.115	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:45	HIVE Case #7199 CTO 22-074 (IP=115,IN)
182.73.50.115	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:53	HIVE Case #7199 CTO 22-074 (IP=115,IN)
182.74.238.213	24	ZH	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 22:57:05	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=213, IO)
182.74.250.157	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:53	HIVE Case #7271 CTO 22-083 (IP=157,IN)
182.90.224.115	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:01	HIVE Case #7874 CTO 22-181 (IP=115,CN)
182.96.112.253	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:46	Generic URI Injection wget Attempt - FE CMS IPS Events (IP=253,CN)
1822552485.partyfest.cl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:20	HIVE Case #5940 TO-S-2021-1447
183.101.31.53	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
183.103.246.27	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
183.109.191.31	24	TH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-23 14:39:15	Shenzhen TVT DVR Remote Code Execution Vulnerability - FE CMS IPS Events (IP=31,KR)
183.111.227.137	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:20	HIVE Case #7535 TO-S-2022-0176 (IP=137,KR)
183.136.157.218	32	AR	None	2021-10-07 00:00:00	2022-01-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00090 (IP=218,CN)
183.136.225.9	24	JP	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:52	SIPVicious Security Scanner - IPS Events (IP=9,CN) | updated by JP Block was inactive. Reactivated on 20220923 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=9,CN) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=9,CN)
183.136.225.9	24	RS	None	2022-06-16 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:52	SIPVicious Security Scanner - IPS Events (IP=9,CN) | updated by JP Block was inactive. Reactivated on 20220923 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=9,CN) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=9,CN)
183.136.226.3	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:36	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=3,CN)
183.136.226.4	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:36	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,CN)
183.158.129.148	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:57	SIPVicious Security Scanner - IPS Events (IP=148,CN)
183.177.130.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
183.181.85.97	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=97,JP)
183.181.97.20	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	JP TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
183.184.113.101	32	AR	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00311 (IP=101,CN)
183.188.174.180	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:44	SIPVicious Security Scanner - FE IPS Events (IP=180,CN)
183.191.190.241	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:48	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=241,CN)
183.215.86.137	24	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=137,CN)
183.216.120.16	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:20	HIVE Case #7894 CTO 22-187 (IP=16,CN)
183.242.15.118	24	WR	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=118,CN)
183.242.15.96	32	AR	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 14:49:54	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00987 (IP=96,CN)
183.245.217.42	24	RB	None	2022-01-16 00:00:00	2022-04-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=42,CN)
183.45.254.49	24	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=49,CN)
183.60.41.42	24	AR	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=42,CN)
183.62.171.59	24	KH	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:35	SIPVicious Security Scanner - FE IPS (IP=59,CN)
183.77.226.191	32	ZH	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 22:30:42	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) IR# 22C01688 (IP=191,JP)
183.78.205.92	32	TLM	None	2022-02-16 00:00:00	2022-08-17 00:00:00	None	HIVE Case #7008 CTO 22-047 (IP=92,KR)
183.78.251.139	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
183.80.176.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	VN TO-S-2021-1092 Hive Case 4875 Malware Activity
183.81.153.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
183.81.158.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
183.86.194.51	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:08	HIVE Case #7705 CTO 22-153 (IP=51,KR)
183.87.255.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
183.87.50.162	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
183.87.61.0	24	GLM	None	2016-10-28 05:00:00	2022-03-05 00:00:00	None	PROTOCOL-FTP Bad login (1:491) (IP=94,IN) | updated by dbc Block was inactive. Reactivated on 20210305 with reason IN TO-S-2021-1117 DOS-DDOS Activity
183.88.144.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
183.88.214.88	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=88,TH)
183.88.7.145	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=145,TH)
183.88.78.250	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
183.89.14.149	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=149,TH) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=149,TH)
183.89.147.254	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
183.89.75.78	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	TH TO-S-2021-1102 Malware Activity
183.90.242.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 Malicious Email Activity
183.90.242.16	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=16,JP)
183.91.82.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
184.105.139.101	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:33	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=101,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=101,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=101,US)
184.105.139.101	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:48	Masscan TCP Port Scanner - IPS Events (IP=101,US)
184.105.139.101	32	SW	None	2022-03-07 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:33	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=101,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=101,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=101,US)
184.105.139.103	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=103,US)
184.105.139.103	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=103,US)
184.105.139.103	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=103,US)
184.105.139.103	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=103,US)
184.105.139.105	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:25	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=105,US) | updated by RS Block was inactive. Reactivated on 20220813 with reason SIPVicious Security Scanner - IPS Events (IP=105,US) SIPVicious Security Scanner - IPS Events (IP=105,US)
184.105.139.105	32	SW	None	2022-03-07 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:25	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=105,US) | updated by RS Block was inactive. Reactivated on 20220813 with reason SIPVicious Security Scanner - IPS Events (IP=105,US) SIPVicious Security Scanner - IPS Events (IP=105,US)
184.105.139.107	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=107,US)
184.105.139.107	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=107,US)
184.105.139.107	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=107,US)
184.105.139.107	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=107,US)
184.105.139.109	32	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=109,US)
184.105.139.111	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=111,US)
184.105.139.111	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=111,US)
184.105.139.111	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=111,US)
184.105.139.111	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=111,US)
184.105.139.113	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:30	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=113,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=113,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=113,US)
184.105.139.113	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:49	SIPVicious Security Scanner - IPS Events (IP=113,US)
184.105.139.113	32	KH	None	2022-01-12 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:30	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=113,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=113,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=113,US)
184.105.139.115	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=115,US)
184.105.139.115	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=115,US)
184.105.139.115	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=115,US)
184.105.139.115	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=115,US)
184.105.139.117	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:32	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=117,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=117,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=117,US)
184.105.139.117	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:49	SIPVicious Security Scanner - IPS Events (IP=117,US)
184.105.139.117	32	KH	None	2022-01-12 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:32	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=117,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=117,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=117,US)
184.105.139.119	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=119,US)
184.105.139.119	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=119,US)
184.105.139.119	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=119,US)
184.105.139.119	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=119,US)
184.105.139.121	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=121,US) | updated by SA Block was inactive. Reactivated on 20220525 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Alerts (IP=121,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Alerts (IP=121,US)
184.105.139.121	32	KH	None	2022-01-12 00:00:00	2022-08-23 00:00:00	2022-05-25 22:47:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=121,US) | updated by SA Block was inactive. Reactivated on 20220525 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Alerts (IP=121,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Alerts (IP=121,US)
184.105.139.123	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:50	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=123,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason SIPVicious Security Scanner - IPS Events (IP=123,US) SIPVicious Security Scanner - IPS Events (IP=123,US)
184.105.139.123	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:50	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=123,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason SIPVicious Security Scanner - IPS Events (IP=123,US) SIPVicious Security Scanner - IPS Events (IP=123,US)
184.105.139.123	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:50	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=123,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason SIPVicious Security Scanner - IPS Events (IP=123,US) SIPVicious Security Scanner - IPS Events (IP=123,US)
184.105.139.123	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:50	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=123,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason SIPVicious Security Scanner - IPS Events (IP=123,US) SIPVicious Security Scanner - IPS Events (IP=123,US)
184.105.139.123	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:50	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=123,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason SIPVicious Security Scanner - IPS Events (IP=123,US) SIPVicious Security Scanner - IPS Events (IP=123,US)
184.105.139.125	32	KH	None	2022-01-12 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=125,US) | updated by RS Block was inactive. Reactivated on 20220714 with reason SIPVicious Security Scanner - IPS Events (IP=125,US) SIPVicious Security Scanner - IPS Events (IP=125,US)
184.105.139.125	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=125,US) | updated by RS Block was inactive. Reactivated on 20220714 with reason SIPVicious Security Scanner - IPS Events (IP=125,US) SIPVicious Security Scanner - IPS Events (IP=125,US)
184.105.139.67	32	tpr	None	2014-05-29 05:00:00	2022-04-18 00:00:00	None	SNMP bulk data requests against cpc ias (ip=67,US) | updated by KH Block was inactive. Reactivated on 20220118 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=67,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=67,US)
184.105.139.67	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	SNMP bulk data requests against cpc ias (ip=67,US) | updated by KH Block was inactive. Reactivated on 20220118 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=67,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=67,US)
184.105.139.67	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=67,US)
184.105.139.67	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=67,US)
184.105.139.67	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=67,US)
184.105.139.69	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:31	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=69,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=69,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=69,US)
184.105.139.69	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:51	SIPVicious Security Scanner - IPS Events (IP=69,US)
184.105.139.69	32	KH	None	2022-01-12 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:31	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=69,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=69,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=69,US)
184.105.139.71	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=71,US)
184.105.139.71	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=71,US)
184.105.139.71	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=71,US)
184.105.139.71	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=71,US)
184.105.139.73	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:34	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=73,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution FE CMS IPS alert (IP=73,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution FE CMS IPS alert (IP=73,US)
184.105.139.73	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:51	Masscan TCP Port Scanner - IPS Events (IP=73,US)
184.105.139.73	32	KH	None	2022-01-12 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:34	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=73,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution FE CMS IPS alert (IP=73,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution FE CMS IPS alert (IP=73,US)
184.105.139.75	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=75,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US)
184.105.139.75	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=75,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US)
184.105.139.75	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=75,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US)
184.105.139.75	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=75,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US)
184.105.139.75	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=75,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=75,US)
184.105.139.77	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:33	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=77,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=77,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=77,US)
184.105.139.77	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=77,US)
184.105.139.77	32	KH	None	2022-01-12 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:33	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=77,US) | updated by SA Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=77,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS alert (IP=77,US)
184.105.139.79	32	KH	None	2022-01-18 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=79,US) | updated by RS Block was inactive. Reactivated on 20220629 with reason SIPVicious Security Scanner - IPS Events (IP=79,US) SIPVicious Security Scanner - IPS Events (IP=79,US)
184.105.139.79	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=79,US) | updated by RS Block was inactive. Reactivated on 20220629 with reason SIPVicious Security Scanner - IPS Events (IP=79,US) SIPVicious Security Scanner - IPS Events (IP=79,US)
184.105.139.79	32	KH	None	2022-01-18 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=79,US) | updated by RS Block was inactive. Reactivated on 20220629 with reason SIPVicious Security Scanner - IPS Events (IP=79,US) SIPVicious Security Scanner - IPS Events (IP=79,US)
184.105.139.79	32	KH	None	2022-01-18 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=79,US) | updated by RS Block was inactive. Reactivated on 20220629 with reason SIPVicious Security Scanner - IPS Events (IP=79,US) SIPVicious Security Scanner - IPS Events (IP=79,US)
184.105.139.79	32	KH	None	2022-01-18 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:10	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=79,US) | updated by RS Block was inactive. Reactivated on 20220629 with reason SIPVicious Security Scanner - IPS Events (IP=79,US) SIPVicious Security Scanner - IPS Events (IP=79,US)
184.105.139.81	32	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=81,US)
184.105.139.83	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=83,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US)
184.105.139.83	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=83,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US)
184.105.139.83	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=83,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US)
184.105.139.83	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=83,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US)
184.105.139.83	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=83,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=83,US)
184.105.139.85	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:27	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=85,US) | updated by RS Block was inactive. Reactivated on 20220813 with reason SIPVicious Security Scanner - IPS Events (IP=85,US) SIPVicious Security Scanner - IPS Events (IP=85,US)
184.105.139.85	32	KH	None	2022-01-12 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:27	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=85,US) | updated by RS Block was inactive. Reactivated on 20220813 with reason SIPVicious Security Scanner - IPS Events (IP=85,US) SIPVicious Security Scanner - IPS Events (IP=85,US)
184.105.139.87	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=87,US)
184.105.139.87	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=87,US)
184.105.139.87	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=87,US)
184.105.139.87	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=87,US)
184.105.139.89	32	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=89,US)
184.105.139.91	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=91,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US)
184.105.139.91	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=91,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US)
184.105.139.91	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=91,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US)
184.105.139.91	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=91,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US)
184.105.139.91	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=91,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=91,US)
184.105.139.93	32	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=93,US)
184.105.139.95	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=95,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US)
184.105.139.95	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=95,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US)
184.105.139.95	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=95,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US)
184.105.139.95	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=95,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US)
184.105.139.95	32	KH	None	2022-01-18 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=95,US) | updated by RS Block was inactive. Reactivated on 20220606 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US) HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US)
184.105.139.96	32	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:17	SIPVicious Security Scanner - IPS Events (IP=96,US)
184.105.139.97	32	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=97,US)
184.105.139.99	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=99,US)
184.105.139.99	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=99,US)
184.105.139.99	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=99,US)
184.105.139.99	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=99,US)
184.105.247.196	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:13	SIPVicious Security Scanner - IPS Events (IP=196,US)
184.105.247.200	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:12	SIPVicious Security Scanner - IPS Events (IP=200,US)
184.105.247.204	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:14	SIPVicious Security Scanner - IPS Events (IP=204,US)
184.105.247.212	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:11	SIPVicious Security Scanner - IPS Events (IP=212,US)
184.105.247.224	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:10	SIPVicious Security Scanner - IPS Events (IP=224,US)
184.105.247.232	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:12	SIPVicious Security Scanner - IPS Events (IP=232,US)
184.105.247.238	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:06	SIPVicious Security Scanner - IPS Events (IP=238,US)
184.105.247.248	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:07	SIPVicious Security Scanner - IPS Events (IP=248,US)
184.106.13.157	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=157,US)
184.106.203.86	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=86,US)
184.107.112.63	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	CA TO-S-2021-1143 Malicious Email Activity
184.145.152.158	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:52	SQL injection - WebAttacks (IP=158,CA)
184.154.167.26	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
184.160.186.119	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
184.164.146.107	32	TLM	None	2022-01-10 00:00:00	2022-07-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=107,US)
184.168.100.195	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=195,SG)
184.168.120.153	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=153,SG)
184.168.122.196	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=196,SG)
184.168.125.0	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,SG)
184.168.221.96	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=96,US)
184.168.97.99	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=99,SG)
184.171.248.26	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=26,US)
184.175.83.6	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
184.175.83.7	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
184.175.93.37	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=37,US)
184.175.96.230	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
184.187.107.86	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:21	HIVE Case #7894 CTO 22-187 (IP=86,US)
184.22.91.79	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=79,TH)
184.23.74.168	32	JEB	None	2022-06-06 00:00:00	2022-09-06 00:00:00	2022-06-08 16:55:54	REV Malicious Bumblebee Hardcoded C2 (IP=168,US)
184.25.50.112	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=112,DE)
184.28.220.0	23	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:40	HIVE Case #7840 CTO 22-175 (IP=0,US)
184.28.221.19	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:40	HIVE Case #7813 CTO 22-173 (IP=19,US)
184.51.121.40	32	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt - Sourcefire Report (IP=40,US)
184.57.167.14	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
184.69.55.42	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
184.72.1.3	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=3,US)
184.72.101.22	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=22,US)
184.72.113.55	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=55,US)
184.72.129.245	32	WR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=245,US)
184.72.138.16	32	SW	None	2022-01-22 00:00:00	2022-04-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=16,US)
184.72.145.139	32	DT	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:39	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=139,US)
184.72.145.34	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=34,US)
184.72.177.88	32	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=88,US)
184.72.181.18	32	RR	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TR# 22C00965 (IP=18,US)
184.72.182.7	32	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=7,US)
184.72.186.50	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=50,US)
184.72.192.12	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:25	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=12,US)
184.72.209.33	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=33,US)
184.72.21.54	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=54,US)
184.72.212.52	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=52,US)
184.72.224.3	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=3,US)
184.72.229.1	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=1,US)
184.72.240.3	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=3,US)
184.72.245.1	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=1,US)
184.72.48.22	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=22,US)
184.73.110.23	32	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=23,US)
184.73.125.115	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:31	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=115,US)
184.73.128.147	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:30	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=147,US)
184.73.146.62	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:19	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=62,US)
184.73.149.84	32	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:17	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01500 (IP=84,US)
184.73.18.76	32	WR	None	2021-11-03 00:00:00	2022-02-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=76,US)
184.73.47.182	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:12	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=182,US)
184.73.67.215	32	RT	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=215,US)
184.73.94.171	32	WR	None	2022-02-10 00:00:00	2022-05-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=171,US)
184.75.221.203	32	KH	None	2021-11-02 00:00:00	2022-01-31 00:00:00	None	Self Report / ColdFusion Error Reporting - TT# 22C00277 (IP=203,CA)
184.86.119.96	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=96,OM)
184.91.180.226	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
184.95.46.75	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=75,US)
185.10.16.41	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:46	Custom Violation - ArcSight (IP=41,FR)
185.10.68.207	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:48	HIVE Case #7676 CTO 22-147 (IP=207,SC)
185.10.68.40	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=40,SC)
185.10.80.109	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
185.100.85.101	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=101,RO)
185.100.85.61	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=61,RO)
185.100.86.128	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=128,FI)
185.100.86.154	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=154,FI)
185.100.87.133	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:37	HIVE Case #7894 CTO 22-187 (IP=133,RO)
185.100.87.139	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:39	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=138,RO)
185.100.87.174	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:35	HIVE Case #7342 CTO 22-092 FRAGO (IP=174,RO)
185.100.87.202	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:37	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=202,RO) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=202,RO) HIVE Case #7894 CTO 22-187 (IP=202,RO)
185.100.87.202	32	DT	None	2021-03-14 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:37	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=202,RO) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=202,RO) HIVE Case #7894 CTO 22-187 (IP=202,RO)
185.100.87.202	32	DT	None	2021-03-14 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:37	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=202,RO) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=202,RO) HIVE Case #7894 CTO 22-187 (IP=202,RO)
185.100.87.202	32	TLM	None	2021-12-13 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:37	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=202,RO) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) HIVE Case #6652 CTO 21-345 F1 (IP=202,RO) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=202,RO) HIVE Case #7894 CTO 22-187 (IP=202,RO)
185.100.87.41	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=41,RO)
185.100.9.3	32	TH	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 22:49:30	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01619 (IP=9,DE)
185.101.139.162	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=162,NL)
185.101.139.176	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:53	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=176,NL)
185.101.139.24	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=24,NL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=24,NL)
185.101.33.138	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NO TO-S-2021-1037 Hive Case 4785 Malware Activity
185.101.33.161	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:49	Masscan TCP Port Scanner - FE CMS IPS Events (IP=161,NO)
185.101.33.161	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:56	Masscan TCP Port Scanner - FE CMS IPS Events (IP=161,NO)
185.102.113.194	24	RB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=194,BR)
185.102.12.2	24	KD	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt- Sourcefire(IP=2,AT)
185.102.170.58	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:13	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=58,NL)
185.103.110.172	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:32	HIVE Case #7432 CTO 22-110 (IP=172,FI)
185.103.128.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.104.112.238	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=238,RU)
185.104.120.20	24	DT	None	2022-03-08 00:00:00	2022-06-06 00:00:00	2022-03-09 14:45:01	SSH2 Failed Login Attempt - Failed Logons (IP=20,GB)
185.104.194.84	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:56	SERVER-OTHER RealTek UDPServer command injection attempt - Source Fire (IP=84,PO)
185.104.28.238	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=238,NL)
185.104.28.27	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=27,NL)
185.104.29.16	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	NL TO-S-2021-1143 Malicious Email Activity
185.105.1.136	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=136,IN)
185.105.238.147	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=147,IR)
185.105.3.162	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LU TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.105.3.196	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LU TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.105.3.51	24	DT	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	SQL injection - Web Attacks (IP=51,LU)
185.105.90.134	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:36	HIVE Case #7342 CTO 22-092 FRAGO (IP=134,RU)
185.106.123.117	32	TLM	None	2021-10-29 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6447 CTO 21-287 (IP=117,NL)
185.106.123.228	24	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Callback IP - Hive Case 6498 (IP=53,RU)
185.106.21.8	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=8,TR)
185.106.96.158	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:54	HIVE Case #7164 CTO 22-067.1 (IP=158,US)
185.107.232.127	32	AS	None	2021-11-12 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6528 TO-S-2022-0082 (IP=127,FR)
185.107.232.249	24	TH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Hive Case #6933 (IP=249,FR)
185.107.47.171	24	RR	None	2021-06-05 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:32	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=171,NL) | updated by AR Block was inactive. Reactivated on 20220707 with reason SQL injection - Web Attacks (IP=171,NL) SQL injection - Web Attacks (IP=171,NL)
185.107.47.171	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=171,NL) HIVE Case #6652 CTO 21-345 F1 (IP=171,NL)
185.107.47.171	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:32	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=171,NL) | updated by AR Block was inactive. Reactivated on 20220707 with reason SQL injection - Web Attacks (IP=171,NL) SQL injection - Web Attacks (IP=171,NL)
185.107.47.171	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	NL TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason NL TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=171,NL) HIVE Case #6652 CTO 21-345 F1 (IP=171,NL)
185.107.47.215	32	GM	None	2019-10-27 00:00:00	2022-06-13 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - 20C00648 (IP=215,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00602 (IP=215,NL) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6654 CTO 21-345 (IP=215,NL) HIVE Case #6654 CTO 21-345 (IP=215,NL)
185.107.47.215	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - 20C00648 (IP=215,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00602 (IP=215,NL) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6654 CTO 21-345 (IP=215,NL) HIVE Case #6654 CTO 21-345 (IP=215,NL)
185.107.56.195	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:01	Web Infection Match - FE CMS(IP=195,NL)
185.107.56.207	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6626 CTO 21-343 (IP=207,GB)
185.107.56.208	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=208,NL)
185.107.56.209	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:32	HIVE Case #7088 CTO 22-056 (IP=209,NL)
185.107.56.210	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=210,NL)
185.107.70.202	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=202,NL)
185.107.70.56	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=56,NL)
185.110.17.76	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.110.188.50	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:56:00	SQL injection - Web Attacks (IP=50,DE)
185.110.190.178	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:30	HIVE Case #7769 CTO 22-165 (IP=178,DE)
185.111.164.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.111.86.164	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=164,RU)
185.112.145.13	24	DT	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=13,IS)
185.112.146.73	24	NAB	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=73,IS)
185.112.147.12	24	ZH	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 23:23:08	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=12,IS)
185.112.249.139	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MD TO-S-2021-1037 Hive Case 4785 Malware Activity
185.112.83.0	24	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=0,RU)
185.112.83.116	32	AS	None	2022-02-02 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6909 TO-S-2022-0121 (IP=116,RU)
185.113.128.30	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=30,GB)
185.115.4.177	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:06	SQL injection- 6hr Web Attacks (IP=177,GE)
185.116.192.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KZ TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.117.72.161	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=161,AE)
185.117.75.209	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:48	HIVE Case #7874 CTO 22-181 (IP=209,AE)
185.117.75.34	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:28	HIVE Case #7088 CTO 22-056 (IP=34,AE)
185.117.88.130	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6312 CTO 21-271 (IP=130,SE)
185.117.89.226	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:36	HIVE Case #7199 CTO 22-074 (IP=226,SE)
185.117.90.187	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:45	HIVE Case #7704 TO-S-2022-0190 (IP=187,NL)
185.117.90.211	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:46	HIVE Case #7894 CTO 22-187 (IP=211,NL)
185.117.90.36	24	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Callback IP - Hive Case 6498 (IP=36,NL)
185.117.91.175	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=175,NL)
185.117.98.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IQ)
185.118.15.50	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=50,IR)
185.118.164.183	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=183,RU)
185.118.164.21	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:28	HIVE Case #7088 CTO 22-056 (IP=21,RU)
185.118.166.115	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=115,RU)
185.118.167.40	24	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:32	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=40,RU)
185.118.48.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AZ TO-S-2021-1117 DOS-DDOS Activity
185.119.173.158	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:15	Phish.LIVE.DTI.URL - FE CMS (IP=158,GB)
185.119.173.204	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=204,GB)
185.120.177.68	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
185.120.220.0	22	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=0,IR)
185.120.222.210	32	TLM	None	2021-09-15 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6179 CTO 21-253 (IP=210,IR)
185.120.7.1	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=1,GB)
185.120.7.124	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=124,GB) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=124,GB) HIVE Case #5968 TO-S-2021-1276 (IP=124,GB)
185.120.7.124	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=124,GB) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=124,GB) HIVE Case #5968 TO-S-2021-1276 (IP=124,GB)
185.120.7.124	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=124,GB)
185.120.7.165	32	TLM	None	2022-04-28 00:00:00	2022-10-27 00:00:00	2022-04-28 16:06:21	HIVE Case #7482 CTO 22-118 (IP=165,GB)
185.120.77.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KZ TO-S-2021-1050 Hive Case 4821 Malware Activity
185.122.204.36	24	TC	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 22:51:00	Known Attack Tool - IR# 22C01897 (IP=36,RU)
185.122.53.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
185.122.53.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
185.122.57.148	32	AS	None	2022-03-02 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:39	HIVE Case #7126 CTO 22-061 (IP=148,GB) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=148,GB)
185.122.57.172	32	TLM	None	2022-04-28 00:00:00	2022-10-27 00:00:00	2022-04-28 16:06:21	HIVE Case #7482 CTO 22-118 (IP=172,GB)
185.123.204.82	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=82,ES) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=82,ES)
185.123.233.109	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.123.233.243	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.123.53.9	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=9,EE)
185.124.117.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.125.168.247	24	EE	None	2021-02-15 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:11	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=247,NO) | updated by KD Block was inactive. Reactivated on 20220227 with reason Infection Match (blocked)- FIREEYE Web(IP=247,NO)
185.125.190.36	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:41	HIVE Case #7673 TO-S-2022-0189 (IP=36,GB)
185.126.117.205	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=205,DE)
185.126.16.0	23	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IR)
185.126.219.156	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TR TO-S-2021-1117 DOS-DDOS Activity
185.126.91.234	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:54	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=234,PG)
185.128.232.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.128.41.90	24	NHL	None	2020-10-13 00:00:00	2022-10-13 00:00:00	None	Case # 4105 - IOC_ Golang_RAT (IP=90,CH)
185.129.236.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.129.61.2	24	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SQL injection - 6HR Web Attack (IP=2,DK)
185.129.61.9	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:38	HIVE Case #7894 CTO 22-187 (IP=9,DK)
185.129.62.62	24	jky	None	2016-11-04 05:00:00	2022-05-17 00:00:00	None	NL TO-S-2017-0138 Malicious Cyber Actors communicating with government sites | updated by jky with reason TO-S-2017-0381 GRIZZ | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=62,DK)
185.13.36.84	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.13.79.3	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=3,ES)
185.130.224.69	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:27	File /etc/passwd Access Attempt Detect - IPS Events (IP=69,NL)
185.130.44.108	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=108,SE)
185.130.45.208	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:19	HIVE Case #7894 CTO 22-187 (IP=208,SE)
185.130.47.58	24	WR	None	2022-02-28 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:19	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=58,NL) | updated by SW Block was inactive. Reactivated on 20220602 with reason Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=58,SE)
185.130.76.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IR TO-S-2021-1117 unknown activity
185.131.190.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.131.223.0	24	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=0,BZ)
185.132.133.26	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:43	HIVE Case #7676 CTO 22-147 (IP=26,NL)
185.132.72.85	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.134.196.53	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228) (1:2034701:1) - Sourcefire Rpt (IP=53,GB)
185.134.197.53	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228) (1:2034701:1) - Sourcefire Rpt (IP=53,GB)
185.135.241.105	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=105,NL)
185.135.241.84	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=84,NL)
185.135.88.105	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.136.136.104	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:43	HIVE Case #7793 CTO 22-168 (IP=104,IT)
185.136.158.77	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
185.136.163.104	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:52	HIVE Case #7779 CTO 22-162 (IP=104,FR)
185.136.165.161	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=161,FR)
185.136.93.40	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.137.93.71	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=71,DE)
185.138.164.112	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:00	HIVE Case #7904 CTO 22-189 (IP=112,GB)
185.138.164.18	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:28	HIVE Case #7189 CTO 22-068.1 (IP=18,GB)
185.139.21.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.14.29.199	32	srm	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	HIVE Case #NA FP Security (IP=199,NL)
185.14.44.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,US)
185.14.45.53	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=53,DE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=53,DE)
185.14.58.24	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ES TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
185.14.97.145	24	RB	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=145,NO)
185.14.97.176	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:34	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=176,NO)
185.140.102.168	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.140.162.5	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:57	Suspicious Scan Activity (IP=5,RU)
185.141.133.34	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:11	SIPVicious Security Scanner - IPS Events (IP=34,IR)
185.141.225.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:37	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
185.141.24.26	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6660 CTO 21-348 (IP=26,RO)
185.141.25.125	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:02	HIVE Case #7745 CTO 22-160 (IP=125,RO)
185.141.25.197	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=197,RO)
185.141.25.82	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=82,RO)
185.141.62.48	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6515 TO-S-2022-0080 (IP=48,CY)
185.142.156.0	22	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,IR)
185.142.169.173	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.142.188.247	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
185.142.236.41	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:44	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - IR# 22C01462 (IP=41,NL)
185.143.145.227	32	TLM	None	2021-10-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6385 CTO 21-286 (IP=227,UA)
185.143.146.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.143.223.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.143.223.146	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.143.223.244	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.143.233.37	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=37,IR)
185.143.234.30	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=30,IR)
185.145.176.214	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.146.0.0	22	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,KZ)
185.146.232.168	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:56:01	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=168,RO)
185.146.232.75	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=75,SC)
185.146.97.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.200	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.203	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.213	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.215	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.221	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.36	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.44	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.47	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.146.97.66	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.147.162.254	32	JP	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 22:29:31	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01807 (IP=254,IR)
185.149.103.50	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.149.90.118	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=118,NL)
185.15.172.212	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:04	HIVE Case #7874 CTO 22-181 (IP=212,RU)
185.15.24.12	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=12,FR)
185.15.83.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.150.116.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LT TO-S-2021-1117 Malicious Email Activity
185.150.117.97	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:18	HIVE Case #7807 CTO 22-169 (IP=97,LT)
185.150.189.165	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=165,US)
185.150.189.186	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=186,US)
185.150.189.202	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=202,US)
185.150.190.113	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=113,US)
185.150.190.153	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=153,US)
185.150.190.154	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=154,US)
185.150.190.244	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=244,US)
185.150.190.45	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=45,US)
185.150.190.54	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=54,US)
185.150.191.10	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=10,US)
185.150.191.218	32	KH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:45	SIPVicious Security Scanner - FE IPS (IP=218,US)
185.150.191.35	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=35,US)
185.150.191.44	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=44,US)
185.150.237.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.151.232.140	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=140,NL)
185.151.30.0	22	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,GB)
185.151.30.168	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.151.51.173	32	ZH	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:13	Phish.LIVE.DTI.URL Case 7461
185.152.180.198	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
185.152.32.69	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=69,DK)
185.152.32.71	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:04	HIVE Case #7133 CTO 22-062 (IP=71,DK)
185.152.32.76	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=76,DK)
185.153.198.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,RU)
185.153.199.147	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=147,RU)
185.153.199.176	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6624 CTO 21-341 (IP=176,RU)
185.154.176.149	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=149,DK)
185.154.53.140	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=140,RU)
185.155.19.207	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:57	Suspicious Scan Activity (IP=207,RU)
185.156.172.0	24	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:26:58	HIVE Case #7669 TO-S-2022-0187 (IP=0,NL)
185.156.219.146	24	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:37	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=146,ES)
185.156.72.230	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:58	Suspicious Scan Activity (IP=230,RU)
185.156.73.109	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:58	Suspicious Scan Activity (IP=109,RU)
185.156.74.58	24	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:42:35	File /etc/passwd Access Attempt Detect - IPS Events (IP=58,RU)
185.158.11.118	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=118,ES)
185.158.249.63	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:49	HIVE Case #7308 CTO 22-090 (IP=63,NL)
185.158.250.216	24	KH	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	Malicious IP HIVE Case 6498 (IP=216,GB)
185.159.196.2	24	DT	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=2,CA)
185.159.197.10	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=10,CA)
185.159.198.48	24	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire Report (IP=48,CA)
185.159.199.190	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=190,CA)
185.159.68.115	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=115,US)
185.159.82.81	24	TH	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-16 18:12:41	SIPVicious Security Scanner - FE CMS IPS Events (IP=81,RU)
185.16.225.110	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
185.16.227.234	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
185.16.38.48	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=48,PL)
185.16.38.48	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=48,PL)
185.16.38.48	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=48,PL)
185.16.39.201	24	AR	None	2022-08-15 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:08	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=201,PL) | updated by KH Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=201,PL)
185.16.56.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.16.60.130	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:43	HIVE Case #7652 CTO 22-141 (IP=130,DE)
185.160.20.244	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
185.160.60.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
185.161.203.177	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6586 TO-S-2022-0085 (IP=177,US)
185.161.208.207	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:44	HIVE Case #7361 CTO 22-098 (IP=207,NL)
185.161.208.209	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:30	HIVE Case #8395 TO-S-2022-0233 (IP=209,NL)
185.161.208.244	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:13	HIVE Case #7653 CTO 22-144 (IP=244,NL)
185.161.209.173	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=173,NL)
185.161.209.249	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:11	HIVE Case #7807 CTO 22-169 (IP=249,NL)
185.161.210.187	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=187,NL)
185.161.235.48	24	KD	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00514(IP=48,BG)
185.162.1.250	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=250,HU)
185.162.174.3	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
185.162.235.162	24	RR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 13:46:43	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=162,NL)
185.162.235.175	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:39	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=175,NL)
185.162.235.175	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:39	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=175,NL) SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=175,NL)
185.162.249.247	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
185.162.250.113	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
185.162.67.0	24	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,RO)
185.163.116.210	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:34	HIVE Case #7198 CTO 22-071 (IP=210,DE)
185.163.126.244	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=244,FR)
185.163.200.34	32	TLM	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-05 14:31:57	HIVE Case #7312 COLS-NA-TIP 22-0110 (IP=34,GE)
185.163.204.22	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-07 02:17:59	NullMixer Malware - IR# 23C02034 (IP=22,HU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=22,HU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=22,HU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=22,HU)
185.164.1.119	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MD TO-S-2021-1050 Hive Case 4821 Malware Activity
185.164.172.104	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:45	HIVE Case #7557 CTO 22-130 (IP=104,RU)
185.164.172.112	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:45	HIVE Case #7557 CTO 22-130 (IP=112,RU)
185.164.172.99	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:44	HIVE Case #7557 CTO 22-130 (IP=99,RU)
185.164.41.187	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.165.168.229	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=229,SC) | updated by RR with reason Possible SQLi attempt - TT# 20C00390 (IP=229,RO) | updated by RT Block was inactive. Reactivated on 20210608 with reason SERVER-WEBAPP RevSlider | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=229,SC) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=229,SC)
185.165.168.229	24	GLM	None	2017-09-23 05:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=229,SC) | updated by RR with reason Possible SQLi attempt - TT# 20C00390 (IP=229,RO) | updated by RT Block was inactive. Reactivated on 20210608 with reason SERVER-WEBAPP RevSlider | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=229,SC) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=229,SC)
185.165.168.229	24	RT	None	2021-06-08 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=229,SC) | updated by RR with reason Possible SQLi attempt - TT# 20C00390 (IP=229,RO) | updated by RT Block was inactive. Reactivated on 20210608 with reason SERVER-WEBAPP RevSlider | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=229,SC) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=229,SC)
185.165.171.175	24	DT	None	2022-03-08 00:00:00	2022-06-06 00:00:00	2022-03-09 14:45:02	SSH2 Failed Login Attempt - Failed Logons (IP=175,SC)
185.165.190.34	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Connections Activity
185.166.84.90	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:47	HTTP/1.x Protocol Policy - ArcSight (IP=90,FR)
185.167.121.66	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:38	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=66,RU)
185.167.32.147	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.167.96.150	24	DBC	None	2022-03-20 00:00:00	2022-06-20 00:00:00	2022-03-20 23:01:45	Corelight VNC Scan (IP=150,NL)
185.167.98.76	24	DBC	None	2022-03-20 00:00:00	2022-06-20 00:00:00	2022-03-20 23:01:42	Corelight ET Scan (IP=76,NL)
185.168.173.151	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.168.173.28	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
185.169.97.210	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=210,PT)
185.17.0.250	24	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:10	Attempted Access - Inbound Brute Force - IR #22C01222 (IP=250,RU)
185.17.113.42	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=42,TR)
185.17.40.0	24	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=0,PL)
185.170.114.25	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:59	SQL injection - 6Hr Web Attacks (IP=25,DE)
185.170.52.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.171.1.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.171.233.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LV TO-S-2021-1117 DOS-DDOS Activity
185.171.91.101	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=101,TR)
185.172.110.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.172.110.211	24	WR	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 13:58:37	Known Attack Tool - TT# 22C01036 (IP=211,AU)
185.172.110.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.172.110.234	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.172.129.215	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:28	HIVE Case #7189 CTO 22-068.1 (IP=215,US)
185.172.203.246	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.173.160.142	24	RR	None	2021-10-06 00:00:00	2022-01-08 00:00:00	None	MALICIOUS PUP File Site (IP=142,NL)
185.173.204.107	24	ZH	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 22:25:59	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Rpt (IP=107,RS)
185.173.34.212	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:13	HIVE Case #7862 CTO 22-176 (IP=212,AE)
185.173.35.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	Unauthorized Access-Probe - TT# 19C01987 (IP=1,US) | updated by RR with reason Generic ArcSight scan attempt (IP=1,GB) | updated by dbc Block was inactive. Reactivated on 20210128 with reason US TO-S-2021-1050 Hive Case 4821 Malware Activity US TO-S-
185.173.35.1	32	CR	None	2019-04-22 00:00:00	2022-01-28 00:00:00	None	Unauthorized Access-Probe - TT# 19C01987 (IP=1,US) | updated by RR with reason Generic ArcSight scan attempt (IP=1,GB) | updated by dbc Block was inactive. Reactivated on 20210128 with reason US TO-S-2021-1050 Hive Case 4821 Malware Activity US TO-S-
185.173.35.17	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
185.173.35.21	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
185.173.35.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	Signature: Unauthorized Access-Probe - TT# 19C01996 (IP=41,US) | updated by dbc Block was inactive. Reactivated on 20210128 with reason US TO-S-2021-1050 Hive Case 4821 Malware Activity US TO-S-2021-1050 Hive Case 4821 Malware Activity
185.173.35.41	32	KF	None	2019-04-24 00:00:00	2022-01-28 00:00:00	None	Signature: Unauthorized Access-Probe - TT# 19C01996 (IP=41,US) | updated by dbc Block was inactive. Reactivated on 20210128 with reason US TO-S-2021-1050 Hive Case 4821 Malware Activity US TO-S-2021-1050 Hive Case 4821 Malware Activity
185.173.35.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
185.174.136.71	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:02	Generic URI Injection wget Attempt - CMS IPS Events (IP=71,RU)
185.174.174.220	32	TLM	None	2022-01-26 00:00:00	2022-07-26 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=220,UA) | updated by TLM Block was inactive. Reactivated on 20220126 with reason HIVE Case #6836 CTO 22-022 (IP=220,UA) HIVE Case #6836 CTO 22-022 (IP=220,UA)
185.174.174.220	32	NAB	None	2020-10-30 00:00:00	2022-07-26 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=220,UA) | updated by TLM Block was inactive. Reactivated on 20220126 with reason HIVE Case #6836 CTO 22-022 (IP=220,UA) HIVE Case #6836 CTO 22-022 (IP=220,UA)
185.175.158.27	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:29	HIVE Case #7199 CTO 22-074 (IP=27,RU)
185.175.158.27	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:21	HIVE Case #7199 CTO 22-074 (IP=27,RU)
185.175.200.63	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=63,NL)
185.175.208.12	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:38	HIVE Case #7258 CTO 22-082 (IP=12,GB)
185.176.208.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
185.176.220.198	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=198,LV)
185.176.43.112	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=112,BG)
185.177.0.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TJ TO-S-2021-1092 Hive Case 4875 Malware Activity
185.177.104.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AM TO-S-2021-1050 Hive Case 4821 Malware Activity
185.177.114.98	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:39	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=98,RU)
185.177.153.246	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=246,ES)
185.177.240.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
185.177.57.117	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	BG TO-S-2021-1143 Malicious Email Activity
185.177.57.38	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	BG TO-S-2021-1143 Malicious Email Activity
185.178.52.130	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
185.178.80.70	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
185.179.172.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
185.179.24.164	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=164,TR)
185.179.24.165	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=165,TR)
185.18.215.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.18.244.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	AZ TO-S-2021-1092 Hive Case 4875 Malware Activity
185.18.52.211	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.18.54.134	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:31	HIVE Case #7432 CTO 22-110 (IP=134,NL)
185.180.143.146	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:52	SIPVicious Security Scanner - FE IPS Events (IP=146,PT)
185.180.143.146	32	KH	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=146,US)
185.180.143.73	24	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 22:55:24	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=73,PT)
185.180.230.93	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:13	HIVE Case #7881 CTO 22-182 (IP=93,RU)
185.180.60.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IQ TO-S-2021-1117 DOS-DDOS Activity
185.181.102.208	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:49	HIVE Case #7325 CTO 22-091 (IP=208,RO)
185.181.115.110	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:07	HIVE Case #7696 CTO 22-152 (IP=110,DE)
185.181.115.163	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:35	HIVE Case #7676 CTO 22-147 (IP=163,DE)
185.181.115.178	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=178,DE)
185.181.115.184	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:42	HIVE Case #7768 CTO 22-161 (IP=184,DE)
185.181.115.216	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:41	HIVE Case #7652 CTO 22-141 (IP=216,DE)
185.181.115.225	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:38	HIVE Case #7110 CTO 22-057 (IP=225,DE)
185.181.115.28	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:16	HIVE Case #7705 CTO 22-153 (IP=28,DE)
185.181.115.3	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=3,DE)
185.181.115.56	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:27	HIVE Case #7714 CTO 22-154 (IP=56,DE)
185.181.115.77	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=77,DE)
185.181.115.82	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:27	HIVE Case #7714 CTO 22-154 (IP=82,DE)
185.181.115.85	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=85,DE)
185.181.161.123	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CH TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.181.165.238	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=238,NL)
185.181.228.244	32	TLM	None	2022-03-30 00:00:00	2022-09-30 00:00:00	2022-03-30 13:05:07	HIVE Case #7300 CTO 22-089 (IP=244,MD)
185.181.60.198	24	WR	None	2021-12-09 00:00:00	2022-03-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 22C00509 (IP=198,NO)
185.181.8.244	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.182.105.218	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=218,TR)
185.182.193.120	24	EE	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=120,NL)
185.182.56.167	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.182.56.68	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
185.182.56.71	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=71,NL)
185.183.157.214	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:47	SQL injection - Web Attacks (IP=214,DE)
185.183.158.109	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
185.183.96.147	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=147,NL)
185.183.96.44	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:30	HIVE Case #7088 CTO 22-056 (IP=44,NL)
185.183.96.7	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:29	HIVE Case #7088 CTO 22-056 (IP=7,NL)
185.184.152.140	24	BB	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	- SourceFire (IP=140,GB)
185.184.25.237	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=237,TR)
185.184.8.65	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:39	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=65,NL)
185.185.170.27	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:37	HIVE Case #7342 CTO 22-092 FRAGO (IP=27,FI)
185.185.40.112	32	TLM	None	2022-04-26 00:00:00	2022-10-25 00:00:00	2022-04-27 18:49:25	HIVE Case #7465 CTO 22-116 (IP=112,NL)
185.185.57.140	24	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=140,RU)
185.185.69.206	32	TLM	None	2022-05-11 00:00:00	2022-11-08 00:00:00	2022-05-13 17:39:11	HIVE Case #7567 COLS-NA-TIP 22-0165 (IP=206,RU)
185.185.83.60	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:02	SIPVicious Security Scanner - FE IPS Events (IP=60,US)
185.186.140.0	22	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,RU)
185.186.142.166	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:38	NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU)
185.186.142.166	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:38	NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU)
185.186.142.166	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:38	NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU)
185.186.142.166	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:38	NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU)
185.186.142.166	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:38	NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=166,RU) NullMixer Malware - IR# 23C02034 (IP=166,RU)
185.186.143.111	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:37	HIVE Case #7813 CTO 22-173 (IP=111,RU)
185.186.244.112	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=112,NL)
185.186.246.162	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=162,NL)
185.186.78.184	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:45	HIVE Case #7189 CTO 22-068.1 (IP=184,SE)
185.186.81.39	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.186.81.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.187.204.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IQ TO-S-2021-1050 Hive Case 4821 Malware Activity
185.187.56.100	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=100,GB)
185.189.114.130	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:42	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - Sourcefire Report (IP=130,HU)
185.189.115.118	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:08	Infection Match (blocked)- FIREEYE Web(IP=118,CZ)
185.189.120.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.189.126.225	32	GM	None	2019-02-15 00:00:00	2022-01-28 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability 19C01098 (IP=225,US) | updated by dbc Block was inactive. Reactivated on 20210128 with reason PL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.189.149.186	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:29	HIVE Case #7404 CTO 22-105 (IP=186,CH)
185.189.149.215	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:30	HIVE Case #7404 CTO 22-105 (IP=215,CH)
185.189.151.50	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6237 CTO 21-266 (IP=50,CH)
185.189.167.182	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:50	HIVE Case #7894 CTO 22-187 (IP=182,RU)
185.189.167.36	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:50	HIVE Case #7894 CTO 22-187 (IP=36,RU)
185.189.187.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.19.214.115	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
185.19.214.92	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
185.19.218.178	24	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:21	SIPVicious Security Scanner - IPS Events (IP=178,DE)
185.190.24.10	24	AR	None	2021-11-15 00:00:00	2022-02-11 00:00:00	None	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=10,NL)
185.191.127.212	32	TLM	None	2022-01-19 00:00:00	2022-07-19 00:00:00	None	HIVE Case #6798 CTO 22-019 (IP=212,SC)
185.191.127.215	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=215,SC)
185.191.204.154	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:20	Infection Match (blocked)- FIREEYE Web(IP=154,IL)
185.191.32.0	23	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,RU)
185.191.32.198	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=198,RU)
185.191.34.0	23	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=0,RU)
185.191.79.91	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=91,IR)
185.192.69.251	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=251,GB)
185.192.69.74	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:14	HIVE Case #7126 CTO 22-061 (IP=74,GB)
185.192.70.139	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 22:52:04	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attacks (IP=139,GB)
185.192.71.137	32	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:11	Possible SQLi attempt - IR#22C01208 (IP=137,GB)
185.193.143.11	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=11,RU)
185.193.143.11	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=11,RU)
185.193.143.11	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=11,RU)
185.193.204.0	22	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	RU TO-S-2021-1102 Malware Activity
185.193.60.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EE TO-S-2021-1037 Hive Case 4785 Malware Activity
185.194.111.7	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
185.194.141.178	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:07	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=178,DE)
185.194.142.241	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:58	SQL injection - 6Hr Web Attacks (IP=241,DE)
185.194.216.193	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:26	SQL injection - Web Attacks (IP=193,US)
185.194.219.6	24	KH	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:31:13	Apache Log4j CVE-2021-44228 Remote Code Execution - FE NX (IP=6,DE)
185.195.16.0	23	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	OM TO-S-2021-1092 Hive Case 4875 Malware Activity
185.195.25.62	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:07	HIVE Case #7881 CTO 22-182 (IP=62,RU)
185.195.71.244	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:32	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=244,CH)
185.195.8.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.196.220.213	32	NAB	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 13:49:53	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=213,US)
185.196.220.60	32	WR	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=60,US)
185.196.3.23	32	AS	None	2021-12-16 00:00:00	2022-06-16 00:00:00	None	HIVE Case #6671 CTO 21-350 (IP=23,US)
185.197.160.9	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.198.198.254	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:54	HIVE Case #7271 CTO 22-083 (IP=254,TR)
185.198.56.183	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:25	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire(IP=183,RO)
185.199.103.231	32	RR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 13:46:38	SQL injection - Web Attacks (IP=231,US)
185.2.168.125	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=125,GB)
185.2.4.103	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 Malicious Email Activity
185.2.4.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
185.2.4.81	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-26 22:35:45	HIVE Case #8170 COLS-NA TIP 22-0284 (IP=81,IT)
185.2.6.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.2.66.162	24	RT	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch - SOURCEFIRE REPORT (IP=162,IE)
185.20.186.38	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:16	HIVE Case #7862 CTO 22-176 (IP=38,NL)
185.20.224.168	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=168,RU)
185.20.225.35	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=35,RU)
185.20.225.35	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=35,RU)
185.20.225.35	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=35,RU)
185.20.226.12	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=12,RU)
185.20.226.9	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=9,RU)
185.20.226.9	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=9,RU)
185.20.226.9	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=9,RU)
185.200.116.90	32	srm	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	HIVE Case #NA FP Security (IP=90,SG)
185.201.47.157	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=157,RU)
185.202.129.6	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
185.202.172.83	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=83,US)
185.202.93.201	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=201,MD)
185.203.116.24	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:05	HIVE Case #7774 CTO 22-166 (IP=24,BG)
185.203.118.109	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:17	SQL injection - 6HR Web Attacks (IP=109,BG)
185.203.118.200	24	NAB	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:43:08	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=200,BG)
185.203.218.56	32	SW	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 22:20:29	HTTP: Apache Struts OGNL Code Execution - IR 22C01068 (IP=56,US)
185.203.56.26	32	TLM	None	2022-01-04 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:37	HIVE Case #6729 CTO 22-004 (IP=26,CA) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=26,CA)
185.204.180.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.204.219.210	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=210,PL)
185.205.44.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.206.126.131	24	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:26	SQL injection - Web Attacks (IP=131,IQ)
185.206.212.165	32	AS	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 15:15:28	HIVE Case #7160 TO-S-2022-0144 (IP=165,NL)
185.207.106.222	24	RR	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:22	SQL injection - Web Attacks (IP=222,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=222,DE)
185.207.153.208	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:14	HIVE Case #7282 CTO 22-085 (IP=208,DE)
185.208.158.204	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6446 CTO 21-272 (IP=204,US)
185.208.158.208	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6446 CTO 21-272 (IP=208,US)
185.208.77.0	24	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:12	HIVE Case #7876 TO-S-2022-0204 (IP=0,IR)
185.209.161.16	24	ZH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:56	Phish.URL HIVE Case #7436 (IP=16,NL)
185.209.223.188	24	AR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 13:27:16	SQL use of sleep function in HTTP header - likely SQL injection attempt - SourceFire Report (IP=188,DE)
185.209.229.127	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:03	HIVE Case #7381 CTO 22-102 v2 (IP=127,DE)
185.21.189.50	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=50,NL)
185.21.216.153	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=153,GB)
185.211.5.201	24	KD	None	2021-11-23 00:00:00	2022-02-21 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=201,DE) 200.49.244.3/24
185.211.69.131	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.212.111.74	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:25:59	HIVE Case #7881 CTO 22-182 (IP=74,BA)
185.212.128.121	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	NL TO-S-2021-1102 Malicious Email Activity
185.212.128.21	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	NL TO-S-2021-1143 Malicious Email Activity
185.212.13.204	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=204,CZ)
185.212.131.212	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	NL TO-S-2021-1156 Malicious Email Activity
185.213.155.176	32	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:21	Threat Team Request / Ukraine IOCs - TT# 22C00991 (IP=176,DE)
185.213.155.177	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:22	Threat Team Request / Ukraine IOCs - TT# 22C00992 (IP=177,DE)
185.213.169.236	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.213.175.159	24	AR	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-25 13:54:54	Backdoor.Meterpreter - FE CMS (IP=159,ES)
185.213.22.209	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6128 CTO 21-239 (IP=209,BE)
185.214.76.130	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:40	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=130,RU)
185.215.113.10	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-07 02:17:59	NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC)
185.215.113.10	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-07 02:17:59	NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC)
185.215.113.10	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-07 02:17:59	NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC)
185.215.113.10	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-07 02:17:59	NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=10,SC) NullMixer Malware - IR# 23C02034 (IP=10,SC)
185.215.113.39	24	EE	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=39,SC) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=39,SC) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=39,SC)
185.215.113.39	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=39,SC) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=39,SC) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=39,SC)
185.215.113.39	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=39,SC) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=39,SC) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=39,SC)
185.215.146.137	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.215.228.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.216.117.1	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=1,HK)
185.216.117.1	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=1,HK)
185.216.117.1	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=1,HK)
185.216.119.91	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:55	HIVE Case #7381 CTO 22-102 v2 (IP=91,HK)
185.216.140.52	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.216.32.130	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=130,BG)
185.216.71.181	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-05 13:56:21	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - 6hr Web Attacks (IP=181,DE)
185.217.0.11	24	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:48:03	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=11,IM)
185.217.117.56	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=56,GB)
185.217.117.61	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=61,GB)
185.217.117.69	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=69,GB)
185.217.168.250	32	TLM	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-25 18:08:52	HIVE Case #8345 COLS-NA-TIP 22-0331 (IP=250,US)
185.218.1.6	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.218.200.49	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:22	HIVE Case #7894 CTO 22-187 (IP=49,UA)
185.218.244.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.219.52.229	24	UA	None	2021-08-09 00:00:00	2022-02-01 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution - TT# 21C01530 (IP=229,PL) | updated by ZH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability TT# 22C00285 (IP=229,PL)
185.220.100.240	32	dbc	None	2020-03-04 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2020-0331 Malware Activity | updated by DT Block was inactive. Reactivated on 20210314 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=240,DE) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vuln | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=240,DE) HIVE Case #6652 CTO 21-345 F1 (IP=240,DE)
185.220.100.240	32	DT	None	2021-03-14 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2020-0331 Malware Activity | updated by DT Block was inactive. Reactivated on 20210314 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=240,DE) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vuln | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=240,DE) HIVE Case #6652 CTO 21-345 F1 (IP=240,DE)
185.220.100.240	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2020-0331 Malware Activity | updated by DT Block was inactive. Reactivated on 20210314 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=240,DE) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vuln | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=240,DE) HIVE Case #6652 CTO 21-345 F1 (IP=240,DE)
185.220.100.241	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=241,DE)
185.220.100.242	32	DT	None	2021-03-14 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=242,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=242,DE) HIVE Case #6652 CTO 21-345 F1 (IP=242,DE)
185.220.100.242	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=242,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=242,DE) HIVE Case #6652 CTO 21-345 F1 (IP=242,DE)
185.220.100.243	32	dbc	None	2020-03-04 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2020-0331 Malware Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=243,DE) HIVE Case #6652 CTO 21-345 F1 (IP=243,DE)
185.220.100.243	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2020-0331 Malware Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=243,DE) HIVE Case #6652 CTO 21-345 F1 (IP=243,DE)
185.220.100.244	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2020-0331 Malware Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=244,DE) HIVE Case #6652 CTO 21-345 F1 (IP=244,DE)
185.220.100.244	32	dbc	None	2020-03-04 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2020-0331 Malware Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=244,DE) HIVE Case #6652 CTO 21-345 F1 (IP=244,DE)
185.220.100.245	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00680 (IP=245,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=245,DE) HIVE Case #6652 CTO 21-345 F1 (IP=245,DE)
185.220.100.245	32	DT	None	2021-03-14 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00680 (IP=245,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=245,DE) HIVE Case #6652 CTO 21-345 F1 (IP=245,DE)
185.220.100.246	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=246,DE)
185.220.100.247	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00709 (IP=247,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=247,DE) HIVE Case #6652 CTO 21-345 F1 (IP=247,DE)
185.220.100.247	32	RW	None	2021-03-18 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00709 (IP=247,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=247,DE) HIVE Case #6652 CTO 21-345 F1 (IP=247,DE)
185.220.100.247	32	FT	None	2021-03-20 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00709 (IP=247,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=247,DE) HIVE Case #6652 CTO 21-345 F1 (IP=247,DE)
185.220.100.248	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=248,DE)
185.220.100.249	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00696 (IP=249,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=249,DE) HIVE Case #6652 CTO 21-345 F1 (IP=249,DE)
185.220.100.249	32	DT	None	2021-03-14 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00696 (IP=249,DE) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=249,DE) HIVE Case #6652 CTO 21-345 F1 (IP=249,DE)
185.220.100.250	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=250,DE)
185.220.100.251	24	srm	None	2022-02-16 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:19	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=251,DE) | updated by SW Block was inactive. Reactivated on 20220602 with reason Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=251,DE) Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=251,DE)
185.220.100.251	24	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:19	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=251,DE) | updated by SW Block was inactive. Reactivated on 20220602 with reason Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=251,DE) Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=251,DE)
185.220.100.252	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2019-0658 Malware Activity | updated by RW Block was inactive. Reactivated on 20210318 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00704 (IP=252,DE) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulne | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=252,DE) HIVE Case #6652 CTO 21-345 F1 (IP=252,DE)
185.220.100.252	32	RW	None	2021-03-18 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2019-0658 Malware Activity | updated by RW Block was inactive. Reactivated on 20210318 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00704 (IP=252,DE) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulne | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=252,DE) HIVE Case #6652 CTO 21-345 F1 (IP=252,DE)
185.220.100.252	32	dbc	None	2019-05-10 00:00:00	2022-06-13 00:00:00	None	DE TO-S-2019-0658 Malware Activity | updated by RW Block was inactive. Reactivated on 20210318 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00704 (IP=252,DE) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulne | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=252,DE) HIVE Case #6652 CTO 21-345 F1 (IP=252,DE)
185.220.100.253	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=253,DE)
185.220.100.254	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	Possible SQLi attempt - TT# 20C00390 (IP=254,DE) | updated by CR Block expiration extended with reason Possible SQLi attempt - TT# 20C00702 (IP=254,US) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=254,DE) HIVE Case #6652 CTO 21-345 F1 (IP=254,DE)
185.220.100.254	32	RR	None	2019-10-12 00:00:00	2022-06-13 00:00:00	None	Possible SQLi attempt - TT# 20C00390 (IP=254,DE) | updated by CR Block expiration extended with reason Possible SQLi attempt - TT# 20C00702 (IP=254,US) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=254,DE) HIVE Case #6652 CTO 21-345 F1 (IP=254,DE)
185.220.101.0	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=0,DE)
185.220.101.128	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=128,DE)
185.220.101.128	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=128,DE)
185.220.101.129	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=129,DE)
185.220.101.138	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=138,DE)
185.220.101.139	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=139,DE)
185.220.101.141	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=141,DE)
185.220.101.142	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=142,DE)
185.220.101.144	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=144,DE)
185.220.101.145	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=145,DE)
185.220.101.147	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=147,DE)
185.220.101.148	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=148,DE)
185.220.101.149	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=149,DE)
185.220.101.153	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=153,DE)
185.220.101.154	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=154,DE)
185.220.101.156	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=156,DE)
185.220.101.157	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=157,DE)
185.220.101.158	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=158,DE)
185.220.101.160	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=160,DE)
185.220.101.161	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=161,DE)
185.220.101.163	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=163,DE)
185.220.101.167	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=167,DE)
185.220.101.168	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=168,DE)
185.220.101.169	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=169,DE)
185.220.101.171	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=171,DE)
185.220.101.172	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=172,DE)
185.220.101.175	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=175,DE)
185.220.101.177	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=177,DE)
185.220.101.179	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=179,DE)
185.220.101.180	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=180,DE)
185.220.101.181	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=181,DE)
185.220.101.182	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=182,DE)
185.220.101.185	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=185,DE)
185.220.101.186	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=186,DE)
185.220.101.189	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=189,DE)
185.220.101.191	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=191,DE)
185.220.101.24	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:57	SQL injection - 6Hr Web Attacks (IP=24,DE)
185.220.101.32	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=32,DE)
185.220.101.33	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=33,DE) HIVE Case #6652 CTO 21-345 F1 (IP=33,DE)
185.220.101.33	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=33,DE) HIVE Case #6652 CTO 21-345 F1 (IP=33,DE)
185.220.101.34	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=34,DE) HIVE Case #6652 CTO 21-345 F1 (IP=34,DE)
185.220.101.34	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=34,DE) HIVE Case #6652 CTO 21-345 F1 (IP=34,DE)
185.220.101.35	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=35,DE) HIVE Case #6652 CTO 21-345 F1 (IP=35,DE)
185.220.101.35	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=35,DE) HIVE Case #6652 CTO 21-345 F1 (IP=35,DE)
185.220.101.36	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=36,DE)
185.220.101.37	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=37,DE)
185.220.101.39	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=39,DE)
185.220.101.41	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=41,DE)
185.220.101.42	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=42,DE)
185.220.101.43	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=43,DE)
185.220.101.45	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=45,DE) HIVE Case #6652 CTO 21-345 F1 (IP=45,DE)
185.220.101.45	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=45,DE) HIVE Case #6652 CTO 21-345 F1 (IP=45,DE)
185.220.101.46	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=46,DE) HIVE Case #6652 CTO 21-345 F1 (IP=46,DE)
185.220.101.46	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=46,DE) HIVE Case #6652 CTO 21-345 F1 (IP=46,DE)
185.220.101.49	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=49,DE)
185.220.101.54	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=54,DE)
185.220.101.55	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=55,DE)
185.220.101.56	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=56,DE)
185.220.101.57	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=57,DE) HIVE Case #6652 CTO 21-345 F1 (IP=57,DE)
185.220.101.57	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=57,DE) HIVE Case #6652 CTO 21-345 F1 (IP=57,DE)
185.220.101.6	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=6,DE)
185.220.101.6	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=6,DE)
185.220.101.61	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=61,DE) HIVE Case #6652 CTO 21-345 F1 (IP=61,DE)
185.220.101.61	32	dbc	None	2019-12-23 00:00:00	2022-06-13 00:00:00	None	GB TO-S-2020-0206 Malicious Web Application Activity | updated by kmw Block expiration extended with reason GB TO-S-2020-0212.01 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=61,DE) HIVE Case #6652 CTO 21-345 F1 (IP=61,DE)
185.220.102.241	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=241,DE)
185.220.102.242	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=242,DE)
185.220.102.243	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=243,DE)
185.220.102.245	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=245,DE)
185.220.102.249	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=249,DE)
185.220.102.251	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00633 (IP=251,DE) | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=251,DE) HIVE Case #6729 CTO 22-004 (IP=251,DE)
185.220.102.251	32	GM	None	2021-03-09 00:00:00	2022-07-04 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00633 (IP=251,DE) | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=251,DE) HIVE Case #6729 CTO 22-004 (IP=251,DE)
185.220.102.252	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00628 (IP=252,DE) | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=252,DE) HIVE Case #6729 CTO 22-004 (IP=252,DE)
185.220.102.252	32	GM	None	2021-03-09 00:00:00	2022-07-04 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00628 (IP=252,DE) | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=252,DE) HIVE Case #6729 CTO 22-004 (IP=252,DE)
185.220.102.4	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:57	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=4,DE) | updated by RS Block was inactive. Reactivated on 20220703 with reason SQL injection - 6Hr Web Attacks (IP=4,DE) SQL injection - 6Hr Web Attacks (IP=4,DE)
185.220.102.4	24	srm	None	2022-02-16 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:57	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=4,DE) | updated by RS Block was inactive. Reactivated on 20220703 with reason SQL injection - 6Hr Web Attacks (IP=4,DE) SQL injection - 6Hr Web Attacks (IP=4,DE)
185.220.102.8	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=8,DE)
185.220.103.120	24	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=120,DE)
185.220.103.4	32	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=4,US)
185.220.103.5	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:56	SQL injection - 6Hr Web Attacks (IP=5,US)
185.220.103.6	32	RW	None	2021-03-10 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=6,DE) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=6,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=6,US)
185.220.103.6	32	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=6,DE) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=6,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=6,US)
185.220.103.7	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:31	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=7,US)
185.220.103.8	32	srm	None	2022-02-16 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:33	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=8,US) | updated by AR Block was inactive. Reactivated on 20220626 with reason HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=8,US) HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=8,US)
185.220.103.8	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:33	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=8,US) | updated by AR Block was inactive. Reactivated on 20220626 with reason HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=8,US) HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=8,US)
185.220.180.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AZ TO-S-2021-1117 DOS-DDOS Activity
185.220.205.106	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:50:57	ReputationDV Malware Event - IR# 22C01631 (IP=106,NL)
185.220.221.85	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.220.244.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,CH) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,CH)
185.222.209.77	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
185.222.236.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
185.222.59.5	32	TLM	None	2022-06-08 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:56	HIVE Case #7739 CTO 22-159 (IP=5,NL) | updated by TLM Block expiration extended with reason HIVE Case #7745 CTO 22-160 (IP=5,NL)
185.223.164.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
185.223.216.194	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.223.95.26	24	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:16	Shenzhen TVT DVR Remote Code Execution Vulnerability - IPS Event (IP=26,NL)
185.224.103.101	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.224.112.50	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:11	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01585 (IP=50,CZ)
185.224.138.191	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	NL TO-S-2021-1156 Malicious Email Activity
185.224.139.151	24	BMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=151,DE)
185.224.88.11	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=11,NL)
185.225.17.208	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=208,RO)
185.225.17.227	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=227,RO)
185.225.17.46	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=46,RO)
185.225.17.66	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=66,RO)
185.225.17.69	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:09	HIVE Case #7627 CTO 22-140 (IP=69,RO)
185.225.19.156	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=156,RO)
185.225.19.248	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:41	HIVE Case #7227 CTO 22-076 (IP=248,RO)
185.225.19.57	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=57,RO)
185.225.226.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
185.225.226.51	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:17	HIVE Case #7862 CTO 22-176 (IP=51,UA)
185.225.68.13	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:06	SQL injection - WebAttacks (IP=13,HU)
185.225.68.30	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:44	HIVE Case #7769 CTO 22-165 (IP=30,HU)
185.225.73.118	32	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:05	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire (IP=118,US)
185.225.73.254	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:40	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=254,US)
185.225.73.78	24	AR	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:55	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=78,NL)
185.228.139.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
185.228.152.54	24	BB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - Sourcefire (IP=54,ES)
185.228.173.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
185.228.19.170	32	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:20	SIPVicious Security Scanner - IPS Events (IP=170,US)
185.228.19.34	32	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:34	SIPVicious Security Scanner - IPS Events (IP=34,US)
185.23.114.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
185.230.112.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CY TO-S-2021-1117 DOS-DDOS Activity
185.230.163.8	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:14	HIVE Case #7862 CTO 22-176 (IP=8,DE)
185.230.60.102	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=102,US)
185.230.63.171	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=171,US)
185.231.222.36	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=36,NL)
185.231.245.119	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=119,RU)
185.232.21.210	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:05	Infection Match (blocked)- FIREEYE Web(IP=210,BE)
185.232.21.250	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:15	Infection Match (blocked)- FIREEYE Web(IP=250,BE)
185.232.30.2	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=2,RU)
185.232.31.2	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=2,RU)
185.233.100.23	24	GM	None	2019-08-20 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - Failed Logons (IP=23,FR) | updated by RB Block was inactive. Reactivated on 20210515 with reason SQL injection - 6hr web attacks (IP=23,FR) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=23,FR)
185.233.104.108	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:54	HIVE Case #7282 CTO 22-085 (IP=108,DE)
185.233.202.0	23	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,NL)
185.233.202.178	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=178,NL)
185.233.244.63	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.174.109	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.217.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.217.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity IE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.218.247	24	NHL	None	2020-10-13 00:00:00	2022-10-13 00:00:00	None	Case # 4105 - IOC_ Golang_RAT (IP=247,IE)
185.234.219.249	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.219.249	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity IE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.219.48	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.219.48	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity IE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.234.71.84	24	TH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-09 13:27:14	SQL injection - 6 Hr Web Report (IP=84,FR)
185.236.188.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AT TO-S-2021-1117 DOS-DDOS Activity
185.236.203.153	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:47	HIVE Case #7361 CTO 22-098 (IP=153,DK)
185.236.203.52	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:48	HIVE Case #7361 CTO 22-098 (IP=52,DK)
185.236.228.9	24	AR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 13:55:35	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=9,NL)
185.236.230.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.236.78.15	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=15,NL)
185.236.79.75	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:16:01	HIVE Case #7904 CTO 22-189 (IP=75,NL)
185.236.81.250	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=250,GB)
185.236.9.174	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=174,GB)
185.236.99.234	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=234,PL)
185.237.165.214	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=214,NL)
185.238.0.106	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=106,SC)
185.238.120.229	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.238.3.146	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.239.145.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	KZ TO-S-2021-1081 Hive Case 4872 Malware Activity
185.239.209.38	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:11	HIVE Case #8395 TO-S-2022-0233 (IP=38,DE)
185.239.217.7	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
185.239.225.23	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:57	HIVE Case #7104 TO-S-2022-0138 (IP=23,HK)
185.239.225.41	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=41,HK)
185.239.226.13	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=13,HK)
185.239.226.17	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:55	HIVE Case #7546 CTO 22-127 (IP=17,HK)
185.239.226.203	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:54	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=203,HK)
185.239.226.209	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:58	HIVE Case #7104 TO-S-2022-0138 (IP=209,HK)
185.239.227.34	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:54	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=34,HK)
185.239.243.112	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
185.239.84.128	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:52	HIVE Case #7731 CTO 22-158 (IP=128,HK)
185.239.84.99	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=99,HK)
185.24.233.59	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:05	SIPVicious Security Scanner - FE CMS IPS Events (IP=59,IE)
185.240.247.242	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=242,US)
185.240.248.22	24	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=22,PT)
185.241.208.36	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:29	HTTP: PHP File Inclusion Vulnerability - IR# 22C01458 (IP=36,DE)
185.241.54.0	24	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,NL)
185.242.9.254	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
185.243.112.120	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=120,NL)
185.243.112.90	32	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6196 CTO 21-258 (IP=90,NL)
185.243.114.227	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=227,DE)
185.243.115.154	32	TLM	None	2021-10-29 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6447 CTO 21-287 (IP=154,DE)
185.243.217.145	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NO TO-S-2021-1117 DOS-DDOS Activity
185.243.218.27	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:38	HIVE Case #7342 CTO 22-092 FRAGO (IP=27,NO)
185.243.218.41	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:35	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=41,NO)
185.243.242.10	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=10,HK)
185.243.242.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.243.41.247	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:39	HIVE Case #7769 CTO 22-165 (IP=247,JP)
185.243.56.15	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
185.244.149.163	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:42	IP linked to malicious domain - Hive Case 7346 (IP=163,RO)
185.244.158.212	24	BMP	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=212,UA) | updated by DT Block expiration extended with reason HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=212,GB)
185.244.172.171	32	TLM	None	2021-12-23 00:00:00	2022-06-23 00:00:00	None	HIVE Case #6695 CTO 21-357 (IP=171,RU)
185.244.175.244	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:51	HIVE Case #7894 CTO 22-187 (IP=244,RU)
185.244.175.249	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:52	HIVE Case #7894 CTO 22-187 (IP=249,RU)
185.244.192.119	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.244.195.103	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:55	SQL injection - 6Hr Web Attacks (IP=103,DE)
185.244.213.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,FR)
185.244.213.64	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:49	HIVE Case #7361 CTO 22-098 (IP=64,FR)
185.244.213.73	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=73,FR)
185.244.234.171	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.244.234.41	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
185.244.36.172	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=172,NL)
185.245.136.129	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6860 TO-S-2022-0117 (IP=129,FR)
185.245.137.129	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6860 TO-S-2022-0117 (IP=129,FR)
185.245.41.41	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=41,HK)
185.245.62.225	24	WR	None	2022-02-20 00:00:00	2022-05-20 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=225,DE)
185.246.130.14	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=14,IM)
185.246.210.200	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
185.246.87.50	24	NAB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=50,FR)
185.247.226.98	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:38	HIVE Case #7342 CTO 22-092 FRAGO (IP=98,SC)
185.249.79.68	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.25.50.107	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:38	HIVE Case #7793 CTO 22-168 (IP=107,LT)
185.25.50.5	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:18	HIVE Case #7277 CTO 22-084 (IP=5,LT)
185.25.51.108	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:27	HIVE Case #7088 CTO 22-056 (IP=108,LT)
185.25.51.198	32	srm	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	HIVE Case #NA FP Security (IP=198,LT)
185.25.61.6	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:41	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=6,RU)
185.250.148.0	23	TLM	None	2021-12-23 00:00:00	2022-06-23 00:00:00	None	HIVE Case #6692 TO-S-2022-0096 (IP=0,MD)
185.250.148.0	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,MD)
185.250.151.72	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
185.250.240.92	24	RT	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - 6HR Web Attacks (IP=92,TR)
185.251.44.90	24	KH	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=90,PL)
185.251.91.137	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=137,RU)
185.252.144.23	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:37	HIVE Case #7199 CTO 22-074 (IP=23,FI)
185.252.144.23	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:37	HIVE Case #7199 CTO 22-074 (IP=23,FI)
185.252.215.144	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:29	HIVE Case #7277 CTO 22-084 (IP=144,DE)
185.252.221.40	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=40,SG)
185.252.235.188	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:18	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=188,DE)
185.253.0.169	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:55	HIVE Case #7308 CTO 22-090 (IP=169,UA)
185.253.219.34	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6037 CTO 21-226 (IP=34,NL)
185.253.219.41	32	TLM	None	2021-10-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6385 CTO 21-286 (IP=41,NL)
185.253.72.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
185.254.120.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
185.254.196.122	24	AR	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 13:50:05	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=122,UA)
185.254.75.32	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:31	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=32,DE)
185.255.199.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.255.90.188	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=188,IR)
185.255.90.194	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=194,IR)
185.26.107.45	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.26.170.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1081 Hive Case 4872 Malware Activity
185.27.106.144	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:53	SIPVicious Security Scanner - IPS Events (IP=144,IL)
185.27.134.55	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=55,GB)
185.27.44.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.27.62.141	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.28.140.137	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.28.155.0	24	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,IL)
185.28.249.144	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.29.8.117	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:45	HIVE Case #7676 CTO 22-147 (IP=117,SE)
185.29.8.18	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:47	HIVE Case #7676 CTO 22-147 (IP=18,SE)
185.3.142.3	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:41	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=3,RU)
185.3.16.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
185.30.12.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.30.146.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.30.32.171	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=171,DE)
185.30.32.225	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=225,DE)
185.30.32.231	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
185.30.32.231	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
185.31.114.25	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:42	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=25,RU)
185.31.115.10	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:43	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=10,RU)
185.31.158.83	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:02	SIPVicious Security Scanner - FE IPS Events (IP=158,PT)
185.31.160.206	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:23	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01506 (IP=206,RU)
185.31.175.228	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=228,NL)
185.31.210.165	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=165,DE)
185.32.124.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CH TO-S-2021-1050 Hive Case 4821 Malware Activity
185.32.188.7	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
185.32.188.7	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
185.32.221.201	24	KD	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	HIVE Case # 6538 (IP=201,CH)
185.32.28.166	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
185.32.47.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AZ TO-S-2021-1117 DOS-DDOS Activity
185.33.146.112	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
185.33.53.106	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:18	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01578 (IP=106,HU)
185.33.53.19	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=19,HU) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=19,HU)
185.33.54.15	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=15,HU) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=15,HU)
185.33.87.53	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:13	HIVE Case #7669 TO-S-2022-0187 (IP=53,US)
185.34.106.12	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.34.33.2	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=2,FR)
185.36.81.95	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:39	HIVE Case #7342 CTO 22-092 FRAGO (IP=95,LT)
185.38.108.108	32	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire Report (IP=108,US)
185.38.142.132	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-07 02:18:00	NullMixer Malware - IR# 23C02034 (IP=132,PT) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=132,PT) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=132,PT) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=132,PT)
185.38.149.114	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
185.38.150.56	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
185.38.175.132	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=132,DK)
185.38.175.71	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=71,DK)
185.38.208.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.39.16.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
185.39.26.80	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.4.132.135	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=135,GR)
185.41.248.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.41.69.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=68,PL)
185.42.105.32	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.42.137.102	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=102,SE)
185.42.170.251	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=251,NO)
185.42.192.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IQ TO-S-2021-1117 DOS-DDOS Activity
185.42.214.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.42.229.163	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=163,RU)
185.42.32.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CY TO-S-2021-1117 DOS-DDOS Activity
185.43.209.55	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
185.43.220.17	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=17,LT)
185.43.224.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
185.43.248.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	UA TO-S-2021-1092 Hive Case 4875 Malware Activity
185.44.210.17	24	AR	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 13:56:56	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=17,AT)
185.44.217.247	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
185.44.230.250	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AM TO-S-2021-1050 Hive Case 4821 Malware Activity
185.44.81.62	24	KH	None	2022-08-16 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:13	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire (IP=62,FR) | updated by RR Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=62,FR)
185.45.192.0	24	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,NL)
185.45.192.228	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:27	HIVE Case #7088 CTO 22-056 (IP=228,NL)
185.45.193.83	32	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 17:05:47	HIVE Case #7873 CTO 22-180 (IP=83,NL)
185.45.33.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.45.72.158	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ES TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
185.46.10.143	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=143,RU)
185.46.11.115	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=115,RU)
185.46.11.115	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=115,RU)
185.46.11.115	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=115,RU)
185.46.11.129	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=129,RU)
185.46.41.102	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=102,TR)
185.46.8.12	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=12,RU)
185.46.8.12	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=12,RU)
185.46.8.12	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=12,RU)
185.46.9.133	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=133,RU)
185.47.128.39	32	TLM	None	2022-05-13 00:00:00	2022-11-12 00:00:00	2022-05-13 16:15:06	HIVE Case #7586 CTO 22-133 (IP=39,ES)
185.47.152.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
185.48.180.50	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TR TO-S-2021-1117 DOS-DDOS Activity
185.48.4.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AT TO-S-2021-1117 DOS-DDOS Activity
185.49.97.183	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
185.50.251.152	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=152,UA)
185.51.134.199	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:43	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - Sourcefire Report (IP=199,GR)
185.51.76.187	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:39	HIVE Case #7342 CTO 22-092 FRAGO (IP=187,DK)
185.51.76.203	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:40	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=203,DK)
185.52.27.174	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.53.147.51	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:47	HIVE Case #7199 CTO 22-074 (IP=51,PL)
185.53.160.165	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.53.177.132	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.53.177.20	32	srm	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:46:39	HIVE Case #NA FP Security (IP=20,DE)
185.53.177.50	32	dbc	None	2021-03-05 00:00:00	2022-09-07 00:00:00	2022-03-07 12:32:12	DE TO-S-2021-1117 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20220307 with reason HIVE Case #7143 CTO 22-063 (IP=50,DE)
185.53.178.52	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=52,DE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=52,DE) HIVE Case #5968 TO-S-2021-1276 (IP=52,DE)
185.53.178.52	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=52,DE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=52,DE) HIVE Case #5968 TO-S-2021-1276 (IP=52,DE)
185.53.178.52	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=52,DE)
185.53.178.70	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	DE TO-S-2021-1156 Malicious Email Activity
185.53.178.74	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	DE TO-S-2021-1156 Malicious Email Activity
185.53.192.68	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.53.46.78	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6643 TO-S-2022-0073 (IP=78,CZ)
185.53.46.8	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=8,CZ)
185.53.46.83	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=83,CZ)
185.53.90.19	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=19,BZ)
185.53.90.50	24	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:35	SIPVicious Security Scanner - IPS Events (IP=50,BZ)
185.53.91.150	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IS TO-S-2021-1037 Hive Case 4785 Malware Activity
185.53.91.21	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IS TO-S-2021-1037 Hive Case 4785 Malware Activity
185.53.91.65	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IS TO-S-2021-1037 Hive Case 4785 Malware Activity
185.55.226.195	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=195,IR)
185.55.243.109	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:51	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=109,DE)
185.55.243.91	32	RB	None	2021-11-14 00:00:00	2022-02-10 00:00:00	None	Known Attack Tool / HTTP: SqlMap SQL Injection - Scanning I - TT# 22C00351 (IP=91,DE)
185.55.46.42	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.56.146.15	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=15,NL)
185.56.183.40	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
185.56.76.108	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=108,ES)
185.56.76.28	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=28,ES)
185.56.76.72	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=72,ES)
185.56.80.65	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:39	HIVE Case #7894 CTO 22-187 (IP=65,SC)
185.58.180.117	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SI TO-S-2021-1050 Hive Case 4821 Malware Activity
185.59.112.168	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
185.59.72.130	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:51	HIVE Case #7356 CTO 22-096 (IP=130,TR)
185.6.91.21	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
185.60.12.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.61.136.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
185.61.137.172	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
185.61.152.66	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=66,GB)
185.61.153.108	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.62.23.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
185.62.56.129	32	AS	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 23:05:30	HIVE Case #8197 TO-S-2022-0224 (IP=129,NL)
185.62.73.66	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-08-02 21:00:36	HIVE Case #7281 COLS-NA TIP 22-0103 (IP=66,HR)
185.63.89.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
185.63.89.19	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
185.64.105.15	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=15,LT)
185.64.106.55	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=55,LT)
185.64.208.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
185.64.247.240	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:09	HIVE Case #7862 CTO 22-176 (IP=240,US)
185.65.186.204	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
185.65.204.20	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:22	HIVE Case #7894 CTO 22-187 (IP=20,TR)
185.65.205.10	24	RW	None	2020-07-18 00:00:00	2022-05-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=10,TR) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=10,TR)
185.65.205.18	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:21	HIVE Case #7705 CTO 22-153 (IP=18,TR)
185.65.253.17	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:37	HIVE Case #7904 CTO 22-189 (IP=17,IQ)
185.66.230.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
185.66.41.129	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.66.41.39	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=39,ES)
185.67.0.230	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=230,NL)
185.67.178.227	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SQL injection - Web Attacks (IP=227,AL)
185.67.45.138	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.67.82.114	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:39	Possible SQLi attempt - 20C00663 (IP=114,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=114,FI) HIVE Case #7894 CTO 22-187 (IP=114,FI)
185.67.82.114	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=114,FI)
185.67.82.114	32	GM	None	2019-10-27 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:39	Possible SQLi attempt - 20C00663 (IP=114,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=114,FI) HIVE Case #7894 CTO 22-187 (IP=114,FI)
185.68.16.195	32	TLM	None	2022-05-26 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:51	HIVE Case #7673 TO-S-2022-0189 (IP=195,UA) | updated by TLM Block expiration extended with reason HIVE Case #7676 CTO 22-147 (IP=195,UA) HIVE Case #7676 CTO 22-147 (IP=195,UA)
185.68.16.195	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:51	HIVE Case #7673 TO-S-2022-0189 (IP=195,UA) | updated by TLM Block expiration extended with reason HIVE Case #7676 CTO 22-147 (IP=195,UA) HIVE Case #7676 CTO 22-147 (IP=195,UA)
185.68.194.47	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.68.93.17	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:09	HIVE Case #7668 CTO 22-146 (IP=17,RU)
185.7.214.104	32	TH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-15 13:49:51	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01388 (IP=104,RU)
185.7.214.104	24	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:24	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attacks (IP=104,RU)
185.7.214.7	32	wmp	None	2022-02-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6810 FEC_Trojan_XF_Generic MAID 19868 (IP=7,HK)
185.70.14.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
185.70.15.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
185.70.184.0	24	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:08:19	HIVE Case #7929 TO-S-2022-0208 (IP=0,NL)
185.70.184.32	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
185.70.184.32	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
185.70.184.9	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=9,NL)
185.70.184.9	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=9,NL)
185.70.184.9	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=9,NL)
185.70.186.144	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.71.216.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CY TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
185.71.218.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,CY)
185.73.126.93	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:52	HIVE Case #7894 CTO 22-187 (IP=93,EE)
185.74.36.16	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.74.37.252	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
185.74.39.190	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.74.39.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.75.71.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.76.64.0	22	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,SE)
185.77.51.12	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.8.104.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,LT)
185.8.105.220	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:03	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=220,LT)
185.8.128.0	24	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,TR)
185.8.128.121	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
185.8.212.130	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:20	HIVE Case #7535 TO-S-2022-0176 (IP=130,UZ)
185.8.232.145	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:20	SSLv2 Client Hello Request Detected - IPS Events (IP=145,KZ)
185.8.236.81	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
185.8.68.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MD TO-S-2021-1117 DOS-DDOS Activity
185.80.49.249	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-08-02 15:22:02	HIVE Case #7276 COLS-NA TIP 22-0102 (IP=249,HU)
185.80.54.15	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
185.81.113.3	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:24	HIVE Case #7714 CTO 22-154 (IP=3,GB)
185.81.157.108	24	ZH	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 13:46:49	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=108,FR)
185.81.157.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.81.157.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity FR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.81.166.67	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:02	HTTP: PHP File Inclusion Vulnerability - IR#23C01983 (IP=67,LT)
185.81.48.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LV TO-S-2021-1117 DOS-DDOS Activity
185.81.52.183	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.82.111.61	24	KH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SQL injection - Web Attacks (IP=61,XK)
185.82.126.149	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=149,LV)
185.82.127.181	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:46	HIVE Case #7325 CTO 22-091 (IP=181,LV)
185.82.169.99	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=99,IT)
185.82.187.253	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
185.82.217.22	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:07	HIVE Case #7807 CTO 22-169 (IP=22,BG)
185.82.218.66	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=66,BG)
185.82.219.69	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=69,BG)
185.82.236.65	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
185.82.252.95	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.82.254.203	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
185.82.255.137	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.82.65.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
185.82.98.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
185.84.107.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
185.84.108.18	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:14	Phish.LIVE.DTI.URL - FE CMS (IP=18,RU)
185.84.64.0	23	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,RO)
185.85.239.244	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=244,TR)
185.86.137.17	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	FR TO-S-2021-1092 Hive Case 4875 Malware Activity
185.86.80.19	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=19,TR)
185.89.158.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.89.86.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
185.9.19.123	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	AT TO-S-2021-1092 Hive Case 4875 Malware Activity
185.90.100.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,RU) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,RU)
185.90.130.113	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
185.91.165.211	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
185.91.171.105	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
185.91.171.15	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
185.92.164.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AT TO-S-2021-1050 Hive Case 4821 Malware Activity
185.92.220.77	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=77,NL)
185.92.221.51	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=51,NL)
185.92.223.207	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:43	HIVE Case #7676 CTO 22-147 (IP=207,NL)
185.92.244.225	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=225,ES)
185.92.244.225	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=225,ES) HIVE Case #5986 TO-S-2021-1404 (IP=225,ES)
185.92.246.85	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=85,ES)
185.92.25.20	32	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:12	Possible SQLi attempt - IR#22C01209 (IP=20,UK)
185.92.25.25	32	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:09	Possible SQLi attempt - IR#:22C01206 (IP=25,GB)
185.92.25.27	32	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:20	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - IR#: 22C01204 (IP=27,UK)
185.92.25.28	32	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:44:10	Possible SQLi attempt - 22C01207 (IP=28,GB)
185.92.74.119	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
185.92.74.95	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
185.92.74.97	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
185.93.2.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
185.93.240.50	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
185.93.3.112	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=112,ES)
185.93.96.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
185.94.111.1	32	tjh	None	2016-02-05 06:00:00	2022-06-23 00:00:00	2022-03-23 18:45:43	RU TO-S-2016-0272 | updated by ABC with reason Generic ArcSight scan attempt (IP=1 RU) | 2018-02-07 | 2017-02-05 | updated by JKC Block was inactive. Reactivated on 20220323 with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=1,RU)
185.94.157.10	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Intel Active Management Technology Remote Privilege Escalation - FE IPS (IP=10,SK)
185.94.230.178	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=178,NL)
185.95.248.140	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
185.95.248.64	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
185.95.249.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
185.95.250.121	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
185.96.37.64	24	NAB	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=64,BR)
185.97.124.40	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:42	SIPVicious Security Scanner - IPS Events (IP=40,IL)
185.97.200.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
185.98.208.75	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
185.99.184.70	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
185.99.2.142	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=142,BA)
185.99.2.74	32	TLM	None	2022-05-13 00:00:00	2022-11-12 00:00:00	2022-05-13 16:15:05	HIVE Case #7586 CTO 22-133 (IP=74,BA)
186.10.227.6	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
186.101.119.202	24	ZH	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:59:31	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) IR#: 22C01760 (IP=202,GY)
186.103.207.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CL TO-S-2021-1117 DOS-DDOS Activity
186.103.239.190	24	AR	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 13:43:39	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=190,CL)
186.106.227.183	24	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:46	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attacks (IP=183,CL)
186.109.121.68	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=68,AR)
186.12.128.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.120.62.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DM TO-S-2021-1037 Hive Case 4785 Malware Activity
186.120.84.242	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DM TO-S-2021-1037 Hive Case 4785 Malware Activity
186.121.214.106	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=106,BO)
186.121.246.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BO TO-S-2021-1117 DOS-DDOS Activity
186.121.250.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BO TO-S-2021-1117 DOS-DDOS Activity
186.13.40.120	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:15	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=120,AR)
186.141.7.46	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=46,AR)
186.148.105.105	24	DT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=105,PA)
186.148.193.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,VE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,VE)
186.154.146.34	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
186.154.240.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.154.80.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.155.0.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.155.227.234	24	AR	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:55	Adobe ColdFusion Administrator Access Restriction - Web Attack (IP=234,CO)
186.155.240.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CO TO-S-2021-1037 Hive Case 4785 Malware Activity
186.156.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
186.177.136.36	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:48:19	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=36,CR)
186.179.66.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CR TO-S-2021-1117 DOS-DDOS Activity
186.179.68.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CR TO-S-2021-1117 DOS-DDOS Activity
186.18.240.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
186.190.208.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PA TO-S-2021-1117 DOS-DDOS Activity
186.192.102.32	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:55	SIPVicious Security Scanner - IPS Events (IP=32,BR)
186.192.16.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.193.128.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.193.156.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.193.16.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BR TO-S-2021-1092 Hive Case 4875 Malware Activity
186.193.242.53	24	RT	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-08 18:08:45	SQL injection - 6HR Web Attack (IP=53,BR)
186.193.243.230	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:32	SQL injection - Web Attacks (IP=230,BR)
186.208.96.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.216.206.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.22.18.97	24	AR	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 13:32:51	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - 6Hr Web Attacks (IP=97,AR)
186.224.32.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
186.224.88.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.225.0.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.225.184.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.226.176.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
186.226.56.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,BR)
186.232.208.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.232.52.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.233.187.245	32	wmp	None	2022-05-05 00:00:00	2022-08-05 00:00:00	2022-05-05 22:44:30	HIVE Case #7509 IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=245,US)
186.235.50.119	24	RR	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=119,BR)
186.236.176.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.237.144.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.237.216.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.249.16.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.249.208.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.249.24.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
186.250.113.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.250.164.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.250.94.132	24	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:23	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=132,BR)
186.251.0.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
186.251.16.143	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=143,BR)
186.251.16.143	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=143,BR)
186.251.172.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
186.251.40.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
186.27.192.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CO TO-S-2021-1037 Hive Case 4785 Malware Activity
186.28.240.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.28.48.0	20	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	CO TO-S-2021-1156 Malware Activity
186.30.112.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.31.128.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.35.198.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
186.4.125.26	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=26,AR) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=26,AR)
186.4.151.243	24	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=243,EC)
186.42.172.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.42.97.154	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
186.47.207.74	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
186.47.232.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
186.47.40.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
186.47.96.142	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
186.5.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.50.100.154	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UY TO-S-2021-1050 Hive Case 4821 Malware Activity
186.50.113.224	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UY TO-S-2021-1050 Hive Case 4821 Malware Activity
186.53.128.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UY TO-S-2021-1037 Hive Case 4785 Malware Activity
186.54.105.128	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UY TO-S-2021-1050 Hive Case 4821 Malware Activity
186.54.180.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UY TO-S-2021-1050 Hive Case 4821 Malware Activity
186.64.87.197	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:47	HIVE Case #7199 CTO 22-074 (IP=197,AR)
186.64.87.197	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:48	HIVE Case #7199 CTO 22-074 (IP=197,AR)
186.66.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
186.66.13.90	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
186.66.234.181	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
186.67.122.193	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
186.67.194.101	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
186.67.212.4	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
186.68.128.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
186.68.32.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
186.73.168.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PA TO-S-2021-1117 DOS-DDOS Activity
186.73.176.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PA TO-S-2021-1037 Hive Case 4785 Malware Activity
186.73.19.130	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PA TO-S-2021-1117 DOS-DDOS Activity
186.74.224.230	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PA TO-S-2021-1117 DOS-DDOS Activity
186.76.76.76	32	WR	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 13:58:41	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=79,NI)
1869.franklints.co	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
187.108.208.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.109.62.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.109.8.215	24	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=215,BR)
187.120.153.170	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=170,BR)
187.133.166.116	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.133.229.228	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=228,MX) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=228,MX)
187.135.94.238	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=238,MX)
187.140.86.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.141.136.93	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.143.239.71	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	MX TO-S-2021-1143 Malware Activity
187.146.192.94	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.147.10.153	24	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:14	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=153,MX)
187.148.64.191	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.16.240.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
187.162.117.79	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.162.29.158	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.162.50.241	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.163.210.30	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.163.73.232	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.163.92.154	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.167.1.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.169.141.114	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:47	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=114,MX)
187.169.28.192	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.170.135.80	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.170.186.165	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.172.199.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.177.103.225	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.178.71.178	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.18.226.157	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.180.177.175	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:17	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=175,BR)
187.188.116.205	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.159.14	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:11	HIVE Case #7894 CTO 22-187 (IP=14,MX)
187.188.168.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.176.225	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.183.27	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.188.189.104	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.190.60	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.57.147	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.78.196	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.81.209	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.82.168	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.86.235	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.88.202	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=202,MX)
187.188.92.43	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.188.98.226	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.189.233.37	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BE TO-S-2021-1117 DOS-DDOS Activity
187.189.37.84	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BE TO-S-2021-1117 DOS-DDOS Activity
187.189.43.219	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
187.189.51.155	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BE TO-S-2021-1117 DOS-DDOS Activity
187.189.55.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
187.19.128.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BR TO-S-2021-1081 Hive Case 4872 Malware Activity
187.19.128.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.19.224.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.19.224.51	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:05	SQL injection - 6hr Web Attacks (IP=51,BR)
187.190.114.102	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.190.158.183	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=183,MX) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=183,MX)
187.190.18.12	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.190.191.123	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1092 Hive Case 4875 Malware Activity
187.190.208.243	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	MX TO-S-2021-1102 Malware Activity
187.190.249.113	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.190.67.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.191.20.57	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.192.215.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.216.249.2	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=2,MX)
187.217.204.253	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.217.204.254	24	WR	None	2021-12-25 00:00:00	2022-03-25 00:00:00	None	Signature: HTTP: Apache Struts2 XML Deserialization Remote Code Execution- TT# 22C00711 (IP=254,MX)
187.232.112.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
187.232.126.124	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1081 Hive Case 4872 Malware Activity
187.234.79.43	24	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:47	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=43,MX)
187.237.248.68	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
187.29.146.1	24	DT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=1,BR)
187.3.150.93	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.32.188.193	32	AR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:29	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR#22C01720 (IP=193,BR)
187.34.224.38	24	RT	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-26 13:38:26	SERVER-WEBAPP Oracle Weblogic default credentials login attempt - Sourcefire Report (IP=38,BR)
187.45.96.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.49.64.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
187.50.31.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.59.59.50	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:08	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01580 (IP=50,BR)
187.60.172.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.60.210.125	24	RT	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-10 14:46:56	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR #22C01025 (IP=125,BR)
187.73.144.0	20	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,BR)
187.74.245.124	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:47	HIVE Case #7768 CTO 22-161 (IP=124,BR)
187.75.60.53	24	WR	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:32	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (3:57769:1) - SourceFire (IP=53,BR)
187.76.237.40	24	RR	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=40,BR)
187.84.240.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.84.60.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.84.80.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.85.96.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.87.0.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.87.192.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
187.87.32.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.9.226.142	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
187.93.134.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.93.134.190	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
187.94.12.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
187.95.144.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
188.11.197.114	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
188.113.182.3	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:58:59	Suspicious Scan Activity (IP=3,RU)
188.114.96.7	24	DT	None	2022-02-22 00:00:00	2022-05-22 00:00:00	None	Hive Case #6981 (IP=7,CO)
188.116.186.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
188.116.36.101	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=101,NL)
188.116.36.92	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=92,NL)
188.116.90.90	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
188.117.28.99	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=99,FI)
188.119.112.0	24	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,NL)
188.119.30.81	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
188.120.194.101	32	tjh	None	2015-06-18 05:00:00	2022-12-13 00:00:00	2022-06-14 15:16:53	CZ TO-S-2015-0758 | updated by TLM Block was inactive. Reactivated on 20220614 with reason HIVE Case #7768 CTO 22-161 (IP=101,CZ)
188.120.39.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
188.123.197.170	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
188.123.98.24	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
188.124.167.132	32	dbc	None	2018-09-20 05:00:00	2022-10-06 00:00:00	2022-07-11 13:15:27	PL TO-S-2018-1158 Malware Activity | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=132,PL)
188.124.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BA TO-S-2021-1050 Hive Case 4821 Malware Activity
188.124.36.76	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:53	HIVE Case #7894 CTO 22-187 (IP=76,RU)
188.124.37.207	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:53	HIVE Case #7894 CTO 22-187 (IP=207,RU)
188.125.98.34	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:46	HIVE Case #7199 CTO 22-074 (IP=34,IT)
188.125.98.42	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:46	HIVE Case #7199 CTO 22-074 (IP=42,IT)
188.125.98.43	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:47	HIVE Case #7199 CTO 22-074 (IP=43,IT)
188.125.98.45	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:47	HIVE Case #7199 CTO 22-074 (IP=45,IT)
188.126.94.236	24	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:39	SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (1:8426:21) - SourceFire (IP=236,SE)
188.126.94.247	32	KH	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	Known Attack Tool - TT# 22C00489 (IP=247,DK)
188.127.175.49	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
188.127.224.137	24	WR	None	2021-11-30 00:00:00	2022-02-28 00:00:00	None	Masscan TCP Port Scanner - FE CMS IPS (IP=137,RU)
188.127.235.35	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:42	HIVE Case #7227 CTO 22-076 (IP=35,RU)
188.127.237.5	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=5,RU)
188.127.239.204	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=204,RU)
188.127.251.15	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:44	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=15,EE)
188.127.251.167	24	WR	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=167,RU)
188.13.81.60	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
188.130.111.86	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=86,FR)
188.131.172.48	24	DT	None	2021-01-07 00:00:00	2022-05-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web attacks (IP=48,CN) | updated by WR Block was inactive. Reactivated on 20220210 with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=119,BR)
188.132.226.139	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=139,TR)
188.138.128.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MD TO-S-2021-1050 Hive Case 4821 Malware Activity
188.138.182.179	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	MD TO-S-2021-1143 Malicious Connections Activity
188.142.239.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
188.146.206.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
188.15.130.67	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
188.150.249.81	24	KH	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:35	Shenzhen TVT DVR Remote Code Execution Vulnerability - FE IPS (IP=81,SE)
188.150.254.161	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:55	SIPVicious Security Scanner - IPS Events (IP=161,SE)
188.151.251.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SE TO-S-2021-1117 DOS-DDOS Activity
188.152.122.190	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
188.152.254.170	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=170,IT)
188.162.234.0	23	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,RU)
188.164.241.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
188.165.135.193	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-14 11:18:28	HIVE Case #8297 TO-S-2022-0229 (IP=193,ES)
188.165.217.198	32	AS	None	2022-04-08 00:00:00	2022-10-04 00:00:00	2022-04-08 17:37:03	HIVE Case #7363 CTO 22-097 (IP=198,FR)
188.165.225.40	32	TLM	None	2022-03-30 00:00:00	2022-09-30 00:00:00	2022-03-30 13:05:08	HIVE Case #7300 CTO 22-089 (IP=40,FR)
188.165.232.135	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:24	HIVE Case #7705 CTO 22-153 (IP=135,FR)
188.165.240.139	32	SW	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:44	Attempted Access - Inbound Brute Force - IR# 22C00974(IP=139,FR)
188.165.243.155	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=155,FR)
188.165.4.87	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=87,FR)
188.165.62.40	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:25	HIVE Case #8395 TO-S-2022-0233 (IP=40,NL)
188.166.0.61	24	WR	None	2022-04-20 00:00:00	2022-07-18 00:00:00	2022-04-20 15:45:01	SQL injection - 6 HR WebAttacks (IP=61,NL)
188.166.1.192	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:51	SERVER-WEBAPP ysoserial TypeConfuseDelegate deserialization exploit attempt (1:57275:2) - SourceFire (IP=192,NL)
188.166.100.180	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:29	SQL injection - 6 Hr Web Report (IP=180,NL)
188.166.101.30	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:49	SQL injection - 6Hr Web Attacks (IP=30,NL)
188.166.103.63	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:57	SQL injection - Web Attacks (IP=63,NL)
188.166.104.32	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:52	SERVER-WEBAPP Cisco ASA cross site scripting attempt (1:57857:1) - SourceFire (IP=32,NL)
188.166.105.152	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:59	SQL injection - 6Hr Web Attacks (IP=152,NL)
188.166.106.55	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:17	SQL injection - Web Attacks (IP=55,NL)
188.166.107.211	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:10	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:45304:3) - SourceFire (IP=211,NL)
188.166.108.69	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:25	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (1:55778:1) - SourceFire (IP=69,NL)
188.166.109.167	24	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:52	SQL injection - Web Attacks (IP=167,NL)
188.166.11.131	24	MLJ	None	2017-10-18 05:00:00	2022-10-25 00:00:00	2022-07-28 13:49:38	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=131,RU) | updated by RS Block was inactive. Reactivated on 20220727 with reason SQL injection - Web Attacks (IP=131,NL)
188.166.111.181	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:20	SQL injection - Web Attacks (IP=181,NL)
188.166.112.146	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:13	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=146,NL)
188.166.113.45	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:02	SQL injection - Web Attacks (IP=45,NL)
188.166.114.90	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:43	rConfig SQL Injection Vulnerability- 6hr Web Attacks (IP=90,NL)
188.166.115.226	24	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:42	SQL injection - WebAttacks (IP=226,NL)
188.166.117.115	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:29	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=115,NL)
188.166.118.180	24	ZH	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:32	FireEye Web Infection Match (IP=180,NL)
188.166.12.70	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:56	HTTP: PHP File Inclusion Vulnerability- 6Hr Web Attacks (IP=70,NL)
188.166.120.215	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:11	SQL injection - 6hr Web Attacks (IP=215,NL)
188.166.121.14	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:31	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=14,NL)
188.166.122.43	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=43,NL)
188.166.124.46	24	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:57	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=46,NL)
188.166.125.196	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:56:02	SQL injection - Web Attacks (IP=196,NL)
188.166.126.36	24	WR	None	2022-04-05 00:00:00	2022-07-03 00:00:00	2022-04-05 14:31:57	Webshell.Binary.php.FEC2- FE Malicious IPs (IP=36,NL)
188.166.127.103	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:58	SQL injection - Web Attcks (IP=103,NL)
188.166.14.183	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:52	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=183,NL)
188.166.144.165	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:43	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=165,GB)
188.166.145.110	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:07	HTTP: SQL Injection - Exploit - 6HR web Attacks (IP=110,GB)
188.166.145.39	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-20 16:36:33	HIVE Case #7599 COLS-NA-TIP 22-0172 (IP=39,GB)
188.166.145.39	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-20 16:36:33	HIVE Case #7599 COLS-NA-TIP 22-0172 (IP=39,GB) HIVE Case #7599 COLS-NA-TIP 22-0172 (IP=39,GB)
188.166.146.14	24	DT	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:10	SQLinjection - Web Attacks (IP=14,GB)
188.166.147.46	24	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:55	SERVER-WEBAPP Atlassian Confluence information disclosure attempt - WebAttacks (IP=46,GB)
188.166.149.248	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:45	SQL injection - Web Attacks (IP=248,GB)
188.166.15.233	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:30	SQL injection - 6hr Web Attacks (IP=233,NL)
188.166.150.174	24	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 13:44:18	SQL injection - WebAttacks (IP=174,GB)
188.166.151.52	24	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:16	SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt (1:48070:2) - SourceFire (IP=52,GB)
188.166.152.209	24	RR	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 12:28:40	SQL injection - Web Attacks (IP=209,GB)
188.166.153.111	24	NAB	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:01	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=111,GB)
188.166.155.207	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:48	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25886:3) - SourceFire (IP=207, GB)
188.166.156.213	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:58	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=213,GB)
188.166.157.136	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:07	SQL injection - Web Attacks (IP=136,GB)
188.166.158.254	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:21	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=254,GB)
188.166.159.197	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:45	SQL injection - Web Attacks (IP=248,GB)
188.166.16.60	24	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 22:52:32	SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt (1:60074:1) - SourceFire (IP=60, NL)
188.166.161.57	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:05	SQL injection - 6Hr Web Attacks (IP=57,DE)
188.166.162.22	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:40	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=22,DE)
188.166.162.7	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:10	File /etc/passwd Access Attempt Detect - IPS Events (IP=7,DE)
188.166.164.174	24	AR	None	2022-06-24 00:00:00	2022-09-24 00:00:00	2022-06-26 15:25:09	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=174,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=174,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=174,DE)
188.166.165.110	24	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:43	SQL injection - WebAttacks (IP=110,DE)
188.166.166.238	24	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:03	SERVER-WEBAPP Dicoogle directory traversal attempt - SourceFire (IP=238,DE)
188.166.166.238	24	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:03	SERVER-WEBAPP Dicoogle directory traversal attempt - SourceFire (IP=238,DE) SERVER-WEBAPP Dicoogle directory traversal attempt - SourceFire (IP=238,DE)
188.166.166.49	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:52	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt (1:38303:2) - SourceFire (IP=49,DE)
188.166.168.20	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:55	SQL injection - 6Hr Web Attacks (IP=20,GB)
188.166.169.18	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:38	SQL injection - 6hr web attacks (IP=18,GB)
188.166.169.242	24	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:51	SQL injection - 6 Hr Web Report (IP=242,GB)
188.166.17.175	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:50	SQL injection - Web Attacks (IP=175,NL)
188.166.170.232	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:01	SQL injection - 6Hr Web Attack (IP=232,GB)
188.166.171.154	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=154,GB)
188.166.171.177	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:36	SQL injection - 6hr Web Attack (IP=177,GB)
188.166.172.132	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:43	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=132,GB)
188.166.173.252	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SQL injection - 6hr Web Attacks( IP=252,GB)
188.166.175.209	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:36	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (3:57305:1) - SourceFire (IP=209,GB)
188.166.177.130	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:12	SQL injection - WebAttacks (IP=130,SG)
188.166.179.34	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:53	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=34,SG)
188.166.180.226	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:45:02	SQL injection - 6 HR WebAttack (IP=226,SG)
188.166.180.9	32	RR	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 18:08:53	DT/SQL Attempts - IR# 22C01855 (IP=9,SG)
188.166.182.154	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:46	HTTP: SQL Injection - Exploit - Web Attacks (IP=154,SG)
188.166.183.26	24	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:40	SERVER-WEBAPP NETGEAR ProSafe SSL VPN SQL injection attempt - SourceFire (IP=26,SG)
188.166.184.118	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:49	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - Source Fire (IP=118,SG)
188.166.185.43	24	AR	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:47	SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (1:50304:2) - SourceFire (IP=43,SG)
188.166.186.103	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:11	SERVER-WEBAPP ManageEngine Desktop Central authentication bypass attempt (1:58863:1) - SourceFire (IP=103,SG)
188.166.187.12	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:58	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - Sourcefire (IP=12,SG)
188.166.189.232	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:19	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59299:1) - SourceFire (IP=232,SG)
188.166.190.75	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:22	SQL injection - 6hr web attacks (IP=75,SG)
188.166.191.81	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:21	SQL injection - 6Hr Web Attacks (IP=81,SG)
188.166.20.44	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:58	SQL injection - WebAttacks (IP=44,NL)
188.166.208.9	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:25	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - SourceFire Report (IP=9,SG)
188.166.21.75	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:37	SQL injection - Web Attacks (IP=75,NL)
188.166.211.191	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:07	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (1:49499:1) - Sourcefire Rpt (IP=191,SG)
188.166.211.191	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:33	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (1:49499:1) - Sourcefire Rpt (IP=191,SG)
188.166.212.238	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:37	SQL injection - Web Attacks (IP=238,SG)
188.166.215.120	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:59	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=120,SG)
188.166.216.181	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:03	SQL injection - Web Attacks (IP=181,SG)
188.166.218.13	24	RB	None	2022-06-28 00:00:00	2022-10-11 00:00:00	2022-07-13 13:53:55	SQL injection - WebAttacks (IP=13,SG) | updated by ZH Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=13,SG)
188.166.219.70	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:50	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=70,SG)
188.166.22.87	24	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:31	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - SourceFire (IP=87,NL)
188.166.220.75	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:06	SQL injection - 6hr Web Attacks (IP=75,SG)
188.166.221.242	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:56	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=242,SG)
188.166.223.143	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:32	SQL injection - Web Attacks (IP=143,SG)
188.166.226.238	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:19	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=238,SG)
188.166.226.69	24	KH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:13	FEC_Webshell_PHP_Generic - FE NX (IP=69,SG)
188.166.227.88	24	RT	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-21 13:44:42	SQL injection - 6 HR WebAttack (IP=88,SG)
188.166.228.238	24	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:54	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt - SourceFire (IP=238,SG)
188.166.228.238	24	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:54	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt - SourceFire (IP=238,SG) SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt - SourceFire (IP=238,SG)
188.166.228.35	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=35,SG)
188.166.228.44	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:04	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=44,SG)
188.166.229.121	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:51	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (1:47831:1) - SourceFire (IP=121,24)
188.166.23.123	24	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:22	SQL injection - WebAttacks (IP=123,NL)
188.166.230.13	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:59	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=13,SG)
188.166.231.195	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:49	SERVER-WEBAPP Trend Micro Threat Discovery Appliance logoff.cgi directory traversal attempt (1:42336:2) - Source Fire (IP=195,SG)
188.166.232.186	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:26	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=186,SG)
188.166.233.113	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:40	Adobe ColdFusion Administrator Access Restriction - 6HR WebAttack (IP=113,SG)
188.166.237.114	24	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:49	SQL injection - WebAttacks (IP=114,SG)
188.166.239.42	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:42	SQL injection - 6Hr Web Attacks (IP=42,SG)
188.166.24.155	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:18	SQL injection - 6 Hr Web Report (IP=155,NL)
188.166.241.103	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:44	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - Sourcefire Report (IP=103,SG)
188.166.242.29	24	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:22:07	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=29,SG)
188.166.245.193	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:10	Adobe ColdFusion Administrator Access Restriction - 6 HR WebAttack (IP=193,SG)
188.166.245.223	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=223,SG)
188.166.246.102	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:44	SQL injection - Web Attacks (IP=102,SG)
188.166.248.155	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:44	SQL injection - 6Hr Web Attacks (IP=155,SG)
188.166.249.191	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:33	SQL injection - Web Attacks (IP=191,SG)
188.166.25.92	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:31:59	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=92,NL)
188.166.250.242	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:06	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire Report (IP=242,SG)
188.166.251.101	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:15	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=101,SG)
188.166.252.86	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:08	SQL injection - Web Attacks (IP=86,SG)
188.166.254.159	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:50	SQL injection- 6hr Web Attacks (IP=159,SG)
188.166.254.58	32	WR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	Attempted Access - Inbound Brute Force - IR# 22C00451 (IP=58,US)
188.166.255.150	24	RB	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:00	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=150,SG)
188.166.26.241	24	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:46	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire Report (IP=241,NL)
188.166.27.123	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:32	SQL injection - 6hr Web Attacks (IP=123,NL)
188.166.28.234	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:38:59	SERVER-WEBAPP LG N1A1 NAS command injection attempt - SourceFire (IP=234,NL)
188.166.29.42	24	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:19	SQL injection - 6Hr Web Attacks (IP=42,NL)
188.166.3.18	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:38	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=18,NL)
188.166.31.140	24	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:41	SQL injection - 6 Hr Web Report (IP=140,NL)
188.166.31.95	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:01	HIVE Case #7282 CTO 22-085 (IP=95,NL)
188.166.32.171	24	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:14	SQL injection - WebAttacks (IP=171,NL)
188.166.34.129	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:45	SQL injection - Web Attacks (IP=129,NL)
188.166.35.135	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:32	SQL injection - Web Attacks (IP=135,NL)
188.166.35.5	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:16	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=5,NL)
188.166.36.26	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:23	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr web attacks (IP=26,NL)
188.166.36.26	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:00	OS-OTHER Bash CGI environment variable injection attempt - Sourcefire (IP=26,NL)
188.166.39.221	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:13	SQL injection - 6Hr Web Attacks (IP=221,NL)
188.166.4.127	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:42	HTTP: PHP File Inclusion Vulnerability - IR# 22C01544 (IP=127,US)
188.166.40.32	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Source Fire (IP=32,NL)
188.166.42.137	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:32	SQL injection - 6hr Web Attacks (IP=137,NL)
188.166.44.192	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:27	SQL injection - WebAttacks (IP=192,NL)
188.166.45.128	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
188.166.45.93	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=93,NL)
188.166.47.226	24	RS	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:33	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=226,NL)
188.166.48.55	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=55,NL)
188.166.49.139	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:25	SQL injection - 6Hr Web Attacks (IP=139,NL)
188.166.5.124	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:51	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire Report (IP=124,NL)
188.166.50.92	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:06	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=92,NL)
188.166.51.225	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:38	SQL injection - Web Attacks (IP=225,NL)
188.166.52.23	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:03	Possible Cross-site Scripting Attack - FE IPS Events (IP=23,NL)
188.166.53.198	24	AR	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 13:43:40	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=198,NL)
188.166.54.170	24	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:33	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=170,NL)
188.166.55.60	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:58	SQL injection - Web Attacks (IP=60,NL)
188.166.56.240	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:52	SQL injection - 6hr Web Attacks (IP=240,NL)
188.166.57.229	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:16	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=229,NL)
188.166.58.236	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:32	SQL injection - WebAttacks (IP=236,NL)
188.166.58.236	24	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:33	SQL injection - WebAttacks (IP=236,NL)
188.166.58.63	24	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:58	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=63,NL)
188.166.59.168	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:30	SQL injection - Web Attacks (IP=168,NL)
188.166.6.187	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:46	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=187,NL)
188.166.60.129	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:50	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=129,NL)
188.166.61.146	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=146,NL)
188.166.62.26	24	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:49	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - SourceFire (IP=26,NL)
188.166.63.163	24	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:56	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=163,NL)
188.166.64.181	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:55	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt (1:54824:1) - SourceFire (IP=181,NL)
188.166.66.79	24	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:35	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44329:2) - SourceFire (IP=79,NL)
188.166.67.6	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:16	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (1:58201:2) - SourceFire Report (IP=6,NL)
188.166.68.72	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:51	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=72,NL)
188.166.69.77	24	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:01	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - SourceFire (IP=77,NL)
188.166.70.25	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:50	SQL injection - 6hr Web Attacks (IP=25,NL)
188.166.71.218	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:52	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=218,NL)
188.166.73.199	24	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:21	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=199,NL)
188.166.74.53	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:57	SQL injection - 6 Hr Web Report (IP=53,NL)
188.166.75.240	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:39	Django SQL Injection Vulnerability - Web Attacks (IP=240,NL)
188.166.76.75	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:47	SERVER-WEBAPP Webmin password_change command injection attempt (1:51488:1) - SourceFire Report (IP=75,NL)
188.166.78.242	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:38	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=242,NL)
188.166.8.248	24	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:39	SQL injection - Web Attacks (IP=248,NL)
188.166.80.189	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:39	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2)- Sourcefire Rpt (IP=189,NL)
188.166.82.118	24	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:59	SQL injection - 6 Hr Web Report (IP=118,NL)
188.166.83.35	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:56	SQL injection - 6Hr Web Attacks (IP=35,NL)
188.166.84.190	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:26	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire (IP=190,NL)
188.166.85.141	24	AR	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-22 13:55:14	SQL injection - 6Hr Web Attack (IP=141,NL)
188.166.86.204	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:00	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=204,NL)
188.166.87.63	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:52	SQL injection- Web Attacks (IP=63,NL)
188.166.88.36	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:07	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (3:49987:3) - Sourcefire Rpt (IP=36,NL)
188.166.9.196	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:20	SQL injection - 6 Hr Web Report (IP=196,NL)
188.166.90.54	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:03	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=54,NL)
188.166.91.156	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:55	SQL injection - 6Hr Web Attacks (IP=156,NL)
188.166.92.228	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=228,NL)
188.166.94.4	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:39:59	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=4,NL)
188.166.95.189	24	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:53:47	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=189,NL)
188.166.95.189	24	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:53:47	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=189,NL) HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=189,NL)
188.166.95.36	24	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:47	SQL injection - WebAttack (IP=36,NL)
188.166.98.43	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:24	SQL injection - 6Hr Web Attacks (IP=43,NL)
188.166.99.240	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:30	SQL injection - 6hr Web Attacks (IP=240,NL)
188.167.163.70	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SK TO-S-2021-1050 Hive Case 4821 Malware Activity
188.173.1.40	24	KH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:47	SIPVicious Security Scanner - FE IPS (IP=40,RO)
188.173.112.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,RO)
188.173.232.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
188.190.192.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1092 Hive Case 4875 Unknown Malicious Activity
188.190.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
188.191.1.66	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:45	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=66,RU)
188.191.96.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
188.194.14.33	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
188.213.22.75	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=75,RO)
188.213.28.233	24	DT	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-30 13:47:03	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=233,FR)
188.213.34.106	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 22:18:21	HTTP: PHP File Inclusion Vulnerability - IR# 22C01839 (IP=106,RO)
188.213.34.71	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR#22C00829 (IP=71,US)
188.214.128.0	21	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,LT)
188.214.128.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,LT)
188.214.132.60	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=60,LT)
188.214.132.60	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=60,LT)
188.214.132.60	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=60,LT)
188.214.133.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,LT)
188.215.36.147	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=147,RO)
188.22.3.88	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AT TO-S-2021-1037 Hive Case 4785 Malware Activity
188.225.25.119	32	TLM	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-19 16:21:11	HIVE Case #7615 COLS-NA-TIP 22-0170 (IP=119,RU)
188.225.25.132	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=132,RU)
188.225.25.132	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=132,RU)
188.225.25.132	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=132,RU)
188.225.32.193	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=193,RU)
188.225.32.201	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=201,RU)
188.225.42.206	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=206,RU)
188.225.43.174	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=174,RU)
188.225.44.138	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=138,RU)
188.225.47.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
188.225.56.84	32	srm	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 14:41:14	HIVE Case #NA FP Security (IP=84,RU)
188.225.56.84	24	srm	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 14:43:29	HIVE Case #NA FP Security (IP=84,RU)
188.225.58.233	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=233,RU)
188.225.87.0	24	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	RU TO-S-2021-1156 Malicious Email Activity
188.226.233.132	24	ZH	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - Sourcefire (IP=132,NL)
188.227.10.160	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:00	Suspicious Scan Activity (IP=160,RU)
188.230.215.67	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SI TO-S-2021-1037 Hive Case 4785 Malware Activity
188.235.114.54	24	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=54,RU)
188.239.191.240	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:51	HIVE Case #7904 CTO 22-189 (IP=240,NL)
188.241.222.211	32	AS	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-26 16:43:47	HIVE Case #8178 COLS-NA TIP 22-0289 (IP=211,RO)
188.241.250.152	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:55	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=152,DE)
188.241.68.137	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=137,SE) | updated by dbc Block was inactive. Reactivated on 20210128 with reason SE TO-S-2021-1050 Hive Case 4821 Malware Activity SE TO-S-2021-1050 Hive Case 4821 Malware Activity
188.241.68.137	32	dbc	None	2020-08-04 00:00:00	2022-01-28 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=137,SE) | updated by dbc Block was inactive. Reactivated on 20210128 with reason SE TO-S-2021-1050 Hive Case 4821 Malware Activity SE TO-S-2021-1050 Hive Case 4821 Malware Activity
188.241.82.14	24	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:11	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=14,AD)
188.241.83.61	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=61,FR)
188.244.252.69	24	AR	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 13:50:41	FTP Login Failed - Failed Logons (IP=69,RU)
188.246.160.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
188.246.230.114	32	KH	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00131 (IP=114,US)
188.252.52.199	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
188.254.246.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
188.3.100.222	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
188.3.34.79	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
188.34.185.85	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=85,DE)
188.35.184.0	22	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,RU) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,RU)
188.4.22.23	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
188.40.126.100	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:05	HIVE Case #7458 CTO 22-113 (IP=100,DE)
188.43.225.61	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:45	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=61,RU)
188.44.20.0	24	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:32	HIVE Case #7535 TO-S-2022-0176 (IP=0,MK)
188.49.80.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SA TO-S-2021-1117 Malware Activity
188.50.6.218	24	RT	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	SQL injection - 6HR Web Attacks (IP=218,SA)
188.59.154.199	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=199,TR)
188.59.207.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
188.62.176.232	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:21	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=232,CH)
188.68.240.143	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
188.68.250.179	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=179,PL)
188.68.35.136	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:03	SQL Injection - 6hr Web Attacks (IP=136,DE)
188.68.50.25	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:54	SQL injection - 6Hr Web Attacks (IP=25,DE)
188.68.58.131	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:56:01	SQL injection - Web Attacks (IP=131,DE)
188.68.59.76	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
188.68.96.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
188.72.202.162	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
188.72.202.164	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
188.72.202.165	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
188.72.202.167	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
188.72.202.171	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
188.72.202.172	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
188.72.6.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IQ TO-S-2021-1037 Hive Case 4785 Malware Activity
188.85.165.60	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
188.92.208.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GE TO-S-2021-1050 Hive Case 4821 Malware Activity
188.93.210.54	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=54,RU)
188.93.210.54	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=54,RU)
188.93.210.54	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=54,RU)
188.93.77.103	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=103,ES)
188.93.93.30	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
188.95.227.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
189.1.176.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
189.106.96.209	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:25	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - SourceFire (IP=209,BR)
189.110.27.90	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:05	SQL injection Web Attacks (IP=90,BR)
189.112.149.152	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
189.112.20.161	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.112.25.255	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.114.96.110	24	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:41	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=110,BR) | updated by WR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=110,BR) SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=110,BR)
189.114.96.110	24	RS	None	2022-05-02 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:41	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=110,BR) | updated by WR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=110,BR) SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=110,BR)
189.124.112.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.125.22.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.127.249.220	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=220,BR)
189.127.252.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.129.19.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.129.94.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.130.59.20	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.132.174.239	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.146.148.149	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.146.180.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.146.196.0	24	SW	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-24 22:47:14	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=0,MX)
189.146.247.12	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1092 Hive Case 4875 Malware Activity
189.146.247.74	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.147.7.235	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.147.78.165	24	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:41	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=165,MX)
189.153.224.35	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.156.34.137	24	DT	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Source Fire (IP=137,MX)
189.159.4.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.159.47.218	24	NAB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=218,MX)
189.161.103.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.162.123.103	24	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:57	SSH2 Failed Login Attempt - 6HR Failed Logons (IP=103,MX)
189.162.35.3	32	TH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-29 13:57:16	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01881 (IP=3,MX)
189.166.52.186	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.167.33.43	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.169.85.160	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.170.19.181	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.171.17.208	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.172.8.163	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.18.181.24	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:48	HIVE Case #7199 CTO 22-074 (IP=24,BR)
189.18.181.24	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:49	HIVE Case #7199 CTO 22-074 (IP=24,BR)
189.180.126.159	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.180.14.180	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.180.17.202	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.190.233.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.197.170.130	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1081 Hive Case 4872 Malware Activity
189.203.10.155	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.203.148.151	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=151,MX) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=151,MX)
189.203.195.195	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.203.239.240	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.203.39.13	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=13,MX)
189.203.79.207	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.204.52.236	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.205.192.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.205.67.61	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.206.170.171	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.206.201.101	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.206.239.78	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.207.245.59	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=59,MX) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=59,MX) HIVE Case #5968 TO-S-2021-1276 (IP=59,MX)
189.207.245.59	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=59,MX) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=59,MX) HIVE Case #5968 TO-S-2021-1276 (IP=59,MX)
189.207.245.59	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=59,MX)
189.208.209.149	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.208.49.184	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.210.118.233	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.210.249.225	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.211.182.201	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.212.121.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.212.176.45	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
189.213.220.124	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.225.149.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.225.44.65	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1092 Hive Case 4875 Malware Activity
189.226.160.245	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1092 Hive Case 4875 Malware Activity
189.232.118.89	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.234.158.49	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.234.211.249	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.235.223.85	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.235.94.251	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.237.17.184	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
189.241.50.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.243.135.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.251.74.184	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 Malware Activity
189.252.173.60	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:49	HIVE Case #7199 CTO 22-074 (IP=60,MX)
189.253.3.232	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
189.28.191.243	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:55	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=243,BR)
189.30.95.205	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.37.71.170	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BR TO-S-2021-1092 Hive Case 4875 Malware Activity
189.38.96.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,BR)
189.40.83.32	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=32,BR)
189.41.97.126	24	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:18	SIPVicious Security Scanner - IPS Event (IP=126,BR)
189.46.134.208	24	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	SQL injection - 6HR Web Attacks (IP=208,BR)
189.46.198.34	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:12	SQL injection - 6Hr Web Attacks (IP=34,BR)
189.53.131.3	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
189.6.251.45	24	KH	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=45,BR)
189.6.254.20	24	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=20,BR)
189.78.206.147	24	KH	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	SQL injection - Web Attacks (IP=147,BR)
189.78.222.184	24	RT	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - 6HR Web Attacks (IP=184,BR)
189.78.222.68	24	RT	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Sourcefire Report (IP=68,BR)
189.83.177.95	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.83.241.192	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.84.204.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
189.84.240.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
189.84.3.193	24	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 13:57:33	SQL injection - WebAttacks (IP=193,BR)
189.84.5.244	24	TC	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 22:53:10	SQL injection - 6hr Web Attacks (IP=244,BR)
189.85.33.65	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:03	Generic URI Injection wget Attempt - FE IPS Events (IP=65,BR)
189.85.64.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
189.90.112.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
189.90.128.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
19.231.188.248	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=248,US)
190.0.128.0	19	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	UY TO-S-2021-1102 Malware Activity
190.0.176.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.0.232.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.1.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CO TO-S-2021-1037 Hive Case 4785 Malware Activity
190.102.0.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MF TO-S-2021-1037 Hive Case 4785 Malware Activity
190.102.224.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CL TO-S-2021-1117 DOS-DDOS Activity
190.102.86.190	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HT TO-S-2021-1050 Hive Case 4821 Malware Activity
190.103.208.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.103.28.76	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=76,VE)
190.104.120.42	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:02	FireEye High Attacker (IP=142,GT)
190.104.178.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PY TO-S-2021-1117 DOS-DDOS Activity
190.104.233.234	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.104.235.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.104.238.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.105.160.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.105.202.20	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:05	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=20,AR)
190.105.228.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,AR)
190.105.236.110	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:56	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=110,AG)
190.106.105.50	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-02 12:29:06	HIVE Case #7494 CTO 22-119 (IP=50,AR)
190.106.193.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.107.160.0	22	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	BR TO-S-2021-1143 Malware Activity
190.107.224.150	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:02	HIVE Case #7874 CTO 22-181 (IP=150,CL)
190.107.240.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.11.224.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HN TO-S-2021-1117 DOS-DDOS Activity
190.110.208.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.110.229.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.111.198.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,AR)
190.113.92.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PY TO-S-2021-1117 DOS-DDOS Activity
190.114.235.129	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.115.0.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.115.12.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.115.15.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.115.21.89	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:48	HIVE Case #7356 CTO 22-096 (IP=89,BZ)
190.115.3.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.115.6.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.12.9.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.120.48.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.121.131.100	32	KH	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C00947 (IP=100,CO)
190.121.151.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
190.121.192.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.123.226.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PA TO-S-2021-1050 Hive Case 4821 Malware Activity
190.123.45.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,PA) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,PA)
190.124.27.10	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=10,CL)
190.124.46.100	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=100,US)
190.128.142.118	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PY TO-S-2021-1092 Hive Case 4875 Malware Activity
190.128.154.58	32	SW	None	2022-05-09 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:36	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01248(IP=58,PY) | updated by SW Block expiration extended with reason HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01735 (IP=58,PY) HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01735 (IP=58,PY)
190.128.154.58	24	AR	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=58,PY)
190.128.154.58	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:36	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01248(IP=58,PY) | updated by SW Block expiration extended with reason HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01735 (IP=58,PY) HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01735 (IP=58,PY)
190.128.157.189	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00470 (IP=189,PY)
190.128.215.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PY TO-S-2021-1037 Hive Case 4785 Malware Activity
190.129.0.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BO TO-S-2021-1081 Hive Case 4872 Malware Activity
190.13.128.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
190.130.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HN TO-S-2021-1037 Hive Case 4785 Malware Activity
190.130.43.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HN TO-S-2021-1050 Hive Case 4821 Malware Activity
190.130.47.28	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HN TO-S-2021-1050 Hive Case 4821 Malware Activity
190.131.198.60	32	RS	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:47	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01269 (IP=60,CO)
190.131.229.126	32	RR	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00578 (IP=126,CO)
190.131.231.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
190.131.235.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
190.131.243.186	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:33	HIVE Case #7088 CTO 22-056 (IP=186,CO)
190.133.206.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UY TO-S-2021-1050 Hive Case 4821 Malware Activity
190.136.152.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.136.168.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.14.224.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CO TO-S-2021-1037 Hive Case 4785 Malware Activity
190.14.247.131	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
190.140.112.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PA TO-S-2021-1037 Hive Case 4785 Malware Activity
190.140.243.98	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PA TO-S-2021-1050 Hive Case 4821 Malware Activity
190.140.74.43	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:22	HIVE Case #7705 CTO 22-153 (IP=43,PA)
190.141.221.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PA TO-S-2021-1050 Hive Case 4821 Malware Activity
190.143.66.18	32	RR	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	Signature: Indianapolis, IN - TT# 22C00486 (IP=18,CO)
190.143.66.18	24	BB	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=18,CO)
190.145.49.210	24	RR	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 13:46:16	FTP Login Failed - Failed Logons (IP=210,CO)
190.15.44.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
190.151.144.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.151.160.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.152.2.86	32	TLM	None	2021-11-29 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:16	HIVE Case #6585 CTO 21-323 (IP=86,EC) | updated by TLM Block was inactive. Reactivated on 20220621 with reason HIVE Case #7807 CTO 22-169 (IP=86,EC)
190.152.215.233	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:36:57	HIVE Case #7449 CTO 22-112 (IP=233,EC)
190.152.220.129	32	TLM	None	2022-04-22 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:02	HIVE Case #7449 CTO 22-112 (IP=129,EC) | updated by TLM Block expiration extended with reason HIVE Case #7458 CTO 22-113 (IP=129,EC) HIVE Case #7458 CTO 22-113 (IP=129,EC)
190.152.220.129	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:02	HIVE Case #7449 CTO 22-112 (IP=129,EC) | updated by TLM Block expiration extended with reason HIVE Case #7458 CTO 22-113 (IP=129,EC) HIVE Case #7458 CTO 22-113 (IP=129,EC)
190.152.237.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
190.152.45.139	32	KH	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00912 (IP=139,EC)
190.153.161.82	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
190.154.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.154.146.234	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
190.155.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.16.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.16.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.160.128.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
190.171.159.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CL TO-S-2021-1117 DOS-DDOS Activity
190.171.170.94	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CL TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
190.180.154.153	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:08	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=153,AR)
190.182.53.122	32	ZH	None	2022-06-07 00:00:00	2022-09-07 00:00:00	2022-06-07 13:41:42	Attempted Access - Inbound Brute Force IR#22C01331 (IP=122,CO)
190.183.59.62	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:35	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=62,AR)
190.187.120.49	24	KF	None	2020-04-11 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:56	UDP: Host Sweep (IP=49,PE) | updated by TH Block was inactive. Reactivated on 20220313 with reason SIPVicious Security Scanner - FE CMS IPS Events (IP=49,PE)
190.189.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.192.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.196.224.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.2.12.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.2.130.168	24	EE	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-29 02:13:32	HIVE Case #7288 IOC_STIC_Submission (IP=168,NL)
190.2.131.206	24	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	SQL injection - 6hr Web Attacks (IP=206,NL)
190.2.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.202.192.232	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:04	Generic URI Injection wget Attempt - FE IPS Events (IP=232,VE)
190.202.192.232	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:40	Generic URI Injection wget Attempt - FE IPS Events (IP=232,VE)
190.205.45.218	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=218,VE)
190.205.45.218	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=218,VE)
190.210.211.108	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.210.216.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.210.230.84	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:21	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=84,AR)
190.210.244.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.210.251.2	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=2,AR)
190.210.252.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
190.211.243.190	24	BB	None	2021-08-01 00:00:00	2022-02-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=190,PY) | updated by DT Block was inactive. Reactivated on 20211122 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=190,PY)
190.211.254.181	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:32	HIVE Case #7189 CTO 22-068.1 (IP=181,GB)
190.213.188.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TT TO-S-2021-1050 Hive Case 4821 Malware Activity
190.213.192.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TT TO-S-2021-1037 Hive Case 4785 Malware Activity
190.214.17.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EC TO-S-2021-1050 Hive Case 4821 Malware Activity
190.214.8.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
190.215.118.246	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=246,CL)
190.215.197.42	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=42,CL)
190.215.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
190.216.231.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.216.238.114	24	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=114,VE)
190.228.29.45	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:56	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=223,AG)
190.229.210.128	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:49	HIVE Case #7199 CTO 22-074 (IP=128,AR)
190.229.210.128	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:50	HIVE Case #7199 CTO 22-074 (IP=128,AR)
190.233.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PE TO-S-2021-1037 Hive Case 4785 Malware Activity
190.237.96.0	19	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,PE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,PE)
190.242.104.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
190.242.121.141	24	AR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-28 13:41:32	HTTP: SQL Injection Attempt Detected - 6Hr Web Attack (IP=141,CO)
190.247.224.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.248.92.26	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CO TO-S-2021-1037 Hive Case 4785 Malware Activity
190.249.139.83	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:36:38	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR # 22C01194 (IP=83,CO)
190.249.139.83	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:40:00	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR # 22C01194 (IP=83,CO)
190.250.46.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
190.29.16.112	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
190.3.23.122	24	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:43	SIPVicious Security Scanner - IPS Events (IP=122,AR)
190.4.34.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.4.48.214	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GT TO-S-2021-1050 Hive Case 4821 Malware Activity
190.4.59.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.4.60.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
190.42.177.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PE TO-S-2021-1050 Hive Case 4821 Malware Activity
190.5.142.154	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:48	HIVE Case #7199 CTO 22-074 (IP=154,SV)
190.5.142.155	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:49	HIVE Case #7199 CTO 22-074 (IP=155,SV)
190.51.0.87	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=87,AR)
190.51.1.120	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=120,AR)
190.51.1.161	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=161,AR)
190.51.1.224	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=224,AR)
190.51.226.76	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.51.3.178	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=178,AR)
190.51.4.96	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=96,AR)
190.51.5.90	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=90,AR)
190.51.8.175	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=175,AR)
190.51.9.89	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=89,AR)
190.52.192.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.52.219.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.57.141.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.57.142.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.57.155.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.57.162.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
190.57.185.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
190.58.248.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TT TO-S-2021-1037 Hive Case 4785 Malware Activity
190.6.204.213	32	JP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:13	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR #22C01790 (IP=213,HN)
190.61.33.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
190.61.58.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.61.80.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HN TO-S-2021-1117 DOS-DDOS Activity
190.61.89.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.61.90.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.61.91.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.61.96.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GT TO-S-2021-1117 DOS-DDOS Activity
190.64.128.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UY TO-S-2021-1117 DOS-DDOS Activity
190.7.202.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,CR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,CR)
190.73.3.148	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:50	HIVE Case #7199 CTO 22-074 (IP=148,VE)
190.77.32.0	19	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,VE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,VE)
190.78.195.73	24	WR	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:46:38	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=73,VE)
190.78.195.73	24	WR	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:50:15	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=73,VE)
190.82.44.8	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
190.90.100.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
190.90.233.66	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:21	HIVE Case #7535 TO-S-2022-0176 (IP=66,CO)
190.90.83.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
190.92.141.84	32	TLM	None	2022-06-17 00:00:00	2022-12-16 00:00:00	2022-06-17 17:07:29	HIVE Case #7775 COLS-NA-TIP 22-0208 (IP=84,US)
190.92.148.233	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=233,US)
190.92.58.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HN TO-S-2021-1050 Hive Case 4821 Malware Activity
190.92.87.180	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HN TO-S-2021-1050 Hive Case 4821 Malware Activity
190.93.211.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.93.220.29	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
190.94.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VE TO-S-2021-1037 Hive Case 4785 Malware Activity
190.96.14.74	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
190.97.163.86	24	GED	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HIVE Case #NA FP Security (IP=86,PA)
190.97.199.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
190.97.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VE TO-S-2021-1037 Hive Case 4785 Malware Activity
190.98.39.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.101.207.226	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:01	HIVE Case #7745 CTO 22-160 (IP=226,US)
191.102.179.197	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:16	HIVE Case #7668 CTO 22-146 (IP=197,US)
191.103.74.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HN TO-S-2021-1117 DOS-DDOS Activity
191.103.87.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HN TO-S-2021-1117 DOS-DDOS Activity
191.112.24.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
191.17.202.44	24	RR	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:47	Exploit.Log4Shell.CVE-2021-44226 - Case 6651 - FE CMS NX (IP=44,BR)
191.193.212.115	24	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:42	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=115,BR)
191.193.35.176	24	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:58	SQL injection - Web Attacks (IP=176,BR)
191.217.144.2	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	BR TO-S-2021-1156 Malware Activity
191.223.64.1	24	RS	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:49	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (Outbound) (CVE-2021-44228) (1:2034800:2) - SourceFire (IP=1,BR)
191.23.60.182	24	WR	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 14:45:03	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Web Attacks (IP=182,BR)
191.232.36.83	24	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=83,BR)
191.235.110.104	24	NAB	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=104,BR)
191.242.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
191.242.112.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.243.198.188	24	NAB	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:40:00	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=188,BR)
191.243.240.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.248.101.107	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=107,BR)
191.252.191.181	32	SW	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00843(IP=181,BR)
191.253.208.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.254.105.178	24	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt - Sourcefire Report (IP=178,BR)
191.254.172.147	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - SourceFire (IP=147,BR)
191.254.172.92	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt - Web Attacks (IP=92,BR)
191.254.200.230	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=230,BR)
191.254.90.25	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:18	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=25,BR)
191.255.126.113	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=113,BR)
191.255.126.218	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=218,BR)
191.255.131.11	24	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - Sourcefire Report (IP=11,BR)
191.255.14.42	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - SourceFire (IP=42,BR)
191.255.18.157	24	SW	None	2022-07-05 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:26	SQL injection - WebAttacks (IP=157,BR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=157,BR) SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=157,BR)
191.255.18.157	24	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:26	SQL injection - WebAttacks (IP=157,BR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=157,BR) SERVER-WEBAPP Oracle Weblogic default credentials login attempt - SourceFire (IP=157,BR)
191.255.189.118	24	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-OTHER Hashicorp Consul services API remote code execution attempt - Sourcefire Report (IP=118,BR)
191.31.138.16	24	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:37	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=16,BR)
191.31.237.160	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	BR TO-S-2021-1102 Malware Activity
191.36.144.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
191.36.184.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
191.36.192.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
191.37.224.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.37.248.120	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:22	HIVE Case #7767 TO-S-2022-0197 (IP=120,BR)
191.5.144.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.53.168.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.6.80.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.7.8.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
191.7.98.140	32	KH	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00771 (IP=140,BR)
191.8.2.240	24	DT	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:08	HTTP:PHPFileInclusionVulnerability - Web Attacks (IP=240,BR)
191.8.3.189	24	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-20 15:45:04	SQL injection - 6 HR WebAttack (IP=189,BR)
191.8.47.104	24	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - Sourcefire Report (IP=104,BR)
191.8.97.179	24	TH	None	2022-06-07 00:00:00	2022-09-05 00:00:00	2022-06-08 13:48:10	SERVER-WEBAPP Multiple products OGNL expression injection attempt - SourceFire Report (IP=179,BR)
191.96.121.162	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:12	HIVE Case #7237 CTO 22-077 (IP=162,US)
191.96.168.21	32	RB	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-17 22:35:01	SQL injection - WebAttacks (IP=21,US)
191.96.5.66	24	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:11	SIPVicious Security Scanner - IPS Events (IP=66,US)
192.0.78.12	32	TLM	None	2021-06-14 00:00:00	2022-10-09 00:00:00	2022-07-14 15:27:37	HIVE Case #5590 TO-S-2021-1276 (IP=12,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=12,US) | updated by AS Block was inactive. Reactivated on 20220711 with reason HIVE Case #7917 COLS-NA TIP 22-0241 (IP=12,US)
192.0.78.13	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=13,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=13,US)
192.0.78.135	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=135,US)
192.0.78.179	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=179,US)
192.0.78.240	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=240,US)
192.10.22.112	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:47	HIVE Case #7704 TO-S-2022-0190 (IP=112,US)
192.111.129.246	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=246,CA)
192.111.144.150	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=150,US)
192.111.144.210	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=210,US)
192.111.146.146	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=146,US)
192.111.146.22	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=22,US)
192.111.146.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
192.111.149.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
192.111.150.62	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=62,US)
192.111.151.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
192.111.151.154	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=154,US)
192.111.151.198	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=198,US)
192.111.152.138	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=138,US)
192.111.152.190	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=190,US)
192.111.153.186	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=186,US)
192.111.154.182	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=182,US)
192.111.154.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
192.111.154.86	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=86,US)
192.114.37.51	24	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=51,IL)
192.119.110.73	32	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Callback IP - Hive Case 6498 (IP=73,US)
192.119.68.243	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:46	HIVE Case #7731 CTO 22-158 (IP=243,US)
192.119.69.82	32	RS	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:30	SIPVicious Security Scanner - IPS Events (IP=82,US)
192.119.93.150	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=150,US)
192.12.192.5	24	RR	None	2022-04-17 00:00:00	2022-06-30 00:00:00	2022-06-30 16:19:53	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=5,IT) | UNBLOCKED - IP is used for DNS resolution for Cybrary.IT
192.121.102.162	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=162,NL)
192.121.102.74	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=74,NL)
192.121.87.53	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=53,MD)
192.124.249.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.124.249.119	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.124.249.139	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=139,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=139,US)
192.124.249.185	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.124.249.190	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=190,US)
192.124.249.35	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.124.252.19	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:06	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=19,DE)
192.132.218.149	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-18 13:23:51	HIVE Case #7595 CTO 22-134 (IP=149,US)
192.133.141.11	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
192.140.126.50	24	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=50,AR)
192.140.152.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
192.141.16.0	23	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	BR TO-S-2021-1102 Malware Activity
192.141.168.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,CL)
192.141.244.57	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
192.141.28.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
192.144.39.46	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=46,LV)
192.144.39.67	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:30	HIVE Case #7277 CTO 22-084 (IP=67,LV)
192.145.118.46	32	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=46,US)
192.145.124.230	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:02	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp)(CVE-2021-44228)- SourceFire(IP=230,ES)
192.145.124.230	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:12	Infection Match (blocked)- FIREEYE Web(IP=230,ES)
192.145.204.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
192.145.237.241	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=241,US)
192.145.237.3	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=3,US)
192.145.37.68	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=68,US)
192.147.222.124	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=124,US)
192.151.197.146	32	ZH	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:11	HTTP: ThinkPHP CMS Getshell Vulnerability - IR #22C01225 (IP=146,US)
192.151.197.147	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:49	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=147,US)
192.154.224.126	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=126,US)
192.155.90.28	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=28,US)
192.160.102.164	24	jky	None	2016-11-04 05:00:00	2022-05-18 00:00:00	None	CA TO-S-2017-0138 Malicious Cyber Actors communicating with government sites | updated by jky with reason TO-S-2017-0381 GRIZZ | updated by EDBT with reason Elevation Of Privilege Attempt-CVE-2019-0708-FE (IP=168,CA) | updated by KF with reason Immed | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=164,CA)
192.161.161.61	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:38	HIVE Case #7338 COLS-NA TIP 22-0116 (IP=61,US)
192.161.56.79	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.161.58.214	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:05	HIVE Case #7104 TO-S-2022-0138 (IP=214,US)
192.161.59.214	32	TH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:34	SQL injection - 6 Hr Web Report (IP=214,US)
192.162.112.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
192.162.69.239	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 19:15:21	HIVE Case #7897 TO-S-2022-0205 (IP=239,FR)
192.163.198.138	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=138,US)
192.163.198.182	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=182,US)
192.163.211.250	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
192.163.222.139	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=139,US)
192.163.223.75	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=75,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=75,US)
192.169.153.72	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=72,US)
192.169.157.151	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=151,US)
192.169.217.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.169.232.32	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=32,US)
192.169.6.73	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=73,US)
192.169.6.82	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=82,US)
192.169.69.26	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.169.80.2	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
192.182.180.200	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=200,US)
192.184.35.222	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=222,US)
192.185.106.46	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=46,US)
192.185.107.171	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=171,US)
192.185.108.64	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=64,US)
192.185.108.65	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=65,US)
192.185.108.75	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=75,US)
192.185.108.84	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=84,US)
192.185.11.228	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=228,US)
192.185.112.128	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=128,US)
192.185.113.219	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=219,US)
192.185.113.223	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=223,US)
192.185.113.230	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=230,US)
192.185.113.251	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=251,US)
192.185.114.101	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=101,US)
192.185.114.103	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.185.114.115	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=115,US)
192.185.114.116	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.185.114.199	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=199,US)
192.185.115.123	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=123,US)
192.185.115.14	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.115.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.115.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.115.164	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.115.165	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.115.198	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=198,US)
192.185.116.212	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.185.117.219	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=219,US)
192.185.120.178	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=178,US)
192.185.121.29	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.121.44	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.121.45	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.185.121.49	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.185.123.213	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=213,US)
192.185.129.211	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=211,US)
192.185.129.7	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=7,US)
192.185.13.240	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=240,US)
192.185.130.180	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=180,US)
192.185.130.230	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=230,US)
192.185.131.184	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
192.185.131.48	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=48,US)
192.185.131.49	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=49,US)
192.185.131.64	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=64,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=64,US)
192.185.138.78	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=78,US)
192.185.139.104	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=104,US)
192.185.139.249	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.139.91	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=91,US)
192.185.141.13	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=13,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=13,US)
192.185.141.145	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=145,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=145,US)
192.185.141.249	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=249,US)
192.185.143.19	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=19,US)
192.185.143.192	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=192,US)
192.185.143.194	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=194,US)
192.185.143.195	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.143.201	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=201,US)
192.185.146.66	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=66,US)
192.185.147.100	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=100,US)
192.185.147.101	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=101,US)
192.185.147.102	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.185.147.113	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=113,US)
192.185.147.115	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.185.147.124	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.185.147.251	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=251,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=251,US)
192.185.148.126	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=126,US)
192.185.151.231	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=231,US)
192.185.155.105	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=105,US)
192.185.156.220	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=220,US)
192.185.156.251	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=251,US)
192.185.156.28	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=28,US)
192.185.157.19	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=19,US)
192.185.158.100	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=100,US)
192.185.158.101	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=101,US)
192.185.158.103	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=103,US)
192.185.158.113	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=113,US)
192.185.158.119	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=119,US)
192.185.158.12	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=12,US)
192.185.158.122	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=122,US)
192.185.159.10	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=10,US)
192.185.16.136	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=136,US)
192.185.16.70	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=70,US)
192.185.161.218	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=218,US)
192.185.163.104	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=104,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=104,US)
192.185.163.136	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=136,US)
192.185.163.189	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=189,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=189,US)
192.185.163.199	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=199,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=199,US)
192.185.163.211	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=211,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=211,US)
192.185.163.213	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=213,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=213,US)
192.185.165.9	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.165.92	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
192.185.167.134	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=134,US)
192.185.167.136	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
192.185.169.172	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=172,US)
192.185.17.37	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=37,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=37,US)
192.185.171.234	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=234,US)
192.185.173.71	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=71,US)
192.185.173.75	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=75,US)
192.185.175.142	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=142,US)
192.185.175.150	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=150,US)
192.185.181.48	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=48,US)
192.185.181.49	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=49,US)
192.185.181.5	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=5,US)
192.185.181.50	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=50,US)
192.185.181.51	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=51,US)
192.185.181.56	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=56,US)
192.185.181.6	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=6,US)
192.185.182.51	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=51,US)
192.185.185.151	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=151,US)
192.185.185.205	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.185.185.215	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
192.185.185.217	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
192.185.185.219	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.185.186.170	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=170,US)
192.185.186.173	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=173,US)
192.185.186.174	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=174,US)
192.185.188.235	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=235,US)
192.185.188.251	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.185.188.95	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=95,US)
192.185.189.3	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=3,US)
192.185.189.42	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=42,US)
192.185.19.9	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
192.185.190.1	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=1,US)
192.185.190.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.185.190.187	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.190.188	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=188,US)
192.185.22.109	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=109,US)
192.185.225.141	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=141,US)
192.185.226.161	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=161,US)
192.185.226.164	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=164,US)
192.185.231.62	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=62,US)
192.185.24.180	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=180,US)
192.185.245.11	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=11,US)
192.185.28.7	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=7,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=7,US)
192.185.3.208	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=208,US)
192.185.3.219	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=219,US)
192.185.35.27	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=27,US)
192.185.35.43	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=43,US)
192.185.35.48	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=48,US)
192.185.35.53	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=53,US)
192.185.36.115	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=115,US)
192.185.37.141	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
192.185.37.148	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=148,US)
192.185.37.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.39.39	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=39,US)
192.185.4.105	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=105,US)
192.185.46.253	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=253,US)
192.185.46.54	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=54,US)
192.185.47.253	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.48.171	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=171,US)
192.185.48.236	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=236,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=236,US)
192.185.5.2	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=2,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=2,US)
192.185.5.49	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=49,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=49,US)
192.185.51.80	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
192.185.52.124	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=124,US)
192.185.56.248	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.60.72	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=72,US)
192.185.68.17	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.74.77	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=77,US)
192.185.75.124	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.185.76.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.185.76.35	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=35,US)
192.185.77.131	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=131,US)
192.185.77.152	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=152,US)
192.185.77.182	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=182,US)
192.185.77.249	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=249,US)
192.185.77.78	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.78.83	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=83,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=83,US)
192.185.79.118	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=118,US)
192.185.79.122	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
192.185.79.200	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
192.185.85.234	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.185.85.247	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=247,US)
192.185.85.254	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=254,US)
192.185.86.158	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=158,US)
192.185.86.250	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.86.89	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.88.231	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=231,US)
192.185.89.31	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.185.92.6	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=6,US)
192.185.92.87	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=87,US)
192.185.93.11	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=11,US)
192.185.93.19	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=19,US)
192.185.93.21	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=21,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=21,US)
192.185.94.101	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=101,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=101,US)
192.185.95.74	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
192.185.96.187	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=187,US)
192.185.97.193	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=193,US)
192.185.97.218	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=218,US)
192.185.98.153	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.185.98.250	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.185.98.252	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
192.185.98.254	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=254,US)
192.186.174.74	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=74,US)
192.186.193.64	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.186.216.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.186.226.103	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=103,US)
192.187.111.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.190.221.67	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=67,US)
192.190.80.150	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=150,US)
192.195.72.53	24	TH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire Report (IP=53,PL)
192.195.80.10	32	jky	None	2017-01-06 06:00:00	2022-05-18 00:00:00	None	TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=10,US)
192.198.81.122	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=122,US)
192.198.81.46	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=46,US)
192.198.84.62	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=62,US)
192.198.85.182	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=182,US)
192.198.86.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
192.198.88.110	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=110,US)
192.198.88.150	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=150,US)
192.198.89.242	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=242,US)
192.198.89.34	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=34,US)
192.198.89.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
192.198.91.158	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=158,US)
192.198.92.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,US)
192.198.93.110	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=110,US)
192.198.93.18	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=18,US)
192.198.93.86	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=86,US)
192.198.94.186	32	KF	None	2018-10-20 05:00:00	2022-03-24 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=186,US) | updated by TLM Block was inactive. Reactivated on 20210924 with reason HIVE Case #6252 CTO 21-265 (IP=186,US)
192.198.94.86	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=86,US)
192.198.95.178	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=178,US)
192.198.95.35	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
192.198.95.36	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
192.198.95.37	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
192.210.132.117	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=117,US)
192.210.132.130	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=130,US)
192.210.149.54	32	TH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:12	SIPVicious Security Scanner - FE CMS IPS Events (IP=54,US)
192.210.163.128	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=128,US)
192.210.170.112	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=112,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=112,US)
192.210.191.188	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:30	HIVE Case #7088 CTO 22-056 (IP=188,US)
192.210.206.180	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:21	HIVE Case #7458 CTO 22-113 (IP=180,US)
192.210.226.128	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:31	HIVE Case #7088 CTO 22-056 (IP=128,US)
192.227.131.143	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
192.227.142.146	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:25	HIVE Case #7495 CTO 22-120 (IP=146,US)
192.227.150.101	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=101,US)
192.227.158.110	32	TLM	None	2021-09-14 00:00:00	2022-09-14 00:00:00	None	HIVE Case #6166 CTO 21-246
192.227.178.69	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=69,US)
192.227.193.152	32	KH	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=152,US)
192.227.193.240	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=240,US)
192.227.223.192	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=192,US)
192.227.225.184	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=184,US)
192.232.193.63	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=63,US)
192.232.195.148	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=148,US)
192.232.217.43	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=43,US)
192.232.234.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.232.249.128	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=128,US)
192.234.223.211	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:26	FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt ) - Sourcefire Rpt (IP=211,CA)
192.236.146.173	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
192.236.147.18	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:45	HIVE Case #7198 CTO 22-071 (IP=18,US)
192.236.147.206	32	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Callback IP - Hive Case 6498 (IP=206,US)
192.236.147.253	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=253,US)
192.236.160.254	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:13	HIVE Case #7669 TO-S-2022-0187 (IP=254,US)
192.236.161.201	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:28	HIVE Case #7115 CTO 22-060 (IP=201,US)
192.236.163.153	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
192.236.163.213	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=213,US)
192.236.176.184	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=184,US)
192.236.178.168	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=168,US)
192.236.178.186	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=186,US)
192.236.192.201	32	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Callback IP - Hive Case 6498 (IP=201,US)
192.236.192.85	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:14	HIVE Case #7669 TO-S-2022-0187 (IP=85,US)
192.236.193.78	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=78,US)
192.236.195.193	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:23	HIVE Case #7894 CTO 22-187 (IP=193,US)
192.236.198.116	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:14	HIVE Case #7669 TO-S-2022-0187 (IP=116,US)
192.236.198.63	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:15	HIVE Case #7669 TO-S-2022-0187 (IP=63,US)
192.236.199.35	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=35,US)
192.236.209.37	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=37,US)
192.236.236.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.240.101.84	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=84,US)
192.240.188.210	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=210,US)
192.240.99.106	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=106,US)
192.241.132.8	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:17	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=8,US)
192.241.133.108	32	RR	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 13:49:09	SQL injection - Web Attacks (IP=108,US)
192.241.133.23	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:31	SQL injection - Web Attacks (IP=23,US)
192.241.138.75	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:53	SQL injection - 6hr Web Attacks (IP=75,US)
192.241.140.229	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:48	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt - SourceFire (IP=229,US)
192.241.140.42	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:18	SQL injection - 6HR Web Attacks (IP=42,US)
192.241.141.174	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:12	SQL injection - 6hr Web Attacks (IP=174,US)
192.241.141.228	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=228,US)
192.241.142.210	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:34	SQL injection - Web Attacks (IP=210,US)
192.241.142.82	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:46	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=82,US)
192.241.145.101	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:50	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=101,US)
192.241.146.13	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:44	SQL 1 = 1 - possible sql injection attempt (1:27287:5) - SourceFire (IP=13,US)
192.241.146.199	32	SW	None	2022-08-24 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:31	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=199, US) | updated by RR Block expiration extended with reason OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=199,US)
192.241.154.198	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:21	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - Source Fire (IP=198,US)
192.241.155.127	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 13:57:23	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6HR Web Attacks (IP=127,US)
192.241.156.247	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:07	SQL injection - WebAttacks (IP=247,US)
192.241.156.37	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:45	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - 6 HR WebAttack (IP=37,US)
192.241.157.10	24	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:08	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=10,SG)
192.241.157.62	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:26	SQL injection - Web Attacks (IP=62,US)
192.241.158.107	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:23	SQL injection - Web Attacks (IP=107,US)
192.241.158.22	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:44	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=22,US)
192.241.158.35	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:57	SQL injection - 6hr Web Attacks (IP=35,US)
192.241.159.167	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:37	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire Report (IP=167,US)
192.241.159.205	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:37	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (3:49987:3) - SourceFire (IP=205,US)
192.241.159.48	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:23	SQL injection - Web Attacks (IP=48,US)
192.241.175.218	32	KH	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=218,US)
192.241.67.12	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:18	HIVE Case #7668 CTO 22-146 (IP=12,US)
192.243.105.105	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.243.48.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,US)
192.243.59.12	32	NAB	None	2021-06-22 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:57	HIVE Case #NA FP Security (IP=12,US) | updated by AS Block was inactive. Reactivated on 20220907 with reason HIVE Case #8259 TO-S-2022-0228 (IP=12,US) HIVE Case #8259 TO-S-2022-0228 (IP=12,US)
192.243.59.12	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:57	HIVE Case #NA FP Security (IP=12,US) | updated by AS Block was inactive. Reactivated on 20220907 with reason HIVE Case #8259 TO-S-2022-0228 (IP=12,US) HIVE Case #8259 TO-S-2022-0228 (IP=12,US)
192.243.59.13	32	NAB	None	2021-06-22 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:58	HIVE Case #NA FP Security (IP=13,US) | updated by AS Block was inactive. Reactivated on 20220907 with reason HIVE Case #8259 TO-S-2022-0228 (IP=13,US) HIVE Case #8259 TO-S-2022-0228 (IP=13,US)
192.243.59.13	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:58	HIVE Case #NA FP Security (IP=13,US) | updated by AS Block was inactive. Reactivated on 20220907 with reason HIVE Case #8259 TO-S-2022-0228 (IP=13,US) HIVE Case #8259 TO-S-2022-0228 (IP=13,US)
192.243.59.20	32	NAB	None	2021-06-22 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:59	HIVE Case #NA FP Security (IP=20,US) | updated by AS Block was inactive. Reactivated on 20220907 with reason HIVE Case #8259 TO-S-2022-0228 (IP=20,US) HIVE Case #8259 TO-S-2022-0228 (IP=20,US)
192.243.59.20	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:59	HIVE Case #NA FP Security (IP=20,US) | updated by AS Block was inactive. Reactivated on 20220907 with reason HIVE Case #8259 TO-S-2022-0228 (IP=20,US) HIVE Case #8259 TO-S-2022-0228 (IP=20,US)
192.243.61.225	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:59	HIVE Case #8259 TO-S-2022-0228 (IP=225,US)
192.243.61.227	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:13:00	HIVE Case #8259 TO-S-2022-0228 (IP=227,US)
192.245.157.41	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.248.175.158	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=158,GB)
192.248.178.66	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=66,DE)
192.248.179.159	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=159,DE)
192.248.182.64	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:11	HIVE Case #7133 CTO 22-062 (IP=64,DE)
192.248.188.199	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:23	HIVE Case #7495 CTO 22-120 (IP=199,DE)
192.248.188.253	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:32	HIVE Case #7653 CTO 22-144 (IP=253,DE)
192.248.40.135	24	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- SourceFire (IP=135,LK)
192.249.118.148	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=148,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=148,US)
192.249.120.135	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.249.120.39	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-26 22:35:47	HIVE Case #8170 COLS-NA TIP 22-0284 (IP=39,US)
192.249.127.180	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=180,US)
192.252.180.100	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:37	HIVE Case #7769 CTO 22-165 (IP=100,US)
192.252.213.34	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:13	Infection Match (blocked)- FIREEYE Web(IP=34,CA)
192.254.146.68	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=68,US)
192.254.147.158	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.254.171.142	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
192.254.184.77	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=77,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=77,US)
192.254.185.123	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=123,US)
192.254.185.126	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=126,US)
192.254.185.183	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=183,US)
192.254.186.41	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=41,US)
192.254.187.166	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=166,US)
192.254.188.228	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=228,US)
192.254.189.107	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=107,US)
192.254.189.137	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=137,US)
192.254.189.226	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=226,US)
192.254.189.65	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=65,US)
192.254.222.109	32	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:07	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (1:21492:23) - SourceFire (IP=109,US)
192.254.224.61	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=61,US)
192.254.225.229	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=229,US)
192.254.226.211	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=211,US)
192.254.232.168	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=168,US)
192.254.233.160	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=160,US)
192.254.233.95	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=95,US)
192.254.236.104	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=104,US)
192.254.236.15	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=15,US)
192.254.65.154	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=154,US)
192.254.65.202	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=202,US)
192.254.68.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
192.254.69.178	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=178,US)
192.254.71.22	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=22,US)
192.254.74.222	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=222,US)
192.254.74.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,US)
192.254.75.158	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=158,US)
192.254.76.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
192.254.76.214	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=214,US)
192.254.76.62	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=62,US)
192.254.76.78	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=78,US)
192.254.77.250	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=250,US)
192.254.77.38	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=38,US)
192.254.78.106	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=106,US)
192.254.79.154	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=154,US)
192.254.79.238	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=238,US)
192.254.79.50	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=50,US)
192.255.234.243	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
192.3.1.223	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:14	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=223,US)
192.3.118.129	32	AR	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 13:40:49	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=129,US)
192.3.118.214	32	SW	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 22:39:49	HTTP: ThinkPHP CMS Getshell Vulnerability - IR # 22C01114(IP=214,US)
192.3.155.4	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=4,US)
192.3.186.170	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=170,US)
192.3.194.202	32	NAB	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=202,US)
192.3.194.242	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=242,US)
192.3.202.70	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:37	SIPVicious Security Scanner - IPS Events (IP=70,US)
192.3.247.180	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:35	HIVE Case #8395 TO-S-2022-0233 (IP=180,US)
192.3.251.140	32	KH	None	2022-02-05 00:00:00	2022-12-20 00:00:00	2022-09-22 13:55:01	Masscan TCP Port Scanner - FE IPS (IP=140,US) | updated by JP Block was inactive. Reactivated on 20220921 with reason Masscan TCP Port Scanner - IPS Events (IP=140,US)
192.3.255.113	32	KH	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=113,US)
192.3.45.50	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
192.3.48.133	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=133,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=133,US)
192.3.86.116	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=116,US)
192.30.83.117	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:08	HIVE Case #7696 CTO 22-152 (IP=117,US)
192.30.83.118	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:09	HIVE Case #7696 CTO 22-152 (IP=118,US)
192.30.83.143	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:08	HIVE Case #7668 CTO 22-146 (IP=143,US)
192.30.83.37	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:42	HIVE Case #7768 CTO 22-161 (IP=37,US)
192.30.83.58	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:07	HIVE Case #7696 CTO 22-152 (IP=58,US)
192.30.83.80	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:17	HIVE Case #7705 CTO 22-153 (IP=80,US)
192.34.56.193	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:32	SQL injection - Web Attacks (IP=193,US)
192.34.58.211	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:33:59	SQL Injection- Web Attacks (IP=211,US)
192.34.60.185	32	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:38	SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (1:49840:1) - SourceFire (IP=185,US)
192.34.60.237	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:38	SQL injection - Web Attacks (IP=237,US)
192.34.61.148	32	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:07	SQL injection- 6hr Web Attacks (IP=148,US)
192.34.61.192	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:28	SQL injection - Web Attacks (IP=192,US)
192.34.63.118	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:40:00	rConfig CVE-2019-16662 install Command Execution - FE IPS (IP=118,US)
192.34.63.66	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:08	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire Report (IP=66,US)
192.34.63.75	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:33	SQL injection - Web Attacks (IP=75,US)
192.34.63.87	32	NAB	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:04	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=87,US)
192.34.80.176	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=176,US)
192.36.115.53	24	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=53,SE)
192.36.148.17	24	dbc	None	2014-04-17 05:00:00	2022-04-06 00:00:00	None	Torpig bot sinkhole server DNS lookup (ip=17,SE) | updated by RR with reason MALWARE-CNC Torpig bot sinkhole server DNS lookup | updated by BP Block was inactive. Reactivated on 20191121 with reason INDICATOR-COMPROMISE Suspicious .ml dns query (IP=17,S | updated by RT Block was inactive. Reactivated on 20220106 with reason SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire Report (IP=17,SE)
192.36.27.41	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:28	HIVE Case #7199 CTO 22-074 (IP=41,DK)
192.36.27.41	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:20	HIVE Case #7199 CTO 22-074 (IP=41,DK)
192.36.27.92	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=92,DK)
192.40.115.79	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=79,US)
192.42.116.13	24	CR	None	2020-07-14 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=13,NL) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=13,NL) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=13,NL)
192.42.116.13	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=13,NL) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=13,NL) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=13,NL)
192.42.178.30	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:07	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=30,US)
192.44.37.1	24	KD	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=1,DE)
192.46.210.103	24	CR	None	2021-05-11 00:00:00	2022-03-30 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected_Sourcefire (IP=103,IN) | updated by DT Block was inactive. Reactivated on 20211230 with reason Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=103,IN)
192.46.216.224	32	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=224,US)
192.46.229.28	24	ZH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 13:55:11	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=28,SG)
192.46.232.232	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=232,DE)
192.48.88.107	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
192.5.5.241	24	BB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire (IP=241,NL)
192.52.166.87	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:42	HIVE Case #7110 CTO 22-057 (IP=87,US)
192.53.112.59	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:17	HIVE Case #7653 CTO 22-144 (IP=59,SG)
192.53.160.16	32	NAB	None	2021-12-15 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=16,US)
192.53.170.154	32	DT	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=154,US)
192.64.114.250	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
192.64.115.228	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=228,US)
192.64.116.163	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.64.116.18	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.64.117.200	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=200,US)
192.64.117.242	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
192.64.117.62	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=62,US)
192.64.118.106	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=106,US)
192.64.118.72	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.64.118.78	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=78,US)
192.64.119.127	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.64.119.137	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=137,US)
192.64.119.165	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=165,US)
192.64.119.171	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
192.64.119.250	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
192.64.119.253	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=253,US)
192.64.119.61	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
192.64.119.62	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=62,US)
192.64.119.71	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=71,US)
192.64.119.99	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=99,US)
192.64.150.142	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=142,US)
192.69.235.189	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=189,US)
192.69.235.69	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=69,US)
192.71.228.17	24	KD	None	2021-12-13 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:07	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=17,SE) | updated by SA Block was inactive. Reactivated on 20220602 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=17,SE)
192.74.225.113	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
192.81.209.205	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:09	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=205,US)
192.81.210.171	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:36	SQL injection - Web Attacks (IP=171,US)
192.81.210.80	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:32	SQL injection - Web Attacks (IP=80,US)
192.81.212.119	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:40	SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt (1:59934:2) - SourceFire (IP=119, US)
192.81.212.179	32	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:05	SQL injection - 6 Hr Web Report (IP=179,US)
192.81.213.240	32	RR	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:48:58	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=240,US)
192.81.215.122	32	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:48	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=122,US)
192.81.215.138	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:06	File /etc/passwd Access Attempt Detect - IPS Events (IP=138,US)
192.81.215.232	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 13:57:45	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=232,US)
192.81.216.230	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:18	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt - SourceFire (IP=230,US)
192.81.216.243	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:00	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - Source Fire (IP=243,US)
192.81.216.9	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=9,US)
192.81.217.146	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:44	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Source Fire (IP=146,US)
192.81.217.66	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:26	SQL injection - Web Attacks (IP=66,US)
192.81.218.37	32	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:05	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire Report (IP=37,US)
192.82.64.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,MN)
192.95.20.8	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:50	HIVE Case #7779 CTO 22-162 (IP=8,CA)
192.95.30.177	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:17	HIVE Case #7705 CTO 22-153 (IP=177,CA)
192.95.36.61	24	EE	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:51	HIVE Case #7326 IOC_Fire Chili Rootkits (IP=61,CA)
192.95.50.228	24	NAB	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=228,CA)
192.95.57.121	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:28	ColdFusion Error reporting - IR# 22C01132 (IP=121,CA)
192.95.9.29	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
192.96.210.51	32	dbc	None	2020-11-19 00:00:00	2022-11-16 00:00:00	2022-08-26 22:35:46	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity | updated by AS Block was inactive. Reactivated on 20220818 with reason HIVE Case #8170 COLS-NA TIP 22-0284 (IP=51,US)
192.99.105.190	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
192.99.13.75	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:34	HIVE Case #7813 CTO 22-173 (IP=75,CA)
192.99.14.211	24	JKC	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	HIVE Case #NA FP Security/CIO Policy Malicious IP (IP=211,CA)
192.99.148.184	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=184,CA) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=184,CA) HIVE Case #5969 TO-S-2021-1289 (IP=184,CA)
192.99.148.184	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=184,CA) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=184,CA) HIVE Case #5969 TO-S-2021-1289 (IP=184,CA)
192.99.15.34	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:18	HIVE Case #7705 CTO 22-153 (IP=34,CA)
192.99.152.200	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:24	HIVE Case #7767 TO-S-2022-0197 (IP=200,CA)
192.99.16.104	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
192.99.169.235	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6411 CTO 21-294 (IP=235,CA)LM HIVE Case #6411 CTO 21-294
192.99.170.88	24	AR	None	2021-07-28 00:00:00	2022-07-27 00:00:00	None	Potentially Malicious Domain IP - HIVE CASE #5853 (IP=88,CA)
192.99.175.176	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
192.99.175.178	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
192.99.175.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
192.99.199.128	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=128,CA)
192.99.20.39	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=39,CA)
192.99.221.132	24	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=132,CA)
192.99.225.34	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:11	SIPVicious Security Scanner - IPS Events (IP=34,CA)
192.99.248.214	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
192.99.255.38	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6631 CTO 21-329 (IP=38,CA)
192.99.35.94	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:12	HIVE Case #7705 CTO 22-153 (IP=94,CA)
192.99.41.136	32	jkc	None	2021-08-23 00:00:00	2022-08-23 00:00:00	None	HIVE Case #NA Compromised IP (IP=136, US)
192.99.55.15	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
192.99.7.152	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
192.99.8.201	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	CA TO-S-2021-1143 Malicious Email Activity
192.99.88.187	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=187,CA)
1923shop.com	---	TLM	None	2021-06-14 00:00:00	2022-06-14 00:00:00	2023-01-19 22:57:12	HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
192820210701022819cfsd.kutaplaya.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:20	HIVE Case #5985 TO-S-2021-1459
193.104.99.9	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
193.106.175.102	24	KH	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	Malicious IP HIVE Case 6498 (IP=102,RU)
193.106.191.48	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:06	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=48,RU)
193.106.24.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.107.168.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
193.107.176.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.107.216.228	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:46	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=228,HK)
193.107.72.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.108.118.74	24	KH	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:15	SIPVicious Security Scanner - FE IPS (IP=74,DE)
193.108.91.22	24	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=22,NL)
193.110.100.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.110.16.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.110.60.3	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
193.110.76.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.110.95.34	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:40	HIVE Case #7342 CTO 22-092 FRAGO (IP=34,CH)
193.111.153.24	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:36	HIVE Case #7189 CTO 22-068.1 (IP=24,NL)
193.111.198.24	24	KH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:12	SIPVicious Security Scanner - FE CMS (IP=24,DE)
193.111.199.228	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:00	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=228,DE)
193.111.248.108	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:15	SQL injection - 6Hr Web Attacks (IP=108,DE)
193.111.48.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
193.112.168.182	24	KD	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP v Bulletin pre-authenticated command injection attempt- Web Attacks (IP=182,CN)
193.112.78.90	24	KH	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	SQL use of sleep function with select - likely SQL injection - Sourcefire (IP=90,CN) | updated by KH Block was inactive. Reactivated on 20211118 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=90,CN) INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=90,CN)
193.112.78.90	24	FT	None	2020-08-27 00:00:00	2022-02-16 00:00:00	None	SQL use of sleep function with select - likely SQL injection - Sourcefire (IP=90,CN) | updated by KH Block was inactive. Reactivated on 20211118 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=90,CN) INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=90,CN)
193.118.53.139	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=139,US)
193.118.53.139	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=139,US)
193.118.53.139	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=139,US)
193.118.53.139	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=139,US)
193.118.53.142	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:03	SIPVicious Security Scanner - IPS Events (IP=142,NL)
193.12.22.13	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=13,SE)
193.122.147.45	32	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=45,US)
193.124.206.128	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=128,CZ)
193.124.7.9	24	DT	None	2022-03-08 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:35	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=9,CZ) | updated by TH Block was inactive. Reactivated on 20220617 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=9,RU)
193.124.9.94	24	KH	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=94,CZ)
193.124.94.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,CZ) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,CZ)
193.128.111.106	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=106,GB)
193.135.134.0	24	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=0,RU)
193.135.134.116	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=116,RU)
193.138.192.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
193.138.78.116	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.142.146.213	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:33	SQL injection - Web Attacks (IP=213,NL)
193.142.58.139	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6183 CTO 21-254 (IP=139,RO)
193.149.176.176	32	TLM	None	2022-04-19 00:00:00	2022-10-19 00:00:00	2022-04-20 12:44:24	HIVE Case #7424 CTO 22-109 (IP=176,US)
193.150.70.0	24	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,RU)
193.151.128.15	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=15,IR)
193.151.191.38	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=38,MX)
193.160.32.227	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:30	HIVE Case #7387 CTO 22-103(IP=227,US)
193.161.132.168	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
193.162.143.218	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=218,RU) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=218,RU)
193.162.47.105	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=105,US)
193.164.131.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
193.164.132.204	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
193.164.150.111	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=111,RU)
193.164.150.111	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=111,RU)
193.164.150.111	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=111,RU)
193.166.4.1	24	KD	None	2021-12-13 00:00:00	2022-05-19 00:00:00	2022-08-09 18:49:31	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=1,FI) | updated by DT Block was inactive. Reactivated on 20220218 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=1,FL)
193.169.145.194	24	BMP	None	2020-07-15 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=194,RO) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=194,RO) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=194,RO)
193.169.145.194	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=194,RO) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=194,RO) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=194,RO)
193.169.145.202	24	RB	None	2021-05-15 00:00:00	2022-05-18 00:00:00	None	SQL injection - 6hr web attacks (IP=202,RO) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=202,RO)
193.169.253.115	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=115,PL)
193.169.253.116	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=116,PL)
193.169.253.121	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=121,PL)
193.169.254.211	32	RS	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:17:59	Self-Report Coldfusion - IR#22C01391 (IP=211,PL)
193.169.254.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
193.169.254.34	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
193.169.254.35	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
193.169.254.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
193.169.254.38	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
193.169.254.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
193.169.53.130	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:47	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=130,RU)
193.17.192.70	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=70,FR)
193.176.144.22	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:08	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=22,NL)
193.176.84.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,RO)
193.176.86.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,DE)
193.178.228.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.178.236.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.179.108.131	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
193.179.63.207	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.179.8.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.179.8.86	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.182.144.105	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IL TO-S-2021-1050 Hive Case 4821 Malware Activity
193.187.116.180	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=180,HK)
193.187.117.144	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:56	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=144,HK)
193.187.94.176	24	KH	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=176,RU)
193.188.65.156	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=156,JO)
193.188.65.52	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=52,JO)
193.188.71.12	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=12,JO)
193.188.97.212	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BH TO-S-2021-1117 DOS-DDOS Activity
193.189.100.195	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=195,GB)
193.189.100.203	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=203,GB)
193.189.126.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.19.109.102	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:28	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=102, US)
193.19.205.133	24	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:42	SIPVicious Security Scanner - SourceFire (IP=133,BR)
193.19.206.47	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 13:26:39	SQL injection - WebAttacks (IP=47,LT)
193.190.182.40	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=40,BE)
193.191.148.194	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BE TO-S-2021-1037 Hive Case 4785 Malware Activity
193.194.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DZ TO-S-2021-1117 DOS-DDOS Activity
193.196.53.232	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44230 (IP=232,DE)
193.198.212.246	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=246,HR)
193.200.112.0	23	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,AT)
193.200.12.39	24	NAB	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=39,RU)
193.200.241.132	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
193.201.116.1	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=1,UA)
193.201.8.107	24	KH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:46	Nmap Scanner Traffic Detected - FE IPS (IP=107,RU)
193.201.9.157	24	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:05	Masscan TCP Port Scanner - IPS Events (IP=157,RU)
193.201.98.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.202.14.217	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=217,RU)
193.206.141.46	24	RR	None	2022-04-16 00:00:00	2022-06-30 00:00:00	2022-06-30 16:12:33	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=46,IT) | UNBLOCKED - IP is used for DNS resolution for Cybrary.IT
193.218.118.118	24	WR	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=118,UA)
193.218.118.231	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:41	HIVE Case #7342 CTO 22-092 FRAGO (IP=231,UA)
193.218.118.95	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:41	HIVE Case #7342 CTO 22-092 FRAGO (IP=95,UA)
193.22.119.195	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
193.220.55.6	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=6,NO)
193.226.177.45	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=45,RO)
193.231.242.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,RO)
193.232.10.217	24	AR	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-18 13:49:59	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=217,RU)
193.232.156.17	24	RT	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt - Sourcefire Report (IP=17,RU)
193.233.138.108	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=108,US)
193.233.177.226	24	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=226,NL)
193.233.185.23	24	AR	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-13 13:54:48	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=23,RU)
193.233.250.73	24	NAB	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=73,RU)
193.233.48.62	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:27	HIVE Case #7705 CTO 22-153 (IP=62,RU)
193.239.147.76	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
193.239.164.104	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:09	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=104,NL)
193.239.216.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
193.239.232.101	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:24	SSH2 Failed Login Attempt- 6 hour failed Login(IP=101,SE)
193.239.254.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
193.239.38.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
193.239.86.237	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=237,HK)
193.24.244.135	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
193.242.145.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
193.25.214.9	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=9,US)
193.25.215.13	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=13,US)
193.253.180.84	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
193.27.14.211	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=211,DE)
193.27.228.217	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:23	HIVE Case #7399 CTO 22-104 (IP=217,RU)
193.29.104.0	24	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:26:59	HIVE Case #7669 TO-S-2022-0187 (IP=0,FR)
193.29.104.251	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=251,FR)
193.29.13.241	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:06	SQL injection - Web Attacks (IP=241,RO) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=241,RO) SQL injection - Web Attacks (IP=241,RO)
193.29.13.241	24	RR	None	2022-07-09 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:06	SQL injection - Web Attacks (IP=241,RO) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=241,RO) SQL injection - Web Attacks (IP=241,RO)
193.29.15.143	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:36	HIVE Case #7676 CTO 22-147 (IP=143,RO)
193.29.204.101	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:52	HIVE Case #7381 CTO 22-102 v2 (IP=101,UA)
193.29.57.161	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=161,DE)
193.3.19.159	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=159,RU)
193.3.19.178	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:55	HIVE Case #7894 CTO 22-187 (IP=178,RU)
193.30.248.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RS TO-S-2021-1050 Hive Case 4821 Malware Activity
193.31.127.238	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=238,SK)
193.31.24.154	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=154,DE)
193.32.127.159	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:31	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=159,CH)
193.32.8.6	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=6,FR)
193.33.133.130	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:47	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=130,RU)
193.33.9.143	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
193.34.140.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
193.34.145.204	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=204,DE)
193.34.166.165	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:51	HIVE Case #7164 CTO 22-067.1 (IP=165,NL)
193.34.167.10	32	TLM	None	2021-10-15 00:00:00	2022-04-15 00:00:00	None	HIVE Case #6367 CTO 21-281 (IP=10,NL)
193.36.132.153	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:23	HIVE Case #7894 CTO 22-187 (IP=153,SG)
193.37.152.118	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=118,DE)
193.37.215.117	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:29	HTTP: PHP File Inclusion Vulnerability - IR# 22C01517 (IP=117,CY)
193.37.255.122	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:17	Infection Match (blocked)- FIREEYE Web(IP=122,SK)
193.38.235.234	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=234,RU) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=234,RU)
193.38.55.145	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:16	HIVE Case #7881 CTO 22-182 (IP=145,NL)
193.38.55.46	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:10:00	HIVE Case #7563 CTO 22-131 (IP=46,NL)
193.42.110.183	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
193.42.36.110	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=110,PL)
193.42.36.245	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=245,PL)
193.42.36.53	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:31	HIVE Case #7189 CTO 22-068.1 (IP=53,PL)
193.42.37.0	24	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:40	HIVE Case #7840 CTO 22-175 (IP=0,GB)
193.42.37.12	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:40	HIVE Case #7813 CTO 22-173 (IP=12,GB)
193.42.38.149	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=149,US)
193.42.38.90	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=90,US)
193.42.39.10	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:36	HIVE Case #7189 CTO 22-068.1 (IP=10,SE)
193.43.146.17	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:18	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=17,LV)
193.46.254.155	32	CR	None	2021-08-25 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:49	ArcSight ESM High Attacker Suspicious Scan Activity (IP=155,AT) | updated by AS Block expiration extended with reason HIVE Case #7874 CTO 22-181 (IP=155,RO) HIVE Case #7874 CTO 22-181 (IP=155,RO)
193.46.254.155	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:49	ArcSight ESM High Attacker Suspicious Scan Activity (IP=155,AT) | updated by AS Block expiration extended with reason HIVE Case #7874 CTO 22-181 (IP=155,RO) HIVE Case #7874 CTO 22-181 (IP=155,RO)
193.46.254.81	24	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	SQL injection - Web Attacks (IP=81,AT)
193.46.255.50	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:02	SIPVicious Security Scanner - FE CMS IPS alert (IP=57,NL) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=50,RO) SIPVicious Security Scanner - FE IPS (IP=50,RO)
193.46.255.50	24	SA	None	2022-06-06 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:02	SIPVicious Security Scanner - FE CMS IPS alert (IP=57,NL) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=50,RO) SIPVicious Security Scanner - FE IPS (IP=50,RO)
193.46.255.50	24	RS	None	2022-06-06 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:02	SIPVicious Security Scanner - FE CMS IPS alert (IP=57,NL) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=50,RO) SIPVicious Security Scanner - FE IPS (IP=50,RO)
193.46.255.60	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:48	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=60,RO)
193.46.255.60	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:48	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=60,RO) HIVE Case #7264 FBI Russian Energy Sector Scans (IP=60,RO)
193.46.255.8	24	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:57	SIPVicious Security Scanner - IPS Events (IP=8,RO)
193.5.22.25	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=25,CH)
193.53.126.0	23	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,RU) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,RU)
193.53.245.214	24	KH	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=214,TR)
193.56.146.189	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:15	HIVE Case #7399 CTO 22-104 (IP=189,RU)
193.56.146.53	24	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Callback IP - Hive Case 6498 (IP=53,RU)
193.56.255.243	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:28	HIVE Case #7653 CTO 22-144 (IP=243,SG)
193.56.28.202	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:15	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=202,GB)
193.56.28.227	32	TLM	None	2022-05-03 00:00:00	2022-11-02 00:00:00	2022-05-04 20:57:55	HIVE Case #7508 CTO 22-123 (IP=227,GB)
193.56.28.251	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6446 CTO 21-272 (IP=251,GB)
193.56.66.85	32	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=85,US)
193.56.72.194	32	NAB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=194,US)
193.56.75.187	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=187,US)
193.66.151.91	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=91,FI)
193.70.15.118	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
193.70.25.95	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=95,FR)
193.70.33.60	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
193.70.6.47	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
193.77.113.32	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=32,SI)
193.77.150.79	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SI TO-S-2021-1037 Hive Case 4785 Malware Activity
193.77.43.201	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SI TO-S-2021-1037 Hive Case 4785 Malware Activity
193.77.82.69	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SI TO-S-2021-1117 DOS-DDOS Activity
193.85.179.33	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.85.227.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.85.227.190	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.85.240.250	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.86.205.170	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.86.31.110	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
193.91.125.249	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
193.91.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
193.92.239.136	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
193.92.250.54	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
193.93.236.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
193.93.76.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
194.0.1.24	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=24,GB)
194.0.16.215	24	AR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=215,IT)
194.0.25.30	24	DT	None	2021-12-18 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:57	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=30,AT) | updated by SA Block was inactive. Reactivated on 20220531 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=30,AU)
194.0.28.53	24	DT	None	2022-01-23 00:00:00	2022-04-23 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=53,NL)
194.0.34.53	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=53,ES)
194.105.104.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KZ TO-S-2021-1037 Hive Case 4785 Malware Activity
194.106.16.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
194.107.18.51	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
194.108.156.114	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
194.108.19.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
194.110.203.6	24	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:17	SQL injection - 6Hr Web Attacks (IP=6,RU)
194.110.248.92	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=92,UA)
194.113.235.106	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=106,RU)
194.116.194.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
194.119.192.34	24	RR	None	2022-05-05 00:00:00	2022-06-30 00:00:00	2022-06-30 16:18:33	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=34,IT) | UNBLOCKED - IP is used for DNS resolution for Cybrary.IT
194.126.177.57	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	ColdFusion Error reporting - TT# 22C00916 (IP=114,US)
194.132.222.115	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SE TO-S-2021-1117 DOS-DDOS Activity
194.133.19.82	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
194.133.19.86	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
194.135.24.241	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:02	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=241,CZ)
194.135.24.244	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:12	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=244,CZ)
194.135.24.251	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:06	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=251,CZ)
194.135.33.137	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:16	HIVE Case #7669 TO-S-2022-0187 (IP=137,CZ)
194.135.33.144	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:16	HIVE Case #7669 TO-S-2022-0187 (IP=144,CZ)
194.135.94.180	24	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=180,LT)
194.135.94.180	32	BB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=180,LT)
194.135.94.180	24	RR	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability - SourceFire (IP=180,LT)
194.14.3.53	24	RS	None	2022-07-29 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:53	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=53,SE) | updated by RR Block expiration extended with reason SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=53,SW)
194.143.146.0	24	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6643 TO-S-2022-0073 (IP=0,UA)
194.143.150.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
194.146.104.11	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=11,GB)
194.146.106.106	24	GLM	None	2021-04-03 00:00:00	2022-04-12 00:00:00	None	UDP: Port Scan (IP=106,SE) | updated by BB Block was inactive. Reactivated on 20220112 with reason SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire (IP=106,SE)
194.146.12.46	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:06	SIPVicious Security Scanner - IPS Events (IP=46,DE)
194.146.56.0	22	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,RS)
194.149.135.133	32	RR	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 13:52:20	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01814 (IP=133,MK)
194.15.112.158	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=158,GB)
194.15.216.216	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=216,PL)
194.15.216.228	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6344 TO-S-2022-1604 (IP=228,PL)
194.150.167.55	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=55,GR)
194.152.34.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
194.154.78.166	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:12	HIVE Case #7668 CTO 22-146 (IP=166,RU)
194.154.78.169	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=169,RU)
194.154.78.223	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:13	HIVE Case #7668 CTO 22-146 (IP=223,RU)
194.156.98.12	24	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:35	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=12,HK)
194.156.99.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	HK TO-S-2021-1102 Malware Activity
194.163.133.36	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:06	HIVE Case #7862 CTO 22-176 (IP=36,DE)
194.163.133.36	24	RW	None	2021-10-05 00:00:00	2022-01-30 00:00:00	None	SQL injection - Web Attacks (IP=36,DE) | updated by ZH Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=36,DE)
194.163.134.90	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=90,DE)
194.163.140.150	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:04	SIPVicious Security Scanner - FE IPS Events (IP=150,DE)
194.163.143.39	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=39,DE)
194.163.147.168	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=168,DE)
194.163.157.11	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=11,DE)
194.163.160.65	24	RW	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00292 (IP=65,DE)
194.163.163.20	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=20,DE)
194.163.168.150	24	AR	None	2021-10-20 00:00:00	2022-01-20 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=150,DE)
194.163.169.7	24	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:54:59	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=7,DE)
194.163.170.74	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:16	HIVE Case #7733 CTO 22-155 (IP=74,DE)
194.163.173.129	24	RW	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) (IP=129,DE)
194.163.174.3	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=3,DE)
194.163.181.134	24	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 22:51:15	SIPVicious Security Scanner - IPS Events (IP=134,DE)
194.163.182.89	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:49	SQL injection - Web Attacks (IP=89,DE)
194.163.188.30	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:14	HIVE Case #7653 CTO 22-144 (IP=30,DE)
194.163.190.47	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=47,DE)
194.166.142.55	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AT TO-S-2021-1050 Hive Case 4821 Malware Activity
194.166.221.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AT TO-S-2021-1037 Hive Case 4785 Malware Activity
194.169.239.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
194.169.239.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
194.177.56.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
194.180.174.180	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:19	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=180,MD)
194.180.174.186	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:20	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=186,MD)
194.180.174.187	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:20	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=187,MD)
194.180.174.46	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=46,MD)
194.180.174.46	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=46,MD)
194.180.174.46	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=46,MD)
194.180.174.6	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=6,MD)
194.180.191.238	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=238,MD)
194.180.191.243	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=243,MD)
194.181.21.62	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:30:58	FireEye High Attacker (IP=62,PL)
194.181.44.11	24	KD	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=11,PL)
194.181.87.156	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:08	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) SourceFire (IP=156,PL)
194.181.88.158	32	wmp	None	2021-02-12 00:00:00	2022-08-25 00:00:00	None	ArcSight High Attacker (IP=158,PL) | updated by CR Block was inactive. Reactivated on 20210825 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=158,PL)
194.182.72.52	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
194.187.108.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
194.187.251.155	24	KD	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	SERVER-WEBAPP Facade Ignition remote code execution attempt- Sourcefire (IP=155,BE)
194.187.98.180	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
194.187.98.181	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
194.187.98.189	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
194.187.98.190	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
194.190.124.17	24	TH	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire Report (IP=17,RU)
194.190.18.122	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=122,RU)
194.190.76.41	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:55:39	HIVE Case #7152 CTO 22-064 F1 (IP=41,RU)
194.190.76.44	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:55:41	HIVE Case #7152 CTO 22-064 F1 (IP=44,RU)
194.195.211.98	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:21	HIVE Case #7199 CTO 22-074 (IP=98,US)
194.195.241.86	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=86,DE)
194.195.243.88	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:56	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - SourceFire Report (IP=88,DE)
194.195.246.102	24	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:33	Masscan TCP Port Scanner - IPS Events(IP=102,DE)
194.195.91.28	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=28,DE)
194.195.91.40	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=40,DE)
194.195.91.45	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=45,DE)
194.195.91.60	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=60,DE)
194.208.49.175	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AT TO-S-2021-1050 Hive Case 4821 Malware Activity
194.208.56.94	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AT TO-S-2021-1037 Hive Case 4785 Malware Activity
194.213.196.98	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
194.223.150.162	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:01	FireEye High Attacker (IP=162,GB)
194.224.155.143	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
194.228.201.158	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=158,CZ)
194.233.162.236	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:08	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=236, DE)
194.233.163.127	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=127,DE)
194.233.164.177	24	SW	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:31	SERVER-WEBAPP Atlassian Confluence information disclosure attempt - WebAttacks (IP=177,DE)
194.233.69.237	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 16:36:16	HIVE Case #8047 COLS-NA TIP 21-0394 (IP=237,SG)
194.233.70.54	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:36:51	HIVE Case #8325 COLS-NA-TIP 22-0326 (IP=54,SG)
194.233.73.93	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=93,SG)
194.233.75.158	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=158,SG)
194.233.77.245	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:37	HIVE Case #7676 CTO 22-147 (IP=245,SG)
194.233.81.191	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=191,SG)
194.233.87.170	24	ZH	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 13:55:36	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=170,SG)
194.233.91.208	24	TH	None	2022-07-05 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:27	SQL injection - 6 Hr Web Report (IP=208,SG) | updated by RR Block expiration extended with reason SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt - SourceFire (IP=208,SG)
194.233.96.200	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:07	HIVE Case #7546 CTO 22-127 (IP=200,DE)
194.233.96.53	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:06	HIVE Case #7546 CTO 22-127 (IP=53,DE)
194.233.96.55	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:05	HIVE Case #7546 CTO 22-127 (IP=55,DE)
194.242.56.116	24	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:10	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire Report (IP=116,DE)
194.246.96.1	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:01	SERVER-OTHER Sentinel license manager buffer overflow attempt - Source Fire (IP=1,DE)
194.26.228.174	24	TC	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 22:51:01	HUNT IP Block Request - IR# 22C01898 (IP=174,RU)
194.28.115.36	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
194.28.170.214	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
194.28.170.43	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
194.28.189.25	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
194.28.224.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
194.29.100.173	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:56	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=173,AU)
194.29.186.67	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:00	HIVE Case #7904 CTO 22-189 (IP=67,HK)
194.3.84.6	24	DT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=6,FR)
194.31.98.124	32	AS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 17:31:10	HIVE Case #8052 TO-S-2022-0216 (IP=124,US)
194.31.98.144	24	RR	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-26 14:44:15	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt Web Attacks (IP=144,NL)
194.32.107.187	24	RB	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:57	SQL injection - 6hr web attacks (IP=187,NO)
194.35.15.27	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
194.36.108.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,DE)
194.36.189.218	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=218,NL)
194.36.189.69	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=69,NL)
194.36.190.118	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:43	HIVE Case #7110 CTO 22-057 (IP=118,NL)
194.36.191.42	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=42,NL)
194.36.191.43	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=43,NL)
194.37.97.0	24	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:26:59	HIVE Case #7669 TO-S-2022-0187 (IP=0,US)
194.38.23.103	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:44	HIVE Case #7227 CTO 22-076 (IP=103,UA)
194.42.111.204	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
194.47.228.109	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SE TO-S-2021-1117 DOS-DDOS Activity
194.48.199.78	32	wmp	None	2021-05-27 00:00:00	2022-02-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=78,GB) | updated by TLM Block expiration extended with reason HIVE Case #5 TO-S-2021-1447 (IP=78,PL)
194.49.69.218	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:23	HIVE Case #7881 CTO 22-182 (IP=218,US)
194.5.178.122	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=122,IR)
194.5.53.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,FR)
194.5.73.5	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:38	HIVE Case #7676 CTO 22-147 (IP=5,NL)
194.5.73.6	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=6,NL)
194.50.156.6	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
194.53.109.76	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=76,US)
194.54.180.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RS TO-S-2021-1050 Hive Case 4821 Malware Activity
194.54.184.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
194.58.103.22	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=22,RU)
194.58.103.22	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=22,RU)
194.58.103.22	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=22,RU)
194.58.108.14	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=14,RU)
194.58.111.215	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=215,RU)
194.58.118.14	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=14,RU)
194.58.119.114	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=114,RU)
194.58.120.207	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=207,RU)
194.58.121.225	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=225,RU)
194.58.122.110	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=110,RU)
194.58.122.89	32	TLM	None	2021-10-21 00:00:00	2022-04-19 00:00:00	None	HIVE Case #6384 CTO 21-282 (IP=89,RU)
194.58.123.47	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=47,RU)
194.58.123.47	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=47,RU)
194.58.123.47	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=47,RU)
194.58.192.49	24	KD	None	2021-12-13 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:57	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=49,SE) | updated by SA Block was inactive. Reactivated on 20220531 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=49,SW)
194.58.198.49	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=49,SE)
194.58.198.49	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=49,SE)
194.58.198.49	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=49,SE)
194.58.33.94	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=94,PL)
194.58.90.120	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=120,RU)
194.58.92.102	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=102,RU)
194.58.97.115	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=115,RU)
194.58.98.215	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=215,RU)
194.59.165.21	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=21,DE)
194.59.248.202	24	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:30	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - 6HR Web Attack (IP=202,RO)
194.61.233.110	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:45	HIVE Case #7769 CTO 22-165 (IP=110,UA)
194.61.24.124	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
194.61.24.169	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
194.61.30.90	32	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:35	SIPVicious Security Scanner - IPS Events (IP=90,US)
194.63.140.42	32	DT	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	Possible SQLi attempt - TT# 22C00127 (IP=42,RU)
194.67.104.232	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=232,RU)
194.67.108.0	22	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=0,RU)
194.67.108.168	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=168,RU)
194.67.109.14	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=14,RU)
194.67.110.89	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=89,RU)
194.67.110.89	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=89,RU)
194.67.111.121	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=121,RU)
194.67.112.0	23	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=0,RU)
194.67.112.201	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=201,RU)
194.67.113.120	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=120,RU)
194.67.113.120	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=120,RU)
194.67.116.180	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=180,RU)
194.67.116.31	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=31,RU)
194.67.71.125	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:20	HIVE Case #7894 CTO 22-187 (IP=125,RU)
194.67.71.147	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:20	HIVE Case #7894 CTO 22-187 (IP=147,RU)
194.67.71.4	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=4,RU)
194.67.71.4	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=4,RU)
194.67.78.128	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=128,RU)
194.67.86.167	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=167,RU)
194.67.87.136	32	RB	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 22:50:13	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01430 (IP=136,RU)
194.67.87.29	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=29,RU)
194.67.90.15	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=15,RU)
194.67.92.215	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=215,RU)
194.67.93.85	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=85,RU)
194.71.64.29	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:58	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=29,SW)
194.75.213.143	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=143,GB)
194.76.16.131	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:24	SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt - SourceFire (IP=131,GB)
194.76.225.61	24	KH	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	Malicious IP HIVE Case 6498 (IP=61,NL)
194.76.227.45	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:08	HIVE Case #7627 CTO 22-140 (IP=45,EE)
194.78.181.242	24	RR	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 14:56:23	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=242,BE)
194.79.60.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
194.85.61.76	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=76,RU)
194.87.112.170	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=170,CZ)
194.87.116.245	24	NAB	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=245,CZ)
194.87.148.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
194.87.34.34	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=34,BR)
194.87.39.248	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=248,MX)
194.87.69.214	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=214,RU)
194.87.70.14	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:01	HIVE Case #7904 CTO 22-189 (IP=14,RU)
194.87.75.171	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=171,MX)
194.87.83.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	RU TO-S-2021-1117 DOS-DDOS Activity
194.87.84.136	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:48	HIVE Case #7904 CTO 22-189 (IP=136,US)
194.87.84.137	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:49	HIVE Case #7904 CTO 22-189 (IP=137,US)
194.87.84.139	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:49	HIVE Case #7904 CTO 22-189 (IP=139,US)
194.9.172.107	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:32	HIVE Case #7535 TO-S-2022-0176 (IP=107,FR)
195.114.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
195.12.160.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LT TO-S-2021-1117 DOS-DDOS Activity
195.122.70.234	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
195.123.214.104	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=104,LV)
195.123.220.222	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:20	HIVE Case #7653 CTO 22-144 (IP=222,NL)
195.123.221.194	32	AS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 16:28:54	HIVE Case #7940 CTO 22-196 (IP=194,NL)
195.123.227.138	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:33	HIVE Case #7227 CTO 22-076 (IP=138,BG)
195.123.240.0	21	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:35	HIVE Case #7704 TO-S-2022-0190 (IP=0,US)
195.123.240.173	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:09	HIVE Case #7668 CTO 22-146 (IP=173,US)
195.123.240.219	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=219,US)
195.123.240.98	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=98,US)
195.123.241.30	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=30,US)
195.123.242.119	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:36	HIVE Case #7088 CTO 22-056 (IP=119,US)
195.123.244.205	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=205,CZ)
195.123.246.182	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=182,CZ)
195.128.102.4	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
195.130.132.22	24	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:00	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (1:39406:3) - SourceFire (IP=22,BE)
195.130.136.242	24	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:45	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (1:39406:3) - SourceFire (IP=242,BE)
195.133.18.197	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=197,CZ)
195.133.18.240	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:21	HIVE Case #7495 CTO 22-120 (IP=240,CZ)
195.133.27.68	24	RB	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=27,AR)
195.133.38.211	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=211,NL)
195.133.40.242	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=242,CZ)
195.133.47.13	24	BMP	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	Hive Case 6689 CMS Notified Report (IP=24,DE)
195.133.81.13	24	JP	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:58	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=13,FR)
195.136.205.66	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
195.136.231.194	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
195.136.27.246	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
195.137.185.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.137.227.206	24	WR	None	2021-12-25 00:00:00	2022-03-25 00:00:00	None	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - Source Fire (IP=206,UA)
195.138.249.13	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=13,CZ)
195.140.100.249	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=249,DE)
195.140.144.0	22	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=0,RU)
195.140.146.128	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=128,RU)
195.140.160.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
195.140.202.142	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
195.144.11.124	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=124,FR)
195.144.21.159	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=159,AT)
195.145.232.30	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
195.154.119.181	24	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 181, FR)
195.154.200.146	24	SW	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:50	SIPVicious Security Scanner - IPS Events (IP=146,FR)
195.154.200.173	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:03	SIPVicious Security Scanner - FE IPS (IP=173,FR)
195.154.200.173	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:03	SIPVicious Security Scanner - FE IPS (IP=173,FR) SIPVicious Security Scanner - FE IPS (IP=173,FR)
195.154.227.110	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:03	SIPVicious Security Scanner - CMS IPS Events (IP=110,FR) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=110,FR) SIPVicious Security Scanner - FE IPS (IP=110,FR)
195.154.227.110	24	ZH	None	2022-05-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:03	SIPVicious Security Scanner - CMS IPS Events (IP=110,FR) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=110,FR) SIPVicious Security Scanner - FE IPS (IP=110,FR)
195.154.253.118	24	SW	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-28 16:36:36	SIPVicious Security Scanner - IPS Events (IP=118,FR)
195.154.255.211	32	srm	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:14	HIVE Case #8008 IOC_Cyber National Mission Force discloses IOCs from Ukrainian networks (IP=211,FR)
195.154.36.21	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:09	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=21,FR)
195.155.209.64	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
195.155.246.87	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
195.158.199.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.158.3.162	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:50	HIVE Case #7308 CTO 22-090 (IP=162,UZ)
195.158.67.252	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:52	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=252,MT)
195.158.79.29	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MT TO-S-2021-1050 Hive Case 4821 Malware Activity
195.159.90.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NO TO-S-2021-1037 Hive Case 4785 Malware Activity
195.168.210.21	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
195.168.49.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
195.170.172.247	24	AR	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-25 13:54:55	Backdoor.Meterpreter - FE CMS (IP=247,NL)
195.171.217.74	24	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Sourcefire Rpt (IP=74,GB)
195.171.28.9	24	RR	None	2019-06-30 00:00:00	2022-05-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=9,GB) | updated by CR with reason UNK - TT# 19C03191 (IP=9,US) | updated by DT Block was inactive. Reactivated on 20220202 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Source Fire (IP=9,GB)
195.174.110.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
195.175.84.174	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	TR TO-S-2021-1143 Malware Activity
195.176.3.19	24	DT	None	2020-07-16 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=19,CH) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=19,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=19,CH)
195.176.3.19	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=19,CH) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=19,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=19,CH)
195.176.3.20	24	RB	None	2019-07-01 00:00:00	2022-05-18 00:00:00	None	FireEye Network SmartVision - CVE-2019-0708 (IP=20,CH) | updated by GM with reason Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - 20C00656 (IP=20,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=20,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=20,CH)
195.176.3.20	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	FireEye Network SmartVision - CVE-2019-0708 (IP=20,CH) | updated by GM with reason Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - 20C00656 (IP=20,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=20,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=20,CH)
195.176.3.23	24	DT	None	2020-07-16 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=23,CH) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=23,CH)
195.178.120.159	32	RR	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 18:08:53	DT/SQL Attempts - IR# 22C01854 (IP=159,NL)
195.178.120.56	32	JP	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-23 13:58:34	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=56,US)
195.181.168.182	32	AR	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	SQL injection - 6Hr Web Attacks (IP=182,US)
195.181.170.244	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 unknown activity
195.181.170.74	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=74,DE)
195.181.174.229	24	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:49	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=229,DE)
195.181.211.165	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-16 13:49:20	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR#: 22C01260 (IP=165,CZ)
195.181.240.0	21	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,LT)
195.181.56.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
195.182.76.10	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=10,LT)
195.185.159.176	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=176,DE)
195.189.218.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
195.189.96.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,LT)
195.189.96.0	22	dbc	None	2018-12-18 06:00:00	2022-03-17 00:00:00	None	LT TO-S-2019-0249 Malware Activity | updated by TLM Block was inactive. Reactivated on 20210917 with reason HIVE Case #6198 TO-S-2021-1556 (IP=0,LT)
195.19.192.26	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=26,RU)
195.19.192.49	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:29	HIVE Case #7432 CTO 22-110 (IP=49,RU)
195.190.96.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
195.191.220.254	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=254,RU)
195.191.220.254	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=254,RU)
195.191.220.254	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=254,RU)
195.191.221.2	24	KD	None	2021-12-13 00:00:00	2022-05-19 00:00:00	2022-08-09 18:49:32	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=2,RU) | updated by DT Block was inactive. Reactivated on 20220218 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=2,RU)
195.198.170.218	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SE TO-S-2021-1117 DOS-DDOS Activity
195.20.48.228	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
195.20.49.114	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=114,NL)
195.20.49.175	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=175,NL)
195.20.50.130	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=130,NL)
195.20.50.38	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
195.201.160.68	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=68,DE)
195.201.199.99	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 14:40:44	HIVE Case #7190 CTO 22-070 (IP=99,DE)
195.204.130.84	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NO TO-S-2021-1050 Hive Case 4821 Malware Activity
195.205.161.70	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
195.205.161.80	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
195.206.105.217	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:40	CH TO-S-2020-0298 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20210504 with reason HIVE Case #5344 TO-S-21-1245 (IP=217,CH) HIVE Case #5344 TO-S-21-1245 (IP=217,CH) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=217,CH) HIVE Case #7894 CTO 22-187 (IP=217,CH)
195.206.105.217	32	NAB	None	2021-05-04 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:40	CH TO-S-2020-0298 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20210504 with reason HIVE Case #5344 TO-S-21-1245 (IP=217,CH) HIVE Case #5344 TO-S-21-1245 (IP=217,CH) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=217,CH) HIVE Case #7894 CTO 22-187 (IP=217,CH)
195.206.105.217	32	dbc	None	2020-02-14 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:40	CH TO-S-2020-0298 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20210504 with reason HIVE Case #5344 TO-S-21-1245 (IP=217,CH) HIVE Case #5344 TO-S-21-1245 (IP=217,CH) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=217,CH) HIVE Case #7894 CTO 22-187 (IP=217,CH)
195.206.105.217	24	RB	None	2021-05-15 00:00:00	2022-05-18 00:00:00	None	SQL injection - 6hr web attacks (IP=217,CH) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=217,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=217,CH)
195.206.105.217	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SQL injection - 6hr web attacks (IP=217,CH) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=217,CH) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=217,CH)
195.206.181.169	24	EE	None	2021-06-29 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:57	HIVE Case #5669 IOC_ Nobelium (IP=169,GB) | updated by EE Block was inactive. Reactivated on 20220506 with reason HIVE Case #7532 IOC_SOLARDEFLECTION C2 (IP=169,GB)
195.210.169.98	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:48	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=98,RU)
195.211.160.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
195.211.62.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.214.162.155	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
195.216.206.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.22.224.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MD TO-S-2021-1117 DOS-DDOS Activity
195.222.32.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BA TO-S-2021-1050 Hive Case 4821 Malware Activity
195.225.169.251	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:38	HIVE Case #8395 TO-S-2022-0233 (IP=251,IT)
195.225.198.198	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
195.226.81.133	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=133,DE)
195.230.113.187	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
195.230.113.226	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
195.230.113.236	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
195.230.23.19	24	EE	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:14	HIVE Case #7389 IOC_Sandworm_Group_(UAC-0082) (IP=19,FI)
195.230.31.233	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
195.234.236.36	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=36,BG)
195.234.76.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.235.181.235	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
195.238.75.109	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=109,NL)
195.239.51.115	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=115,RU)
195.239.51.55	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:29	HIVE Case #7714 CTO 22-154 (IP=55,RU)
195.24.68.9	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-18 13:23:53	HIVE Case #7595 CTO 22-134 (IP=9,RU)
195.242.11.71	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=71,RU)
195.242.110.132	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=132,BZ)
195.242.110.139	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=139,BZ)
195.242.110.240	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=240,BZ)
195.242.110.32	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=32,BZ)
195.242.110.6	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:50:54	Possible SQLi attempt - 22C01131 (IP=6,BZ)
195.244.21.64	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=64,FR)
195.245.120.133	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=133,UA)
195.246.120.108	32	SW	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 22C00943(IP=108,SE)
195.246.250.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	OM TO-S-2021-1050 Hive Case 4821 Malware Activity
195.248.160.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.248.240.108	24	DT	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SQL injection - Web Attacks (IP=108,DE)
195.248.243.174	24	KD	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - Sourcefire (IP=174,DE) | updated by KD Block expiration extended with reason Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE) Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE)
195.248.243.174	24	KD	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE)
195.248.243.174	24	KD	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE)
195.248.243.174	24	KD	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE)
195.248.243.174	24	KD	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE)
195.248.243.174	24	RW	None	2021-11-26 00:00:00	2022-03-29 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - Sourcefire (IP=174,DE) | updated by KD Block expiration extended with reason Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE) Self Report / Directory traversal Attempts- TT# 22C00744 (IP=174,DE)
195.250.128.2	24	KD	None	2021-12-13 00:00:00	2022-05-19 00:00:00	2022-08-09 18:49:33	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=2,CZ) | updated by DT Block was inactive. Reactivated on 20220218 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=2,CZ)
195.250.136.2	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=2,CZ)
195.251.41.139	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=139,GR)
195.253.66.15	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:54	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=15,DE)
195.254.134.194	24	GM	None	2020-07-15 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=194,RO) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=194,RO)
195.254.135.76	32	DT	None	2021-03-14 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=76,RO) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=76,RO)
195.29.178.14	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=14,HR)
195.29.77.9	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HR TO-S-2021-1117 DOS-DDOS Activity
195.3.156.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	UA TO-S-2021-1081 Hive Case 4872 Malware Activity
195.3.168.237	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SK TO-S-2021-1050 Hive Case 4821 Malware Activity
195.3.221.30	24	NAB	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:18	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=30,PL)
195.32.74.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
195.37.190.88	24	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	MALWARE-TOOLS TLS-Attacker tool connection attempt - known SSL client random - Web Attacks (IP=88,DE)
195.37.209.9	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=9,DE)
195.39.233.29	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=29,UA)
195.42.121.26	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
195.5.108.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
195.5.243.58	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
195.50.152.42	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
195.53.115.179	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
195.54.160.149	24	WR	None	2021-12-25 00:00:00	2022-03-25 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=149,RU) | updated by WR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,RU) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,RU)
195.54.160.149	24	NAB	None	2021-12-16 00:00:00	2022-03-25 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=149,RU) | updated by WR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,RU) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,RU)
195.54.160.149	24	RB	None	2021-12-16 00:00:00	2022-03-25 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=149,RU) | updated by WR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,RU) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,RU)
195.55.255.74	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ES TO-S-2021-1081 Hive Case 4872 Malware Activity
195.58.39.83	24	TH	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner- IPS Alerts (IP=83,DE)
195.60.143.183	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
195.60.174.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.62.12.210	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=210,PL)
195.62.162.117	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=117,IT)
195.62.32.240	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=240,DE)
195.62.46.47	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
195.62.46.6	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=6,DE)
195.62.46.63	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=63,DE)
195.62.52.32	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=32,RU)
195.62.53.63	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=63,RU)
195.62.53.63	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=63,RU)
195.64.162.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
195.66.204.102	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:28	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=1-2,UA)
195.68.72.122	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
195.69.165.149	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	BG TO-S-2021-1156 Malicious Email Activity
195.77.239.39	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:33	HIVE Case #7535 TO-S-2022-0176 (IP=39,ES)
195.78.100.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.78.244.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
195.78.66.229	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=229,PL)
195.8.197.216	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
195.8.48.205	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=205,ES)
195.80.130.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
195.80.151.46	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:49	HIVE Case #7325 CTO 22-091 (IP=46,BG)
195.80.151.51	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=51,BG)
195.80.151.59	24	TLM	None	2022-04-19 00:00:00	2022-10-19 00:00:00	2022-04-20 12:44:26	HIVE Case #7424 CTO 22-109 (IP=59,BG)
195.80.177.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
195.80.187.82	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
195.83.155.16	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:35	High Severity IDS Event - ArcSight (IP=16,FR)
195.87.73.176	24	RT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:07	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=176,TR)
195.88.178.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
195.88.62.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
195.95.228.0	23	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,RO)
195.96.137.5	24	AR	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 13:55:50	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=5,NL)
195.97.212.20	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=20,GB)
195.98.80.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
196.0.18.54	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:51	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - Sourcefire (IP=54,UG)
196.1.182.154	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NE TO-S-2021-1050 Hive Case 4821 Malware Activity
196.1.97.204	24	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:03	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=204,SN)
196.121.7.202	24	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SQL injection - 6hr Web Attacks (IP=202,MA)
196.13.169.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ZA TO-S-2021-1117 DOS-DDOS Activity
196.157.100.0	23	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,EG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,EG)
196.179.252.28	24	KD	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=28,TN)
196.19.181.114	32	RW	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	Self Report/Cold Fusion Errors - TT# 22C00165 (IP=114,US)
196.190.0.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ET)
196.190.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ET TO-S-2021-1037 Hive Case 4785 Malware Activity
196.196.150.38	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=38,ES)
196.196.41.68	32	NAB	None	2021-12-23 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=68,US) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=68,US)
196.196.56.140	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=140,JP) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=140,JP)
196.200.111.5	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=5,ER)
196.202.182.114	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-02 12:29:07	HIVE Case #7494 CTO 22-119 (IP=114,KE)
196.202.182.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KE TO-S-2021-1050 Hive Case 4821 Malware Activity
196.202.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KE TO-S-2021-1117 DOS-DDOS Activity
196.203.11.89	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=89,TN)
196.207.202.49	24	SW	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=49, SN)
196.221.149.124	24	AR	None	2021-10-31 00:00:00	2022-01-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attack (IP=124,EG)
196.223.152.0	21	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SD TO-S-2021-1081 Hive Case 4872 Malware Activity
196.226.132.133	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TN TO-S-2021-1050 Hive Case 4821 Malware Activity
196.245.54.142	24	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:06	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=142,ES)
196.250.179.16	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LR TO-S-2021-1050 Hive Case 4821 Malware Activity
196.27.78.213	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MU TO-S-2021-1050 Hive Case 4821 Malware Activity
196.37.111.115	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
196.41.224.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DZ TO-S-2021-1117 DOS-DDOS Activity
196.41.32.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TZ TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
196.41.57.46	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:06	HIVE Case #7133 CTO 22-062 (IP=46,TZ)
196.43.240.177	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=177,CG)
196.44.183.33	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZW TO-S-2021-1050 Hive Case 4821 Malware Activity
196.46.190.27	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:57	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=27,EG)
196.50.223.66	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ZA TO-S-2021-1117 DOS-DDOS Activity
196.50.240.154	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ZA TO-S-2021-1117 DOS-DDOS Activity
196.61.108.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
196.77.1.69	24	RT	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:32	SQL injection - 6HR Web Attack (IP=69,MA)
196.82.79.112	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:10	Hive Case # 7440 (IP=112,MA)
196.86.90.52	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:09	Hive Case # 7440 (IP=52,MA)
197.149.94.146	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NE TO-S-2021-1050 Hive Case 4821 Malware Activity
197.157.20.222	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UG TO-S-2021-1117 DOS-DDOS Activity
197.159.136.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GH TO-S-2021-1050 Hive Case 4821 Malware Activity
197.164.169.67	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:10	SQL injection - 6HR WebAttacks (IP=67,EG)
197.210.55.119	24	KD	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Sourcefire(IP=119,NG)
197.211.39.22	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NE TO-S-2021-1050 Hive Case 4821 Malware Activity
197.221.80.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GH TO-S-2021-1050 Hive Case 4821 Malware Activity
197.221.89.70	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GH TO-S-2021-1050 Hive Case 4821 Malware Activity
197.231.192.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BW TO-S-2021-1037 Hive Case 4785 Malware Activity
197.232.139.172	32	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:56:54	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR# None (IP=172,KE)
197.234.242.31	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:00	HIVE Case #7458 CTO 22-113 (IP=31,ZA)
197.243.16.50	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RW TO-S-2021-1050 Hive Case 4821 Malware Activity
197.243.18.66	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=66,RW)
197.245.16.41	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
197.245.206.253	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=253,ZA) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=253,ZA)
197.246.175.162	24	TH	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-09 13:47:55	F5 BIG-IP CVE-2022-1388 Remote Code Execution - FE CMS IPS Events (IP=162,EG)
197.246.239.177	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	EG TO-S-2021-1050 Hive Case 4821 Malware Activity
197.246.247.84	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=84,EG)
197.248.147.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KE TO-S-2021-1117 DOS-DDOS Activity
197.248.5.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
197.252.202.178	24	ZH	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability IR#22C00932 (IP=SD)
197.255.160.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NE TO-S-2021-1117 DOS-DDOS Activity
197.255.208.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NE TO-S-2021-1037 Hive Case 4785 Malware Activity
197.255.240.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
197.34.211.214	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:11	Generic URI Injection wget Attempt - IPS Events (IP=214,EG)
197.35.75.251	32	RB	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00205 (IP=251,EG)
197.36.72.240	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:03	SERVER-WEBAPP rConfig snippets SQL injection attempt (1:59329:1) - SourceFire (IP=240,EG)
197.38.93.236	24	ZH	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire Rpt (IP=236,EG)
197.38.93.236	24	ZH	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire Rpt (IP=236,EG)
197.51.205.211	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:46	SIPVicious Security Scanner - IPS Events (IP=211,EG)
197.54.182.217	24	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:55:01	SQL injection - 6hr Web Attacks (IP=217,EG)
197.58.30.46	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:03	SQL Injection - 6hr Web Attacks (IP=46,EG)
197.58.88.76	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:49	Cross-site Scripting Attack - IPS Events (IP=76,EG)
197.58.88.76	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:55	Cross-site Scripting Attack - IPS Events (IP=76,EG)
197.60.64.152	24	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6HR Web Attack (IP=152,EG)
197.89.144.207	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:50	HIVE Case #7199 CTO 22-074 (IP=207,ZA)
197.95.149.190	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
198.1.124.190	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=190,US)
198.1.84.156	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
198.100.159.141	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=141,CA) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=141,CA) HIVE Case #5968 TO-S-2021-1276 (IP=141,CA)
198.100.159.141	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=141,CA) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=141,CA) HIVE Case #5968 TO-S-2021-1276 (IP=141,CA)
198.102.9.69	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=69,US)
198.12.116.204	32	RB	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	Self-Report / ColdFusion Error Report - TT# 22C00312 (IP=204,US)
198.12.116.254	32	WR	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 14:45:04	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - SourceFire (IP=254,US)
198.12.121.169	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=169,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=169,US)
198.12.121.177	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=177,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=177,US)
198.12.121.86	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
198.12.127.199	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:40	HIVE Case #7189 CTO 22-068.1 (IP=199,US)
198.12.152.228	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=228,US)
198.12.158.38	32	GM	None	2021-04-23 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:04	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=38,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=38,US) | updated by SW Block was inactive. Reactivated on 20210830 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01670 (IP=38,US) | updated by SW Block was inactive. Reactivated on 20220228 with reason HTTP: PHPUnit Remote Code Execution - IR# 22C00971(IP=38,US) | updated by SW Block was inactive. Reactivated on 20220705 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01554(IP=38,US) | updated by KH Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 23C01987 (IP=38,US)
198.12.210.179	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
198.12.220.81	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
198.12.225.223	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
198.12.225.245	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=245,US)
198.12.226.7	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.12.229.126	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=126,US)
198.12.246.100	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
198.12.252.255	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=255,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=255,US)
198.12.253.255	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.12.254.0	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,US)
198.12.254.251	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=251,US)
198.12.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
198.12.71.112	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
198.12.81.56	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:40	HIVE Case #7189 CTO 22-068.1 (IP=56,US)
198.13.32.63	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
198.13.37.15	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:08	HIVE Case #7862 CTO 22-176 (IP=15,JP)
198.13.45.227	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:15	HIVE Case #8328 TO-S-2022-0230 (IP=227,JP)
198.13.46.248	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:32	HIVE Case #7458 CTO 22-113 (IP=248,JP)
198.13.56.122	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:40	HIVE Case #7416 CTO 22-106 (IP=122,JP)
198.133.15.74	32	ZH	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - SourceFire Rpt (IP=74,US)
198.134.4.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
198.143.141.14	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=14,US)
198.144.121.43	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=43,US)
198.144.121.93	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:05	HIVE Case #7441 CTO 22-111 (IP=93,US)
198.144.183.12	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=12,US)
198.144.191.144	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=144,US)
198.147.22.148	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:52	HIVE Case #7728 TO-S-2022-0192 (IP=148,US)
198.147.29.195	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
198.147.29.196	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
198.148.118.110	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
198.15.112.149	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
198.151.13.53	32	SA	None	2022-06-09 00:00:00	2022-08-30 00:00:00	2022-06-09 13:26:22	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=53,US) | ns2.saic.com This IP was blocked by mistake. Domain used by SAIC contractors on RITS contract for USACE by TH
198.151.8.69	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:59	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=69,US)
198.154.230.2	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=2,US)
198.154.99.31	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=31,US)
198.16.99.87	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=87,ES)
198.185.159.141	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.185.159.177	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=177,US)
198.187.28.26	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=26,US)
198.187.29.186	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.187.29.6	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
198.187.30.162	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=162,US)
198.187.30.54	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=54,US)
198.187.31.107	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
198.187.31.167	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=167,US)
198.187.31.40	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=40,US)
198.189.225.16	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=16,US)
198.190.55.101	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=101,US)
198.199.121.111	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:37	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=111,US)
198.199.121.15	32	KH	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:22	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - FE IPS (IP=15,US)
198.199.121.178	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:33	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=178,US)
198.199.121.99	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:23	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=99,US)
198.199.64.141	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:18	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=141,US)
198.199.70.163	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:38	SQL injection - Web Attacks (IP=163,US)
198.199.71.170	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:32	HTTP SQL Injection Attempt - Web Attacks (IP=170,US)
198.199.71.244	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:34	SQL injection - Web Attacks (IP=244,US)
198.199.71.81	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:18	SQL injection - 6 Hr Web Report (IP=81,US)
198.199.72.223	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:16	SQL injection - Web Attacks (IP=223,US)
198.199.72.237	32	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:02	SQL injection - Web Attcks (IP=237,US)
198.199.73.156	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:18	SQL injection - 6Hr Web Attacks (IP=156,US)
198.199.75.107	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=107,US)
198.199.76.72	32	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:22	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=72,US)
198.199.77.126	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:23	SQL injection - Web Attacks (IP=126,US)
198.199.77.134	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:18	SQL injection - Web Attacks (IP=134,US)
198.199.77.237	32	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:52	SQL injection - Web Attacks (IP=237,US)
198.199.79.119	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:39	SQL injection - 6Hr Web Attacks (IP=119,US)
198.199.79.63	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:54:25	SQL Injection - 6Hr Web Attacks (IP=63,US)
198.199.80.220	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:27	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=220,US)
198.199.80.243	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:56	SQL injection - WebAttacks (IP=243,US)
198.199.81.13	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:50:33	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=13,US)
198.199.81.227	32	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:59	SQL injection 6 Hr Web Report (IP=227,US)
198.199.82.116	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:17	HTTP: SQL Injection - Exploit - Web Attacks (IP=116,US)
198.199.84.158	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:44	SQL injection - 6HR Web Attacks (IP=158, US)
198.199.86.139	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:49	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire Report (IP=139,US)
198.199.87.124	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:01	SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt (1:49899:1) - SourceFire Report (IP=124,US)
198.199.87.132	32	AR	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00302 (IP=132,US)
198.199.87.25	32	KH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00036 (IP=25,US)
198.199.88.55	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:05	SQL injection - Web Attacks (IP=55,US)
198.199.89.108	32	SW	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:03	File /etc/passwd Access Attempt Detect - IPS Events (IP=108,US)
198.199.89.71	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:14	SERVER-WEBAPP Harbor Project Harbor admin account creation attempt (1:59541:1) - SourceFire (IP=71,US)
198.199.90.82	32	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:10	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=82,US)
198.199.91.116	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:26	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt-Sourcefire (IP=116,US)
198.199.91.234	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=234,US)
198.199.91.73	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:43:59	SQL injection - Web Attacks (IP=73,US)
198.199.98.78	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:34	HIVE Case #7535 TO-S-2022-0176 (IP=78,US)
198.2.209.167	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:21	HIVE Case #7816 TO-S-2022-0202 (IP=167,US)
198.2.209.173	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:21	HIVE Case #7816 TO-S-2022-0202 (IP=173,US)
198.2.209.195	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:22	HIVE Case #7816 TO-S-2022-0202 (IP=195,US)
198.20.103.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
198.20.103.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
198.20.103.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
198.20.69.98	32	sjl	None	2014-12-28 06:00:00	2022-01-11 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=98 US) | updated by ABC with reason ET POLICY Suspicious inbound to m | updated by DT Block was inactive. Reactivated on 20210208 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by RT Block was inactive. Reactivated on 20211013 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 22C00132 (IP=98,US)
198.20.70.114	32	ged	None	2015-01-10 06:00:00	2022-02-08 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=114, US) | updated by ABC with reason ET POLICY Suspicious inbound to mySQ | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity | updated by KH Block was inactive. Reactivated on 20211110 with reason SERVER-IIS Microsoft IIS Range header integer overflow attempt (1:34061:6) - Sourcefire (IP=114,US)
198.20.92.45	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.211.100.217	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:04	SQL injection - 6 Hr Web Report (IP=217,US)
198.211.101.106	32	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:23	SQL Injection - 6Hr Web Attacks (IP=106,US)
198.211.102.248	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:33	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Rpt (IP=248,US)
198.211.103.122	32	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:30	SQL injection- Web Attacks (IP=219,SG)
198.211.104.230	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=230,US)
198.211.104.239	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:12	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=239,US)
198.211.105.172	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:18	SQL injection - Web Attacks (IP=172,US)
198.211.105.72	32	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:18	SQL injection - 6Hr Web Attacks (IP=72,US)
198.211.106.107	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:51	SQL injection - 6hr Web Attacks (IP=107,US)
198.211.106.171	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:23	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - SourceFire (IP=171,US)
198.211.107.135	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:28	HTTP SQL Injection Attempt - WebAttacks (IP=135,US)
198.211.109.123	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:17	SQL injection - Web Attacks (IP=123,US)
198.211.109.152	32	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:46	SQL injection - Web Attacks (IP=152,US)
198.211.109.161	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:13	SQL injection - Web Attacks (IP=135,US)
198.211.110.200	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:52	Artica Web Proxy SQL Injection Vulnerability - 6hr Web Attacks (IP=200,US)
198.211.110.50	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:57	SQL injection - 6hr Web Attacks (IP=50,US)
198.211.112.43	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:58	SQL injection - 6Hr Web Attacks (IP=43,US)
198.211.114.166	32	RR	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:05	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=166,US)
198.211.116.8	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:47	HTTP: PHP File Inclusion Vulnerability - IR# 22C01534 (IP=8,US)
198.211.117.39	32	ZH	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-03 13:44:41	SQL injection - 6 hr web attacks (IP=39,US)
198.211.125.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
198.211.96.207	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:55:03	SQL injection - Web Attacks (IP=207,US)
198.211.96.222	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:53	SQL injection - Web Attacks (IP=222,US)
198.211.97.163	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:23	SQL injection - 6hr web attacks (IP=163,US)
198.211.98.146	32	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:00	WordPress CodePeople Payment Form SQL Injection Vulnerability - WebAttacks (IP=146,US)
198.211.98.50	32	TC	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 13:57:00	SQL injection - 6hr Web Attacks (IP=50,US)
198.211.99.154	32	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:19	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=154,US)
198.23.172.235	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=235,US)
198.23.212.137	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=137,US)
198.23.239.140	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=140,US)
198.23.48.142	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=142,US)
198.23.48.96	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
198.23.59.221	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=221,US)
198.237.114.188	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
198.24.149.109	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=109,US)
198.244.135.248	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:24	HIVE Case #7115 CTO 22-060 (IP=248,FR)
198.244.146.110	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:25	HIVE Case #7115 CTO 22-060 (IP=110,FR)
198.244.212.132	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:22	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=132,GB)
198.244.213.30	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:45	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=30,GB)
198.251.70.24	32	ZH	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 23:01:46	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire (IP=24,US)
198.251.78.98	32	ZH	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 23:01:47	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire (IP=98,US)
198.252.100.176	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.37.103.151	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:39	HIVE Case #7380 CTO 22-099 (IP=151,US)
198.38.82.163	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=163,US)
198.38.82.168	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=168,US)
198.38.82.73	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=73,US)
198.38.82.78	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=78,US)
198.39.105.23	24	DT	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt ) - Source Fire (IP=23,GB)
198.41.30.198	24	DT	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	FILE-OTHER ZIP file name overflow attempt (1:21484:19) - Source Fire (IP=198,CA)
198.44.163.53	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=53,US)
198.46.189.105	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:15	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=105,US)
198.46.190.139	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:24	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=139, US)
198.46.238.116	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=116,US)
198.46.81.194	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=194,US)
198.46.81.194	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=194,US)
198.46.81.3	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=3,US)
198.46.87.143	32	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Report (IP=143,US)
198.49.23.176	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=176,US)
198.49.71.242	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malware Activity
198.50.130.14	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	CA TO-S-2021-1143 Malicious Email Activity
198.50.187.46	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.50.191.95	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=95,CA)
198.50.252.65	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=65,CA)
198.51.233.2	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=2,US)
198.54.114.129	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=129,US)
198.54.114.138	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.54.114.160	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=160,US)
198.54.114.164	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=164,US)
198.54.114.194	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
198.54.114.241	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=241,US)
198.54.115.106	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=106,US)
198.54.115.19	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=19,US)
198.54.115.198	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=198,US)
198.54.115.224	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
198.54.115.236	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=236,US)
198.54.115.66	32	wmp	None	2020-07-10 00:00:00	2022-02-05 00:00:00	None	HIVE Case #3269 COLS-NA-TIP-20-0206 (IP=66,US) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=66,US)
198.54.116.108	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=108,US)
198.54.116.132	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
198.54.116.153	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=153,US)
198.54.116.189	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=189,US)
198.54.116.197	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
198.54.116.236	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=236,US)
198.54.116.67	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=67,US)
198.54.116.9	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=9,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=9,US)
198.54.119.161	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=161,US)
198.54.120.135	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=135,US)
198.54.120.145	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
198.54.120.150	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
198.54.120.151	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
198.54.120.175	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
198.54.120.23	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=23,US)
198.54.120.24	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=24,US)
198.54.120.8	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=8,US)
198.54.121.180	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
198.54.123.209	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=209,US)
198.54.125.152	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
198.54.125.252	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=252,US)
198.54.126.113	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=113,US)
198.54.126.154	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
198.54.126.18	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=18,US)
198.54.126.233	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
198.54.126.77	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=77,US)
198.54.128.229	32	RB	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	Self-Report / ColdFusion Error Report - TT# 22C00313 (IP=229,US)
198.54.133.43	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:01	Masscan TCP Port Scanner - FE CMS IPS Events (IP=43,US)
198.54.133.44	32	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 13:50:59	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=44,US)
198.55.106.77	32	TLM	None	2022-09-01 00:00:00	2022-12-01 00:00:00	2022-09-02 21:05:04	HIVE Case #8225 COLS-NA-TIP 22-0305 (IP=77,US)
198.55.30.174	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=174,TR)
198.56.233.241	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:22	HIVE Case #7816 TO-S-2022-0202 (IP=241,US)
198.58.102.175	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 23:23:58	SQL injection - 6 Hr Web Report (IP=175,US)
198.58.104.209	32	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=209,US)
198.58.112.4	32	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=4,US)
198.58.113.43	32	RS	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:28	SIPVicious Security Scanner - IPS Events (IP=43,US)
198.58.114.246	32	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	Malicious IPS - HIVE Case 6711 (IP=246,US)
198.58.98.214	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:53	SQL injection - WebAttacks (IP=214,US)
198.58.99.226	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
198.71.233.106	32	NAB	None	2021-01-07 00:00:00	2022-01-01 00:00:00	None	HIVE Case #NA FP Security (IP=106,US) | updated by NAB Block expiration extended with reason HIVE Case #NA FP Security (IP=106,US) | updated by TLM Block was inactive. Reactivated on 20210701 with reason HIVE Case #5735 TO-S-2021-1379 (IP=106,US)
198.71.233.109	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
198.71.233.181	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=181,US)
198.71.233.184	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
198.71.233.187	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=187,US)
198.71.233.206	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:40	HIVE Case #8395 TO-S-2022-0233 (IP=206,US)
198.71.233.227	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
198.71.233.38	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:15:14	Phish.LIVE.DTI.URL Case # 7675(IP=38,US)
198.71.48.133	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=133,US)
198.71.49.24	32	KD	None	2021-10-31 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:30	SERVER OTHER Adobe ColdFusion unauthenticated file upload attempt - SourceFire (IP=24,US) | updated by SW Block was inactive. Reactivated on 20220315 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire (IP=24,US)
198.74.52.171	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=171,US)
198.96.155.3	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=3,CA)
198.98.48.181	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malware Activity
198.98.49.19	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:51	SIPVicious Security Scanner - FE IPS Events (IP=19,US)
198.98.49.20	32	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:27	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=20,US)
198.98.50.161	32	NAB	None	2022-03-08 00:00:00	2022-06-06 00:00:00	2022-03-08 18:08:49	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=161,US)
198.98.50.201	32	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=201,US)
198.98.51.31	32	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:18	SSH2 Failed Login Attempt- 6 hour failed Login(IP=201,US)
198.98.52.213	32	SW	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=213,US)
198.98.52.89	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=89,US)
198.98.53.25	32	NAB	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=25,US)
198.98.56.151	32	ZH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=151,US)
198.98.57.217	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malware Activity
198.98.57.24	32	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:32	SSH2 Failed Login Attempt- 6 hr Failed Logons (IP=24,US)
198.98.57.91	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:17	HIVE Case #7669 TO-S-2022-0187 (IP=91,US)
198.98.59.176	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=176,US)
198.98.61.124	32	KH	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=124,US)
198.98.62.145	32	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP F5 iControl REST interface ssrf attempt - Web Attacks (IP=145,US)
199.10.68.85	32	RR	None	2018-07-04 05:00:00	2022-08-06 00:00:00	2022-05-08 12:51:37	DO NOT BLOCK (Defense Automatic Addressing System (DAAS) EC/EDI Support ). Was blocked as INDICATOR-SCAN SSH brute force login a | updated by RWB Block was inactive. Reactivated on 20191028 with reason Misc Activity - INDICATOR-SCAN SSH brute force login | updated by RR Block was inactive. Reactivated on 20220508 with reason INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=85,US)
199.101.184.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
199.101.184.190	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=190,US)
199.101.185.110	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=110,US)
199.101.185.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
199.101.185.62	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=62,US)
199.116.254.197	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=197,US)
199.127.60.104	32	KH	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=104,US)
199.127.60.15	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=15,US)
199.127.60.227	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=227,US)
199.127.60.23	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=23,US)
199.127.60.32	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=32,US)
199.127.60.67	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=67,US)
199.127.61.113	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=113,US)
199.127.61.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,US)
199.127.61.15	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=15,US)
199.127.61.166	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=166,US)
199.127.61.167	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=167,US)
199.127.61.194	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=194,US)
199.127.61.201	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=201,US)
199.127.61.22	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=22,US)
199.127.61.74	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=74,US)
199.127.61.95	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=95,US)
199.127.62.108	32	NAB	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=108,US)
199.127.62.132	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=132,US)
199.167.201.202	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=202,US)
199.168.112.175	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:24	HIVE Case #7894 CTO 22-187 (IP=175,US)
199.168.185.154	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
199.168.190.42	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=42,US)
199.168.243.193	32	MLJ	None	2017-04-12 05:00:00	2022-06-01 00:00:00	2022-03-04 14:43:02	ET SCAN Potential VNC Scan 5800-5820 (IP=193,US) | updated by RT Block was inactive. Reactivated on 20220303 with reason SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt - Sourcefire Report (IP=193,US)
199.168.243.194	32	MLJ	None	2017-04-24 05:00:00	2022-05-12 00:00:00	None	ET SCAN Potential VNC Scan 5800-5820 (IP=194,US) | updated by RT Block was inactive. Reactivated on 20220211 with reason SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (1:32997:6) - Sourcefire Report (IP=194,US)
199.168.243.196	32	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt - Sourcefire Report (IP=196,US)
199.175.16.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
199.185.138.35	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
199.187.127.200	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
199.188.200.146	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
199.188.200.15	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=15,US)
199.188.200.157	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=157,US)
199.188.200.94	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
199.188.201.173	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=173,US)
199.188.201.204	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=204,US)
199.188.201.229	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
199.188.201.34	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
199.188.201.88	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
199.188.203.136	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
199.188.205.62	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=62,US)
199.188.206.63	32	dbc	None	2020-11-03 00:00:00	2022-05-09 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity | updated by ZH Block was inactive. Reactivated on 20220208 with reason Phishing SIP HIVE Case # 6942 (IP=63,US)
199.188.206.68	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
199.188.206.83	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
199.191.50.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
199.191.50.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
199.191.56.170	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=170,US)
199.191.56.94	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=94,US)
199.191.59.38	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=38,US)
199.192.19.141	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=141,US)
199.192.19.224	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
199.192.21.143	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=143,US)
199.192.24.29	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=29,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=29,US)
199.192.29.119	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
199.192.29.4	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=4,US)
199.192.30.17	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=17,US)
199.193.115.212	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=212,US)
199.195.250.77	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=77,US)
199.195.251.190	32	JP	None	2022-09-02 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:39	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=190,US) | updated by RR Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=190,US)
199.195.251.198	32	ZH	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 22:51:03	40693: UDP: Realtek Jungle SDK IR#22C01950 (IP=198,US)
199.195.251.243	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:36:37	Attempted Access - Inbound Brute Force - IR # 22C01193 (IP=243,US)
199.195.251.73	32	WR	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP Multiple products invalid HTTP request attempt - WebAttacks (IP=73,US)
199.195.252.30	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:17	HIVE Case #7669 TO-S-2022-0187 (IP=30,US)
199.195.253.156	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:24	HIVE Case #7894 CTO 22-187 (IP=156,US)
199.195.254.17	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:18	HIVE Case #7669 TO-S-2022-0187 (IP=17,US)
199.204.248.105	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
199.204.248.138	32	wmp	None	2017-02-10 06:00:00	2022-03-04 00:00:00	None	Vawtrak.Malware.IOC (IP=138,US) | updated by dbc Block was inactive. Reactivated on 20210304 with reason US TO-S-2021-1143 Malicious Email Activity
199.204.251.55	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
199.21.113.68	32	SW	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-11 13:46:51	HTTP: PHP File Inclusion Vulnerability - IR#22C01357 (IP=68,US)
199.21.113.77	32	AR	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-28 13:57:30	HTTP: PHP File Inclusion Vulnerability - IR# 22C01878 (IP=77,US)
199.21.76.81	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:31	HIVE Case #7404 CTO 22-105 (IP=81,US)
199.212.57.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
199.217.116.38	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=38,US)
199.223.115.137	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
199.223.115.223	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
199.223.28.220	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=220,US)
199.229.250.110	32	TH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:55	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=110,US)
199.229.250.114	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:07	Infection Match (blocked)- FIREEYE Web(IP=114,US)
199.241.184.2	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=2,US)
199.241.187.126	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=126,US)
199.247.1.215	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=215,DE)
199.247.15.16	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
199.247.23.87	24	BMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=87,DE)
199.247.8.38	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:51	HIVE Case #7104 TO-S-2022-0138 (IP=38,FR)
199.249.230.100	32	RB	None	2019-07-01 00:00:00	2022-05-16 00:00:00	None	FireEye Network SmartVision - CVE-2019-0708 (IP=100,US) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=100,US)
199.249.230.101	32	dbc	None	2020-12-18 00:00:00	2022-05-18 00:00:00	None	US TO-S-2021-1007 Malware Activity | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=101,US)
199.249.230.102	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=102,US)
199.249.230.103	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=103,US)
199.249.230.104	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=104,US)
199.249.230.105	32	GM	None	2019-10-27 00:00:00	2022-05-18 00:00:00	None	RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - 20C00647 (IP=105,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=105,US)
199.249.230.106	32	CR	None	2019-05-13 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability_CIRT Web Attacks - Prior 6 hours (IP=106,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=106,US)
199.249.230.107	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=107,US)
199.249.230.108	32	GM	None	2019-10-29 00:00:00	2022-05-18 00:00:00	None	Possible Cyber Attack - 20C00710 (IP=108,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=108,US)
199.249.230.109	32	dbc	None	2020-03-04 00:00:00	2022-05-18 00:00:00	None	US TO-S-2020-0331 Malware Activity | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=109,US)
199.249.230.110	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=110,US)
199.249.230.111	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=111,US)
199.249.230.112	32	RR	None	2019-10-27 00:00:00	2022-05-18 00:00:00	None	Possible SQLi attempt - TT# 20C00665 (IP=112,US) | updated by dbc Block was inactive. Reactivated on 20200304 with reason US TO-S-2020-0331 Malware Activity | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=112,US)
199.249.230.113	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=113,US)
199.249.230.114	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=114,US)
199.249.230.115	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=115,US)
199.249.230.116	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=116,US)
199.249.230.117	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=117,US)
199.249.230.118	32	RW	None	2020-07-18 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=118,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=118,US)
199.249.230.119	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=119,US)
199.249.230.120	32	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=120,US)
199.249.230.121	32	ZH	None	2021-11-10 00:00:00	2022-05-18 00:00:00	None	SQL injection - 6hr Web Attacks (IP=121,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=121,US)
199.249.230.122	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=122,US)
199.249.230.123	32	dbc	None	2020-12-18 00:00:00	2022-05-18 00:00:00	None	US TO-S-2021-1007 Malware Activity | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=123,US)
199.249.230.163	32	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=163,US)
199.249.230.64	32	GM	None	2019-10-29 00:00:00	2022-05-18 00:00:00	None	Possible Cyber Attack - 20C00710 (IP=64,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=64,US)
199.249.230.65	32	RR	None	2019-10-27 00:00:00	2022-05-18 00:00:00	None	Possible SQLi attempt - TT# 20C00667 (IP=65,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=65,US)
199.249.230.66	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=66,US)
199.249.230.67	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=67,US)
199.249.230.68	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=68,US)
199.249.230.69	32	RWB	None	2019-10-29 00:00:00	2022-05-18 00:00:00	None	Signature: Possible SQLi attempt - TT# 20C00734 (IP=69,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=69,US)
199.249.230.70	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=70,US)
199.249.230.71	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=71,US)
199.249.230.72	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=72,US)
199.249.230.73	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=73,US)
199.249.230.74	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=74,US)
199.249.230.75	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=75,US)
199.249.230.76	32	BMP	None	2020-07-15 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=76,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=76,US)
199.249.230.77	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=77,US)
199.249.230.78	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=78,US)
199.249.230.79	32	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=79,US)
199.249.230.80	32	RB	None	2019-07-01 00:00:00	2022-05-18 00:00:00	None	FireEye Network SmartVision - CVE-2019-0708 (IP=80,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=80,US)
199.249.230.81	32	ZH	None	2021-11-10 00:00:00	2022-05-18 00:00:00	None	SQL injection - 6hr Web Attacks (IP=81,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=81,US)
199.249.230.82	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=82,US)
199.249.230.83	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=83,US)
199.249.230.84	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=84,US)
199.249.230.85	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=85,US)
199.249.230.86	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=86,US)
199.249.230.87	32	srm	None	2022-02-15 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:40	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=87,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=87,CA)
199.249.230.88	32	GM	None	2021-03-09 00:00:00	2022-05-18 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00611 (IP=88,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=88,US)
199.249.230.89	32	RB	None	2019-07-01 00:00:00	2022-05-18 00:00:00	None	FireEye Network SmartVision - CVE-2019-0708 (IP=89,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=89,US)
199.250.200.140	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=140,US)
199.250.202.192	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=192,US)
199.250.204.146	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
199.250.207.182	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=182,US)
199.250.207.55	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:59	SIPVicious Security Scanner - CMS IPS Events (IP=55,US)
199.250.215.214	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
199.250.215.223	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=223,US)
199.250.220.170	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=170,US)
199.250.221.206	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=206,US)
199.253.249.53	32	ABC	None	2021-03-27 00:00:00	2022-05-15 00:00:00	None	UDP: Port Scan (IP=53,US) | Unblock to get DNS up and working again per Ben Petersons request | updated by GLM Block was inactive. Reactivated on 20210403 with reason UDP: Port Scan (IP=53,US) | Whitelisted,IP block caused DNS to become severely degra | updated by RT Block was inactive. Reactivated on 20220214 with reason SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SOURCEFIRE REPORT (IP=53,US)
199.34.228.40	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=40,US)
199.58.81.225	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=225,CA)
199.59.243.220	32	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:14	Exploit.Kit.SocialEng.Malverisement - FireEye NX Alerts (IP=220,US)
199.66.92.226	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
199.68.176.87	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=87,CA)
199.79.62.10	32	AS	None	2022-02-18 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7025 COLS-NA TIP 0055 (IP=10,US)
199.79.62.144	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=144,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=144,US)
199.79.62.16	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
199.79.63.24	32	NAB	None	2020-10-30 00:00:00	2022-05-02 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=24,US) | updated by TLM Block was inactive. Reactivated on 20211104 with reason HIVE Case #6503 CTO 21-306 (IP=24,US)
199.80.55.44	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:18	HIVE Case #7669 TO-S-2022-0187 (IP=44,US)
199.91.174.219	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
1998571240.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
1bsd.hb.bizmrg.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:32	HIVE Case #5991 TO-S-2021-1421
1coolgames.com	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
1hao.xyz	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:12	HIVE Case #6025 TO-S-2021-1472
1i.fi	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:34	HIVE Case #5775 TO-S-2021-1390
1inch.exchange.aqanu.org	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:18	HIVE Case #5940 TO-S-2021-1447
1lho.pawnshop.pro	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:36	HIVE Case #5629 TO-S-2021-1303
1mbvro-0002ql-3e.aisbnrtekor.dynv6.net	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:41	HIVE Case #6042 TO-S-2021-1484
1thebstack1.xyz	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:37	HIVE Case #6042 TO-S-2021-1484
1xxdqsvwshdgu.jhvbuh.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:34	HIVE Case #5775 TO-S-2021-1390
2.1.4.5	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=5,FR)
2.132.89.154	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KZ TO-S-2021-1050 Hive Case 4821 Malware Activity
2.144.5.45	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=45,IR)
2.179.154.220	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=220,IR)
2.192.1.120	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:49	HIVE Case #7199 CTO 22-074 (IP=120,IT)
2.192.1.120	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:57	HIVE Case #7199 CTO 22-074 (IP=120,IT)
2.192.1.68	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:50	HIVE Case #7199 CTO 22-074 (IP=68,IT)
2.192.1.68	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:57	HIVE Case #7199 CTO 22-074 (IP=68,IT)
2.192.2.55	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:53	HIVE Case #7308 CTO 22-090 (IP=55,IT)
2.192.3.109	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:50	HIVE Case #7199 CTO 22-074 (IP=109,IT)
2.192.3.132	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:51	HIVE Case #7199 CTO 22-074 (IP=132,IT)
2.192.3.96	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:54	HIVE Case #7308 CTO 22-090 (IP=96,IT)
2.192.4.19	32	AS	None	2022-04-06 00:00:00	2022-10-05 00:00:00	2022-04-06 18:02:16	HIVE Case #7345 CTO 22-095 (IP=19,IT)
2.192.5.139	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:54	HIVE Case #7308 CTO 22-090 (IP=139,IT)
2.192.5.203	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:51	HIVE Case #7199 CTO 22-074 (IP=203,IT)
2.192.5.55	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:52	HIVE Case #7199 CTO 22-074 (IP=55,IT)
2.192.6.198	32	AS	None	2022-04-06 00:00:00	2022-10-05 00:00:00	2022-04-06 18:02:16	HIVE Case #7345 CTO 22-095 (IP=198,IT)
2.192.6.73	32	AS	None	2022-04-06 00:00:00	2022-10-05 00:00:00	2022-04-06 18:02:17	HIVE Case #7345 CTO 22-095 (IP=73,IT)
2.192.67.0	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:52	HIVE Case #7199 CTO 22-074 (IP=0,IT)
2.192.7.247	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:53	HIVE Case #7199 CTO 22-074 (IP=247,IT)
2.192.7.247	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:54:01	HIVE Case #7199 CTO 22-074 (IP=247,IT)
2.192.7.71	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:53	HIVE Case #7199 CTO 22-074 (IP=71,IT)
2.192.7.71	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:54:01	HIVE Case #7199 CTO 22-074 (IP=71,IT)
2.192.71.115	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:54	HIVE Case #7199 CTO 22-074 (IP=115,IT)
2.192.71.202	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:54	HIVE Case #7199 CTO 22-074 (IP=202,IT)
2.192.74.124	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:55	HIVE Case #7199 CTO 22-074 (IP=124,IT)
2.193.194.55	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:55	HIVE Case #7199 CTO 22-074 (IP=55,IT)
2.2.2.2	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:29	Firewall intrusion detected and handled - ArcSight (IP=2,FR)
2.222.167.138	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:51	HIVE Case #7199 CTO 22-074 (IP=138,GB)
2.228.139.36	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=36,IT) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=36,IT)
2.228.235.134	32	RR	None	2019-11-04 00:00:00	2022-01-28 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C00843 (IP=134,IT) | updated by dbc Block was inactive. Reactivated on 20210128 with reason IT TO-S-2021-1050 Hive Case 4821 Malware Activity
2.228.39.100	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=100,IT)
2.229.24.16	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:56	HIVE Case #7199 CTO 22-074 (IP=16,IT)
2.229.32.106	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:56	HIVE Case #7199 CTO 22-074 (IP=106,IT)
2.229.72.251	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
2.230.110.137	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=137,IT)
2.230.19.170	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
2.235.234.64	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
2.236.247.0	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
2.3.4.1	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=1,FR)
2.30.43.115	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
2.37.120.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
2.37.182.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
2.38.250.15	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
2.39.107.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
2.45.244.143	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
2.51.175.181	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=181,AE)
2.55.65.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IL TO-S-2021-1117 DOS-DDOS Activity
2.56.11.65	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:23	HIVE Case #7767 TO-S-2022-0197 (IP=65,DE)
2.56.189.121	32	TH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-02 13:50:45	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=121,US)
2.56.213.19	24	EE	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6616 IOC_ MikroTik Routers (IP=19,NL)
2.56.213.86	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:47	HIVE Case #7198 CTO 22-071 (IP=86,NL)
2.56.245.21	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=21,US)
2.56.56.117	32	NAB	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=117,US)
2.56.57.111	32	KD	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt- Sourcefire (IP=111,US)
2.56.57.165	32	KD	None	2022-02-26 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:21	Top Sourcefire IDS Attacker-Sourcefire(IP=165,US) | updated by AS Block was inactive. Reactivated on 20220712 with reason HIVE Case #7905 COLS-NA TIP 22-0239 (IP=165,NL)
2.56.57.187	32	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Sourcefire Report (IP=187,US)
2.56.57.26	32	ZH	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:39:49	Malware - TROJAN / HTTP: WordPress Tatsu Arbitrary File Upload Vulnerability IR#: 22C01326 (IP=26,NL)
2.56.57.56	32	TH	None	2021-12-15 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=56,US) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=56,US)
2.56.58.86	32	AR	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:26	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=86,NL)
2.56.59.20	32	RR	None	2022-03-04 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:53	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=20,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=20,US) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=20,US)
2.56.59.20	32	RR	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:53	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=20,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=20,US) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=20,US)
2.56.59.213	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:36	HIVE Case #7198 CTO 22-071 (IP=213,US)
2.56.8.112	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
2.56.8.135	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
2.56.8.147	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
2.56.8.166	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
2.57.121.36	24	KH	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=36,RO)
2.57.121.70	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:55:59	SIPVicious Security Scanner FE CMS IPS alert (IP=70,RO)
2.57.122.225	24	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=225,NL)
2.57.168.59	32	KH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) IR#22C00963 (IP=59 ,US)
2.58.125.130	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=130,RU)
2.58.149.101	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:34	HIVE Case #7380 CTO 22-099 (IP=101,US)
2.58.149.103	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:34	HIVE Case #7380 CTO 22-099 (IP=103,US)
2.58.149.206	32	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=206,US)
2.58.149.251	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:34	ZmEu phpMyAdmin Vulnerability Scanner - FE CMS IPS alert (IP=251,NL)
2.58.149.251	32	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:03	ZmEu phpMyAdmin Vulnerability Scanner - IPS Events(IP=251,US)
2.58.149.35	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:33	SQL Attempts - IR# 22C01626 (IP=35,US)
2.58.242.229	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:57	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=229,TW)
2.58.44.250	32	TLM	None	2022-04-28 00:00:00	2022-10-27 00:00:00	2022-04-28 16:06:23	HIVE Case #7482 CTO 22-118 (IP=250,NL)
2.58.56.14	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:25	HIVE Case #7894 CTO 22-187 (IP=14,NL)
2.58.56.14	24	ZH	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 23:23:09	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=14,NL)
2.82.179.91	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PT TO-S-2021-1037 Hive Case 4785 Malware Activity
2.83.106.174	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PT TO-S-2021-1037 Hive Case 4785 Malware Activity
2.86.79.212	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
20.101.109.35	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:40	Exploit.CVE-2021-44228 Apache Log4j2 - ECE (IP=35,US)
20.101.63.98	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:33	HIVE Case #7198 CTO 22-071 (IP=98,NL)
20.103.214.110	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:44	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=110,NL)
20.103.253.148	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=148,NL)
20.106.100.247	32	RB	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=247,US)
20.106.125.56	32	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:47	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - IR# 22C01573 (IP=56,US)
20.106.139.227	32	NAB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=227,US)
20.106.77.58	32	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=58,US)
20.106.90.219	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=219,US)
20.106.94.121	32	DT	None	2021-10-23 00:00:00	2022-01-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=121,US)
20.106.98.87	32	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	T1190 - Command Injection,SQL Injection - Automated Block Calculations (IP=87,US)
20.107.71.89	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=89,NL)
20.108.17.5	32	AR	None	2021-12-09 00:00:00	2022-03-09 00:00:00	None	Unauthorized Access-Probe - TT# 22C00506 (IP=5,US)
20.108.182.88	24	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 22:53:26	SIPVicious Security Scanner - FE CMS (IP=88,GB)
20.110.150.251	32	KH	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 14:34:29	Self-Report/ColdFusion Error report - IR# 22C01059 (IP=251,US)
20.111.17.179	24	RS	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:52:58	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=179,FR)
20.112.4.194	32	BB	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=194,Country code = US)
20.113.128.181	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:41	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=181,DE)
20.113.166.0	24	KH	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:28	SIPVicious Security Scanner - FE CMS (IP=0,DE)
20.113.174.250	24	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:38	SIPVicious Security Scanner - IPS Events (IP=250,DE)
20.114.70.177	32	AR	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=177,US)
20.115.80.98	32	DT	None	2021-10-23 00:00:00	2022-01-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=98,US)
20.118.133.148	32	RS	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:52:57	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=148,US)
20.118.26.12	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:36	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=12,US)
20.119.99.61	32	SW	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:24	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=61, US)
20.12.210.136	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:35	SIPVicious Security Scanner - IPS Events(IP=136,US)
20.121.199.85	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:00	HIVE Case #7820 CTO 22-174 (IP=85,US)
20.121.202.18	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=18,US)
20.121.57.97	32	RT	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt - 6HR Web Attacks (IP=97,US)
20.122.181.115	32	RT	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 23:05:32	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=115,US)
20.124.192.169	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:51	SIPVicious Security Scanner - IPS Events(IP=169,US)
20.124.230.243	32	ZH	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 22:23:21	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR# 22C01057 (IP=243,US)
20.127.33.129	32	RB	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 23:43:40	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01023 (IP=129,US)
20.127.33.220	32	SW	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=220,US)
20.13.170.251	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:57	Multiple Web Attacks - FE IPS Events (IP=251,IE)
20.141.48.154	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=154,US)
20.16.178.90	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 13:57:32	SQL injection - WebAttacks (IP=90,US)
20.16.178.90	24	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:20	SERVER-WEBAPP Atlassian Confluence hardcoded credentials use attempt (1:60280:1) - SourceFire (IP=90,NL)
20.187.124.163	24	BB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - Sourcefire (IP=163,JP)
20.187.67.224	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-18 13:23:51	HIVE Case #7595 CTO 22-134 (IP=224,HK)
20.187.86.47	32	TLM	None	2022-05-18 00:00:00	2022-11-17 00:00:00	2022-05-19 14:15:39	HIVE Case #7621 TO-S-2022-0182 (IP=47,HK)
20.188.37.21	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:48	Firewall intrusion detected and handled - ArcSight (IP=21,FR)
20.188.38.144	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:35	High Severity IDS Event - ArcSight (IP=144,FR)
20.199.96.101	24	SW	None	2022-03-15 00:00:00	2022-06-14 00:00:00	2022-03-16 13:45:42	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=101,FR) | updated by RR Block expiration extended with reason SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt - SourceFire (IP=101,FR)
20.203.122.211	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:33	HIVE Case #7198 CTO 22-071 (IP=211,AE)
20.203.14.64	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:34	HIVE Case #7198 CTO 22-071 (IP=64,AE)
20.203.189.163	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:52	HIVE Case #7458 CTO 22-113 (IP=163,CH)
20.204.147.105	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:35	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01938 (IP=105,US)
20.205.129.255	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:29	HIVE Case #7653 CTO 22-144 (IP=255,HK)
20.205.14.106	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:47:45	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01535 (IP=106,US)
20.205.61.88	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:38	HIVE Case #7704 TO-S-2022-0190 (IP=88,HK)
20.205.91.107	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=107,US)
20.206.109.185	24	NAB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=185,BR)
20.206.140.83	24	NAB	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=83,BR)
20.206.71.203	24	NAB	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=203,BR)
20.210.158.139	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:53	HIVE Case #7904 CTO 22-189 (IP=139,JP)
20.212.121.48	24	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=48,SG)
20.212.61.158	24	TH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-17 13:48:33	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=158,SG)
20.216.130.68	24	SW	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-24 22:47:13	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=68,FR)
20.216.44.107	24	KH	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:15	SIPVicious Security Scanner - FE IPS (IP=107,AE)
20.219.9.82	24	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:13	Trend Micro CVE-2016-7552 Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution - IPS Events(IP=,82,IN)
20.222.13.96	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:51	HIVE Case #7380 CTO 22-099 (IP=96,JP)
20.222.18.38	24	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:57	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Sourcefire (IP=38,JP)
20.223.203.2	24	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:51	SIPVicious Security Scanner - FE CMS IPS Events (IP=2,IE)
20.225.64.184	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:01	HIVE Case #7381 CTO 22-102 v2 (IP=184,US)
20.227.165.110	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:16	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=110,AU)
20.229.27.202	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:28	HTTP: Adobe ColdFusion File Upload Vulnerability (CVE-2018-15961) - 6Hr Web Attacks (IP=202,NL)
20.230.3.250	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:14	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01589 (IP=250,CZ)
20.232.142.40	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:01	HIVE Case #7820 CTO 22-174 (IP=40,US)
20.232.97.189	32	srm	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:53	HIVE Case #7485 - IOC_IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=189,US)
20.239.137.206	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:27	HIVE Case #7495 CTO 22-120 (IP=206,HK)
20.239.154.140	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:51	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=140,HK)
20.239.193.47	32	TLM	None	2022-05-18 00:00:00	2022-11-17 00:00:00	2022-05-19 14:15:38	HIVE Case #7621 TO-S-2022-0182 (IP=47,HK)
20.239.198.91	32	RR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:28	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01457 (IP=91,US)
20.24.76.115	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:46	HIVE Case #7198 CTO 22-071 (IP=115,HK)
20.248.240.167	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:38	SQL injection - 6Hr Web Attacks (IP=167,US)
20.249.89.181	24	SW	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-24 22:47:13	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=181,KR)
20.25.116.124	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:30	ColdFusion Error reporting - IR# 22C01136 (IP=124,US)
20.250.30.178	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:00	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=178,CH)
20.254.121.118	32	RB	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:10	Threat Team Submission / IP Block - IR#: 22C01780 (IP=118,US)
20.255.61.254	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:29	HIVE Case #7653 CTO 22-144 (IP=254,US)
20.26.236.252	24	SW	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:02	SIPVicious Security Scanner - IPS Events(IP=252,GB)
20.28.241.44	24	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:06	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - Sourcefire (IP=44,AU)
20.3323sf.com	---	EE	None	2021-08-11 00:00:00	2022-09-08 00:00:00	2023-01-19 22:59:58	HIVE Case #5975 IOC_Anatomy of Native IIS Malware | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237
20.37.48.40	24	RR	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 14:22:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=40,AU)
20.38.175.254	32	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	T1190 - Command Injection,SQL Injection - Automated Block Calculations (IP=254,US)
20.39.251.243	24	KH	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 22:45:54	SIPVicious Security Scanner FE IPS (IP=243,FR)
20.40.52.222	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:50	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01414 (IP=222,US)
20.46.245.56	32	AS	None	2022-03-22 00:00:00	2022-09-22 00:00:00	2022-03-22 14:48:50	HIVE Case #7254 CTO 22-078 (IP=56,US)
20.50.201.195	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:49	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=195,NL)
20.50.201.200	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:50	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=200,NL)
20.50.73.10	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:50	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=10,IE)
20.50.80.209	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:51	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=209,IE)
20.50.80.210	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:51	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=210,IE)
20.54.89.106	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:52	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=106,IE)
20.54.89.15	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:52	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=15,IE)
20.61.81.16	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=16,NL)
20.67.124.219	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:38	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=219,NL)
20.70.201.132	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:44	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01367 (IP=132,US)
20.70.25.186	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:26	SIPVicious Security Scanner - IPS Events(IP=186,AU)
20.71.156.146	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=146,NL)
20.71.225.63	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00065 (IP=63,NL)
20.78.19.235	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:20	HIVE Case #7653 CTO 22-144 (IP=235,JP)
20.79.218.65	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:12	SIPVicious Security Scanner - IPS Events (IP=65,DE)
20.79.254.27	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:21	SSLv2 Client Hello Request Detected - IPS Events (IP=27,DE)
20.81.248.193	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:49	HIVE Case #7676 CTO 22-147 (IP=193,US)
20.83.25.59	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 22:46:06	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01362 (IP=59,US)
20.84.230.117	32	WR	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00493 (IP=117,US)
20.85.166.181	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 22:27:54	HTTP: PHPUnit Remote Code Execution - IR# 22C01466 (IP=181,US)
20.86.182.45	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:24	SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt - SourceFire (IP=45,NL)
20.89.102.73	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:09	SQL use of sleep function with select - likely SQL injection (1:37443:2) - SourceFire (IP=73,JP)
20.90.177.9	24	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:00	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=9,GB)
20.97.12.136	32	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	T1190 - Command Injection,SQL Injection - Automated Block Calculations (IP=136,US)
20.97.13.227	32	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SQL union select - possible sql injection attempt GET parameter - ABC report (IP=227,US)
20.97.57.239	32	RT	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SQL injection - 6 HR WebAttack (IP=239,US)
200.0.68.10	24	DT	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=10,UY)
200.105.133.190	24	ZH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=190,BO)
200.105.149.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BO TO-S-2021-1117 DOS-DDOS Activity
200.105.155.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BO TO-S-2021-1050 Hive Case 4821 Malware Activity
200.105.168.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BO TO-S-2021-1117 DOS-DDOS Activity
200.105.170.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BO TO-S-2021-1117 DOS-DDOS Activity
200.105.182.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BO TO-S-2021-1117 DOS-DDOS Activity
200.107.128.0	19	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,PE)
200.107.32.0	19	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=0,EC)
200.107.66.36	24	RR	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=36,CL)
200.108.145.50	24	KD	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=50,AR)
200.108.147.50	24	DT	None	2022-01-16 00:00:00	2022-04-16 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=50,AR)
200.108.148.50	24	RR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=50,AR)
200.110.49.137	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:21	Generic URI Injection wget Attempt - IPS Events (IP=137,BO)
200.111.125.146	32	RR	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 13:47:46	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01699 (IP=146,CL)
200.113.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
200.113.8.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
200.115.144.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PA TO-S-2021-1037 Hive Case 4785 Malware Activity
200.119.32.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CO TO-S-2021-1117 DOS-DDOS Activity
200.123.176.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
200.125.184.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VE TO-S-2021-1037 Hive Case 4785 Malware Activity
200.125.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
200.125.29.162	24	RS	None	2022-07-18 00:00:00	2022-10-17 00:00:00	2022-07-19 13:47:52	SSH_EVENT_RESPOVERFLOW - SourceFire (IP=162,UY) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=162,UY )
200.129.240.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
200.148.105.236	24	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SQL injection - 6HR Web Attacks (IP=236,BR)
200.150.196.248	24	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:12	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=248,BR)
200.150.197.116	24	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:13	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=116,BR)
200.150.199.13	24	NAB	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:39:58	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=13,BR)
200.152.80.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
200.153.243.159	24	TH	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:43	Log4J Attempts - FE CMS IPS Events (IP=159,BR)
200.158.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
200.169.41.14	24	DT	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=14,BR)
200.17.32.0	19	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,BR)
200.18.112.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
200.19.119.125	24	RT	None	2022-03-16 00:00:00	2022-06-14 00:00:00	2022-03-17 13:48:18	SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (1:54577:4) - SourceFire (IP=125,BR)
200.199.117.170	24	BB	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=170,BR)
200.2.160.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SR TO-S-2021-1037 Hive Case 4785 Malware Activity
200.201.11.129	24	RR	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=129,BR)
200.201.11.129	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:39	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR#22C01395 (IP=129,BR)
200.215.248.10	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=10,PE)
200.216.119.234	24	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=234,BR)
200.217.221.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
200.218.240.0	20	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	BR TO-S-2021-1156 Malware Activity
200.221.11.98	24	DT	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=98,BR)
200.23.144.95	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1081 Hive Case 4872 Malware Activity
200.238.66.6	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	BR TO-S-2021-1156 Malware Activity
200.241.42.180	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=180,BR)
200.26.174.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,DO)
200.29.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
200.29.248.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
200.29.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
200.29.96.0	20	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,CO) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,CO)
200.3.13.14	24	GLM	None	2021-04-03 00:00:00	2022-05-05 00:00:00	None	UDP: Port Scan (IP=14,UY) | Whitelisted,IP block caused DNS to become severely degraded | updated by SW Block was inactive. Reactivated on 20220204 with reason SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=14, UY)
200.37.224.0	19	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,PE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,PE)
200.37.52.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PE TO-S-2021-1050 Hive Case 4821 Malware Activity
200.40.64.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,UY)
200.43.232.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
200.46.0.0	19	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,PA) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,PA)
200.49.244.3	24	KD	None	2021-11-23 00:00:00	2022-02-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- SourceFire (IP=3,MX)
200.50.124.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CL TO-S-2021-1092 Hive Case 4875 Malware Activity
200.56.11.21	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
200.56.233.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MX TO-S-2021-1117 DOS-DDOS Activity
200.57.248.191	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
200.58.91.4	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:26	Top Sourcefire IDS Attacker - Sourcefire(IP=4,BO)
200.58.96.0	20	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,AR) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,AR)
200.58.99.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,AR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,AR) HIVE Case #5968 TO-S-2021-1276 (IP=0,AR)
200.58.99.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,AR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,AR) HIVE Case #5968 TO-S-2021-1276 (IP=0,AR)
200.63.113.22	24	WR	None	2022-02-20 00:00:00	2022-05-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=22,AR)
200.7.96.11	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
200.71.68.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
200.73.138.230	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:53	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=230,AR)
200.73.162.18	24	RR	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=18,AR)
200.73.162.19	24	RB	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=19,AR)
200.8.190.113	24	KD	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	SQL injection - 6hr web attacks(IP=113,VE)
200.84.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VE TO-S-2021-1037 Hive Case 4785 Malware Activity
200.85.48.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PY TO-S-2021-1037 Hive Case 4785 Malware Activity
200.87.196.6	24	SW	None	2022-07-19 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:46	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=6,BO) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=6,BO)
200.88.161.243	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=243,DO) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=243,DO)
200.89.178.70	32	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00582 (IP=70,AR)
200.91.224.0	20	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.240.0	24	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.0	28	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.128	25	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.16	29	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.24	32	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.26	32	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.27	32	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.28	32	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.29	32	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.30	32	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.31	32	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.32	27	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.241.64	26	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.242.0	24	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.243.0	24	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.244.0	22	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.91.248.0	21	dbc	None	2021-01-13 00:00:00	2022-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity
200.94.240.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
200.98.69.197	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=197,BR)
2000-mclaughlin-rentals.com	---	TLM	None	2021-06-14 00:00:00	2022-06-14 00:00:00	2023-01-19 22:57:19	HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
2002stop.com	---	TLM	None	2021-11-10 00:00:00	2022-11-10 00:00:00	2023-01-19 23:04:58	HIVE Case #6514 TO-S-2022-0075
201.100.20.7	24	KF	None	2020-03-21 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:53	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability - Web Attacks (IP=7,MX) | updated by SW Block was inactive. Reactivated on 20220726 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=7,MX)
201.110.150.246	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.114.214.241	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.123.170.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.124.165.99	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:00	VMware vSphere CVE-2021-21985 Remote Code Execution Vulnerability - IPS Events (IP=99,MX)
201.124.174.255	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
201.124.226.82	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
201.124.240.251	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
201.127.37.180	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
201.130.129.79	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=79,MX)
201.131.184.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.141.28.20	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	SSH: SSH Login Bruteforce Detected - Failed Logons (IP=20,MX)
201.148.164.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
201.148.96.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
201.150.173.15	24	RS	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:32	SIPVicious Security Scanner - IPS Events (IP=15,BO)
201.150.189.86	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:05	SIPVicious Security Scanner - IPS Events (IP=86,BO)
201.151.151.154	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.151.195.126	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:00	rConfig CVE-2019-16662 install Command Execution - IPS Events (IP=126,MX)
201.152.34.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.156.174.6	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.158.105.119	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.158.24.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
201.159.127.154	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1092 Hive Case 4875 Malware Activity
201.163.190.63	24	KH	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 23:43:42	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=63,MX)
201.163.74.2	24	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attack (IP=2,MX)
201.165.118.202	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MX TO-S-2021-1092 Hive Case 4875 Malware Activity
201.168.205.56	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.17.131.124	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.171.155.41	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
201.172.31.95	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:52	HIVE Case #7199 CTO 22-074 (IP=95,MX)
201.174.47.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MX TO-S-2021-1050 Hive Case 4821 Malware Activity
201.174.59.122	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	MX TO-S-2021-1102 Malware Activity
201.182.232.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,BR) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,BR)
201.186.236.60	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	CL TO-S-2021-1102 Malware Activity
201.187.100.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CL TO-S-2021-1092 Hive Case 4875 Malware Activity
201.190.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HN TO-S-2021-1037 Hive Case 4785 Malware Activity
201.192.138.51	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CR TO-S-2021-1050 Hive Case 4821 Malware Activity
201.193.220.215	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:18	SIPVicious Security Scanner - IPS Events (IP=215,CR)
201.200.211.250	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CR TO-S-2021-1050 Hive Case 4821 Malware Activity
201.206.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.213.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
201.216.154.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GT TO-S-2021-1050 Hive Case 4821 Malware Activity
201.217.128.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UY TO-S-2021-1117 DOS-DDOS Activity
201.217.144.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UY TO-S-2021-1117 DOS-DDOS Activity
201.218.108.46	32	BMP	None	2020-08-28 00:00:00	2022-02-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03788 (IP=46,PA) | updated by RT Block was inactive. Reactivated on 20211113 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C00341 (IP=46,PA)
201.218.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
201.218.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
201.220.160.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.220.176.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.220.68.159	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
201.222.167.84	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CL TO-S-2021-1037 Hive Case 4785 Malware Activity
201.222.48.18	24	KD	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-29 13:50:41	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire(IP=18,PY)
201.229.4.50	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AW TO-S-2021-1050 Hive Case 4821 Malware Activity
201.229.68.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AW TO-S-2021-1117 DOS-DDOS Activity
201.229.85.111	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AW TO-S-2021-1050 Hive Case 4821 Malware Activity
201.23.6.2	24	BB	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=2,BR)
201.234.253.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
201.236.237.151	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
201.236.28.26	24	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:37	SIPVicious Security Scanner - SourceFire (IP=26,CL)
201.243.64.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	VE TO-S-2021-1102 Malware Activity
201.245.165.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CO TO-S-2021-1050 Hive Case 4821 Malware Activity
201.246.245.188	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CL TO-S-2021-1050 Hive Case 4821 Malware Activity
201.248.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VE TO-S-2021-1037 Hive Case 4785 Malware Activity
201.248.64.0	21	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,VE)
201.249.192.0	20	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=0,VE)
201.249.64.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	VE TO-S-2021-1081 Hive Case 4872 Malware Activity
201.27.132.233	24	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SQL injection - 6HR Web Attacks (IP=233,BR)
201.40.55.30	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 22:18:22	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01840 (IP=30,BR)
201.42.132.211	24	TC	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:13	SQL injection - 6HR Web Attacks (IP=211,BR)
201.42.132.211	24	TC	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 22:12:52	SQL injection - 6HR Web Attacks (IP=211,BR)
201.43.248.13	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=13,BR)
201.46.16.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.49.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
201.68.236.169	24	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks(IP=169,BR)
201.7.220.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.73.176.156	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
201.73.242.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
201.87.232.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
201.87.5.211	24	KH	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	SQL injection - Web Attacks (IP=211,BR)
201.91.87.106	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
201.93.42.161	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:08	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=161,BR)
201.94.160.0	21	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:34	HIVE Case #7535 TO-S-2022-0176 (IP=0,BR)
202.102.36.251	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:31	HIVE Case #7813 CTO 22-173 (IP=251,CN)
202.102.36.252	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:18	HIVE Case #7495 CTO 22-120 (IP=252,CN)
202.102.64.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.107.151.4	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:59	SIPVicious Security Scanner - IPS Events (IP=4,CN)
202.114.207.241	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:39	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (1:52512:2) - SourceFire (IP=241,CN)
202.12.27.33	24	dbc	None	2014-04-17 05:00:00	2022-06-03 00:00:00	2022-03-05 14:46:05	Torpig bot sinkhole server DNS lookup (ip=33,JP) | updated by RR with reason MALWARE-CNC Torpig bot sinkhole server DNS lookup | updated by ABC Block was inactive. Reactivated on 20210327 with reason UDP: Port Scan (IP=33,JP) | Unblock to get DNS up a | updated by RR Block was inactive. Reactivated on 20220305 with reason SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=33,JP)
202.122.193.85	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=85,JP)
202.124.205.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=0,ID)
202.129.16.104	24	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:30	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - 6HR Web Attack (IP=104,TH)
202.129.16.104	24	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:36	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=104,TH)
202.129.16.104	24	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:50:08	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - 6HR Web Attack (IP=104,TH)
202.129.16.104	24	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:50:13	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=104,TH)
202.129.210.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
202.13.138.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.13.145.10	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.130.54.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.130.55.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.130.80.0	20	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:13	HIVE Case #8395 TO-S-2022-0233 (IP=0,HK)
202.131.126.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
202.133.54.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
202.133.60.234	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:33	Apple imgProcess.cfm CVE-2021-21307 RCE attempt - IPS Events (IP=234,IN)
202.134.8.128	24	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=128,BD)
202.138.248.229	24	RR	None	2019-11-06 00:00:00	2022-02-17 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=229,ID) | updated by RT Block was inactive. Reactivated on 20211119 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=229,ID)
202.138.252.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
202.14.120.154	24	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:59	SIPVicious Security Scanner - IPS Events (IP=154,IN)
202.14.122.67	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:39	Possible Cross-site Scripting Attack - FE IPS Events (IP=67,IN)
202.14.123.70	24	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:03	Generic URI Injection wget Attempt - FE IPS (IP=70,IN)
202.141.176.9	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=9,CN)
202.142.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
202.142.49.222	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
202.142.92.22	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:50	SIPVicious Security Scanner - IPS Events (IP=22,IN)
202.146.2.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.146.224.0	19	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
202.148.8.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.150.128.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
202.150.167.14	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malware Activity
202.152.156.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
202.152.6.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.152.8.0	21	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,ID) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,ID)
202.153.41.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
202.155.211.138	24	AR	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=138,HK)
202.155.85.24	24	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6HR Web Attacks (IP=24,ID)
202.157.185.161	32	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:39	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01566 (IP=161,ID)
202.157.82.17	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:52	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01418 (IP=17,IN)
202.158.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
202.158.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.158.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.159.112.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
202.159.116.162	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
202.159.32.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
202.160.6.35	32	RR	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-24 11:34:22	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01782 (IP=35,BN)
202.162.192.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
202.164.136.53	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:05	Generic URI Injection wget Attempt - FE IPS Events (IP=53,IN)
202.164.137.68	24	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:05	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=68,IN)
202.164.138.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
202.164.139.198	24	GM	None	2020-11-03 00:00:00	2022-01-20 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=198,IN) | updated by KH Block was inactive. Reactivated on 20211022 with reason Generic URI Injection wget Attempt - FE IPS (IP=198,IN)
202.164.208.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
202.164.48.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
202.165.120.194	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:11	HIVE Case #7881 CTO 22-182 (IP=194,HK)
202.166.160.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PK TO-S-2021-1117 DOS-DDOS Activity
202.166.211.197	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:42	HIVE Case #7779 CTO 22-162 (IP=197,NP)
202.169.226.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.235.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
202.169.35.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
202.169.36.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.37.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.39.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.41.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.44.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.45.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.48.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.49.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.50.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.51.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.169.56.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.17.182.30	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.171.48.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MY TO-S-2021-1117 DOS-DDOS Activity
202.176.5.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
202.178.112.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KH TO-S-2021-1117 DOS-DDOS Activity
202.178.121.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KH TO-S-2021-1050 Hive Case 4821 Malware Activity
202.179.94.3	24	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:27	SQL injection - Web Attacks (IP=3,IN)
202.181.132.0	22	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:26	HIVE Case #7816 TO-S-2022-0202 (IP=0,HK)
202.181.133.237	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:23	HIVE Case #7816 TO-S-2022-0202 (IP=237,HK)
202.181.227.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
202.182.101.162	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=162,JP)
202.182.101.174	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=174,JP)
202.182.109.92	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=92,JP)
202.182.111.249	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:13	HIVE Case #7564 TO-S-2022-0180 (IP=249,JP)
202.182.114.156	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:51	HIVE Case #7731 CTO 22-158 (IP=156,JP)
202.182.115.238	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=238,JP)
202.182.121.122	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:13:01	HIVE Case #8259 TO-S-2022-0228 (IP=122,JP)
202.182.123.105	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:33	HIVE Case #7458 CTO 22-113 (IP=105,JP)
202.182.123.185	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:01	HIVE Case #7894 CTO 22-187 (IP=185,JP)
202.183.152.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
202.183.180.50	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=50,TH)
202.183.184.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
202.185.130.9	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
202.185.32.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
202.189.181.2	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	JP TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
202.191.127.121	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
202.191.132.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.191.96.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MM TO-S-2021-1117 DOS-DDOS Activity
202.201.160.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.21.99.158	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.218.216.41	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.218.49.3	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=3,JP) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=3,JP)
202.219.74.145	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.22.224.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NC)
202.222.192.35	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.238.91.115	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.239.236.140	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.244.112.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.245.31.169	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
202.254.234.7	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=7,JP)
202.39.8.157	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
202.43.115.83	24	TH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:12	SIPVicious Security Scanner - FE CMS IPS Events (IP=83,ID)
202.43.144.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.44.194.79	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:26	Top Sourcefire IDS Attacker - Sourcefire(IP=79,TH)
202.46.34.74	24	DT	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:39	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Source Fire (IP=74,CN)
202.49.156.79	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
202.51.231.5	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
202.51.96.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
202.52.52.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.53.15.0	24	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,IN)
202.55.184.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.58.104.20	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:09:59	HIVE Case #7563 CTO 22-131 (IP=20,CN)
202.58.105.38	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:57	HIVE Case #7546 CTO 22-127 (IP=38,CN)
202.59.11.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,MY)
202.60.224.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
202.61.136.151	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:24	HIVE Case #7714 CTO 22-154 (IP=151,SG)
202.61.231.3	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=3,AT)
202.62.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KH TO-S-2021-1117 DOS-DDOS Activity
202.62.56.181	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KH TO-S-2021-1050 Hive Case 4821 Malware Activity
202.62.64.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
202.62.68.22	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.65.173.13	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
202.66.173.82	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=82,IN)
202.70.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NP TO-S-2021-1117 DOS-DDOS Activity
202.72.212.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.73.15.0	24	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,MY)
202.74.242.143	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
202.75.96.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
202.79.24.0	21	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	KH TO-S-2021-1081 Hive Case 4872 Malware Activity
202.79.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NP TO-S-2021-1037 Hive Case 4785 Malware Activity
202.80.109.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TW TO-S-2021-1117 DOS-DDOS Activity
202.81.235.63	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:50	HIVE Case #7731 CTO 22-158 (IP=63,HK)
202.81.235.65	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:50	HIVE Case #7731 CTO 22-158 (IP=65,HK)
202.81.67.4	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=4,AU)
202.83.18.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.83.21.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
202.83.31.224	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:40	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01521(IP=224,IN)
202.83.43.74	32	ZH	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 22:30:40	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) IR# 22C01686 (IP=74,IN)
202.87.223.27	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:58	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=27,MY)
202.88.252.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
202.89.73.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.9.40.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	MN TO-S-2021-1092 Hive Case 4875 Malware Activity
202.90.131.39	24	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 13:55:50	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=39,PH)
202.91.64.3	32	AS	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 14:12:57	HIVE Case #8259 TO-S-2022-0228 (IP=3,IN)
202.91.75.51	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
202.93.224.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
202.95.12.21	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:40:01	FTP Login Failed - Failed Logons (IP=21,SG)
202.98.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
2021-hoskinson.com	---	TLM	None	2021-09-14 00:00:00	2022-09-14 00:00:00	2023-01-19 23:02:25	HIVE Case #6175 TO-S-2021-1537
2021-shields-foods.com	---	jkc	None	2021-05-04 00:00:00	2022-08-10 00:00:00	2023-01-19 22:56:25	Case # 5383 - IOC_ TO-S-2021-1264 malicious callback url | updated by TLM Block expiration extended with reason HIVE Case #5969 TO-S-2021-1289
203.10.96.34	32	AS	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-03-21 17:08:12	HIVE Case #7245 TO-S-2022-0151 (IP=34,US)
203.101.174.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PK TO-S-2021-1050 Hive Case 4821 Malware Activity
203.101.176.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PK TO-S-2021-1117 DOS-DDOS Activity
203.105.11.253	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
203.114.109.124	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:35	HIVE Case #7535 TO-S-2022-0176 (IP=124,TH)
203.114.240.65	24	RR	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 13:56:13	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=65,IN)
203.114.56.15	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:01	HIVE Case #7820 CTO 22-174 (IP=15,JP)
203.114.6.15	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:48	HIVE Case #7913 CTO 22-190 (IP=15,JP)
203.114.6.16	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:19	HIVE Case #7807 CTO 22-169 (IP=16,JP)
203.114.6.21	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:02	HIVE Case #7820 CTO 22-174 (IP=21,JP)
203.115.103.98	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
203.115.73.53	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:06	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - SourceFire (IP=53,IN)
203.115.85.228	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:43	SIPVicious Security Scanner - IPS Events (IP=228,IN)
203.119.72.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
203.125.134.232	32	RB	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:09	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01286 (IP=232,SG)
203.128.184.4	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
203.128.80.249	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
203.128.81.51	24	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:49	Hello Peppa Scan - IPS Events(IP=51,ID)
203.129.206.219	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:20	HIVE Case #6585 CTO 21-323 (IP=219,IN) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=219,IN)
203.129.244.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
203.130.209.182	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
203.130.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
203.132.203.55	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:04	SERVER-WEBAPP Terramaster TOS command injection attempt (1:57442:1) - SourceFire (IP=55,HK)
203.135.128.0	19	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:27	HIVE Case #7816 TO-S-2022-0202 (IP=0,HK)
203.135.134.243	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:23	HIVE Case #7816 TO-S-2022-0202 (IP=243,HK)
203.142.71.182	24	RR	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 13:48:14	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=182,ID)
203.142.80.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
203.143.72.240	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	AU TO-S-2021-1143 Malicious Email Activity
203.145.106.103	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
203.146.92.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
203.15.150.144	24	EE	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:49	HIVE Case #7697 IOC_CVE-2022-30190_Follina_Zero-Day (IP=144,TW)
203.150.161.171	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
203.150.20.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,TH) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,TH)
203.150.230.25	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
203.151.233.10	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=10,TH)
203.151.56.123	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=123,TH)
203.151.56.19	24	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-21 13:56:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=19,THA )
203.151.70.45	32	TH	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:30:38	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C1603 (IP=45,TH)
203.153.24.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
203.153.42.161	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
203.154.162.115	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
203.154.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
203.155.170.136	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:50	HIVE Case #7662 CTO 22-145 (IP=136,TH)
203.158.221.169	32	RR	None	2019-09-23 00:00:00	2022-01-28 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03417 (IP=169,TH) | updated by dbc Block was inactive. Reactivated on 20210128 with reason TH TO-S-2021-1050 Hive Case 4821 Malware Activity
203.159.80.249	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	Known Attack Tool - TT# 22C00399 (IP=249,NL)
203.159.94.249	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:12	SIPVicious Security Scanner - IPS Events (IP=249,TH)
203.160.160.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
203.160.64.0	19	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	CN TO-S-2021-1158 Malware Activity
203.170.188.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
203.175.162.60	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=60,SG)
203.176.176.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
203.177.140.42	24	RR	None	2021-03-06 00:00:00	2022-03-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=42,PH) | updated by KD Block was inactive. Reactivated on 20211229 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- IR# 22C00746 (IP=42,PH)
203.177.142.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
203.177.148.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
203.177.176.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
203.177.200.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
203.177.236.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
203.177.240.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
203.177.252.28	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=28,PH)
203.177.52.226	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:05	POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=226,PH)
203.181.41.81	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
203.183.64.155	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:20	HIVE Case #7277 CTO 22-084 (IP=155,JP)
203.188.244.242	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:13	SIPVicious Security Scanner - IPS Events (IP=242,BD)
203.195.66.54	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=54,CN)
203.198.240.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
203.20.54.247	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=247,AU)
203.201.171.82	24	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability – 6HR Web Attacks (IP=82,ID)
203.202.232.77	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
203.205.21.222	24	WR	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 14:30:06	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C01034 (IP=222,VM)
203.205.48.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
203.210.176.0	20	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,VN) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,VN)
203.210.208.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
203.210.224.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
203.210.84.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
203.213.17.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
203.217.56.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
203.218.212.20	24	RB	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-12 22:45:03	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=20,HK)
203.218.252.177	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:26	HIVE Case #7894 CTO 22-187 (IP=177,HK)
203.228.9.102	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=102,KR)
203.236.117.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
203.242.195.6	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=6,KR)
203.243.10.208	32	ZH	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	Attempted Access - Inbound Brute Force- TT# 22C00883 (IP=208,KR)
203.26.81.26	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=26,CZ)
203.28.246.189	32	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:47	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=189,US)
203.38.225.53	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AU TO-S-2021-1117 DOS-DDOS Activity
203.45.143.73	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:10	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01582 (IP=73,AU)
203.55.176.102	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=102,SG)
203.6.74.150	32	TLM	None	2021-09-14 00:00:00	2022-09-14 00:00:00	None	HIVE Case #6175 TO-S-2021-1537 (IP=150,AU)
203.66.87.201	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt- Sourcefire (IP=201,TW)
203.69.158.250	24	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:33	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=250,TW)
203.76.105.227	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:40	HIVE Case #7904 CTO 22-189 (IP=227,BD)
203.76.132.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 Malware Activity
203.76.220.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BD TO-S-2021-1092 Hive Case 4875 Malware Activity
203.78.144.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
203.80.170.81	32	TLM	None	2021-11-29 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:38	HIVE Case #6585 CTO 21-323 (IP=81,KH) | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=81,KH)
203.80.8.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
203.81.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MM TO-S-2021-1117 DOS-DDOS Activity
203.82.195.94	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
203.82.210.73	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AU TO-S-2021-1117 DOS-DDOS Activity
203.83.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
203.86.234.16	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:40	HIVE Case #7458 CTO 22-113 (IP=16,HK)
203.86.236.142	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:06	HIVE Case #7282 CTO 22-085 (IP=142,HK)
203.86.236.174	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:46	HIVE Case #7198 CTO 22-071 (IP=174,HK)
203.9.150.233	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=233,HK)
203.95.216.99	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:32	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01674 (IP=99,IN)
203.96.191.0	24	AS	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-06 16:50:16	HIVE Case #8236 TO-S-2022-0227 (IP=0,BD)
203.97.68.230	24	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=230,NZ)
203.98.64.5	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=5,US)
203.99.48.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PK TO-S-2021-1050 Hive Case 4821 Malware Activity
204.101.119.75	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
204.101.47.117	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
204.102.228.45	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=45,US) | UNBLOCKED per CTO 22-305
204.11.56.48	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=48,VG)
204.12.214.188	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=188,US)
204.12.225.21	32	TLM	None	2021-10-15 00:00:00	2022-04-15 00:00:00	None	HIVE Case #6367 CTO 21-281 (IP=21,US)
204.13.154.17	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
204.13.201.137	32	jky	None	2017-02-16 06:00:00	2022-08-22 00:00:00	None	US TO-S-2017-0611 Foreign CNE actor activity | updated by GM with reason Phish.URL (IP=137,US) | updated by AS Block was inactive. Reactivated on 20220221 with reason HIVE Case #7039 CTO 22-050 (IP=137,US)
204.141.42.68	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=68,US)
204.148.37.14	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:27	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - SourceFire (IP=14,US)
204.152.118.134	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:19	FILE-OSAER Kaspersky antivirus library heap buffer overflow - wiSAout optional fields (1:16295:13) - SourceFire Report (IP=134,US)
204.152.210.104	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=104,US)
204.154.212.136	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=136,US)
204.16.247.104	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=104,US)
204.16.247.151	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=151,US)
204.16.247.162	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=162,US)
204.16.247.171	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=171,US)
204.16.247.176	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=176,US)
204.16.247.190	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=190,US)
204.16.247.194	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=194,US)
204.16.247.232	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=232,US)
204.16.247.235	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=235,US)
204.16.247.30	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=30,US)
204.16.247.41	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=41,US)
204.16.247.42	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=42,US)
204.16.247.89	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=89,US)
204.16.247.94	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=94,US)
204.197.248.2	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 19:11:23	HIVE Case #7259 COLS-NA TIP 22-0099 (IP=2,US)
204.212.127.136	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AW TO-S-2021-1050 Hive Case 4821 Malware Activity
204.236.192.137	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:25	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=137,US)
204.236.215.121	32	SW	None	2022-01-23 00:00:00	2022-04-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=121, US)
204.236.223.35	32	ZH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=35,US)
204.44.70.82	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=82,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=82,US) HIVE Case #5969 TO-S-2021-1289 (IP=82,US)
204.44.70.82	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=82,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=82,US) HIVE Case #5969 TO-S-2021-1289 (IP=82,US)
204.44.85.59	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=59,US)
204.44.93.234	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=234,US)
204.44.94.157	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=157,US)
204.44.95.144	32	SW	None	2022-07-03 00:00:00	2022-11-06 00:00:00	2022-08-08 13:52:58	SQL injection - WebAttacks (IP=144,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=144,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=144,US) | updated by JP Block expiration extended with reason SQL Injection - 6HR Web Attacks (IP=144,US)
204.44.95.201	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 19:10:55	HIVE Case #7889 COLS-NA TIP 22-0234 (IP=201,US)
204.44.95.91	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=91,US)
204.44.99.138	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
204.44.99.195	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
204.44.99.212	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
204.44.99.238	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=238,US)
204.44.99.29	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
204.48.16.186	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:49	SQL injection - WebAttacks (IP=186,US)
204.48.16.28	32	RR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=28,US)
204.48.17.151	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:26	SQL injection - Web Attacks (IP=151,US)
204.48.18.32	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 13:50:34	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=32,US)
204.48.19.162	32	RR	None	2022-06-25 00:00:00	2022-09-23 00:00:00	2022-06-25 14:09:26	SQL injection - Web Attacks (IP=162,US)
204.48.19.187	32	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:16	HTTP: SQL Injection - Exploit- WebAttacks(IP=187,US)
204.48.23.147	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:39	SQL injection - Web Attacks (IP=147,US)
204.48.23.178	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:34	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=178,US)
204.48.23.27	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:26	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=27,US)
204.48.24.141	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:12	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=141,US)
204.48.27.231	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:26	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=231,US)
204.48.27.242	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:38	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=242,US)
204.48.30.235	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:24	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=235,US)
204.61.216.50	32	DT	None	2021-03-25 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:36	UDP: Port Scan (IP=50,US) | updated by RR Block was inactive. Reactivated on 20220923 with reason PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt - SourceFire (IP=50,US)
204.61.216.98	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:21	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=98,US)
204.79.197.203	32	SW	None	2022-07-01 00:00:00	2022-09-09 00:00:00	2022-07-01 18:06:11	Browser hoax - Case 7757 (IP=203,US) | Unblock: Used by Microsoft for msn.com - www-msn-com.a-0003.a-msedge.net, Had Gov CIRT Check ..KH
204.8.156.142	32	GM	None	2021-03-09 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00622 (IP=142,US) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=142,US)
204.87.17.241	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:10	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=241,US)
204.93.154.197	32	GM	None	2019-09-27 00:00:00	2022-01-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=197,US) | updated by AR Block was inactive. Reactivated on 20211030 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=197,US)
204.93.154.211	32	CR	None	2018-12-19 06:00:00	2022-01-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=211,US) | updated by RR with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=211,US) | updated by | updated by KD Block was inactive. Reactivated on 20211022 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=211,US)
204.93.154.212	32	CR	None	2019-01-15 06:00:00	2022-02-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=212,US) | updated by CR Block was inactive. Reactivated on 20191128 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack atte | updated by KD Block was inactive. Reactivated on 20211123 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- SourceFire (IP=212,US)
204.93.154.214	32	CR	None	2018-11-29 06:00:00	2022-03-15 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=214,US) | updated by RW Block was inactive. Reactivated on 20200228 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=214,US) | updated by KH Block was inactive. Reactivated on 20210719 with reason SSLv2 Client Hello Request Detected - FE IPS (IP=214,US) | updated by RT Block was inactive. Reactivated on 20211215 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=214,US)
204.93.154.215	32	CR	None	2019-01-01 06:00:00	2022-02-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=215,US) | updated by BMP Block was inactive. Reactivated on 20201213 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack att | updated by ZH Block was inactive. Reactivated on 20211127 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=215,US)
204.93.160.157	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=157,US)
204.93.169.19	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=19,US)
204.93.174.136	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=136,US)
204.93.180.4	32	CR	None	2018-12-12 06:00:00	2022-02-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=4,US) | updated by GM with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=4,US) | updated by RT Block was inactive. Reactivated on 20211105 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=4,US)
204.93.196.226	32	dbc	None	2019-04-08 00:00:00	2022-10-26 00:00:00	2022-07-29 16:36:18	US TO-S-2019-0577 Malicious Email Activity | updated by AS Block was inactive. Reactivated on 20220728 with reason HIVE Case #8047 COLS-NA TIP 21-0394 (IP=226,US)
2044289856.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
205.110.196.205	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:26	HIVE Case #8100 CTO 22-211 (IP=205,US)
205.134.243.218	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=218,US)
205.144.171.15	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
205.144.171.177	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
205.144.171.187	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
205.144.171.201	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=201,US)
205.144.171.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
205.144.171.45	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malware Activity
205.144.171.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
205.169.20.110	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=110,US)
205.178.183.76	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:26	HIVE Case #7894 CTO 22-187 (IP=76,JP)
205.185.114.113	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=113,US)
205.185.114.157	32	AR	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - SourceFire (IP=157,US)
205.185.115.217	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=217,US)
205.185.115.87	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:15	SQL injection - 6Hr Web Attacks (IP=87,US)
205.185.117.14	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=14,US)
205.185.117.149	32	GM	None	2019-10-29 00:00:00	2022-06-13 00:00:00	None	Possible Cyber Attack - 20C00710 (IP=149,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00580 (IP=149,US) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=149,US)
205.185.117.168	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:37	Attempted Access - Inbound Brute Force - IR# 22C01264(IP=168,US)
205.185.117.33	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=33,US)
205.185.117.82	32	RR	None	2022-04-13 00:00:00	2022-07-16 00:00:00	2022-04-16 14:40:47	Attempted Access - Inbound Brute Force - IR# 22C01184 (IP=82,US)
205.185.118.213	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:03	Attempted Access - Inbound Brute Force - IR# 22C01703 (IP=213,US)
205.185.123.172	32	RT	None	2021-08-24 00:00:00	2022-08-24 00:00:00	None	HIVE Case #6030 (IP=172,US)
205.185.123.220	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:20	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=220,US)
205.185.124.178	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:42	HIVE Case #7342 CTO 22-092 FRAGO (IP=178,US)
205.185.126.88	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 22:48:44	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=88,US)
205.185.216.42	32	GLM	None	2017-05-01 05:00:00	2022-02-05 00:00:00	None	FILE-IMAGE Directshow GIF logical width overflow attempt (IP=42,US) | updated by dbc Block was inactive. Reactivated on 20210205 with reason US TO-S-2021-1092 Hive Case 4875 Malware Activity
205.186.183.120	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
205.251.145.29	32	NHL	None	2020-11-17 00:00:00	2022-11-17 00:00:00	None	Case # 4289 - IOC_ SilverHawk_Android_Spyware (IP=29,US)
205.251.155.71	32	NHL	None	2020-11-17 00:00:00	2022-11-17 00:00:00	None	Case # 4289 - IOC_ SilverHawk_Android_Spyware (IP=71,US)
205.251.192.206	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:00	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=206,US)
205.251.192.244	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:10	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=244,US)
205.251.195.148	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:11	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=148,US)
205.251.195.16	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:00	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=16,US)
205.251.196.11	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:01	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=11,US)
205.251.197.54	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:01	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=54,US)
205.251.199.212	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:02	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=212,US)
205.254.173.191	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=191,IN)
205.60.69.18	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=18,US) | UNBLOCKED per CTO 22-305
205.60.71.153	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=153,US) | UNBLOCKED per CTO 22-305
205.60.71.38	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=38,US) | UNBLOCKED per CTO 22-305
205.85.107.53	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=53,US) | UNBLOCKED per CTO 22-305
205.85.107.54	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=54,US) | UNBLOCKED per CTO 22-305
205.85.107.55	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=55,US) | UNBLOCKED per CTO 22-305
205.85.107.56	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=56,US) | UNBLOCKED per CTO 22-305
205.85.107.60	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=60,US) | UNBLOCKED per CTO 22-305
205.85.107.65	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=65,US) | UNBLOCKED per CTO 22-305
205.85.107.66	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=66,US) | UNBLOCKED per CTO 22-305
205.85.107.67	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=67,US) | UNBLOCKED per CTO 22-305
205.85.107.68	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=68,US) | UNBLOCKED per CTO 22-305
205.85.107.69	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=69,US) | UNBLOCKED per CTO 22-305
205.85.107.70	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=70,US) | UNBLOCKED per CTO 22-305
205.85.118.151	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=151,US) | UNBLOCKED per CTO 22-305
205.85.22.19	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=19,US) | UNBLOCKED per CTO 22-305
205.85.24.241	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=241,US) | UNBLOCKED per CTO 22-305
205.85.28.213	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=213,US) | UNBLOCKED per CTO 22-305
205.85.30.129	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=129,US) | UNBLOCKED per CTO 22-305
205.85.30.57	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:27	HIVE Case #8100 CTO 22-211 (IP=57,US)
205.85.31.42	32	TLM	Kristen Pope	2022-10-17 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8472 TO-S-2022-0236 (IP=42,US) | UNBLOCKED per CTO 22-305
206.108.137.14	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=14,CA)
206.161.155.26	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=26,US)
206.166.251.187	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=187,NL)
206.166.251.86	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=86,NL)
206.183.111.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malicious Email Activity
206.188.193.161	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
206.188.197.104	24	EE	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:39	HIVE Case #7418 IOC_Fodcha Botnet (IP=104,NL)
206.188.212.92	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:35	HIVE Case #7535 TO-S-2022-0176 (IP=92,US)
206.189.0.137	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:40	SQL injection - Web Attacks (IP=137,NL)
206.189.10.42	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:42	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=42,NL)
206.189.100.199	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:18	SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt - SourceFire (IP=199,NL)
206.189.101.8	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:25	HTTP SQL Injection Attempt - Web Attacks (IP=8,NL)
206.189.102.131	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:19	SQL injection - Web Attacks (IP=131,NL)
206.189.104.9	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:44	SQL injection- 6hr Web Attacks (IP=9,NL)
206.189.105.192	24	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:16	SQL injection - WebAttacks (IP=192,NL)
206.189.106.212	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:32	HIVE Case #7198 CTO 22-071 (IP=212,NL)
206.189.106.86	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:26	SQL injection - Web Attacks (IP=86,NL)
206.189.107.207	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:06	SQL injection - Web Attacks (IP=207,NL)
206.189.108.14	24	NAB	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:07	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=14,NL)
206.189.109.101	24	SQL	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:52	union select - possible sql injection attempt - GET parameter (1:13990:27) - Source Fire (IP=101,NL)
206.189.11.36	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:29	SQL injection - WebAttacks (IP=36,NL)
206.189.110.124	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:26	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=124,NL)
206.189.111.16	32	AR	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00293 (IP=16,US)
206.189.111.199	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:45	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=199,NL)
206.189.112.239	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:45	SQL injection- 6hr Web Attacks (IP=239,GB)
206.189.113.254	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:54	SQL injection - 6Hr Web Attacks (IP=254,GB)
206.189.114.79	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:07	SQL injection- 6hr Web Attacks (IP=79,GB)
206.189.115.199	24	TH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-28 13:53:29	SQL injection - 6 Hr Web Report (IP=199,GB)
206.189.116.153	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:34	SQL injection - Web Attacks (IP=153,GB)
206.189.117.109	24	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	Adobe ColdFusion Administrator Access Restriction- 6hr web attacks (IP=109,GB)
206.189.117.23	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:34	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01713 (IP=23,GB)
206.189.118.108	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:39	HIVE Case #7380 CTO 22-099 (IP=108,GB)
206.189.118.3	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:06	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=3,GB)
206.189.12.249	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:47	SQL injection - Web Attacks (IP=249,NL)
206.189.120.99	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:02	SERVER-WEBAPP Java ClassLoader access attempt - Source Fire (IP=99,GB)
206.189.121.240	24	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:25	SQL injection - Web Attacks (IP=240,GB)
206.189.122.80	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:20	SQL injection - Web Attacks (IP=80,GB)
206.189.123.41	24	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- 6hr Web Attacks (IP=41,GB)
206.189.123.88	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=88,GB)
206.189.124.35	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:54	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (1:51370:1) - Sourcefire Rpt (IP=35,GB)
206.189.125.197	24	RS	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:02	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=192,GB)
206.189.126.129	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:35	SQL injection - Web Attacks (IP=129,GB)
206.189.127.194	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:07	SQL injection- Web Attacks (IP=194,GB)
206.189.128.39	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:54	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=39,IN)
206.189.129.73	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:21	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt - SourceFire (IP=73,IN)
206.189.130.238	24	AR	None	2021-12-09 00:00:00	2022-03-09 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=238,IN)
206.189.131.102	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:36	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=102,IN)
206.189.132.190	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:28	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=190,IN)
206.189.133.168	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:08	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - Sourcefire Rpt (IP=168,IN)
206.189.133.168	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:34	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - Sourcefire Rpt (IP=168,IN)
206.189.134.200	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:53	SQL injection - 6 Hr Web Report (IP=200,IN)
206.189.135.196	24	WR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00716 (IP=196,IN)
206.189.136.151	24	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:14	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - Sourcefire (IP=151,IN)
206.189.138.155	24	RS	None	2022-05-02 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:40	SQL injection - 6Hr Web Attacks (IP=155,IN) | updated by WR Block expiration extended with reason SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2) - Sourcefire (IP=155,IN)
206.189.139.121	24	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:17	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=121,IN)
206.189.14.161	24	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:19	HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=161,NL)
206.189.14.161	24	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:19	HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=161,NL)
206.189.140.33	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:08	SQL injection - Web Attacks (IP=.33,IN)
206.189.141.182	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:54	rConfig SQL Injection Vulnerability - Web Attacks (IP=182,IN)
206.189.142.129	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:41	SQL injection - 6HR WebAttack (IP=129,IN)
206.189.143.116	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:27	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=116,IN)
206.189.144.152	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:22	SQL Injection - 6Hr Web Attacks (IP=152,SG)
206.189.146.121	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:46	SQL injection - Web Attacks (IP=121,SG)
206.189.147.84	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:08	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=.84,SG)
206.189.149.196	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:23	SQL injection - 6hr web attacks (IP=196,SG)
206.189.15.116	24	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 22:47:44	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=116,NL)
206.189.150.47	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:38	HIVE Case #7662 CTO 22-145 (IP=47,SG)
206.189.151.23	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:54	SQL injection - 6hr Web Attacks (IP=23,SG)
206.189.152.51	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:48	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=51,SG)
206.189.153.43	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:06	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=43,SG)
206.189.154.233	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:51	SQL injection - Web Attacks (IP=233,SG)
206.189.155.233	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:52	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=233,SG)
206.189.156.69	24	RR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:51	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=69,DE)
206.189.156.69	32	RR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=69,US)
206.189.157.102	24	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:24	SQL injection - Web Attacks (IP=102,SG)
206.189.158.112	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:28	SQL injection - Web Attacks (IP=112,SG)
206.189.159.145	24	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:15	SQL injection - Web Attacks (IP=145,SG)
206.189.16.242	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:31	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire Report (IP=242,GB)
206.189.17.206	24	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=206,GB)
206.189.177.3	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:15	DoctorAppointmentSystem SQL Injection Vulnerability - Web Attacks (IP=3,US)
206.189.177.3	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:35	DoctorAppointmentSystem SQL Injection Vulnerability - Web Attacks (IP=3,US)
206.189.177.35	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:17	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=35,US)
206.189.177.95	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:27	HTTP SQL Injection Attempt - Web Attacks (IP=95,US)
206.189.178.210	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:28	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=210,US)
206.189.178.88	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:30	SQL injection - WebAttacks (IP=88,US)
206.189.184.122	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 13:55:53	SQL injection - 6hr Web Attacks (IP=122,US)
206.189.186.116	32	NAB	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:54	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=116,US)
206.189.186.218	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:13	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=218,US)
206.189.187.125	32	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:15	SQL injection - WebAttacks (IP=125,US)
206.189.187.85	32	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=85,US)
206.189.19.115	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:03	SERVER-WEBAPP Java ClassLoader access attempt - Source Fire (IP=115,GB)
206.189.190.128	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:09	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=128,US)
206.189.195.225	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:17	SQL injection - Web Attacks (IP=225,US)
206.189.195.244	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:25	SQL injection - WebAttacks (IP=244,US)
206.189.197.43	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:11	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) SourceFire (IP=43,US)
206.189.198.227	32	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:12	SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (1:51925:4) - SourceFire (IP=227,US)
206.189.2.251	24	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:33	HTTP: SQL Injection - Exploit - 6Hr Web Attacks (IP=251,NL)
206.189.200.210	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:54	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=210,US)
206.189.200.56	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:40	SQL injection - 6Hr Web Attacks (IP=56,US)
206.189.202.179	32	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:54	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt - SourceFire (IP=179,US)
206.189.203.0	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:21	SQL injection - Web Attacks (IP=0,US)
206.189.203.96	32	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:38	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=96,US)
206.189.205.212	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:47	SQL injection - Web Attacks (IP=212,US)
206.189.205.49	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:47	SQL injection - Web Attacks (IP=49,US)
206.189.206.0	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:54	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=0,US)
206.189.206.106	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:17	SQL injection - Web Attacks (IP=106,US)
206.189.206.145	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:02	SQL injection - WebAttacks (IP=145,US)
206.189.207.51	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:00	SQL injection - 6 hr Web Attacks (IP=51,US)
206.189.21.58	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:54	SQL injection - 6 Hr Web Report (IP=58,GB)
206.189.218.238	32	RB	None	2021-01-09 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:36	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - Sourcefire (IP=238,US) | updated by DT Block was inactive. Reactivated on 20220228 with reason Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=238,US)
206.189.22.223	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:26	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=223,GB)
206.189.22.44	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:20	SQL injection - Web Attacks (IP=44,GB)
206.189.224.38	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:15	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=38,US)
206.189.228.147	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:47	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=147,US)
206.189.229.132	32	AR	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=132,US)
206.189.23.128	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:29	SQL injection - 6Hr Web Attacks (IP=128,GB)
206.189.230.32	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:01	SQL injection - 6 hr Web Attacks (IP=32,US)
206.189.231.206	32	AR	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:51:30	SQL injection - Web Attacks (IP=206,US)
206.189.231.97	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:07	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=97,US)
206.189.232.197	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:40	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=197,US)
206.189.233.33	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:08	SQL injection- Web Attacks (IP=33,DE)
206.189.233.33	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:24	SERVER-WEBAPP Grafana getPluginAssets path traversal attempt - SourceFire (IP=33,US)
206.189.234.128	32	TH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-28 13:53:26	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire Report (IP=128,US)
206.189.235.41	32	JY	None	2022-09-22 00:00:00	2022-12-22 00:00:00	2022-09-22 22:55:18	Exploit.Webshell.Binary.php.FEC2 - FE NX (IP=41,US)
206.189.236.64	32	TC	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 22:29:35	SQL injection - 6hr Web Attacks (IP=64,US)
206.189.237.44	32	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:54:00	SIPVicious Security Scanner - IPS Events (IP=44,US)
206.189.238.120	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:16	SQL injection - Web Attacks (IP=120,US)
206.189.247.132	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:04	HIVE Case #7133 CTO 22-062 (IP=132,GB)
206.189.25.39	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:00	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=39,GB)
206.189.26.183	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:46	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=183,GB)
206.189.27.64	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:40	SQL generic sql insert injection attempt - POST parameter (1:15875:12)- Sourcefire Rpt (IP=64,GB)
206.189.28.27	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 22:48:04	SQL injection - 6 HR WebAttack (IP=27,GB)
206.189.29.20	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:27	SQL injection - Web Attacks (IP=20,GB)
206.189.3.140	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:55	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58734:4) - Sourcefire Rpt (IP=140,NL)
206.189.30.118	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:45	SQL injection - Web Attacks (IP=118,GB)
206.189.32.153	24	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:42	SQL injection - 6 Hr Web Report (IP=153,SG)
206.189.34.10	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:48	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=10,SG)
206.189.35.78	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:51	SQL injection - Web Attacks (IP=78,SG)
206.189.37.83	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:52	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=83,SG)
206.189.4.173	24	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:26	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=173,NL)
206.189.43.244	24	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:15	SQL injection - WebAttacks (IP=244,SG)
206.189.44.29	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:29	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - SourceFire (IP=29,SG)
206.189.45.54	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:42	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - SourceFire (IP=54,SG)
206.189.46.251	24	AR	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-27 13:51:57	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=251,SG)
206.189.47.203	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:14	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire (IP=203,SG)
206.189.5.101	24	RR	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:45	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=101,NL)
206.189.54.118	24	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:51	SQL injection - Web Attacks (IP=118,DE)
206.189.56.166	24	RS	None	2022-05-27 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:14	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=166,DE) | updated by SW Block expiration extended with reason Possible Cross-site Scripting Attack - IPS Events(IP=,166,DE) Possible Cross-site Scripting Attack - IPS Events(IP=,166,DE)
206.189.56.166	24	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:14	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=166,DE) | updated by SW Block expiration extended with reason Possible Cross-site Scripting Attack - IPS Events(IP=,166,DE) Possible Cross-site Scripting Attack - IPS Events(IP=,166,DE)
206.189.57.209	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:43	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - SourceFire (IP=209,DE)
206.189.58.34	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:39	SQL injection - 6Hr Web Attacks (IP=34,DE)
206.189.59.216	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:09	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=216,DE)
206.189.6.181	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:55	SQL injection - 6hr Web Attacks (IP=181,NL)
206.189.7.156	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:30	SQL injection- 6hr Web Attacks (IP=156,NL)
206.189.8.127	24	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:48:57	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=127,NL)
206.189.82.73	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:00	SQL Injection- Web Attacks (IP=73,US)
206.189.82.73	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:38	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - SourceFire (IP=73,SG)
206.189.84.135	24	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:52	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - SourceFire (IP=135,SG)
206.189.89.126	24	RT	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-21 13:44:42	SQL injection - 6 HR WebAttack (IP=126,SG)
206.189.9.12	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=12,NL)
206.189.9.46	24	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:17	HTTP SQL Injection Attempt - Web Attacks (IP=46,NL)
206.189.90.34	24	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=34,SG)
206.189.91.161	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:44:01	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=161,SG)
206.189.92.14	24	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:16	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=14,SG)
206.189.93.208	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:54	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire (IP=208,SG)
206.189.96.58	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:36	SQL injection - Web Attacks (IP=58,NL)
206.189.96.9	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:39	SQL injection - WebAttacks (IP=9,NL)
206.189.97.248	24	TH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 13:42:42	SQL injection - 6 Hr Web Report (IP=248,NL)
206.189.98.133	24	RR	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 18:08:57	SQL injection - Web Attacks (IP=133,NL)
206.189.99.26	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:53	SQL injection - 6hr Web Attacks (IP=26,NL)
206.190.157.238	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:40	HIVE Case #7894 CTO 22-187 (IP=238,SG)
206.191.152.37	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:33	HIVE Case #7404 CTO 22-105 (IP=37,US)
206.210.105.27	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CA TO-S-2021-1092 Hive Case 4875 Malware Activity
206.217.216.26	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:03	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228)- SourceFire(IP=26,NL)
206.221.176.103	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=103,US)
206.221.176.107	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=107,US)
206.221.176.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
206.221.176.171	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=171,US)
206.221.176.220	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=220,US)
206.221.176.237	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=237,US)
206.221.184.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
206.221.185.106	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=106,US)
206.221.186.34	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=34,US)
206.232.47.181	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:29	ColdFusion Error reporting - IR # 22C01133 (IP=181,US)
206.233.143.34	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:43	HIVE Case #7662 CTO 22-145 (IP=34,US)
206.54.190.138	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:19	HIVE Case #7669 TO-S-2022-0187 (IP=138,US)
206.54.190.170	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:19	HIVE Case #7669 TO-S-2022-0187 (IP=170,US)
206.71.179.94	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:38	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=94,US)
206.81.1.144	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=144,US)
206.81.1.21	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=21,US)
206.81.1.225	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:29	SQL injection - Web Attacks (IP=225,US)
206.81.10.6	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:48	SQL injection - 6hr web attacks (IP=6,US)
206.81.11.255	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:14	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=255,US)
206.81.12.111	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:27	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=111,US)
206.81.12.237	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:15	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - SourceFire (IP=237,US)
206.81.13.61	32	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 22:41:18	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=61,US)
206.81.13.83	32	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:37	SQL injection - Web Attacks (IP=83,US)
206.81.14.152	32	ZH	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-03 13:44:42	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt (1:54162:1) - SourceFire (IP=152,US)
206.81.14.248	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=248,US)
206.81.15.248	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:34	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - SourceFire (IP=248,US)
206.81.15.9	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:48	vBulletin SQL Injection Vulnerability - Web Attacks (IP=9,US)
206.81.16.93	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
206.81.17.136	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:08	HTTP: PHP File Inclusion Vulnerability - 6HR web Attacks (IP=136,DE)
206.81.18.27	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:57	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44329:2) - SourceFire (IP=27,DE)
206.81.2.121	32	AR	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-23 13:49:40	SQL injection - 6Hr Web Attack (IP=121,US)
206.81.2.251	32	RB	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:09	SQL injection - WebAttacks (IP=251,US)
206.81.22.44	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:13	HTTP: PHP File InclusionVulnerability- Web Attacks (IP=44,DE)
206.81.24.82	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-17 13:54:57	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=82,DE)
206.81.26.144	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:34	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=144,DE)
206.81.3.197	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:10	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=197,US)
206.81.4.12	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:53	SQL injection - 6Hr Web Attack (IP=12,US)
206.81.4.168	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:41	SQL injection - Web Attacks (IP=168,US)
206.81.6.37	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:25	SQL injection - 6hr web attacks (IP=37,US)
206.81.6.67	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:08	SQL injection - Web Attacks (IP=67,US)
206.81.7.241	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:07	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - SourceFire (IP=241,US)
206.81.9.179	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=179,US)
206.81.9.231	32	TC	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:59:02	SQL injection - WebAttacks (IP=231,US)
206.81.9.37	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=37,US)
206.81.9.49	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:38	SQL injection - Web Attacks (IP=49,US)
207.102.138.19	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=19,CA)
207.132.241.73	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:51	HIVE Case #7662 CTO 22-145 (IP=73,US)
207.148.103.182	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=182,JP)
207.148.109.111	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:02	HIVE Case #7894 CTO 22-187 (IP=111,JP)
207.148.110.155	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:24	HIVE Case #7653 CTO 22-144 (IP=155,JP)
207.148.110.215	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:23	HIVE Case #7495 CTO 22-120 (IP=215,JP)
207.148.113.206	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=206,JP)
207.148.119.147	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:13	HIVE Case #7564 TO-S-2022-0180 (IP=147,SG)
207.148.122.171	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:32	HIVE Case #7894 CTO 22-187 (IP=171,SG)
207.148.124.10	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=10,SG)
207.148.124.149	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=149,SG)
207.148.125.242	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=242,SG)
207.148.125.56	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:08	HIVE Case #7104 TO-S-2022-0138 (IP=56,SG)
207.148.13.181	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=181,US)
207.148.14.8	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=8,US)
207.148.27.216	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:34	HIVE Case #7557 CTO 22-130 (IP=216,US)
207.148.3.47	32	RB	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00839 (IP=47,US)
207.148.64.239	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:14	HIVE Case #7564 TO-S-2022-0180 (IP=239,SG)
207.148.64.72	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:08	HIVE Case #7627 CTO 22-140 (IP=72,SG)
207.148.70.28	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:42	HIVE Case #7380 CTO 22-099 (IP=28,SG)
207.148.70.82	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=82,SG)
207.148.72.166	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=166,SG)
207.148.72.60	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=60,SG)
207.148.97.160	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:20	HIVE Case #7881 CTO 22-182 (IP=160,JP)
207.154.192.114	24	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:59	SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt (1:59934:2) - SourceFire (IP=114,DE)
207.154.193.22	24	WR	None	2022-04-30 00:00:00	2022-07-28 00:00:00	2022-04-30 13:53:08	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection- FE NX (IP=22,DE)
207.154.194.132	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:55	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=132,DE)
207.154.196.45	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:30	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=45,DE)
207.154.197.41	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:41	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=41,DE)
207.154.198.146	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:53	SQL injection- Web Attacks (IP=146,NL)
207.154.199.225	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:19	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=225,DE)
207.154.199.225	24	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:33	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=225,DE)
207.154.202.230	24	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:28	SQL injection - Web Attacks (IP=230,DE)
207.154.203.201	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58722:3) - Source Fire (IP=201,DE)
207.154.204.199	24	DT	None	2022-03-01 00:00:00	2022-05-31 00:00:00	2022-03-02 14:47:54	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=199,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=199,DE) SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=199,DE)
207.154.204.199	24	RR	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 14:47:54	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=199,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=199,DE) SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=199,DE)
207.154.205.169	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:01	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire Report (IP=169,DE)
207.154.208.224	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:40	SQL injection - 6 HR WebAttack (IP=224,DE)
207.154.210.114	24	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:49	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=114,DE)
207.154.212.142	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:18	SERVER-WEBAPP Apache Struts remote code execution attempt - SourceFire (IP=142,DE)
207.154.213.130	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:34	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=130,DE)
207.154.214.122	24	TH	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - CIRT Web Attacks (IP=122,DE)
207.154.216.214	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:35	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3 - SourceFire (IP=214,DE)
207.154.218.214	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:01	SERVER-WEBAPP generic SQL select statement possible sql injection - SourceFire (IP=214,DE)
207.154.219.245	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:30	SQL injection - Web Attacks (IP=245,DE)
207.154.220.165	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:30	SQL injection - 6hr Web Attacks (IP=165,DE)
207.154.224.147	24	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:07	SERVER-WEBAPP WSO2 multiple products directory traversal attempt (1:59652:1) - Source Fire (IP=147,DE)
207.154.225.23	24	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:20	SQL injection - Web Attacks (IP=23,DE)
207.154.227.223	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:44:02	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt - SourceFire (IP=223,DE)
207.154.228.218	24	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:16	SQL injection - 6Hr Web Attack (IP=218,DE)
207.154.229.0	24	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:42:57	HTTP SQL Injection Attempt - Web Attacks (IP=0,DE)
207.154.230.187	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:06	SQL injection - WebAttacks (IP=187,DE)
207.154.231.244	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:29	SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt (1:48206:1) - SourceFire (IP=244,DE)
207.154.232.91	24	ZH	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 22:43:45	SQL injection - WebAttacks (IP=91,DE)
207.154.234.24	24	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:44	SERVER-WEBAPP Java ClassLoader access attempt (1:30790:8) - Source Fire (IP=24,DE)
207.154.235.29	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:01	SERVER-WEBAPP LG N1A1 NAS command injection attempt - SourceFire (IP=29,DE)
207.154.236.34	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:42	SQL injection - 6Hr Web Attacks (IP=34,DE)
207.154.237.87	24	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:41	SQL injection - Web Attacks (IP=87,DE)
207.154.241.99	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:26	SERVER-WEBAPP Webmin password_change command injection attempt (1:51488:1) - SourceFire Report (IP=99,DE)
207.154.242.254	24	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:42	SQL injection - WebAttacks (IP=254,DE)
207.154.243.160	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:34	SQL Injection - Web Attacks(IP=160,DE)
207.154.243.255	24	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 22:56:34	Failed password - Failed Logons (IP=255,DE) | updated by ZH Block was inactive. Reactivated on 20220906 with reason SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=255,DE) SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=255,DE)
207.154.243.255	24	GM	None	2020-01-31 00:00:00	2022-12-05 00:00:00	2022-09-06 22:56:34	Failed password - Failed Logons (IP=255,DE) | updated by ZH Block was inactive. Reactivated on 20220906 with reason SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=255,DE) SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=255,DE)
207.154.244.58	24	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:22	SQL injection - Web Attacks (IP=58,DE)
207.154.251.198	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:38	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=198,DE)
207.154.252.177	24	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:00	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (1:52603:1) - SourceFire Report (IP=177,DE)
207.154.253.187	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:55	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=187,DE)
207.154.255.246	24	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:41	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=246,DE)
207.174.212.247	32	TLM	None	2021-08-10 00:00:00	2022-10-25 00:00:00	2022-07-28 19:15:45	HIVE Case #5968 TO-S-2021-1276 (IP=247,US) | updated by AS Block was inactive. Reactivated on 20220727 with reason HIVE Case #8030 COLS-NA TIP 21-0410 (IP=247,US)
207.174.213.181	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
207.174.213.34	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
207.174.214.139	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
207.174.215.198	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=198,US)
207.178.96.17	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=17,US)
207.179.160.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.196.23	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
207.180.199.65	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:52	HIVE Case #7898 CTO 22-188 (IP=65,DE)
207.180.200.233	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=233,DE)
207.180.200.99	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.201.204	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.203.97	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=97,DE)
207.180.204.105	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:49	HIVE Case #7898 CTO 22-188 (IP=105,DE)
207.180.208.182	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:35	HIVE Case #7199 CTO 22-074 (IP=182,DE)
207.180.208.182	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:35	HIVE Case #7199 CTO 22-074 (IP=182,DE)
207.180.208.189	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.211.108	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.211.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.213.201	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.213.88	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.218.247	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:35	HIVE Case #7432 CTO 22-110 (IP=247,DE)
207.180.218.63	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.220.8	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.221.180	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
207.180.222.40	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.223.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.224.136	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.226.173	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:42	HIVE Case #7662 CTO 22-145 (IP=173,DE)
207.180.229.160	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:02	SIPVicious Security Scanner - IPS Events (IP=160,DE)
207.180.233.40	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=40,DE)
207.180.234.135	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.234.202	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=202,DE)
207.180.236.235	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.236.72	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:51	HIVE Case #7898 CTO 22-188 (IP=72,DE)
207.180.236.98	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=98,DE)
207.180.239.164	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
207.180.241.85	24	RB	None	2021-03-11 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:57	SQL injection - 6hr web attacks (IP=85,DE) | updated by BMP Block expiration extended with reason OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=85,DE) | updated by SW Block was inactive. Reactivated on 20220703 with reason SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - SourceFire (IP=85,DE)
207.182.161.16	32	RT	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-08 18:08:47	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=16,US)
207.182.163.30	32	RR	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:45	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=30,US)
207.182.167.164	32	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:31	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - Sourcefire Report (IP=164,US)
207.182.167.204	32	RT	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SOURCEFIRE REPORT (IP=204,US)
207.182.167.208	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:03	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=208,US)
207.182.167.231	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:58	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - SourceFire (IP=231,US)
207.182.167.78	32	RT	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-08 18:08:48	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - Sourcefire Report(IP=78,US)
207.2.108.254	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
207.200.217.37	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=37,US)
207.210.203.157	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
207.228.157.54	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BM TO-S-2021-1050 Hive Case 4821 Malware Activity
207.241.228.155	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
207.244.224.209	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=209,US)
207.244.227.140	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
207.244.227.5	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=5,US)
207.244.227.98	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=98,US)
207.244.228.42	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
207.244.229.191	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=191,US)
207.244.230.118	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=118,US)
207.244.230.119	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=119,US)
207.244.230.94	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=94,US)
207.244.234.126	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=126,US)
207.244.234.127	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=127,US)
207.244.234.212	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=212,US)
207.244.234.243	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=243,US)
207.244.238.253	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=253,US)
207.244.240.61	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
207.244.242.100	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=100,US)
207.244.244.252	32	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=252,US)
207.244.248.240	32	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=240,US)
207.244.249.143	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=143,US)
207.244.251.12	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=12,US)
207.244.251.128	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=128,US)
207.244.251.13	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=13,US)
207.244.251.14	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=14,US)
207.244.251.15	32	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=15,US)
207.244.251.16	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=16,US)
207.244.252.24	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=24,US)
207.244.253.10	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=10,US)
207.244.253.21	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=21,US)
207.244.253.54	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=54,US)
207.244.255.135	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=135,US)
207.244.255.156	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=156,US)
207.244.255.212	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=212,US)
207.244.67.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
207.244.70.35	32	djs	None	2015-09-15 05:00:00	2022-05-17 00:00:00	None	Malicious Heartbleed Request V2 (ip=35,US) | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16- | updated by wmp Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 Mandiant Intel Report (IP=35,US)
207.244.71.82	32	TLM	None	2022-01-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=82,US)
207.244.71.84	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=84,US)
207.246.101.153	32	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=153,US)
207.246.103.22	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:53	HIVE Case #7164 CTO 22-067.1 (IP=22,US)
207.246.106.101	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:43	HIVE Case #7894 CTO 22-187 (IP=101,US)
207.246.112.221	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:53	HIVE Case #7199 CTO 22-074 (IP=221,US)
207.246.125.40	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:25	HIVE Case #8395 TO-S-2022-0233 (IP=40,US)
207.246.126.121	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:28	HIVE Case #7714 CTO 22-154 (IP=121,US)
207.246.71.30	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=30,US)
207.246.83.252	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=252,US)
207.246.95.24	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=24,US)
207.248.118.42	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MX TO-S-2021-1037 Hive Case 4785 Malware Activity
207.250.46.226	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6173 CTO 21-251 (IP=226,US)
207.32.216.31	32	KD	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-12 14:30:07	PROTOCOL-DNS DNS query amplification attempt - SourceFire(IP=31,US)
207.32.217.89	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6995 TO-S-2022-0131 (IP=89,US)
207.38.76.150	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:50	FILE-OTHER libxml2 file processing long entity overflow attempt (1:15866:17) - SourceFire (IP=150,US)
207.46.13.62	32	TC	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-11 22:52:12	HUNT IP Block request - IR# 22C01791 (IP=62,US)
207.55.240.101	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
208.109.14.115	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=115,SG)
208.109.16.205	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
208.109.19.86	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=86,US)
208.109.23.109	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
208.109.24.33	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=33,US)
208.109.39.83	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=83,US)
208.109.41.246	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
208.109.68.201	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=201,US)
208.109.78.68	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=68,US)
208.109.79.130	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=130,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=130,US)
208.110.82.122	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
208.111.179.1	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=1,US)
208.111.179.129	32	ZH	None	2022-01-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:44	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6)- Sourcefire Rpt (IP=129,US) | updated by TC Block was inactive. Reactivated on 20220919 with reason FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - SourceFire (IP=129,US)
208.113.162.244	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6806 CTO 22-013 (IP=244,US)
208.113.186.250	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
208.113.221.188	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
208.113.252.107	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=107,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=107,US)
208.115.115.104	32	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:38	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=104,US)
208.115.210.54	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:52	SIPVicious Security Scanner - IPS Events(IP=54,US)
208.115.245.214	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:56	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=214,US)
208.115.245.222	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:56	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=222,US)
208.115.54.206	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=206,US)
208.115.96.93	32	AR	None	2021-10-31 00:00:00	2022-01-29 00:00:00	None	Unauthorized Access-Probe - TT# 22C00266 (IP=93,US)
208.117.31.226	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=226,US)
208.117.46.9	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=9,US)
208.117.83.18	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=18,US)
208.117.87.203	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=203,US)
208.123.116.169	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
208.131.150.31	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=31,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=31,US)
208.131.178.38	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JM TO-S-2021-1050 Hive Case 4821 Malware Activity
208.138.25.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,JM)
208.21.208.2	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:47	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=2,US)
208.66.192.56	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=56,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=56,US)
208.67.105.181	32	TC	None	2022-08-22 00:00:00	2022-11-21 00:00:00	2022-08-23 18:08:58	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=181,US) | updated by RR Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=181,US)
208.67.105.203	32	SW	None	2022-08-08 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:32	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=203,US) | updated by RR Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=203,US)
208.67.105.236	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:24	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=236,US)
208.67.105.60	32	JP	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 22:41:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=60,US)
208.67.105.70	32	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:10	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=70, US)
208.68.37.229	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:00	SQL injection - Web Attacks (IP=229,US)
208.68.37.33	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:30	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=33,US)
208.68.37.8	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:28	SQL injection - Web Attacks (IP=8,US)
208.72.48.60	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=60,US)
208.77.97.176	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=176,US)
208.78.71.29	32	UA	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt - Sourcefire (IP=29,US)
208.81.37.50	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=50,US)
208.81.37.55	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:57	HIVE Case #7199 CTO 22-074 (IP=55,US)
208.81.37.56	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:58	HIVE Case #7199 CTO 22-074 (IP=56,US)
208.81.37.57	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:58	HIVE Case #7199 CTO 22-074 (IP=57,US)
208.81.37.58	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:59	HIVE Case #7199 CTO 22-074 (IP=58,US)
208.81.37.59	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:59	HIVE Case #7199 CTO 22-074 (IP=59,US)
208.81.37.60	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:00	HIVE Case #7199 CTO 22-074 (IP=60,US)
208.81.37.61	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:00	HIVE Case #7199 CTO 22-074 (IP=61,US)
208.85.21.91	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=91,US)
208.89.84.4	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=4,CA)
208.90.58.25	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=25,US)
208.91.112.55	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=55,CA)
208.91.197.27	32	djs	None	2015-08-11 05:00:00	2022-09-30 00:00:00	2022-03-31 14:47:58	suspected malware c2 (ip=27,VG) | updated by tjh with reason US TO-S-2016-0097 | updated by AS Block was inactive. Reactivated on 20220331 with reason HIVE Case #7308 CTO 22-090 (IP=27,VG) HIVE Case #7308 CTO 22-090 (IP=27,VG)
208.91.197.27	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:58	suspected malware c2 (ip=27,VG) | updated by tjh with reason US TO-S-2016-0097 | updated by AS Block was inactive. Reactivated on 20220331 with reason HIVE Case #7308 CTO 22-090 (IP=27,VG) HIVE Case #7308 CTO 22-090 (IP=27,VG)
208.91.197.91	32	NAB	None	2021-01-08 00:00:00	2022-06-06 00:00:00	None	HIVE Case #NA FP Security (IP=91,VG) | updated by TLM Block was inactive. Reactivated on 20211206 with reason HIVE Case #6612 CTO 21-336 (IP=91,VG) HIVE Case #6612 CTO 21-336 (IP=91,VG)
208.91.197.91	32	TLM	None	2021-12-06 00:00:00	2022-06-06 00:00:00	None	HIVE Case #NA FP Security (IP=91,VG) | updated by TLM Block was inactive. Reactivated on 20211206 with reason HIVE Case #6612 CTO 21-336 (IP=91,VG) HIVE Case #6612 CTO 21-336 (IP=91,VG)
208.93.152.31	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:07	TCP: SYN Host Sweep (IP=31,US) | updated by RS Block was inactive. Reactivated on 20220601 with reason SSLv2 Client Hello Request Detected - IPS Events (IP=31,US) SSLv2 Client Hello Request Detected - IPS Events (IP=31,US)
208.93.152.31	32	DT	None	2021-03-25 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:07	TCP: SYN Host Sweep (IP=31,US) | updated by RS Block was inactive. Reactivated on 20220601 with reason SSLv2 Client Hello Request Detected - IPS Events (IP=31,US) SSLv2 Client Hello Request Detected - IPS Events (IP=31,US)
208.93.152.31	32	DT	None	2021-03-25 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:07	TCP: SYN Host Sweep (IP=31,US) | updated by RS Block was inactive. Reactivated on 20220601 with reason SSLv2 Client Hello Request Detected - IPS Events (IP=31,US) SSLv2 Client Hello Request Detected - IPS Events (IP=31,US)
208.93.152.32	32	GM	None	2021-01-12 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:19	SSLv2 Client Hello Request Detected - FireEye CMS (IP=32,US) | updated by RS Block was inactive. Reactivated on 20220521 with reason File /etc/passwd Access Attempt Detect - FE IPS Events (IP=32,US) File /etc/passwd Access Attempt Detect - FE IPS Events (IP=32,US)
208.93.152.32	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:19	SSLv2 Client Hello Request Detected - FireEye CMS (IP=32,US) | updated by RS Block was inactive. Reactivated on 20220521 with reason File /etc/passwd Access Attempt Detect - FE IPS Events (IP=32,US) File /etc/passwd Access Attempt Detect - FE IPS Events (IP=32,US)
208.94.4.90	32	AS	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 17:24:49	HIVE Case #8218 COLS-NA TIP 22-0304 (IP=90,US)
208.96.18.238	32	GL	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:53	Derived from threat hunting (IP=238,US)
208.99.105.119	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:50:35	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=119,US)
209.105.242.187	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:05	HIVE Case #7104 TO-S-2022-0138 (IP=187,US)
209.126.114.82	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
209.126.119.186	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=186,US)
209.126.122.23	32	RS	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 22:55:34	Self-Report Coldfusion - IR#22C01314 (IP=23,US)
209.126.124.37	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
209.126.13.55	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=55,US)
209.126.2.3	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=3,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=3,US)
209.126.6.5	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=5,US)
209.126.82.87	32	CR	None	2021-05-18 00:00:00	2022-01-27 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=87,US) | updated by KH Block was inactive. Reactivated on 20211029 with reason Nmap Scanner Traffic Detected - FE IPS (IP=87,US)
209.126.82.88	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=88,US)
209.126.82.90	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=90,US)
209.126.84.13	32	ZH	None	2021-06-26 00:00:00	2022-01-02 00:00:00	None	HTTP Request Brute Force Attack - 6hr Web Attacks (IP=13,US) | updated by ZH Block was inactive. Reactivated on 20211004 with reason SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=13,US)
209.126.86.45	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=45,US)
209.126.86.46	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=46,US)
209.126.86.47	32	KH	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=47,US)
209.126.86.48	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=48,US)
209.126.87.112	32	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=112,US)
209.126.87.65	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=65,US)
209.126.87.66	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=66,US)
209.126.87.67	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=67,US)
209.126.87.68	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=68,US)
209.126.87.69	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=69,US)
209.126.87.70	32	SW	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	Nmap Scanner Traffic Detected - IPS Events(IP=70,US)
209.126.87.71	32	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Nmap Scanner Traffic Detected - IPS Events (IP= 71, US)
209.126.87.72	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=72,US)
209.126.87.73	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=73,US)
209.126.98.206	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:22	HIVE Case #7535 TO-S-2022-0176 (IP=206,US)
209.127.110.126	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:16	HIVE Case #7668 CTO 22-146 (IP=126,US)
209.127.17.242	32	GM	None	2021-03-09 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00615 (IP=242,CA) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=242,CA)
209.127.185.154	32	TH	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire Report (IP=154,US)
209.127.185.162	32	KH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=162,US)
209.13.169.226	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
209.133.202.246	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=246,US)
209.133.205.122	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
209.135.141.233	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=233,US)
209.135.141.237	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=237,US)
209.141.32.206	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44229 (IP=206,US)
209.141.33.208	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=208,US)
209.141.33.232	32	CR	None	2021-05-20 00:00:00	2022-02-05 00:00:00	None	Generic URI Injection wget Attempt - IPS Event (IP=232,US) | updated by TLM Block expiration extended with reason HIVE Case #5 TO-S-2021-1447 (IP=232,US)
209.141.34.134	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:54	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=134,US)
209.141.34.232	32	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:48:02	SSH2 Failed Login Attempt - Failed Logons (IP=232,US)
209.141.34.95	32	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=95,US)
209.141.35.17	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malware Activity
209.141.36.185	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=185,US)
209.141.36.53	32	RT	None	2021-08-25 00:00:00	2022-08-25 00:00:00	None	Malware Callback Hive Case # 6030 (IP=53,US)
209.141.37.189	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:20	HIVE Case #7669 TO-S-2022-0187 (IP=189,US)
209.141.40.109	32	KD	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	Attempted Access - Inbound Brute Force- TT# 22C00879 (IP=109,US)
209.141.40.123	32	KH	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:30	ZmEu phpMyAdmin Vulnerability Scanner - FE CMS (IP=123,US)
209.141.41.103	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=103,US)
209.141.41.137	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:57	SERVER-OSAER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire Report (IP=137,US)
209.141.41.152	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=152,US)
209.141.42.158	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=158,US)
209.141.43.27	32	RR	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=27,US)
209.141.44.64	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:42	HIVE Case #7342 CTO 22-092 FRAGO (IP=64,US)
209.141.45.189	32	RR	None	2020-07-18 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:35	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=189,US) | updated by DT Block was inactive. Reactivated on 20210314 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00686 (IP=189,US) | updated by WR Block was inactive. Reactivated on 20220228 with reason SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=189,US)
209.141.46.114	32	NAB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=114,US)
209.141.46.81	32	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:36	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=81,US)
209.141.47.131	32	TH	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	Attempted Access - Inbound Brute Force - TT#22C00736 (IP=131,US)
209.141.47.28	32	NAB	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=28,US)
209.141.48.191	32	RB	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER RealTek UDPServer command injection attempt - Sourcefire (IP=191,US)
209.141.50.20	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:08	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - SourceFire Report (IP=20,US)
209.141.50.20	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:28	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - FE CMS IPS alert (IP=20,US)
209.141.51.30	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:06	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=30,US)
209.141.51.43	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire Report (IP=43,US)
209.141.52.78	32	TLM	None	2022-06-08 00:00:00	2022-12-07 00:00:00	2022-06-09 13:12:49	HIVE Case #7739 CTO 22-159 (IP=78,US)
209.141.53.78	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:05	HIVE Case #7745 CTO 22-160 (IP=78,US)
209.141.54.195	32	RW	None	2021-03-10 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:43	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=195,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=195,US)
209.141.55.140	32	TH	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-22 13:52:30	Attempted Access - Inbound Brute Force - IR# 22C01721 (IP=140,US)
209.141.55.26	32	GM	None	2021-03-09 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:44	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00643 (IP=26,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=26,US)
209.141.56.100	32	DT	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - IPS Events (IP=100,US)
209.141.56.166	32	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=166,US)
209.141.57.123	32	TH	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-04 22:59:41	Webshell.Binary.php.FEC2 - FE NX Alerts (IP=123,US)
209.141.57.178	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:44	HIVE Case #7342 CTO 22-092 FRAGO (IP=178,US)
209.141.57.192	32	NAB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=192,US)
209.141.58.146	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:45	HIVE Case #7342 CTO 22-092 FRAGO (IP=146,US)
209.141.59.96	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:21	HIVE Case #7669 TO-S-2022-0187 (IP=96,US)
209.141.60.0	22	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:41	HIVE Case #7840 CTO 22-175 (IP=0,US)
209.141.61.225	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:41	HIVE Case #7813 CTO 22-173 (IP=225,US)
209.141.62.185	32	wmp	None	2021-10-13 00:00:00	2022-01-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=185,US)
209.145.52.252	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=252,US)
209.145.53.117	32	RT	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6HR Web Attacks (IP=117,US)
209.145.53.57	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=57,US)
209.145.54.10	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=10,US)
209.145.56.218	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=218,US)
209.145.56.254	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=254,US)
209.145.57.2	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=2,US)
209.145.57.248	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=248,US)
209.145.58.124	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=124,US)
209.145.58.147	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=147,US)
209.145.58.191	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=191,US)
209.145.59.100	32	RR	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:07	POLICY-OTHER Adobe ColdFusion component browser access attempt - SourceFire (IP=100,US)
209.145.59.111	32	KH	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=111,US)
209.145.59.15	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=15,US)
209.145.59.230	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=230,US)
209.145.59.98	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=98,US)
209.145.60.215	32	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=215,US)
209.145.61.163	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
209.145.61.27	32	DT	None	2021-04-23 00:00:00	2022-06-15 00:00:00	2022-03-17 13:48:19	Self-Report/Ft Detrick - IR# 21C01055 (IP=27,US) | updated by BMP Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=27,US) | updated by WR Block was inactive. Reactivated on 20220317 with reason Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=27,US)
209.145.61.76	32	WR	None	2022-02-19 00:00:00	2022-05-19 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE CMS IPS (76,US)
209.145.63.226	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=226,US)
209.15.192.106	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=106,CA)
209.15.20.227	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=227,US)
209.151.144.223	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:21	HIVE Case #7669 TO-S-2022-0187 (IP=223,US)
209.151.152.114	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=114,US)
209.159.147.252	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:06	SERVER-APACHE Apache Struts2 remote code execution attempt (1:27245:7) - SourceFire (IP=252,US)
209.16.131.131	32	RT	None	2021-06-10 00:00:00	2022-02-05 00:00:00	None	SQL injection - 6 HR WebAttack (IP=131,US) | updated by KD Block was inactive. Reactivated on 20211107 with reason SQL use of sleep function in HTTP header - likely SQL injection attempt- TT# 22C00305 (IP=131,US)
209.164.36.119	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:39	HIVE Case #7327 COLS-NA TIP 22-0114 (IP=119,US)
209.166.175.201	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:58	HIVE Case #7874 CTO 22-181 (IP=201,US)
209.170.91.200	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:12	HIVE Case #7653 CTO 22-144 (IP=200,US)
209.181.47.54	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:01	HIVE Case #7199 CTO 22-074 (IP=54,US)
209.182.192.45	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
209.182.193.31	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=31,US)
209.182.195.149	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
209.182.199.2	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
209.182.208.223	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
209.182.209.168	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=168,US)
209.182.213.214	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=214,US)
209.182.232.172	32	RB	None	2019-10-10 00:00:00	2022-04-05 00:00:00	None	Unauthorized Access-Probe - TT# 20C00346 (IP=172,US) | updated by NAB Block was inactive. Reactivated on 20220105 with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=172,US)
209.188.21.230	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=230,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=230,US)
209.188.88.204	32	srm	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #NA FP Security (IP=204,US)
209.190.197.196	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
209.192.137.208	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=208,US)
209.216.80.226	32	TH	None	2022-09-04 00:00:00	2022-12-03 00:00:00	2022-09-05 12:32:30	SIPVicious Security Scanner - FE CMS IPS Events (IP=226,US)
209.216.93.226	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:40	Possible Cross-site Scripting Attack - FE IPS Events (IP=226,US)
209.216.93.82	32	TH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-16 13:52:03	SIPVicious Security Scanner - FE CMS IPS Events (IP=82,US)
209.22.225.16	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:51	HIVE Case #7662 CTO 22-145 (IP=16,US)
209.222.101.153	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=153,US)
209.222.101.161	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=161,US)
209.222.101.167	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=167,US)
209.222.101.21	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=21,US)
209.222.101.221	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=221,US)
209.222.101.96	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=96,US)
209.222.104.194	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=194,US)
209.222.97.107	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=107,US)
209.222.97.22	32	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 22:53:25	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) -Sourcefire (IP=22,US)
209.222.97.3	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=3,US)
209.222.97.8	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=8,US)
209.222.98.111	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=111,US)
209.222.98.14	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=14,US)
209.222.98.168	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=168,US)
209.222.98.197	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=197,US)
209.222.98.219	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=219,US)
209.222.98.225	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=225,US)
209.222.98.242	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=242,US)
209.222.98.33	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=33,US)
209.222.98.45	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=45,US)
209.222.98.75	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=75,US)
209.222.98.79	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=79,US)
209.222.99.26	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=26,US)
209.239.115.91	32	jkc	None	2018-05-16 05:00:00	2022-03-24 00:00:00	None	Mosquito attack CNC (IP=91, US) | updated by AS Block was inactive. Reactivated on 20210924 with reason HIVE Case #6244 CTO 21-267 (IP=91,US)
209.239.85.98	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=98,US)
209.250.231.67	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:33	HIVE Case #7853 CTO 22-179 (IP=67,GB)
209.250.232.130	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:03	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=130,DE)
209.250.241.35	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=35,NL)
209.250.245.179	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6310 CTO 21-273 (IP=179,NL)
209.250.246.178	24	RT	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-06 13:47:07	SQL injection - 6hr Web Attacks (IP=178,NL)
209.250.252.241	24	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:42	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=241, NL)
209.250.253.209	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6631 CTO 21-329 (IP=209,NL)
209.250.253.96	32	TLM	None	2022-05-06 00:00:00	2022-11-05 00:00:00	2022-05-06 18:07:08	HIVE Case #7533 CTO 22-126 (IP=96,NL)
209.255.196.171	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=171,US)
209.33.154.42	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:01	HIVE Case #7199 CTO 22-074 (IP=42,US)
209.33.154.43	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:02	HIVE Case #7199 CTO 22-074 (IP=43,US)
209.33.154.44	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:02	HIVE Case #7199 CTO 22-074 (IP=44,US)
209.33.154.45	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:03	HIVE Case #7199 CTO 22-074 (IP=45,US)
209.33.154.46	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:03	HIVE Case #7199 CTO 22-074 (IP=46,US)
209.45.54.108	24	KD	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remotecode execution attempt- Web Attacks (IP=108,PE)
209.58.131.100	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=100,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=100,US)
209.58.163.83	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=83,SG)
209.59.178.48	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=48,US)
209.59.191.250	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
209.73.190.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Web Application Activity
209.87.149.194	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=194,US)
209.90.225.34	32	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 22:53:25	SIPVicious Security Scanner - FE CMS (IP=34,US)
209.94.191.183	32	KH	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 22:45:54	SIPVicious Security Scanner - FE IPS (IP=183,US)
209.94.56.78	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6631 CTO 21-329 (IP=78,US)
209.95.50.27	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
209.97.129.97	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:45	SQL injection - Web Attacks (IP=97,GB)
209.97.130.52	24	RT	None	2022-02-28 00:00:00	2022-05-30 00:00:00	2022-03-01 14:46:37	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - Sourcefire Report (IP=52,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - 6HR Web Attack (IP=52,GB) SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - 6HR Web Attack (IP=52,GB)
209.97.130.52	24	WR	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:46:37	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - Sourcefire Report (IP=52,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - 6HR Web Attack (IP=52,GB) SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - 6HR Web Attack (IP=52,GB)
209.97.130.52	24	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:50:09	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt (1:58747:1) - Sourcefire Report (IP=52,GB)
209.97.130.52	24	WR	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:50:14	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - 6HR Web Attack (IP=52,GB)
209.97.131.76	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:09	SQL injection - Web Attacks (IP=76,GB)
209.97.132.13	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:08	SQL injection - 6HR web Attacks (IP=13,GB)
209.97.133.181	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:07	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=181,GB)
209.97.134.39	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:45	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (1:57492:1) - Sourcefire Report (IP=39,GB)
209.97.135.159	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:41	SQL injection - 6HR WebAttack (IP=159,GB)
209.97.137.46	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:22	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire (IP=46,GB)
209.97.138.215	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:46	HTTP: SQL Injection - Exploit - Web Attacks (IP=215,GB)
209.97.140.169	24	DT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=169,GB)
209.97.141.103	24	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt - 6hr Web Attacks (IP=103,GB)
209.97.141.43	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:14	HIVE Case #7458 CTO 22-113 (IP=43,GB)
209.97.142.137	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:46	SQL injection - Web Attacks (IP=137,GB)
209.97.143.58	24	KD	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-16 14:40:56	SQL injection- Web Attacks (IP=58,GB)
209.97.144.226	32	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:38	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=226,US)
209.97.144.26	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:15	SQL injection - Web Attacks (IP=26,US)
209.97.146.144	32	ZH	None	2022-07-08 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:54	SQL injection - 6hr Web Attacks (IP=144,US) | updated by RR Block expiration extended with reason SQL url ending in comment characters - possible sql injection attempt - SourceFire (IP=144,US)
209.97.146.160	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:42	SQL use of concat function with select - likely SQL injection - SourceFire (IP=160,US)
209.97.146.76	32	RR	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 13:53:23	SQL injection - Web Attacks (IP=76,US)
209.97.147.12	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:30	SQL injection - WebAttacks (IP=12,US)
209.97.148.231	32	RB	None	2022-09-01 00:00:00	2022-12-30 00:00:00	2022-09-01 22:53:16	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=231, US)
209.97.148.242	32	ZH	None	2022-09-06 00:00:00	2022-12-05 00:00:00	2022-09-06 13:54:43	SQL union select - possible sql injection attempt - GET parameter - WebAttacks (IP=242,US)
209.97.149.86	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:35	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=86,US)
209.97.150.54	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:26	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - Sourcefire Rpt (IP=54,US)
209.97.150.84	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:07	SQL injection - 6hr web attacks (IP=84,US)
209.97.151.128	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:51	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - SourceFire (IP=128,US)
209.97.151.150	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:21	SQL injection - 6Hr Web Attacks (IP=150,US)
209.97.152.158	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:40	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire (IP=158,US)
209.97.153.137	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:58	SQL injection - WebAttacks (IP=137,US)
209.97.153.232	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - WebAttacks (IP=232, US)
209.97.153.245	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:53	SQL injection - 6Hr Web Attacks (IP=245,US)
209.97.156.146	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:28	SQL injection - Web Attacks (IP=146,US)
209.97.156.15	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:48	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire(IP=15,US)
209.97.156.188	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:13	SQL injection - Web Attacks (IP=188,US)
209.97.156.239	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:48	SQL injection - WebAttack (IP=239,US)
209.97.157.69	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:14	SQL injection - 6Hr Web Attacks (IP=69,US)
209.97.157.91	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:13	SQL injection - Web Attacks (IP=91,US)
209.97.158.121	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:31	HTTP SQL Injection Attempt - Web Attacks (IP=121,US)
209.97.158.200	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:40	SQL injection - Web Attacks (IP=200,US)
209.97.158.68	32	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:37	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attack (IP=68,US)
209.97.159.115	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 22:47:36	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=115,US)
209.97.160.143	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:46	SQL injection- 6hr Web Attacks (IP=143,SG)
209.97.163.154	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:48	SQL injection - Web Attacks (IP=154,SG)
209.97.164.67	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:50:49	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=67,SG)
209.97.165.242	24	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 13:54:21	SQL injection - WebAttacks (IP=242,SG)
209.97.165.69	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:43	SQL injection - 6hr Web Attacks (IP=69,SG)
209.97.166.143	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:14	HIVE Case #7564 TO-S-2022-0180 (IP=143,SG)
209.97.168.24	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:47	Django SQL Injection Vulnerability - Web Attacks (IP=24,SG)
209.97.170.114	24	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:10	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt - SourceFire (IP=114,SG)
209.97.171.104	24	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:16	HTTP: PHP File InclusionVulnerability- Web Attacks(IP=104,SG)
209.97.172.132	24	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:41	SQL injection - WebAttacks (IP=132,SG)
209.97.173.40	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:08	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (1:51924:4) - Sourcefire Rpt (IP=40,SG)
209.97.173.40	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:34	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (1:51924:4) - Sourcefire Rpt (IP=40,SG)
209.97.174.242	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:21	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt - SourceFire (IP=242,SG)
209.97.175.138	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:32	SERVER-WEBAPP Movable Type CMS command injection attempt - SourceFire (IP=138,SG)
209.97.176.204	24	KH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=204,GB)
209.97.178.19	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:16	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=19,GB)
209.97.179.165	24	NAB	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:55	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=165,GB)
209.97.180.77	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:48:33	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=77,GB)
209.97.181.71	24	AR	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:07	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=71,GB)
209.97.183.197	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:40	HTTP SQL Injection Attempt - WebAttacks (IP=197,GB)
209.97.184.74	24	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:43	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:50015:1) - Source Fire (IP=74,GB)
209.97.186.148	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:29	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=148,GB)
209.97.189.220	24	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:08	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - SourceFire (IP=220,GB)
209.97.190.157	24	RT	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-13 13:46:10	SQL injection - 6 HR WebAttack (IP=157,GB)
209.97.191.165	24	RR	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 13:52:27	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - SourceFire (IP=165,GB)
209.97.224.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
209.99.147.89	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:47	SIPVicious Security Scanner - FE IPS Events (IP=89,US)
209.99.16.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
209.99.16.240	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=240,US)
209.99.40.222	32	NAB	None	2020-10-30 00:00:00	2022-10-25 00:00:00	2022-04-27 18:49:27	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=222,US) | updated by srm Block was inactive. Reactivated on 20210205 with reason Firepower Suspicious Scan Activity (IP=222,US) | updated by ZH Block was inactive. Reactivated on 20211005 with reason TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=222,US) | updated by TLM Block was inactive. Reactivated on 20220426 with reason HIVE Case #7465 CTO 22-116 (IP=222,US)
209.99.64.70	32	AS	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 17:24:50	HIVE Case #8218 COLS-NA TIP 22-0304 (IP=70,US)
20courseweb.net	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:09	HIVE Case #6025 TO-S-2021-1472
21.166.212.136	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:45	HIVE Case #7779 CTO 22-162 (IP=136,US)
21.207.45.238	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=238,US)
21.220.29.231	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=231,US)
21.220.32.0	20	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,US)
210.0.159.204	24	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:00	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01638 (IP=204,HK)
210.1.224.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
210.1.226.163	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:33	HIVE Case #7813 CTO 22-173 (IP=163,MY)
210.1.227.66	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:40	HIVE Case #7894 CTO 22-187 (IP=66,MY)
210.1.60.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
210.101.61.1	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:29	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=1,KR)
210.116.76.114	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:32	HIVE Case #7226 CTO 22-075 (IP=114,KR)
210.12.31.26	24	AR	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=26,CN)
210.120.4.239	32	dbc	None	2020-10-08 00:00:00	2022-06-09 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=239,KR) | updated by TLM Block was inactive. Reactivated on 20211209 with reason HIVE Case #6626 CTO 21-343 (IP=239,KR)
210.121.116.172	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
210.141.105.67	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=67,JP)
210.155.128.8	24	KD	None	2021-12-13 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=8,JP) | updated by DT Block expiration extended with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=8,JP)
210.16.101.168	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=168,IN)
210.16.120.17	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=17,SG)
210.16.120.251	32	TLM	None	2021-08-12 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:16	HIVE Case #5991 TO-S-2021-1421 (IP=251,SG) | updated by TLM Block was inactive. Reactivated on 20220301 with reason HIVE Case #7115 CTO 22-060 (IP=251,SG)
210.16.120.35	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6410 CTO 21-293 (IP=35,SG)
210.16.121.119	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=119,SG)
210.16.121.27	32	TLM	None	2022-04-28 00:00:00	2022-10-27 00:00:00	2022-04-28 16:06:22	HIVE Case #7482 CTO 22-118 (IP=27,SG)
210.16.187.236	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:51	HIVE Case #7104 TO-S-2022-0138 (IP=236,CN)
210.170.34.27	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
210.179.243.124	24	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=124,KR)
210.181.4.25	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AU TO-S-2021-1117 DOS-DDOS Activity
210.182.179.248	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
210.182.29.70	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=70,KR)
210.19.189.118	32	SW	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 13:48:22	HTTP: PHPUnit Remote Code Execution Vulnerability - IR# 22C01051 (IP=118,MY)
210.192.94.2	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
210.193.187.205	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
210.2.86.103	32	TLM	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-05 14:32:03	HIVE Case #7312 COLS-NA-TIP 22-0110 (IP=103,VN)
210.210.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
210.210.160.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
210.215.129.121	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:18	HIVE Case #7458 CTO 22-113 (IP=121,AU)
210.215.129.122	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=122,AU)
210.220.16.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
210.220.16.245	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
210.220.16.246	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
210.227.106.82	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
210.242.93.83	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TW TO-S-2021-1117 DOS-DDOS Activity
210.246.16.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NZ TO-S-2021-1050 Hive Case 4821 Malware Activity
210.254.22.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
210.4.65.203	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:17	HIVE Case #7733 CTO 22-155 (IP=203,BD)
210.48.136.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
210.56.59.200	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=200,HK)
210.56.59.201	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=201,HK)
210.57.209.142	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:36	HIVE Case #7535 TO-S-2022-0176 (IP=142,ID)
210.57.217.132	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=132,ID)
210.61.201.91	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6133 CTO 21-243 (IP=91,TW)
210.73.221.78	24	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:30	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=78,CN)
210.86.170.218	24	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=218,TH)
210.86.232.0	21	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=0,VN)
210.89.63.200	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:02	SIPVicious Security Scanner - IPS Events (IP=200,IN)
210.92.18.145	32	TLM	None	2022-02-16 00:00:00	2022-08-17 00:00:00	None	HIVE Case #7008 CTO 22-047 (IP=145,KR)
210.92.18.161	32	TLM	None	2021-10-12 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:11	HIVE Case #6349 CTO 21-275 (IP=161,KR) | updated by TLM Block was inactive. Reactivated on 20220615 with reason HIVE Case #7774 CTO 22-166 (IP=161,KR) HIVE Case #7774 CTO 22-166 (IP=161,KR)
210.92.18.161	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:11	HIVE Case #6349 CTO 21-275 (IP=161,KR) | updated by TLM Block was inactive. Reactivated on 20220615 with reason HIVE Case #7774 CTO 22-166 (IP=161,KR) HIVE Case #7774 CTO 22-166 (IP=161,KR)
210.92.18.162	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:12	HIVE Case #8395 TO-S-2022-0233 (IP=162,KR)
210.92.18.165	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 12:32:10	HIVE Case #7143 CTO 22-063 (IP=165,KR)
210.92.18.166	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:12	HIVE Case #8395 TO-S-2022-0233 (IP=166,KR)
210.92.18.177	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:26:06	HIVE Case #7150 CTO 22-064 (IP=177,KR)
210.92.18.178	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:13	HIVE Case #8395 TO-S-2022-0233 (IP=178,KR)
210.92.18.185	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
210.92.18.185	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
210.92.18.188	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 12:32:11	HIVE Case #7143 CTO 22-063 (IP=188,KR)
210.92.18.190	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 12:32:10	HIVE Case #7143 CTO 22-063 (IP=190,KR)
210.92.214.201	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
210.92.250.133	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=133,KR)
211.104.160.79	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
211.104.160.79	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
211.104.160.82	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=82,KR)
211.104.160.83	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6411 CTO 21-294 (IP=83,KR)
211.104.160.84	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=84,KR)
211.104.160.85	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=85,KR)
211.104.160.89	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 18:09:56	HIVE Case #6443 CTO 21-300 (IP=89,KR) | updated by AS Block was inactive. Reactivated on 20220712 with reason HIVE Case #7921 CTO 22-193 (IP=89,KR) HIVE Case #7921 CTO 22-193 (IP=89,KR)
211.104.160.89	32	TLM	None	2021-10-29 00:00:00	2022-10-10 00:00:00	2022-07-12 18:09:56	HIVE Case #6443 CTO 21-300 (IP=89,KR) | updated by AS Block was inactive. Reactivated on 20220712 with reason HIVE Case #7921 CTO 22-193 (IP=89,KR) HIVE Case #7921 CTO 22-193 (IP=89,KR)
211.104.160.90	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:28	HIVE Case #6627 CTO 21-328 (IP=90,KR) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=90,KR) HIVE Case #8395 TO-S-2022-0233 (IP=90,KR)
211.104.160.90	32	AS	None	2021-12-09 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:28	HIVE Case #6627 CTO 21-328 (IP=90,KR) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=90,KR) HIVE Case #8395 TO-S-2022-0233 (IP=90,KR)
211.104.160.91	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:28	HIVE Case #6627 CTO 21-328 (IP=91,KR) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=91,KR) HIVE Case #8395 TO-S-2022-0233 (IP=91,KR)
211.104.160.91	32	AS	None	2021-12-09 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:28	HIVE Case #6627 CTO 21-328 (IP=91,KR) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=91,KR) HIVE Case #8395 TO-S-2022-0233 (IP=91,KR)
211.104.160.92	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:29	HIVE Case #6627 CTO 21-328 (IP=92,KR) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=92,KR) HIVE Case #8395 TO-S-2022-0233 (IP=92,KR)
211.104.160.92	32	AS	None	2021-12-09 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:29	HIVE Case #6627 CTO 21-328 (IP=92,KR) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=92,KR) HIVE Case #8395 TO-S-2022-0233 (IP=92,KR)
211.104.160.98	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=98,KR)
211.104.160.98	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=98,KR)
211.106.184.91	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
211.111.194.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
211.112.124.10	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
211.114.88.226	24	RS	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:50	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (Outbound) (CVE-2021-44228) (1:2034799:2) - SourceFire (IP=226,KR)
211.119.107.188	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
211.119.84.111	32	TLM	None	2022-02-16 00:00:00	2022-08-17 00:00:00	None	HIVE Case #7008 CTO 22-047 (IP=111,KR)
211.119.84.112	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:44	HIVE Case #7779 CTO 22-162 (IP=112,KR)
211.121.135.130	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
211.125.61.225	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
211.132.186.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
211.132.186.12	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
211.143.152.90	24	RR	None	2021-11-15 00:00:00	2022-02-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=90,CN)
211.149.131.251	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=251,CN)
211.149.226.82	24	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:55	CA ARCserve D2D Axis2 Default Credentials Remote Code Execution - FE IPS Events (IP=82,CN)
211.149.240.14	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:29	Hello Peppa Scan - IPS Events (IP=14,CN)
211.15.232.145	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
211.15.24.24	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
211.154.194.21	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=21,CN)
211.169.6.249	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=249,KR)
211.171.233.126	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=126,KR)
211.171.233.127	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=127,KR)
211.171.233.129	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:49	HIVE Case #7768 CTO 22-161 (IP=129,KR)
211.172.246.201	24	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:49	FTP: login Brute Force attempt- 6 hr Failed Logons (IP=201,KR)
211.172.246.201	24	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:55	FTP: login Brute Force attempt- 6 hr Failed Logons (IP=201,KR)
211.174.239.141	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=141,KR)
211.174.59.215	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=215,KR)
211.189.133.110	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
211.19.126.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
211.190.6.36	24	KD	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-16 13:46:54	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks(IP=36,KR)
211.204.244.88	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 22C00391(IP=88, KR)
211.218.150.99	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
211.218.150.99	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
211.222.204.19	24	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=19,KR)
211.224.35.213	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
211.227.118.166	24	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:56	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Source Fire (IP=166,KR)
211.229.47.232	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:15	HIVE Case #7399 CTO 22-104 (IP=232,KR)
211.233.35.67	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
211.233.62.178	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
211.235.32.12	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6037 CTO 21-226 (IP=12,KR)
211.246.137.144	24	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:49	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=144,KR)
211.253.129.254	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=254,KR)
211.35.58.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AU TO-S-2021-1117 DOS-DDOS Activity
211.40.39.251	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=251,KR)
211.43.209.117	24	RW	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=117,KR)
211.49.17.53	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:47	Apache Struts2 ParametersInterceptor Remote Command Execution - IPS Events (IP=53,KR)
211.53.230.67	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:03	HIVE Case #7745 CTO 22-160 (IP=67,KR)
211.56.98.146	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	KR TO-S-2021-1158 Malware Activity
211.59.14.90	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=90,KR)
211.62.228.140	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:55	HIVE Case #7104 TO-S-2022-0138 (IP=140,KR)
211.75.223.248	32	RR	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - CDO-Paper-Ticket-0001 (IP=248,TW)
211.8.112.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
212-83-173-147.revpponeytelecom.eu	---	TLM	None	2021-10-06 00:00:00	2022-10-06 00:00:00	2023-01-19 23:03:18	HIVE Case #6314 TO-S-2021-1589
212.102.40.16	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:01	Directory Traversal/SQLi Attempts - IR#22C01422 (IP=16,US)
212.102.40.74	32	JP	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 22:41:55	SQL injection - 6HR Web Attacks (IP=74, US)
212.102.46.68	32	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	SQL injection - 6hr web attacks(IP=68,US)
212.102.47.99	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:46	HIVE Case #7894 CTO 22-187 (IP=99,US)
212.102.49.192	24	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:10	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=192,ES)
212.102.57.0	24	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=0,DE)
212.103.208.182	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=182,IT)
212.103.61.74	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=74,US)
212.109.204.130	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:54	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=130,RU)
212.112.100.76	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KG TO-S-2021-1050 Hive Case 4821 Malware Activity
212.112.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KG TO-S-2021-1117 DOS-DDOS Activity
212.113.146.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
212.114.52.97	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6183 CTO 21-254 (IP=97,DE)
212.115.112.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UZ TO-S-2021-1117 DOS-DDOS Activity
212.115.54.54	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:59	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=54,HK)
212.115.55.53	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=53,HK)
212.119.40.168	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=168,RU)
212.119.41.137	24	NAB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=137,RU)
212.12.48.75	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:02	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) SourceFire (IP=75,GE)
212.129.21.0	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:10	HIVE Case #7104 TO-S-2022-0138 (IP=0,FR)
212.129.23.120	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:57	SIPVicious Security Scanner - IPS Events (IP=120,FR)
212.129.235.42	24	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=42,CN)
212.129.30.8	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:18	SIPVicious Security Scanner - IPS Events (IP=8,FR)
212.129.31.89	24	JY	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-28 22:44:40	SIPVicious Security Scanner - ips_events (IP=89,FR)
212.129.34.195	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
212.129.35.230	24	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:50:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=230,FR)
212.129.4.92	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:25	SIPVicious Security Scanner - IPS Events(IP=92,FR)
212.129.64.221	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IE TO-S-2021-1117 DOS-DDOS Activity
212.129.9.41	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:48	Possible Cross-site Scripting Attack - IPS Events (IP=41,FR)
212.139.141.117	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
212.139.218.117	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
212.14.51.88	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
212.142.140.81	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
212.146.246.147	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=147,FR)
212.154.25.10	24	RT	None	2022-03-16 00:00:00	2022-06-14 00:00:00	2022-03-17 13:48:19	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=10,TR)
212.154.86.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
212.154.98.10	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
212.155.238.242	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=242,FR)
212.155.85.94	32	RR	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00374 (IP=94,FR)
212.156.148.210	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=210,TR)
212.156.204.27	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
212.156.78.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TR TO-S-2021-1117 Malware Activity
212.159.139.45	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
212.175.114.228	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
212.182.107.134	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
212.182.118.193	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
212.182.124.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
212.182.63.70	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=70,PL)
212.182.90.18	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
212.186.134.75	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AT TO-S-2021-1050 Hive Case 4821 Malware Activity
212.186.81.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,AT)
212.188.11.50	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:54	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=50,RU)
212.188.22.66	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:55	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=66,RU)
212.19.118.200	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
212.19.24.64	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:56	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=64,RU)
212.192.216.46	24	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=46,RU)
212.192.241.148	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:22	HIVE Case #7653 CTO 22-144 (IP=148,CZ)
212.192.241.44	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:31	HIVE Case #7088 CTO 22-056 (IP=44,CZ)
212.192.246.115	32	TLM	None	2022-04-28 00:00:00	2022-10-27 00:00:00	2022-04-28 16:06:22	HIVE Case #7482 CTO 22-118 (IP=115,DE)
212.192.246.135	24	AR	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=135,DE)
212.192.246.136	24	AR	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=136,DE)
212.192.25.103	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=103,CZ)
212.192.31.241	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=241,CZ)
212.193.29.58	24	AR	None	2022-09-12 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:40	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=58,RU) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=58,NL)
212.193.30.158	24	RW	None	2021-10-19 00:00:00	2022-01-19 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (IP=158,NL)
212.193.30.21	24	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:55	HIVE Case #7531 New NetDooka Malware (IP=21,CZ)
212.193.30.45	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:36	NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL)
212.193.30.45	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:36	NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL)
212.193.30.45	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:36	NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL)
212.193.30.45	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:36	NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL)
212.193.30.45	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:36	NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=45,NL) NullMixer Malware - IR# 23C02034 (IP=45,NL)
212.193.57.225	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=225,RU)
212.194.116.230	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
212.194.121.62	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
212.194.218.14	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
212.194.97.87	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
212.2.241.183	24	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:04	SIPVicious Security Scanner - FE IPS (IP=183,GB)
212.202.147.10	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=10,DE)
212.202.147.11	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:04	HIVE Case #7199 CTO 22-074 (IP=11,DE)
212.202.147.12	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:04	HIVE Case #7199 CTO 22-074 (IP=12,DE)
212.202.147.13	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:05	HIVE Case #7199 CTO 22-074 (IP=13,DE)
212.202.147.14	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:06	HIVE Case #7199 CTO 22-074 (IP=14,DE)
212.21.46.129	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=129,DE)
212.21.52.110	32	jky	None	2017-09-28 05:00:00	2022-03-24 00:00:00	None	US TO-S-2017-1551 Intrusion Set CNE | updated by AS Block was inactive. Reactivated on 20210924 with reason HIVE Case #6244 CTO 21-267 (IP=110,DE)
212.21.52.234	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=234,DE)
212.21.52.239	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=239,DE)
212.21.53.171	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=171,DE)
212.21.55.182	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=182,GB)
212.21.66.6	32	DT	None	2021-03-14 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00681 (IP=6,DE) | updated by wmp Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 Mandiant Intel Report (IP=6,DE)
212.224.121.226	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	DE TO-S-2021-1143 Malicious Email Activity
212.227.198.95	32	srm	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:56	HIVE Case #7485 - IOC_IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=95,DE)
212.227.213.151	32	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:10	DT SQLi Attempts - IR# 22C01796 (IP=151,US)
212.227.215.238	24	RR	None	2021-09-22 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:57	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=238,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=238,DE) | updated by RT Block was inactive. Reactivated on 20211222 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:4) - Sourcefire Report (IP=238,DE) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=238,DE)
212.227.3.206	24	RR	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 13:47:07	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=206,DE)
212.230.159.167	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
212.233.149.4	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
212.234.179.113	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=113,FR)
212.237.23.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
212.241.20.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KG TO-S-2021-1050 Hive Case 4821 Malware Activity
212.243.156.50	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=50,CH)
212.244.241.46	24	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:55	FTP Login Failed - 6hr Failed Logons (IP=46,PL)
212.251.115.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
212.253.155.41	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
212.27.63.132	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:49:00	SSH_EVENT_RESPOVERFLOW - SourceFire (IP=132,FR)
212.27.63.168	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:19	HIVE Case #7705 CTO 22-153 (IP=168,FR)
212.29.140.232	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
212.3.169.96	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
212.3.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
212.30.64.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	country TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
212.31.113.18	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:06	HIVE Case #7199 CTO 22-074 (IP=18,CY)
212.31.251.20	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=20,IT)
212.34.233.6	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:52	HIVE Case #7356 CTO 22-096 (IP=6,AM)
212.35.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
212.36.30.166	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
212.37.87.252	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
212.41.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
212.42.168.91	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
212.47.136.214	24	JKC	None	2022-03-16 00:00:00	2022-06-16 00:00:00	2022-03-21 14:49:24	excessive Web malformed attacks ESM Hive Case 7212 (IP=214, AZ)
212.47.229.4	24	CR	None	2020-05-25 00:00:00	2022-05-16 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - 6 hr web attack (IP=4,FR) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=4,FR) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=4,FR)
212.47.229.4	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - 6 hr web attack (IP=4,FR) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=4,FR) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=4,FR)
212.47.249.89	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=89,FR)
212.47.252.74	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:03	Atlassian Confluence Widget Connector Macro Velocity Template Injection Attempt - FE IPS Events (IP=74,FR)
212.48.70.120	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=120,GB)
212.48.78.79	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
212.5.131.253	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
212.50.0.99	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
212.50.154.40	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FI TO-S-2021-1117 DOS-DDOS Activity
212.50.53.45	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
212.56.198.38	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MD TO-S-2021-1050 Hive Case 4821 Malware Activity
212.56.81.164	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
212.57.192.12	24	DT	None	2022-02-24 00:00:00	2022-05-25 00:00:00	2022-02-25 14:56:25	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=12,SA)
212.58.120.4	24	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:47:02	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=4,GE)
212.64.72.199	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:05	HIVE Case #7874 CTO 22-181 (IP=199,CN)
212.69.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RS TO-S-2021-1037 Hive Case 4785 Malware Activity
212.70.105.58	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:30:58	FireEye High Attacker (IP=58,QA)
212.71.238.34	24	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=34,GB)
212.71.248.47	24	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	SQL injection - 6HR Web Attack (IP=47,GB)
212.72.134.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GE TO-S-2021-1117 DOS-DDOS Activity
212.72.222.157	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
212.72.224.9	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=49,NL)
212.73.140.64	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
212.76.64.0	19	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
212.77.128.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
212.77.192.13	24	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=13,QA)
212.80.204.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IL TO-S-2021-1102 Malicious Email Activity
212.83.135.89	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:48	Abnormally Long Request - ArcSight (IP=89,FR)
212.83.148.16	24	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=16,FR)
212.83.150.86	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:24	Custom Violation - ArcSight (IP=86,FR)
212.83.157.56	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=56,FR)
212.83.158.185	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=185,FR)
212.83.173.147	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=147,FR)
212.83.46.186	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=186,DE)
212.83.8.79	32	wmp	None	2021-05-21 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:56	ArcSight ESM High Attacker Suspicious Scan Activity (IP=79,RU) | updated by JKC Block was inactive. Reactivated on 20220323 with reason HIVE Case #7264 FBI Russian Energy Sector Scans (IP=79,RU)
212.86.97.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
212.87.241.235	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	PL TO-S-2021-1102 Malware Activity
212.88.141.185	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
212.90.148.120	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
212.90.148.124	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:26	HIVE Case #8395 TO-S-2022-0233 (IP=124,DE)
212.92.232.185	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:22	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=185,UA)
212.95.170.230	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
212.96.189.52	24	NAB	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=52,CZ)
213.105.30.108	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
213.108.119.241	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
213.108.129.252	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:16	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=252,RU)
213.108.3.221	24	NAB	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=221,RU)
213.108.72.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
213.109.192.242	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:23	HIVE Case #8395 TO-S-2022-0233 (IP=242,IT)
213.110.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
213.110.249.145	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:57	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=145,RU)
213.110.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
213.111.122.45	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
213.111.69.141	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
213.128.166.124	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:35	SQL injection - Web Attacks (IP=124,NO)
213.130.11.103	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:31	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=103,UA)
213.130.202.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
213.134.178.248	24	AR	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 13:59:03	Exploit.Log4Shell.CVE-2021-44226 - FE CMS (IP=248,PL)
213.135.72.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
213.136.63.73	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=73,SE)
213.136.64.41	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:16	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01405 (IP=41,DE)
213.136.73.194	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
213.136.75.246	24	RB	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 23:25:03	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=246,DE)
213.136.75.74	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=74,DE)
213.136.76.119	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=119,DE)
213.136.87.57	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
213.139.53.128	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:30:56	FireEye High Attacker (IP=128,JO)
213.14.216.4	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=4,TR)
213.140.41.226	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
213.141.140.210	24	BB	None	2022-01-22 00:00:00	2022-04-22 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=210,RU)
213.142.157.68	24	BMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=68,TR)
213.143.255.178	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
213.143.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AT TO-S-2021-1117 DOS-DDOS Activity
213.144.138.180	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CH TO-S-2021-1117 DOS-DDOS Activity
213.147.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
213.149.154.213	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
213.149.156.87	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
213.149.241.193	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=193,ES)
213.152.161.20	24	KD	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt (IP=20 , NL) | updated by dbc with reason NL TO-S-2016-1 | updated by KD Block was inactive. Reactivated on 20211208 with reason HTTP Request Brute Force Attack- 6hr Failed Logons (IP=20,NL) HTTP Request Brute Force Attack- 6hr Failed Logons (IP=20,NL)
213.152.161.20	24	RT	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HTTP Request Brute Force Attack - 6HR Failed Logons (IP=20,NL)
213.152.161.20	24	jkc	None	2015-11-26 06:00:00	2022-03-08 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt (IP=20 , NL) | updated by dbc with reason NL TO-S-2016-1 | updated by KD Block was inactive. Reactivated on 20211208 with reason HTTP Request Brute Force Attack- 6hr Failed Logons (IP=20,NL) HTTP Request Brute Force Attack- 6hr Failed Logons (IP=20,NL)
213.152.162.5	24	SW	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - SourceFire (IP=5,NL)
213.152.165.103	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
213.152.165.103	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
213.152.165.104	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
213.152.165.104	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
213.152.165.52	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
213.152.165.52	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
213.152.186.119	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:10	HIVE Case #7126 CTO 22-061 (IP=119,NL)
213.154.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AZ TO-S-2021-1117 DOS-DDOS Activity
213.154.3.69	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AZ TO-S-2021-1050 Hive Case 4821 Malware Activity
213.155.156.184	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:55:39	HIVE Case #7152 CTO 22-064 F1 (IP=184,SE)
213.156.136.0	21	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,US)
213.156.137.41	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:40	HIVE Case #7769 CTO 22-165 (IP=41,KZ)
213.156.147.84	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:47	HIVE Case #7894 CTO 22-187 (IP=84,JP)
213.159.209.214	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:00	Suspicious Scan Activity (IP=214,RU)
213.159.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
213.160.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
213.160.168.29	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
213.160.178.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
213.160.71.126	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=126,DE)
213.160.72.66	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
213.163.104.41	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AL TO-S-2021-1117 DOS-DDOS Activity
213.163.116.205	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AL TO-S-2021-1117 DOS-DDOS Activity
213.163.116.249	32	srm	None	2021-04-17 00:00:00	2022-02-05 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,AL) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=249,AL)
213.163.126.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AL TO-S-2021-1117 DOS-DDOS Activity
213.163.126.217	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AL TO-S-2021-1117 DOS-DDOS Activity
213.163.224.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AT TO-S-2021-1117 DOS-DDOS Activity
213.164.204.146	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:45	HIVE Case #7342 CTO 22-092 FRAGO (IP=146,SE)
213.164.204.165	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:36	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=165,SE)
213.164.206.127	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:36	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=127,SE)
213.165.180.114	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MT TO-S-2021-1050 Hive Case 4821 Malware Activity
213.165.71.89	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
213.166.68.55	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
213.168.248.125	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:51	SIPVicious Security Scanner - FE IPS Events (IP=125,GB)
213.168.249.232	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:02	HIVE Case #7904 CTO 22-189 (IP=232,GB)
213.168.250.92	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:52	HIVE Case #7104 TO-S-2022-0138 (IP=92,GB)
213.170.133.173	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6513 CTO 21-309 (IP=173,NL)
213.171.211.210	24	RR	None	2022-03-30 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:45	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=210,GB) | updated by SW Block was inactive. Reactivated on 20220703 with reason SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=210,GB)
213.171.214.184	24	KD	None	2022-03-23 00:00:00	2022-06-24 00:00:00	2022-03-27 13:46:42	SERVER-OTHER Apache Log4j logging remote code execution attempt- Sourcefire(IP=184,GB) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=184,GB)
213.173.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AT TO-S-2021-1117 DOS-DDOS Activity
213.175.160.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
213.180.204.90	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:55:42	HIVE Case #7152 CTO 22-064 F1 (IP=90,RU)
213.181.208.7	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	HU TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
213.183.53.116	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:11	HIVE Case #7237 CTO 22-077 (IP=116,RU)
213.183.53.118	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=118,RU)
213.188.192.101	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
213.189.221.134	24	RR	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 13:52:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=134,RU)
213.190.48.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,LT)
213.194.110.17	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TR TO-S-2021-1117 DOS-DDOS Activity
213.198.241.13	24	GM	None	2019-05-26 00:00:00	2022-02-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=13,RS) | updated by RT Block was inactive. Reactivated on 20211114 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6HR Web Attacks (IP=13,RS)
213.200.191.12	24	KD	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- 6 hr Failed Logons (IP=12,SE)
213.202.213.218	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=218,DE)
213.202.225.111	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:43	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity | updated by AS Block was inactive. Reactivated on 20220728 with reason HIVE Case #7327 COLS-NA TIP 22-0114 (IP=111,DE) HIVE Case #7327 COLS-NA TIP 22-0114 (IP=111,DE)
213.202.225.111	32	dbc	None	2020-10-21 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:43	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity | updated by AS Block was inactive. Reactivated on 20220728 with reason HIVE Case #7327 COLS-NA TIP 22-0114 (IP=111,DE) HIVE Case #7327 COLS-NA TIP 22-0114 (IP=111,DE)
213.202.230.145	24	UA	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - sourcefire (IP=145,DE)
213.202.233.178	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:03	File /etc/passwd Access Attempt Detect - IPS Events (IP=178,US)
213.204.76.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LB TO-S-2021-1037 Hive Case 4785 Malware Activity
213.205.194.52	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=52,GB)
213.207.37.201	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
213.212.42.66	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SE TO-S-2021-1117 DOS-DDOS Activity
213.215.136.114	24	AR	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=114,IT)
213.215.19.58	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
213.215.230.102	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:09	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=102, IT)
213.215.86.86	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
213.216.64.102	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
213.216.81.82	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
213.219.38.251	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
213.222.162.241	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
213.226.101.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
213.226.117.103	24	KH	None	2022-07-06 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:42	SQL injection - Web Attacks (IP=103,TR) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=103,TR) | updated by RR Block expiration extended with reason SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=103,TR )
213.226.123.30	24	AR	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-27 13:56:50	HTTP: ThinkPHP CMS Getshell Vulnerability - 6Hr Web Attack (IP=30,RU)
213.226.41.42	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
213.226.71.125	32	AS	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 15:15:28	HIVE Case #7160 TO-S-2022-0144 (IP=125,DE)
213.227.128.0	19	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6586 TO-S-2022-0085 (IP=0,NL)
213.227.155.19	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=19,NL)
213.227.155.7	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=7,NL)
213.227.155.85	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6512 CTO 21-308 (IP=85,NL)
213.227.155.87	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=87,NL)
213.227.155.88	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=88,NL)
213.227.155.89	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=89,NL)
213.227.155.90	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=90,NL)
213.227.155.91	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=91,NL)
213.227.155.92	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=92,NL)
213.227.155.93	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=93,NL)
213.229.106.194	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
213.23.108.129	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
213.230.125.90	24	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:24	FTP Login Failed - Failed Logons (IP=90,UZ)
213.232.123.101	24	NAB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=101,RU)
213.236.59.67	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:02	FireEye High Attacker (IP=67,SA)
213.239.232.149	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=149,DE)
213.243.212.206	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
213.243.233.205	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
213.248.131.58	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TR TO-S-2021-1117 DOS-DDOS Activity
213.248.216.1	24	RR	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=1,GB)
213.249.52.158	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
213.249.61.50	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=50,GR)
213.252.244.0	22	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 19:05:11	HIVE Case #7876 TO-S-2022-0204 (IP=0,LT)
213.252.245.159	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=159,LT)
213.252.246.141	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=141,LT)
213.252.246.190	32	TLM	None	2022-05-04 00:00:00	2022-11-03 00:00:00	2022-05-04 18:17:16	HIVE Case #7515 CTO 22-124 (IP=190,LT)
213.252.247.188	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:40	HIVE Case #7662 CTO 22-145 (IP=188,LT)
213.26.122.229	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
213.26.174.10	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
213.29.2.198	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
213.3.6.125	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CH TO-S-2021-1117 DOS-DDOS Activity
213.31.40.216	24	RT	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SQL injection - 6HR WebAttacks (IP=216,GB)
213.32.15.60	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
213.32.252.221	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:14	HIVE Case #7627 CTO 22-140 (IP=221,IQ)
213.32.58.223	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=223,FR)
213.32.89.49	32	RW	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C00900 (IP=49,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason FR TO-S-2021-1037 Hive Case 4785 Malware Activity
213.33.142.90	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:53	HIVE Case #7356 CTO 22-096 (IP=90,RU)
213.33.190.176	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:43	HIVE Case #7662 CTO 22-145 (IP=176,RU)
213.33.190.179	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:46	HIVE Case #7768 CTO 22-161 (IP=179,RU)
213.33.190.49	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=49,RU)
213.33.61.94	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=94,AT)
213.41.121.161	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
213.41.121.97	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
213.46.34.161	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
213.5.128.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
213.52.129.63	24	AR	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=63,GB)
213.55.97.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ET)
213.56.82.168	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
213.59.121.10	32	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:10	SIPVicious Security Scanner - IPS Events (IP=10,US)
213.59.201.74	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1092 Hive Case 4875 Malware Activity
213.74.121.58	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
213.8.118.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IL TO-S-2021-1050 Hive Case 4821 Malware Activity
213.81.177.141	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
213.81.196.237	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
213.82.218.235	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:19	HIVE Case #8100 CTO 22-211 (IP=235,IT)
213.92.151.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
214.24.21.227	32	SA	None	2022-06-14 00:00:00	2022-06-14 00:00:00	2022-06-14 16:26:20	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) SourceFire (IP=227,US) | Unblock request - DNIC IP by KH
214.48.244.39	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=39,US)
214.48.248.39	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=39,US)
214.48.252.39	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=39,US)
216.107.0.3	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.107.0.4	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.108.231.107	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=107,US)
216.118.229.140	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=140,HK)
216.118.229.142	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=142,HK)
216.126.193.126	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=126,US)
216.126.74.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
216.127.134.30	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=30,US)
216.128.128.168	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:57	HIVE Case #7731 CTO 22-158 (IP=168,US)
216.128.134.140	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:00	HIVE Case #7745 CTO 22-160 (IP=140,US)
216.128.240.169	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:14	HIVE Case #8100 CTO 22-211 (IP=169,US)
216.131.107.5	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:15	HIVE Case #7733 CTO 22-155 (IP=5,US)
216.131.114.115	24	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=115,DE)
216.131.114.6	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:43	HIVE Case #7652 CTO 22-141 (IP=6,DE)
216.136.95.12	32	SA	None	2022-05-31 00:00:00	2022-06-22 00:00:00	2022-06-29 15:39:50	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=12,US) | UNBLOCKED - The IP block stops https://emembership.dar.org/ from resolving
216.144.236.201	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=201,US)
216.15.147.141	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.15.219.5	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.158.226.206	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:36	HIVE Case #7535 TO-S-2022-0176 (IP=206,US)
216.162.98.12	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.165.128.165	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.165.129.157	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.165.129.158	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.170.153.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.170.157.58	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.172.167.126	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=126,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=126,US) HIVE Case #5968 TO-S-2021-1276 (IP=126,US)
216.172.167.126	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=126,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=126,US) HIVE Case #5968 TO-S-2021-1276 (IP=126,US)
216.172.169.196	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=196,US)
216.172.172.172	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=172,US)
216.172.172.237	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=237,US)
216.172.172.40	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=40,US)
216.172.177.103	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=103,US)
216.172.182.7	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
216.172.184.195	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=195,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=195,US) HIVE Case #5968 TO-S-2021-1276 (IP=195,US)
216.172.184.195	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=195,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=195,US) HIVE Case #5968 TO-S-2021-1276 (IP=195,US)
216.176.190.198	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:24	HIVE Case #7816 TO-S-2022-0202 (IP=198,US)
216.18.240.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.18.240.68	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.183.208.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,MV)
216.189.149.78	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=78,US)
216.189.157.76	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=76,US)
216.189.159.36	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
216.189.159.36	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
216.194.170.143	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
216.194.28.33	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:49	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=33,US)
216.201.162.158	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:53	HIVE Case #7164 CTO 22-067.1 (IP=158,US)
216.206.108.171	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=171,US)
216.21.192.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.21.216.30	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
216.218.12.28	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
216.218.130.2	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:04	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=2,US)
216.229.0.25	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.230.232.13	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:49	HIVE Case #7361 CTO 22-098 (IP=13,US)
216.230.232.134	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=134,US)
216.230.241.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.238.224.133	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
216.238.69.137	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=137,MX)
216.238.69.137	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=137,MX)
216.238.71.31	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:53	HIVE Case #7199 CTO 22-074 (IP=31,MX)
216.238.72.121	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:54	HIVE Case #7199 CTO 22-074 (IP=121,MX)
216.238.80.248	24	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:48:00	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=248,MX)
216.239.32.21	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:23	IP Block Request - USAR-CIRT - IR # 22C01883 (IP=21,US)
216.239.34.21	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:23	IP Block Request - USAR-CIRT - IR # 22C01883 (IP=21,US)
216.239.36.21	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:22	IP Block Request - USAR-CIRT - IR # 22C01883 (IP=21,US)
216.239.38.21	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:22	Malicious host IP - Hive Case #7026 (IP=21,US) | updated by JP Block was inactive. Reactivated on 20220829 with reason IP Block Request - USAR-CIRT - IR # 22C01883 (IP=21,US) IP Block Request - USAR-CIRT - IR # 22C01883 (IP=21,US)
216.239.38.21	32	KH	None	2022-03-01 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:22	Malicious host IP - Hive Case #7026 (IP=21,US) | updated by JP Block was inactive. Reactivated on 20220829 with reason IP Block Request - USAR-CIRT - IR # 22C01883 (IP=21,US) IP Block Request - USAR-CIRT - IR # 22C01883 (IP=21,US)
216.24.219.28	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:28	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SourceFire (IP=28, US)
216.24.219.33	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:29	SQL injection - 6hr Web Attacks (IP=33,US)
216.24.219.42	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:30	SQL injection - 6hr Web Attacks (IP=42,US)
216.244.66.196	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:23	HIVE Case #7705 CTO 22-153 (IP=196,US)
216.245.220.158	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=158,US)
216.249.67.14	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=14,US)
216.250.114.135	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:26	HUNT IP Block Request - IR# 22C01887(IP=135,US
216.250.116.72	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-08-01 13:55:58	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire (IP=72, US) | updated by ZH Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=72, US) SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=72, US) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - Web Attacks (IP=72,US) SERVER-APACHE Apache HTTP server SSRF attempt - Web Attacks (IP=72,US)
216.250.116.72	32	ZH	None	2022-06-24 00:00:00	2022-10-29 00:00:00	2022-08-01 13:55:58	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire (IP=72, US) | updated by ZH Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=72, US) SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=72, US) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - Web Attacks (IP=72,US) SERVER-APACHE Apache HTTP server SSRF attempt - Web Attacks (IP=72,US)
216.250.116.72	32	SW	None	2022-03-30 00:00:00	2022-10-29 00:00:00	2022-08-01 13:55:58	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire (IP=72, US) | updated by ZH Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=72, US) SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=72, US) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - Web Attacks (IP=72,US) SERVER-APACHE Apache HTTP server SSRF attempt - Web Attacks (IP=72,US)
216.251.86.132	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=132,US)
216.29.200.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.46.5.75	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
216.52.136.227	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:13	SSLv2 Client Hello Request Detected - IPS Events (IP=227,US)
216.55.97.110	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=110,CA)
216.56.65.80	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=80,US)
216.58.204.142	32	AS	None	2022-02-25 00:00:00	2022-08-25 00:00:00	2022-02-25 19:16:17	HIVE Case #7025 COLS-NA TIP 0055 (IP=142,US)
216.58.213.144	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:41:28	HIVE Case #8032 COLS-NA TIP 21-0401 (IP=144,US)
216.58.215.46	32	TLM	None	2022-03-16 00:00:00	2022-09-16 00:00:00	2022-03-16 20:55:46	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=46,US) | updated by wmp Block expiration extended with reason HIVE Case #3725 COLS-NA-TIP-20-0277 (IP=46,US) | updated by TLM Block was inactive. Reactivated on 20220316 with reason HIVE Case #7216 COLS-NA-TIP 22-0085 (IP=46,US) HIVE Case #7216 COLS-NA-TIP 22-0085 (IP=46,US)
216.58.215.46	32	wmp	None	2020-07-07 00:00:00	2022-09-16 00:00:00	2022-03-16 20:55:46	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=46,US) | updated by wmp Block expiration extended with reason HIVE Case #3725 COLS-NA-TIP-20-0277 (IP=46,US) | updated by TLM Block was inactive. Reactivated on 20220316 with reason HIVE Case #7216 COLS-NA-TIP 22-0085 (IP=46,US) HIVE Case #7216 COLS-NA-TIP 22-0085 (IP=46,US)
216.73.159.105	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:33	HIVE Case #7227 CTO 22-076 (IP=105,CL)
216.73.159.109	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:48	HIVE Case #7898 CTO 22-188 (IP=109,CL)
216.83.56.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
216.87.233.220	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
216.92.8.29	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=29,US)
216.97.191.41	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malware Activity
217.104.81.174	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
217.112.138.142	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
217.112.138.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
217.112.164.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
217.112.181.230	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BE TO-S-2021-1117 DOS-DDOS Activity
217.112.35.0	24	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,GB)
217.112.44.96	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=96,GB)
217.112.83.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
217.114.218.22	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:14	HIVE Case #7705 CTO 22-153 (IP=22,DE)
217.114.218.25	24	BB	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Phish.URL.Emotet (IP=25,DE)
217.114.43.125	24	TC	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:05	7975 Incident Report ARMY 35696.128594 - C5ISR (IP=125,RU)
217.115.240.248	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=248,CZ)
217.117.150.48	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
217.12.112.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MD TO-S-2021-1117 DOS-DDOS Activity
217.12.203.219	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=219,BG)
217.12.219.12	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:45	HIVE Case #7227 CTO 22-076 (IP=12,UA)
217.12.84.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UZ TO-S-2021-1117 DOS-DDOS Activity
217.12.87.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UZ TO-S-2021-1117 DOS-DDOS Activity
217.120.69.233	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
217.123.46.248	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
217.125.150.134	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
217.128.149.30	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
217.13.208.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
217.13.220.66	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:57	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=66,RU)
217.13.241.114	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SE TO-S-2021-1117 DOS-DDOS Activity
217.136.230.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BE TO-S-2021-1050 Hive Case 4821 Malware Activity
217.138.193.184	24	RT	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - Sourcefire Report(IP=184,AE)
217.138.205.218	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:14	Infection Match (blocked)- FIREEYE Web(IP=218,AU)
217.138.217.2	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:06	Infection Match (blocked)- FIREEYE Web(IP=2,US)
217.138.234.188	24	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:47	SQL injection - WebAttacks (IP=188,GB)
217.141.39.238	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=238,IT)
217.141.47.255	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
217.144.168.12	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:14	HIVE Case #7495 CTO 22-120 (IP=12,RU)
217.145.226.174	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:09	HIVE Case #7126 CTO 22-061 (IP=174,BR)
217.146.88.124	24	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:46	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=124,GB)
217.146.88.63	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=63,GB)
217.147.85.78	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
217.148.142.101	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=101,US)
217.149.176.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
217.15.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
217.150.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
217.150.58.9	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:58	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=9,RU)
217.150.72.219	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:01	Suspicious Scan Activity (IP=219,RU)
217.151.98.38	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	GB TO-S-2021-1092 Hive Case 4875 Malware Activity
217.155.81.98	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	Self report - ColdFusion - IR# 22C00869
217.16.182.124	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	CZ TO-S-2021-1143 Malicious Email Activity
217.16.182.223	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=223,CZ)
217.16.64.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MK TO-S-2021-1050 Hive Case 4821 Malware Activity
217.160.0.16	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=16,DE)
217.160.0.16	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=16,DE)
217.160.0.210	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	DE TO-S-2021-1156 Malicious Email Activity
217.160.0.229	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
217.160.0.229	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
217.160.0.74	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:29	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01669 (IP=74,DE)
217.160.0.74	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:36	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01669 (IP=74,DE)
217.160.108.15	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
217.160.108.181	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
217.160.111.67	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
217.160.192.178	24	BB	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=178,DE)
217.160.207.203	24	RR	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 13:47:08	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=203,ES)
217.160.207.204	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:04	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=204,ES)
217.160.218.33	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=33,DE)
217.160.223.130	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=130,DE)
217.160.48.108	32	RS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:34	SQL Attempts - IR# 22C01629 (IP=108,DE)
217.160.54.155	24	RT	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-26 13:47:38	HTTP SQL Injection Attempt - Web Attacks (IP=155,DE)
217.160.92.103	32	KH	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:33	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01078 (IP=103,DE)
217.170.101.200	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
217.171.55.220	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
217.174.176.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
217.18.237.74	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
217.182.147.208	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
217.182.158.216	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
217.182.54.216	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:35	HIVE Case #7198 CTO 22-071 (IP=216,FR)
217.182.54.219	24	DT	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-10 22:54:24	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Source Fire (IP=219,FR)
217.182.54.226	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=226,FR)
217.19.211.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MD TO-S-2021-1117 DOS-DDOS Activity
217.19.32.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	AT TO-S-2021-1102 Malicious Email Activity
217.194.132.70	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
217.194.149.111	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=111,AT)
217.194.150.22	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=22,CA)
217.195.101.5	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=5,RU)
217.195.196.0	24	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=0,TR)
217.195.196.2	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=2,TR)
217.196.212.58	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:40	HIVE Case #8395 TO-S-2022-0233 (IP=58,CZ)
217.196.24.198	24	AR	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-05-01 13:52:41	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=198,KZ)
217.197.85.200	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=200,DE)
217.21.72.59	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 19:45:39	HIVE Case #7902 COLS-NA TIP 22-0238 (IP=59,ES)
217.23.1.20	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=20,NL)
217.23.1.201	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=201,NL)
217.23.1.202	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=202,NL)
217.23.1.27	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=27,NL)
217.23.1.3	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=3,NL)
217.23.1.41	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=41,NL)
217.23.1.43	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=43,NL)
217.23.1.44	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=44,NL)
217.23.1.47	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=47,NL)
217.23.1.69	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=69,NL)
217.23.1.7	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=7,NL)
217.23.1.85	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=85,NL)
217.23.1.92	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=92,NL)
217.23.10.44	32	srm	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 14:46:40	HIVE Case #NA FP Security (IP=44,NL)
217.23.14.11	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=11,NL)
217.23.14.18	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=18,NL)
217.23.14.19	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=19,NL)
217.23.14.21	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=21,NL)
217.23.14.22	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=22,NL)
217.23.14.23	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=23,NL)
217.23.14.24	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=24,NL)
217.23.14.28	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=28,NL)
217.23.14.29	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=29,NL)
217.23.14.31	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=31,NL)
217.23.14.32	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=32,NL)
217.23.14.33	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=33,NL)
217.23.14.34	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=34,NL)
217.23.157.66	24	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:55:55	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=66,RU)
217.23.187.150	24	RR	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=150,RU)
217.233.60.121	24	RT	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-10 14:46:59	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attack (IP=121,DE)
217.25.16.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AZ TO-S-2021-1117 DOS-DDOS Activity
217.25.88.0	21	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=0,RU)
217.25.89.191	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=191,RU)
217.25.90.0	24	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
217.27.208.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
217.28.144.58	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
217.29.16.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KG TO-S-2021-1037 Hive Case 4785 Malware Activity
217.29.76.4	24	RR	None	2022-05-27 00:00:00	2022-06-30 00:00:00	2022-06-30 16:10:19	SERVER-OTHER Sentinel license manager buffer overflow attempt - SourceFire (IP=4,IT) | UNBLOCKED - IP is used for DNS resolution for Cybrary.IT
217.31.185.250	24	SW	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=250, SE)
217.41.53.92	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
217.57.28.83	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
217.57.78.18	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:07	HIVE Case #7199 CTO 22-074 (IP=18,IT)
217.57.80.18	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=18,IT)
217.59.158.70	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
217.61.136.139	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
217.61.136.177	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
217.61.74.8	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
217.64.195.171	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IT TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
217.64.27.71	24	JKC	None	2022-03-16 00:00:00	2022-06-16 00:00:00	2022-03-21 14:49:25	excessive Web malformed attacks ESM Hive Case 7212 (IP=71, AZ)
217.67.31.5	24	DT	None	2021-12-15 00:00:00	2022-03-17 00:00:00	None	Phishing.PDF.PhishingX.FEC3 - Hive Case #6613 (IP=5,SK) | updated by DT Block expiration extended with reason Phishing.PDF.PhishingX.FEC3 - Hive Case #6613 (IP=5,SK) Phishing.PDF.PhishingX.FEC3 - Hive Case #6613 (IP=5,SK)
217.67.31.5	24	DT	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	Phishing.PDF.PhishingX.FEC3 - Hive Case #6613 (IP=5,SK) | updated by DT Block expiration extended with reason Phishing.PDF.PhishingX.FEC3 - Hive Case #6613 (IP=5,SK) Phishing.PDF.PhishingX.FEC3 - Hive Case #6613 (IP=5,SK)
217.69.10.104	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=104,FR)
217.69.11.38	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6443 CTO 21-300 (IP=38,FR)
217.69.2.217	32	TLM	None	2021-10-29 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6447 CTO 21-287 (IP=217,FR)
217.69.3.107	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:44	HIVE Case #7380 CTO 22-099 (IP=107,FR)
217.69.4.51	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=51,FR)
217.69.4.51	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=51,FR)
217.70.180.133	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:14	HIVE Case #8395 TO-S-2022-0233 (IP=133,FR)
217.73.137.78	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
217.73.143.72	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
217.73.144.45	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:01	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=45,DE)
217.76.155.6	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=6,ES)
217.79.179.7	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:54	SQL injection - 6Hr Web Attacks (IP=7,DE)
217.79.189.201	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:04	SIPVicious Security Scanner - IPS Events (IP=201,DE) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=201,DE) SIPVicious Security Scanner - FE IPS (IP=201,DE)
217.79.189.201	24	RS	None	2022-06-13 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:04	SIPVicious Security Scanner - IPS Events (IP=201,DE) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=201,DE) SIPVicious Security Scanner - FE IPS (IP=201,DE)
217.79.189.40	24	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:59	SIPVicious Security Scanner - IPS Events (IP=40,DE)
217.79.240.66	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
217.79.242.210	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=210,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=210,US)
217.79.245.244	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=244,US)
217.8.36.239	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=239,TJ)
218.100.84.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MN TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
218.101.110.3	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:54	HIVE Case #7199 CTO 22-074 (IP=3,NZ)
218.106.118.147	24	SW	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=147,CN)
218.15.213.82	24	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logon (IP=82,CN)
218.153.252.222	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
218.173.21.222	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	TW TO-S-2021-1156 Malware Activity
218.204.70.179	24	JP	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:04	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=179,CN)
218.206.137.60	32	RR	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00118 (IP=60,CN)
218.214.217.52	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
218.219.168.114	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
218.22.21.22	24	NAB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=22,CN)
218.224.233.114	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
218.224.35.245	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=245,JP)
218.234.208.101	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:10	HIVE Case #7133 CTO 22-062 (IP=101,KR)
218.240.155.190	24	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:58	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=190,CN)
218.247.87.112	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:39:39	HIVE Case #7780 TO-S-2022-0198 (IP=112,CN)
218.253.251.100	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=100,HK)
218.253.251.102	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=102,HK)
218.35.64.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TW TO-S-2021-1117 Malware Activity
218.44.49.245	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malware Activity
218.45.31.98	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
218.56.61.132	24	AR	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=132,CN)
218.56.69.42	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:24	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=42,CN)
218.60.2.173	32	BB	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 22C00116 (IP=173,US)
218.65.18.182	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=182,CN)
218.7.37.18	32	KH	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00184 (IP=18,CN)
218.9.54.244	24	DT	None	2020-06-24 00:00:00	2022-02-25 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=244,CN) | updated by SW Block was inactive. Reactivated on 20211127 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - WebAttacks (IP=244, CN)
218.91.204.132	24	KD	None	2021-10-22 00:00:00	2022-01-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=132,CN)
218.92.196.126	24	RR	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 14:22:01	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=126,CN)
219.113.189.154	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
219.114.12.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malware Activity
219.117.203.150	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
219.117.203.151	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
219.117.234.211	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
219.117.247.233	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
219.122.187.242	24	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:42:59	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=242,JP)
219.131.62.67	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=67,CN)
219.152.51.122	24	RR	None	2022-02-12 00:00:00	2022-05-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=122,CN)
219.157.181.204	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:27	SIPVicious Security Scanner - IPS Events (IP=204,CN)
219.157.221.1	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:41	SIPVicious Security Scanner - IPS Events (IP=1,CN)
219.234.28.0	22	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,CN)
219.240.128.211	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=211,KR)
219.68.233.186	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TW TO-S-2021-1037 Hive Case 4785 Malware Activity
219.78.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
219.85.0.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TW TO-S-2021-1092 Hive Case 4875 Malware Activity
219.85.83.151	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
219.89.119.60	24	RR	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=60,NZ)
219.91.55.209	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:38	File /etc/passwd Access Attempt Detect - IPS Events (IP=209,TW)
219.92.9.201	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
219.94.129.45	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:34	BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (1:17378:16) - Sourcefire Rpt (IP=45,JP)
219.94.246.47	24	SW	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - WebAttacks (IP=47, JP)
219.98.127.79	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
219.99.208.28	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
2191604061.drclients.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:36	HIVE Case #5991 TO-S-2021-1421
220.101.100.126	24	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=126,AU)
220.101.109.133	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-07 00:43:55	HTTP: Detect PHP-CGI Remote code Execution vulnerability- Web Attacks(IP=133,AU)
220.119.52.87	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
220.124.188.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
220.128.96.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TW TO-S-2021-1117 DOS-DDOS Activity
220.133.134.63	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Rpt IP Blocks - TT# 21C01597 (IP= 63, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=63,TW)
220.133.81.237	24	KD	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:37	Adobe ColdFusion AdministratorAccess Restriction - Web Attacks (IP=237,TW)
220.134.105.151	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01598 (IP= 151, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=151,TW) HIVE Case #6129 CTO 21-237 (IP=151,TW)
220.134.105.151	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01598 (IP= 151, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=151,TW) HIVE Case #6129 CTO 21-237 (IP=151,TW)
220.134.52.155	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01599 (IP= 155, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=155,TW)
220.135.248.52	24	WR	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 14:30:10	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=52,TW)
220.135.3.56	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:45	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01463 (IP=56,TW)
220.135.76.194	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01600 (IP= 255, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=194,TW)
220.136.85.101	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:11	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR WebAttacks (IP=101,TW)
220.140.4.219	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=219,TW) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=219,TW)
220.142.121.138	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:43	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Report (IP=138,TW)
220.148.159.88	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
220.152.115.114	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
220.158.216.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
220.167.166.29	32	BB	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 22C00454 (IP=29,IL)
220.181.38.251	24	WR	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:32	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=251,CN)
220.187.25.172	24	DT	None	2021-12-21 00:00:00	2022-03-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - Source Fire (IP=172,CN) | updated by TH Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - SourceFire (IP=172,CN)
220.194.184.27	24	AR	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=27,CN)
220.194.70.77	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:42	CVE_2021_44228:LOG4J_RCE - Elastic (IP=77,CN)
220.194.70.77	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:48	CVE_2021_44228:LOG4J_RCE - Elastic (IP=77,CN)
220.195.2.176	24	WR	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00241 (IP=176,CN)
220.197.9.114	24	KD	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	Attempted Access - Inbound Brute Force- TT# 22C00521(IP=114,CN)
220.198.205.62	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:17	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=62,CN)
220.198.241.79	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:14	SSLv2 Client Hello Request Detected - IPS Events (IP=79,CN)
220.228.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TW TO-S-2021-1117 DOS-DDOS Activity
220.229.225.195	24	ZH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (1:39406:3) Sourcefire Rpt (IP=195,TW)
220.235.66.119	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
220.235.71.65	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
220.241.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HK TO-S-2021-1117 unknown activity
220.255.25.187	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:55	HIVE Case #7199 CTO 22-074 (IP=187,SG)
220.76.107.59	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-11 22:52:17	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638)(IP=59,KR)
220.78.167.212	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
220.94.32.178	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
221.11.199.197	24	RR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 13:46:43	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=197,CN)
221.122.96.160	24	SW	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 22:02:33	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=160,CN)
221.127.81.97	24	RR	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:58	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=97,HK)
221.14.123.6	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:06	Generic URI Injection wget Attempt - FE IPS Events (IP=6,CN)
221.14.162.36	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:06	SIPVicious Security Scanner - IPS Events (IP=36,CN)
221.14.171.214	24	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:44	SIPVicious Security Scanner - IPS Events (IP=214,CN)
221.150.233.169	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - Web Attacks (IP=169,KR)
221.150.247.187	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=187,KR)
221.151.93.109	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:08	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=109,KR)
221.153.164.9	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:02	Attempted Access - Inbound Brute Force - IR#22C01424 (IP=9,KR)
221.178.126.0	23	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:56	HIVE Case #7728 TO-S-2022-0192 (IP=0,CN)
221.178.246.48	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:14	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=48,CN)
221.198.98.124	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:52	WordPress Contact Form 7 CVE-2020-35489 File Upload Vulnerability - IPS Events (IP=124,CN)
221.207.50.50	24	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:19	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=50,CN)
221.212.111.67	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:43	SERVER-APACHE Apache Struts remote code execution attempt (1:49377:1) - SourceFire (IP=67,CN)
221.222.170.90	32	WR	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00416 (IP=90,CN)
221.224.7.130	24	AR	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00246 (IP=130,CN)
221.224.87.158	24	RT	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (1:49377:1) - Sourcefire (IP=158,CN)
221.224.87.158	24	RR	None	2021-11-02 00:00:00	2022-02-02 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=158,CN)
221.226.159.22	24	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 22, CN)
221.4.32.132	32	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:02	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01701 (IP=132,CN)
2210765920.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
2215.site	---	TLM	None	2021-06-14 00:00:00	2022-06-14 00:00:00	2023-01-19 22:57:21	HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
222.110.127.240	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=240,KR)
222.113.245.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
222.124.100.0	22	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malware Activity
222.124.144.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 unknown activity
222.124.145.85	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
222.124.156.0	22	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	ID TO-S-2021-1102 Malware Activity
222.124.216.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
222.124.220.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
222.127.10.158	24	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:38	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=158,PH)
222.127.119.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.119.53	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.160.182	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.162.168	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.162.201	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.163.83	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.196.119	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.227.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.229.4	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.231.196	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.248.32	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.252.35	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.48.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.48.45	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.50.123	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.50.136	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.53.186	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.53.204	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.54.222	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.54.56	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.58.140	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.58.230	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.61.127	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.61.78	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.70.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.72.160	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.76.205	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.127.77.132	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 DOS-DDOS Activity
222.132.237.114	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:11	Generic URI Injection wget Attempt - CMS IPS Events (IP=114,CN)
222.136.28.51	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:57	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP=51,CN)
222.136.37.120	24	RS	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:48	SIPVicious Security Scanner - IPS Events (IP=120,CN)
222.154.236.182	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:00	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=182,NZ)
222.171.45.170	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:45	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01743 (IP=170,CN)
222.175.244.210	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=210,CN)
222.179.45.252	24	BB	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=252,CN)
222.186.138.137	24	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1)- Sourcefire Rpt (IP=137,CN)
222.186.19.207	24	RR	None	2022-02-12 00:00:00	2022-05-13 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=207,CN)
222.186.42.99	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:22	Attempted Access - Inbound Brute Force - IR# 22C01505 (IP=99,CN)
222.186.46.200	24	DT	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	FOX-SRT-IOC-XServer/Agent-PossibleXServerStartSOCKS5Proxymode (ProxyTransmit) (1:21002457:1) (IP=200,CN)
222.190.137.150	32	AR	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 13:50:40	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C01100 (IP=150,CN)
222.211.148.15	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	CN TO-S-2021-1143 Malicious Connections Activity
222.212.225.225	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:46	Generic URI Injection wget Attempt - FE CMS IPS Events (IP=225,CN)
222.223.212.78	32	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00890 (IP=78,CN)
222.225.176.0	21	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5985 TO-S-2021-1459 (IP=0,JP)
222.228.142.20	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=20,JP)
222.232.238.243	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=243,KR)
222.236.49.123	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=123,KR)
222.236.49.124	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=124,KR)
222.237.78.213	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
222.240.148.92	24	AR	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:30	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=209,CN)
222.240.78.112	24	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:46	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - IPS Events (IP=112,CN)
222.244.233.79	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:19	SIPVicious Security Scanner - IPS Events (IP=79,CN)
222.247.181.37	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=37,CN)
222.247.93.178	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:51	Possible SQL Injection Attempt - IPS Events (IP=178,CN)
222.252.0.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,VN)
222.253.221.27	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=27,VN)
222.254.0.0	20	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,VN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,VN) HIVE Case #5968 TO-S-2021-1276 (IP=0,VN)
222.254.0.0	20	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,VN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,VN) HIVE Case #5968 TO-S-2021-1276 (IP=0,VN)
222.255.200.3	24	AR	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:51:30	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=3,VN)
222.255.214.86	24	RR	None	2022-02-13 00:00:00	2022-05-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=86,VN)
222.67.18.158	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=158,CN)
222.88.253.2	32	srm	None	2021-02-05 00:00:00	2022-05-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=2,CN) | updated by RB Block was inactive. Reactivated on 20210914 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01846 (IP=2,CN) | updated by KH Block was inactive. Reactivated on 20220218 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00946 (IP=2 ,CN)
222.94.163.160	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:27	HIVE Case #7816 TO-S-2022-0202 (IP=160,CN)
223.111.180.119	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=119,CN)
223.111.180.119	24	RR	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44230 - SourceFire (IP=119,CN)
223.130.28.0	22	dbc	None	2020-02-20 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
223.132.189.41	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
223.133.66.16	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
223.149.105.46	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:49	Apache Struts CVE-2012-0393 Arbitrary File Overwrite Vulnerability - IPS Events (IP=46,CN)
223.149.22.161	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:59	File /etc/passwd Access Attempt Detect - IPS Events (IP=161,CN)
223.149.247.58	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=58,CN)
223.149.251.175	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:45	SIPVicious Security Scanner - FE IPS Events (IP=175,CN)
223.149.3.65	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:44	SIPVicious Security Scanner - IPS Events (IP=65,CN)
223.149.48.82	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:37	SIPVicious Security Scanner - IPS Events (IP=82,CN)
223.152.101.139	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:04	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=139,CN)
223.152.136.110	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:04	Directory Traversal Attempt - IPS Events (IP=110,CN)
223.155.87.135	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=135,CN)
223.171.91.147	24	ZH	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 22:57:05	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=147,KR)
223.180.192.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
223.195.87.105	32	TLM	None	2022-01-10 00:00:00	2022-07-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=105,KR)
223.204.49.241	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
223.206.10.161	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:13	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01587 (IP=161,TH)
223.223.103.116	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
223.227.23.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
223.238.52.0	22	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN) HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
223.238.52.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN) HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
223.240.80.36	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=36,CN)
223.25.96.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
223.29.248.9	32	tjh	None	2014-10-09 05:00:00	2022-12-21 00:00:00	2022-06-23 16:01:25	HK M-G- | updated by TLM Block was inactive. Reactivated on 20220622 with reason HIVE Case #7816 TO-S-2022-0202 (IP=9,HK)
223.30.222.76	24	DT	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=76,IN)
223.31.104.0	22	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
223.70.163.96	24	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:42:57	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=96,CN)
223.70.196.62	32	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 22:32:21	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01381 (IP=62,CN)
223.70.220.218	24	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:11	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=218,CN)
223.71.66.97	24	RB	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=97,CN)
223.83.245.194	32	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:46	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01571 (IP=194,CN)
223.87.178.249	24	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:20	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=249,CN)
2255991488.partyfest.cl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:20	HIVE Case #5940 TO-S-2021-1447
23.105.211.37	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=37,US)
23.106.120.0	21	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=0,SG)
23.106.122.16	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:39	HIVE Case #7662 CTO 22-145 (IP=16,SG)
23.106.122.43	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=43,SG)
23.106.122.53	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=53,SG)
23.106.122.84	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=84,SG)
23.106.124.249	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:26	HIVE Case #7769 CTO 22-165 (IP=249,SG)
23.106.124.26	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:25	HIVE Case #7769 CTO 22-165 (IP=26,SG)
23.106.124.87	32	TLM	None	2021-10-21 00:00:00	2022-04-19 00:00:00	None	HIVE Case #6384 CTO 21-282 (IP=87,SG)
23.106.125.137	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=137,SG)
23.106.125.196	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=196,SG)
23.106.160.111	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6599 CTO 21-335 (IP=111,US)
23.106.160.120	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:22	HIVE Case #7669 TO-S-2022-0187 (IP=120,US)
23.106.160.13	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=13,US)
23.106.160.133	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=133,US)
23.106.160.136	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=136,US)
23.106.160.141	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=141,US)
23.106.160.142	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6631 CTO 21-329 (IP=142,US)
23.106.160.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
23.106.160.144	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=144,US)
23.106.160.145	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=145,US)
23.106.160.151	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=151,US)
23.106.160.152	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=152,US)
23.106.160.161	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=161,US)
23.106.160.163	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=163,US)
23.106.160.164	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=164,US)
23.106.160.165	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=165,US)
23.106.160.169	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=169,US)
23.106.160.176	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=176,US)
23.106.160.187	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:30	HIVE Case #7115 CTO 22-060 (IP=187,US)
23.106.160.188	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:54	HIVE Case #7768 CTO 22-161 (IP=188,US)
23.106.160.189	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=189,US)
23.106.160.195	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=195,US)
23.106.160.198	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=198,US)
23.106.160.2	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=2,US)
23.106.160.218	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=218,US)
23.106.160.22	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=22,US)
23.106.160.222	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:17	HIVE Case #7115 CTO 22-060 (IP=222,US)
23.106.160.231	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=231,US)
23.106.160.234	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=234,US)
23.106.160.237	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=237,US)
23.106.160.25	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=25,US)
23.106.160.26	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=26,US)
23.106.160.37	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=37,US)
23.106.160.39	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:22	HIVE Case #7669 TO-S-2022-0187 (IP=39,US)
23.106.160.4	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=4,US)
23.106.160.40	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=40,US)
23.106.160.51	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=51,US)
23.106.160.61	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=61,US)
23.106.160.62	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=62,US)
23.106.160.78	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=78,US)
23.106.160.80	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=80,US)
23.106.160.82	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=82,US)
23.106.160.86	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=86,US)
23.106.160.87	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=87,US)
23.106.160.94	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=94,US)
23.106.160.95	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=95,US)
23.106.215.105	32	TLM	None	2022-06-08 00:00:00	2022-12-07 00:00:00	2022-06-09 13:12:45	HIVE Case #7739 CTO 22-159 (IP=105,US)
23.106.215.106	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=106,US)
23.106.215.137	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=137,US)
23.106.215.14	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:53	HIVE Case #7282 CTO 22-085 (IP=14,US)
23.106.215.141	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=141,US)
23.106.215.142	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=142,US)
23.106.215.151	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=151,US)
23.106.215.163	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=163,US)
23.106.215.165	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=165,US)
23.106.215.177	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:09	HIVE Case #7126 CTO 22-061 (IP=177,US)
23.106.215.182	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=182,US)
23.106.215.209	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=209,US)
23.106.215.40	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=40,US)
23.106.215.44	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=44,US)
23.106.215.45	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=45,US)
23.106.215.46	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=46,US)
23.106.215.61	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=61,US)
23.106.215.62	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=62,US)
23.106.215.66	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=66,US)
23.106.215.80	32	TLM	None	2021-11-10 00:00:00	2022-05-11 00:00:00	None	HIVE Case #6511 CTO 21-307 (IP=80,US)
23.106.215.85	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6441 CTO 21-301 (IP=85,US)
23.106.223.105	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=105,US)
23.106.223.107	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=107,US)
23.106.223.11	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=11,US)
23.106.223.110	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=110,US)
23.106.223.116	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=116,US)
23.106.223.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
23.106.223.131	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=131,US)
23.106.223.150	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=150,US)
23.106.223.174	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=174,US)
23.106.223.177	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=177,US)
23.106.223.182	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=182,US)
23.106.223.184	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=184,US)
23.106.223.185	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=185,US)
23.106.223.204	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=204,US)
23.106.223.49	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=49,US)
23.106.223.79	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=79,US)
23.106.223.82	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=82,US)
23.106.223.83	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=83,US)
23.106.223.97	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:08	HIVE Case #7441 CTO 22-111 (IP=97,US)
23.106.47.68	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=68,US)
23.108.57.13	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:23	HIVE Case #7669 TO-S-2022-0187 (IP=13,US)
23.108.57.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
23.108.57.145	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=145,US)
23.108.57.15	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=15,US)
23.108.57.165	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=165,US)
23.108.57.186	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=186,US)
23.108.57.193	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=193,US)
23.108.57.23	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=23,US)
23.108.57.230	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=230,US)
23.108.57.3	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=3,US)
23.108.57.39	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=39,US)
23.108.57.50	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=50,US)
23.108.57.87	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=87,US)
23.11.213.63	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:43:03	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (- Sourcefire Report (IP=63,US)
23.111.133.90	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
23.111.157.186	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=186,US)
23.111.163.242	32	EE	None	2021-11-29 00:00:00	2022-03-09 00:00:00	None	HIVE Case #6580 IOC_Squirrelwaffle Exploits (IP=242,US)
23.122.210.174	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:05	SIPVicious Security Scanner FE CMS IPS alert (IP=174,US)
23.128.248.11	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:46	HIVE Case #7342 CTO 22-092 FRAGO (IP=11,US)
23.128.248.12	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:47	HIVE Case #7342 CTO 22-092 FRAGO (IP=12,US)
23.128.248.14	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:47	HIVE Case #7342 CTO 22-092 FRAGO (IP=14,US)
23.128.248.16	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:14	HIVE Case #7733 CTO 22-155 (IP=16,US)
23.128.248.19	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:48	HIVE Case #7342 CTO 22-092 FRAGO (IP=19,US)
23.128.248.200	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:52	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=200,)
23.128.248.21	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:48	HIVE Case #7342 CTO 22-092 FRAGO (IP=21,US)
23.128.248.23	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:49	HIVE Case #7342 CTO 22-092 FRAGO (IP=23,US)
23.128.248.25	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:05	HIVE Case #7668 CTO 22-146 (IP=25,US)
23.128.248.26	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:49	HIVE Case #7342 CTO 22-092 FRAGO (IP=26,US)
23.128.248.27	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:50	HIVE Case #7342 CTO 22-092 FRAGO (IP=27,US)
23.128.248.30	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:12	HIVE Case #7705 CTO 22-153 (IP=30,US)
23.128.248.31	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:51	HIVE Case #7342 CTO 22-092 FRAGO (IP=31,US)
23.128.248.34	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:52	HIVE Case #7342 CTO 22-092 FRAGO (IP=34,US)
23.128.248.37	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:52	HIVE Case #7342 CTO 22-092 FRAGO (IP=37,US)
23.128.248.40	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:27:53	HIVE Case #7342 CTO 22-092 FRAGO (IP=40,US)
23.128.248.41	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:05	HIVE Case #7342 CTO 22-092 FRAGO (IP=41,US)
23.128.248.42	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:01	HTTP: PHP File Inclusion Vulnerability - IR#22C01423 - (IP=42,US)
23.128.248.48	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:05	HIVE Case #7342 CTO 22-092 FRAGO (IP=48,US)
23.128.248.49	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:06	HIVE Case #7342 CTO 22-092 FRAGO (IP=49,US)
23.128.248.50	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:06	HIVE Case #7342 CTO 22-092 FRAGO (IP=50,US)
23.128.248.51	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:07	HIVE Case #7342 CTO 22-092 FRAGO (IP=51,US)
23.128.248.52	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:07	HIVE Case #7342 CTO 22-092 FRAGO (IP=52,US)
23.128.248.54	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:08	HIVE Case #7342 CTO 22-092 FRAGO (IP=54,US)
23.128.248.55	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:09	HIVE Case #7342 CTO 22-092 FRAGO (IP=55,US)
23.128.248.57	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:09	HIVE Case #7342 CTO 22-092 FRAGO (IP=57,US)
23.128.248.58	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:10	HIVE Case #7342 CTO 22-092 FRAGO (IP=58,US)
23.128.248.59	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:10	HIVE Case #7342 CTO 22-092 FRAGO (IP=59,US)
23.128.248.60	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:11	HIVE Case #7342 CTO 22-092 FRAGO (IP=60,US)
23.128.248.61	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:11	HIVE Case #7342 CTO 22-092 FRAGO (IP=61,US)
23.128.248.62	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:12	HIVE Case #7342 CTO 22-092 FRAGO (IP=62,US)
23.128.248.63	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:13	HIVE Case #7342 CTO 22-092 FRAGO (IP=63,US)
23.128.248.64	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:13	HIVE Case #7342 CTO 22-092 FRAGO (IP=64,US)
23.129.64.130	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:14	HIVE Case #7342 CTO 22-092 FRAGO (IP=130,US)
23.129.64.131	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:41	HIVE Case #6652 CTO 21-345 F1 (IP=131,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=131,US) HIVE Case #7894 CTO 22-187 (IP=131,US)
23.129.64.131	32	TLM	None	2021-12-13 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:41	HIVE Case #6652 CTO 21-345 F1 (IP=131,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=131,US) HIVE Case #7894 CTO 22-187 (IP=131,US)
23.129.64.132	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:14	HIVE Case #7342 CTO 22-092 FRAGO (IP=132,US)
23.129.64.133	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:15	HIVE Case #7342 CTO 22-092 FRAGO (IP=133,US)
23.129.64.134	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:15	HIVE Case #7342 CTO 22-092 FRAGO (IP=134,US)
23.129.64.135	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:16	HIVE Case #7342 CTO 22-092 FRAGO (IP=135,US)
23.129.64.137	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:17	HIVE Case #7342 CTO 22-092 FRAGO (IP=137,US)
23.129.64.140	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:17	HIVE Case #7342 CTO 22-092 FRAGO (IP=140,US)
23.129.64.141	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=141,US)
23.129.64.142	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:42	HIVE Case #7894 CTO 22-187 (IP=142,US)
23.129.64.145	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:07	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=145,US)
23.129.64.145	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:40:39	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=145,US)
23.129.64.145	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 15:25:57	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=145,US)
23.129.64.146	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=146,US)
23.129.64.147	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:18	HIVE Case #7342 CTO 22-092 FRAGO (IP=147,US)
23.129.64.148	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:42	HIVE Case #6652 CTO 21-345 F1 (IP=148,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=148,US) HIVE Case #7894 CTO 22-187 (IP=148,US)
23.129.64.148	32	TLM	None	2021-12-13 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:42	HIVE Case #6652 CTO 21-345 F1 (IP=148,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=148,US) HIVE Case #7894 CTO 22-187 (IP=148,US)
23.129.64.149	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:18	HIVE Case #7342 CTO 22-092 FRAGO (IP=149,US)
23.129.64.190	32	EE	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	Possible SQLi attempt - TT# 20C00390 (IP=190,US) | updated by EE Block was inactive. Reactivated on 20211208 with reason HIVE Case #6616 IOC_ MikroTik Routers (IP=190,US) HIVE Case #6616 IOC_ MikroTik Routers (IP=190,US)
23.129.64.190	32	RR	None	2019-10-12 00:00:00	2022-03-08 00:00:00	None	Possible SQLi attempt - TT# 20C00390 (IP=190,US) | updated by EE Block was inactive. Reactivated on 20211208 with reason HIVE Case #6616 IOC_ MikroTik Routers (IP=190,US) HIVE Case #6616 IOC_ MikroTik Routers (IP=190,US)
23.129.64.210	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:19	Authentication Failed - Failed Logns (IP=210,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=210,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=210,US)
23.129.64.210	32	GM	None	2019-08-12 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:19	Authentication Failed - Failed Logns (IP=210,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=210,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=210,US)
23.129.64.211	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:19	HIVE Case #7342 CTO 22-092 FRAGO (IP=211,US)
23.129.64.212	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:20	FireEye Network SmartVision - CVE-2019-0708 (IP=212,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=212,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=212,US)
23.129.64.212	32	RB	None	2019-07-01 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:20	FireEye Network SmartVision - CVE-2019-0708 (IP=212,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=212,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=212,US)
23.129.64.213	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:20	Authentication Failed - 6 hr Failed Logon (IP=213,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00595 (IP=213,US) HTTP: Microsoft SharePoint XSS in Sc | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=213,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=213,US)
23.129.64.213	32	RR	None	2021-03-09 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:20	Authentication Failed - 6 hr Failed Logon (IP=213,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00595 (IP=213,US) HTTP: Microsoft SharePoint XSS in Sc | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=213,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=213,US)
23.129.64.213	32	CR	None	2019-08-16 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:20	Authentication Failed - 6 hr Failed Logon (IP=213,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00595 (IP=213,US) HTTP: Microsoft SharePoint XSS in Sc | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=213,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=213,US)
23.129.64.214	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:32	Authentication Failed - 6 hr failed logons (IP=214,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=214,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=214,US)
23.129.64.214	32	RW	None	2019-08-28 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:32	Authentication Failed - 6 hr failed logons (IP=214,US) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=214,US) HIVE Case #7342 CTO 22-092 FRAGO (IP=214,US)
23.129.64.215	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:32	HIVE Case #7342 CTO 22-092 FRAGO (IP=215,US)
23.129.64.218	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:43	HIVE Case #7894 CTO 22-187 (IP=218,US)
23.129.64.219	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:33	HIVE Case #7342 CTO 22-092 FRAGO (IP=219,US)
23.129.64.250	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:34	HIVE Case #7342 CTO 22-092 FRAGO (IP=250,US)
23.130.136.101	24	SW	None	2022-08-19 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:14	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=101,CA) | updated by RR Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=101,CA)
23.148.144.37	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=37,US)
23.148.145.101	32	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6HR Web Attacks (IP=101,US)
23.148.145.240	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:53	SIPVicious Security Scanner - IPS Events(IP=240,US)
23.148.145.38	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6hr Web Attacks (IP=38,US)
23.148.145.67	32	SW	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 22:39:50	SIPVicious Security Scanner - IPS Events (IP=67,US)
23.15.84.185	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=185,US)
23.154.177.18	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:08	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=18,US)
23.154.177.19	32	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:20	SSH2 Failed Login Attempt- 6 hour failed Login(IP=19,US)
23.154.177.2	32	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:19	SSH2 Failed Login Attempt- 6 hour failed Login(IP=2,US)
23.154.177.20	32	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:20	SSH2 Failed Login Attempt- 6 hour failed Login(IP=20,US)
23.154.177.21	32	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:21	SSH2 Failed Login Attempt- 6 hour failed Login(IP=21,US)
23.154.177.3	32	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:19	SSH2 Failed Login Attempt- 6 hour failed Login(IP=3,US)
23.154.177.4	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:37	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=4,US)
23.154.177.5	32	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:28	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=5,US)
23.154.177.6	32	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:29	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=6,US)
23.154.177.7	32	WR	None	2022-02-28 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:38	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=7,US) | updated by AR Block was inactive. Reactivated on 20220626 with reason HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=7,US)
23.160.193.140	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:21	HIVE Case #7227 CTO 22-076 (IP=140,US)
23.172.112.119	32	KH	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:28	SIPVicious Security Scanner - FE CMS (IP=119,US)
23.172.112.85	32	AR	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 13:57:40	PROTOCOL-VOIP SIP wildcard VIA address flood attempt - SourceFire (IP=85,US)
23.183.81.90	32	SW	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=90,US)
23.183.83.160	32	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=160,US)
23.184.48.159	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:08	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=159,NL)
23.185.0.3	32	CW	None	2019-06-28 00:00:00	2022-09-16 00:00:00	2022-03-16 17:46:58	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected_SourceFire (IP= 3,US) | updated by RW with reason FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected - Sourcefire (I | updated by AS Block was inactive. Reactivated on 20220316 with reason HIVE Case #7211 COLS-NA TIP 22-0083 (IP=3,US)
23.19.10.42	32	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:16	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=42,US)
23.19.227.103	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=103,US)
23.19.227.125	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:10	HIVE Case #8328 TO-S-2022-0230 (IP=125,US)
23.19.227.139	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=139,US)
23.19.227.141	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6586 TO-S-2022-0085 (IP=141,US)
23.19.227.148	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=148,US)
23.19.227.16	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=16,US)
23.19.227.161	32	TLM	None	2021-08-23 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:18	HIVE Case #6042 TO-S-2021-1484 (IP=161,US) | updated by TLM Block was inactive. Reactivated on 20220301 with reason HIVE Case #7115 CTO 22-060 (IP=161,US)
23.19.227.165	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=165,US)
23.19.227.176	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=176,US)
23.19.227.178	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=178,US)
23.19.227.238	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=238,US)
23.19.227.247	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=247,US)
23.19.227.47	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=47,US)
23.19.227.53	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=53,US)
23.19.227.54	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=54,US)
23.19.227.63	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=63,US)
23.19.227.8	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=8,US)
23.19.58.212	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=212,GB)
23.19.58.238	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6411 CTO 21-294 (IP=238,GB)
23.19.58.93	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=93,GB)
23.193.128.55	32	JH	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-04-12 18:32:53	Windows Executable Download With Double File Extension - IPS Events(IP=55,US) | Unblock requested in INC0266643 - prevents access to mvp.usace.army.mil by ZH
23.2.76.66	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=66,US)
23.20.138.219	32	ZH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) Sourcefire Rpt (IP=219,US)
23.20.215.22	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=22,US)
23.20.216.33	32	SW	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:29	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=33,US)
23.20.244.31	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=31,US)
23.20.248.52	32	DT	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-05 13:48:49	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Source Fire (IP=52,US)
23.20.28.167	32	DT	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=167,US)
23.20.8.233	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=233,US)
23.200.156.22	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:52	HIVE Case #7662 CTO 22-145 (IP=22,US)
23.203.24.72	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:19	FILE-OSAER Kaspersky antivirus library heap buffer overflow - wiSAout optional fields (1:16295:13) - SourceFire Report (IP=72,US)
23.204.7.16	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=16,US)
23.208.158.151	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:43:03	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data - Sourcefire Report (IP=151,US)
23.21.3.105	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:08	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=105,US)
23.21.34.96	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire Rpt (IP=96,US)
23.213.160.225	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:15	DT / SQLi attempts - IR# 22C01496 (IP=225,DE)
23.215.102.168	32	RT	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=168,US)
23.215.102.184	32	RT	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=184,US)
23.215.102.56	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=56,US)
23.215.102.59	32	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=59,US)
23.216.145.140	32	JP	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:33	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=140, US)
23.216.147.205	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:09	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=205,US)
23.216.147.206	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:13	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=206,US)
23.216.147.66	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:17	FILE-OSAER Kaspersky antivirus library heap buffer overflow - wiSAout optional fields (1:16295:13) - SourceFire Report (IP=66,US)
23.216.147.67	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:32	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=67,US)
23.216.77.69	32	AS	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-26 16:43:44	HIVE Case #8178 COLS-NA TIP 22-0289 (IP=69,DE)
23.22.185.128	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:56	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=128, US)
23.22.224.46	32	ZH	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=46,US)
23.22.235.60	32	DT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=.60,US)
23.22.254.109	32	TH	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=109,US)
23.22.70.181	32	TH	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:56	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt
23.22.77.106	32	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=106,US)
23.220.206.11	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:23	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=11,US)
23.220.206.51	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:10	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=51,US)
23.220.96.147	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=147,US)
23.220.96.187	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=187,US)
23.223.246.16	32	RT	None	2022-02-23 00:00:00	2022-05-24 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - Sourcefire Report (IP=16,US)
23.223.246.65	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:43:04	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - Sourcefire Report (IP=65,US)
23.224.135.141	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=141,CA)
23.224.135.142	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=142,CA)
23.224.185.72	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:06	HIVE Case #7104 TO-S-2022-0138 (IP=72,US)
23.224.186.205	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:18	FTP Login Failed- 6 hr Failed Logons (IP=205,US)
23.224.186.215	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:01	FTP Login Failed - Failed Logons (IP=215,US)
23.224.186.230	32	AR	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:49:48	FTP Login Failed - 6hr Failed Logons (IP=230,US)
23.224.186.51	32	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:14	FTP Login Failed - Failed Logons (IP=51,US)
23.224.186.68	32	WR	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:22	FTP Login Failed - Failed Logons (IP=68,US)
23.224.189.41	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:11	FTP Login Failed - 6Hr Failed Logons (IP=41,US)
23.224.189.54	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:47	HIVE Case #7894 CTO 22-187 (IP=54,US)
23.224.46.224	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:48	HIVE Case #7894 CTO 22-187 (IP=224,US)
23.224.59.130	32	SW	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=130,US)
23.225.161.125	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:42	HIVE Case #7416 CTO 22-106 (IP=125,US)
23.225.180.202	32	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:47:01	FTP Login Failed - Failed Logons (IP=202,US)
23.225.191.98	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:49	HIVE Case #7894 CTO 22-187 (IP=98,US)
23.225.44.4	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=4,US)
23.226.65.108	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:21	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=108,US)
23.226.65.113	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:22	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=113,US)
23.226.65.124	32	RT	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-10 14:46:56	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR #22C01024 (IP=124,US)
23.227.174.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
23.227.178.53	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:21	HIVE Case #7894 CTO 22-187 (IP=53,US)
23.227.178.59	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:21	HIVE Case #7894 CTO 22-187 (IP=59,US)
23.227.184.116	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:56	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=116,US)
23.227.198.195	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:24	HIVE Case #7669 TO-S-2022-0187 (IP=195,US)
23.227.198.217	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:24	HIVE Case #7669 TO-S-2022-0187 (IP=217,US)
23.227.201.69	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6175 TO-S-2021-1537 (IP=69,US)
23.227.202.0	23	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:42	HIVE Case #7840 CTO 22-175 (IP=0,US)
23.227.202.141	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=141,US)
23.227.202.195	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6312 CTO 21-271 (IP=195,US)
23.227.202.72	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:37	HIVE Case #7189 CTO 22-068.1 (IP=72,US)
23.227.203.120	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:25	HIVE Case #7669 TO-S-2022-0187 (IP=120,US)
23.227.203.150	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=150,US)
23.227.203.214	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:41	HIVE Case #7813 CTO 22-173 (IP=214,US)
23.227.204.126	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:56	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=126,US)
23.229.111.197	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6446 CTO 21-272 (IP=197,US)
23.229.219.3	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=3,US)
23.229.226.34	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=34,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=34,US)
23.229.238.3	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
23.23.68.194	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire Rpt (IP=194,US)
23.230.207.138	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	Backdoor.APT.ChinaChopper - IPS Events(IP=138,US)
23.231.40.119	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
23.234.193.194	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
23.234.242.246	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:24	HIVE Case #7341 CTO 22-092 (IP=246,US)
23.235.192.37	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
23.235.201.21	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
23.235.206.250	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
23.235.207.129	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
23.235.208.196	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
23.235.217.248	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=248,US)
23.235.250.149	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
23.235.250.152	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
23.235.250.156	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
23.235.250.157	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
23.236.163.238	32	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=238,US)
23.236.233.58	32	RR	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:10	Apache Log4j CVE-2021-44228 Remote Code Execution - FE NX (IP=58,US)
23.238.42.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
23.239.10.68	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=68,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=68,US)
23.239.118.146	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
23.239.14.80	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:41	HIVE Case #7676 CTO 22-147 (IP=80,US)
23.239.25.132	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	SQL injection - Web Attacks (IP=132,US)
23.239.27.53	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=53,US)
23.239.30.178	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 23:24:00	SQL injection - 6 Hr Web Report (IP=178,US)
23.247.108.46	32	RT	None	2021-10-03 00:00:00	2022-01-01 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SOURCEFIRE REPORT (IP=46,US)
23.247.42.226	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
23.247.42.231	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
23.250.19.242	32	AR	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 18:34:54	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - IR#22C01446 (IP=242,CA) | IR#22C01446 (IP=242,GB) Country Code should be GB. Not CA ..RS
23.250.19.242	24	KD	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt- Sourcefire(IP=242,GB)
23.252.71.10	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
23.254.129.16	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=16,US)
23.254.132.107	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=107,US)
23.254.133.12	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:29	HIVE Case #7115 CTO 22-060 (IP=12,US)
23.254.142.112	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=112,US)
23.254.147.58	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=58,US)
23.254.161.144	32	TLM	None	2022-03-11 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:26	HIVE Case #7189 CTO 22-068.1 (IP=144,US) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=144,US)
23.254.165.250	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=250,US)
23.254.167.101	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=101,US)
23.254.201.147	32	AS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 20:19:22	HIVE Case #7930 TO-S-2022-0209 (IP=147,US)
23.254.202.59	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:25	HIVE Case #7669 TO-S-2022-0187 (IP=59,US)
23.254.211.230	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:29	HIVE Case #7115 CTO 22-060 (IP=230,US)
23.254.215.22	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=22,US)
23.254.224.160	32	AS	None	2022-04-08 00:00:00	2022-10-04 00:00:00	2022-04-08 17:37:01	HIVE Case #7363 CTO 22-097 (IP=160,US)
23.254.225.184	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=184,US)
23.254.227.239	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=239,US)
23.254.227.71	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:22	HIVE Case #7227 CTO 22-076 (IP=71,US)
23.254.228.142	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:48	HIVE Case #7380 CTO 22-099 (IP=142,US)
23.254.228.47	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:22	HIVE Case #7227 CTO 22-076 (IP=47,US)
23.254.244.195	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=195,US)
23.254.247.79	32	AS	None	2021-11-12 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6528 TO-S-2022-0082 (IP=79,US)
23.27.30.109	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=109,US)
23.29.115.167	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=167,US)
23.29.115.168	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=168,US)
23.29.115.175	32	ZH	None	2021-09-13 00:00:00	2022-08-12 00:00:00	None	HIVE Case 6148 Forcepoint FP Custom-Encrypted Uploads (IP=175,US) | updated by TLM Block was inactive. Reactivated on 20220211 with reason HIVE Case #6973 TO-S-2022-0128 (IP=175,US)
23.29.115.180	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=180,US)
23.36.245.119	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=119,US)
23.38.188.137	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=137,US)
23.38.188.209	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:31	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58734:4) - SourceFire (IP=209,US)
23.40.207.51	32	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=51,US)
23.40.207.66	32	RT	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=122,US)
23.40.41.58	32	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:52	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt - SourceFire (IP=58,US)
23.45.112.49	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=49,US)
23.45.112.59	32	RT	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt- Sourcefire Report (IP=59,US)
23.45.112.74	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=74,US)
23.47.193.153	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=153,US)
23.47.193.171	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:35	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire (IP=171,US)
23.47.193.193	32	RT	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt - Sourcefire Report (IP=193,US)
23.47.194.163	32	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=163,US)
23.55.104.107	32	RT	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - Sourcefire Report (IP=107,US)
23.55.104.18	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:27	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=18,US)
23.55.60.27	32	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=27,US)
23.55.62.169	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:12	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) SourceFire (IP=169,US)
23.55.62.185	32	RT	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt - Sourcefire Report (IP=185,US)
23.56.175.39	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:24	DT / SQLi attempts IR# 22C01495 (IP=39,US)
23.56.3.24	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=24,US)
23.56.3.64	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=64,US)
23.56.3.66	32	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt - Sourcefire Rpt (IP=66,US)
23.56.3.99	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=99,US)
23.56.4.16	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:37	SERVER-APACHE Apache Struts remote code execution attempt (1:39191:3) - SourceFire (IP=16,US)
23.56.4.72	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:10	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=72,US)
23.6.175.130	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:49	Windows Executable Download With Double File Extension - IPS Events(IP=130,US)
23.63.32.111	32	KD	None	2021-12-13 00:00:00	2022-04-13 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data - Sourcefire Rpt (IP=111,SE) | updated by RT Block expiration extended with reason INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - Sourcefire Report (IP=111,US)
23.64.114.62	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=62,US)
23.64.117.15	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:14	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - SourceFire (IP=15,US)
23.66.122.32	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=32,US)
23.66.127.156	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:54	HIVE Case #7662 CTO 22-145 (IP=156,US)
23.67.42.42	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:43:04	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - Sourcefire Report (IP=42,US)
23.67.42.49	32	RT	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - SOURCEFIRE REPORT (IP=49,US)
23.67.42.64	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:26	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (- SourceFire (IP=64, US)
23.72.25.152	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:10	HIVE Case #7237 CTO 22-077 (IP=152,FR)
23.74.131.84	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=84,US)
23.77.147.189	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=189,AU)
23.77.203.169	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=169,US)
23.77.203.225	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=225,US)
23.81.246.102	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=102,US)
23.81.246.113	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=113,US)
23.81.246.123	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=123,US)
23.81.246.131	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=131,US)
23.81.246.132	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=132,US)
23.81.246.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,US)
23.81.246.16	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=16,US)
23.81.246.165	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=165,US)
23.81.246.167	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=167,US)
23.81.246.17	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=17,US)
23.81.246.177	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=177,US)
23.81.246.18	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=18,US)
23.81.246.183	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=183,US)
23.81.246.187	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:26	HIVE Case #7669 TO-S-2022-0187 (IP=187,US)
23.81.246.189	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=189,US)
23.81.246.193	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=193,US)
23.81.246.20	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=20,US)
23.81.246.206	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=206,US)
23.81.246.222	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=222,US)
23.81.246.24	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=24,US)
23.81.246.247	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=247,US)
23.81.246.39	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=39,US)
23.81.246.40	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=40,US)
23.81.246.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
23.81.246.67	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=67,US)
23.81.246.75	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=75,US)
23.82.12.32	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=32,US)
23.82.128.104	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=104,US)
23.82.128.116	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=116,US)
23.82.128.119	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=119,US)
23.82.128.144	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=144,US)
23.82.128.16	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=16,US)
23.82.128.160	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=160,US)
23.82.128.162	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6581 CTO 21-321 (IP=162,US)
23.82.128.163	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=163,US)
23.82.128.17	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6581 CTO 21-321 (IP=17,US)
23.82.128.170	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6581 CTO 21-321 (IP=170,US)
23.82.128.171	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=171,US)
23.82.128.18	32	AS	None	2021-12-09 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6627 CTO 21-328 (IP=18,US)
23.82.140.102	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=102,US)
23.82.140.112	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=112,US)
23.82.140.133	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:27	HIVE Case #7669 TO-S-2022-0187 (IP=133,US)
23.82.140.136	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=136,US)
23.82.140.137	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=137,US)
23.82.140.156	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=156,US)
23.82.140.162	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=162,US)
23.82.140.186	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=186,US)
23.82.140.207	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=207,US)
23.82.140.214	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=214,US)
23.82.140.215	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=215,US)
23.82.140.223	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=223,US)
23.82.140.227	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=227,US)
23.82.140.32	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=32,US)
23.82.140.50	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=50,US)
23.82.140.51	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=51,US)
23.82.140.62	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=62,US)
23.82.141.184	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:27	HIVE Case #7669 TO-S-2022-0187 (IP=184,US)
23.82.141.192	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=192,US)
23.82.141.201	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=201,US)
23.82.185.104	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=104,US)
23.82.185.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
23.82.185.122	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=122,US)
23.82.185.138	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=138,US)
23.82.185.91	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 17:50:17	HIVE Case #7916 TO-S-2022-0206 (IP=91,US)
23.82.185.98	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 17:50:18	HIVE Case #7916 TO-S-2022-0206 (IP=98,US)
23.82.189.110	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=110,US)
23.82.189.114	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=114,US)
23.82.189.115	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=115,US)
23.82.189.116	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=116,US)
23.82.189.118	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=118,US)
23.82.189.12	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6586 TO-S-2022-0085 (IP=12,US)
23.82.189.13	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=13,US)
23.82.19.100	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:18	HIVE Case #7115 CTO 22-060 (IP=100,US)
23.82.19.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
23.82.19.133	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=133,US)
23.82.19.142	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=142,US)
23.82.19.147	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=147,US)
23.82.19.156	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=156,US)
23.82.19.158	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=158,US)
23.82.19.163	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=163,US)
23.82.19.173	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=173,US)
23.82.19.187	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=187,US)
23.82.19.192	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=192,US)
23.82.19.196	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=196,US)
23.82.19.204	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=204,US)
23.82.19.208	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:28	HIVE Case #7669 TO-S-2022-0187 (IP=208,US)
23.82.19.22	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:19	HIVE Case #7115 CTO 22-060 (IP=22,US)
23.82.19.24	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=24,US)
23.82.19.29	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:19	HIVE Case #7115 CTO 22-060 (IP=29,US)
23.82.19.34	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6443 CTO 21-300 (IP=34,US)
23.82.19.35	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=35,US)
23.82.19.4	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:20	HIVE Case #7115 CTO 22-060 (IP=4,US)
23.82.19.5	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:21	HIVE Case #7115 CTO 22-060 (IP=5,US)
23.83.133.1	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:28	HIVE Case #7669 TO-S-2022-0187 (IP=1,US)
23.83.133.130	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6513 CTO 21-309 (IP=130,US)
23.83.133.17	32	AS	None	2021-12-09 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6627 CTO 21-328 (IP=17,US)
23.83.133.176	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6512 CTO 21-308 (IP=176,US)
23.83.133.178	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6512 CTO 21-308 (IP=178,US)
23.83.133.181	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=181,US)
23.83.133.182	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:29	HIVE Case #7669 TO-S-2022-0187 (IP=182,US)
23.83.133.193	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=193,US)
23.83.133.196	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=196,US)
23.83.133.20	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:12	HIVE Case #8328 TO-S-2022-0230 (IP=20,US)
23.83.133.209	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=209,US)
23.83.133.216	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:29	HIVE Case #7669 TO-S-2022-0187 (IP=216,US)
23.83.133.226	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=226,US)
23.83.133.246	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=246,US)
23.83.133.25	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6410 CTO 21-293 (IP=25,US)
23.83.133.29	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=29,US)
23.83.133.31	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:48	HIVE Case #7768 CTO 22-161 (IP=31,US)
23.83.133.43	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=43,US)
23.83.133.48	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=48,US)
23.83.133.5	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=5,US)
23.83.133.50	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6513 CTO 21-309 (IP=50,US)
23.83.133.53	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6513 CTO 21-309 (IP=53,US)
23.83.133.54	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=54,US)
23.83.133.55	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=55,US)
23.83.133.60	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=60,US)
23.83.133.62	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=62,US)
23.83.133.63	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:21	HIVE Case #7115 CTO 22-060 (IP=63,US)
23.83.133.65	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:22	HIVE Case #7115 CTO 22-060 (IP=65,US)
23.83.133.7	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=7,US)
23.83.133.98	32	AS	None	2021-12-09 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6627 CTO 21-328 (IP=98,US)
23.83.134.110	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:30	HIVE Case #7669 TO-S-2022-0187 (IP=110,US)
23.83.134.130	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=130,US)
23.83.134.136	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:31	HIVE Case #7669 TO-S-2022-0187 (IP=136,US)
23.83.134.212	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=212,US)
23.83.134.44	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=44,US)
23.88.10.73	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:25	HIVE Case #7816 TO-S-2022-0202 (IP=73,DE)
23.88.11.67	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=67,DE)
23.88.117.10	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=10,DE)
23.88.117.246	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:31	HIVE Case #7669 TO-S-2022-0187 (IP=246,DE)
23.88.12.234	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:31	HIVE Case #7226 CTO 22-075 (IP=234,DE)
23.88.123.21	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:50	SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (1:25318:10) - SourceFire (IP=21, DE)
23.88.62.150	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=150,DE)
23.88.62.153	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=153,DE)
23.88.63.251	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:00	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=251,DE)
23.88.63.3	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=3,DE)
23.90.128.10	24	BB	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - Sourcefire (IP=10,RU)
23.91.100.106	24	KD	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	SERVER-WEBAPP Movable Type CMS command injection attempt- Web Attacks (IP=106,HK)
23.91.104.17	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=17,HK)
23.91.15.210	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=210,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=210,US) HIVE Case #5969 TO-S-2021-1289 (IP=210,US)
23.91.15.210	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=210,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=210,US) HIVE Case #5969 TO-S-2021-1289 (IP=210,US)
23.91.15.210	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=210,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=210,US) HIVE Case #5969 TO-S-2021-1289 (IP=210,US)
23.91.67.25	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
23.92.210.202	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=202,US)
23.92.210.210	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=210,US)
23.92.212.34	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=34,US)
23.92.212.50	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=50,US)
23.92.212.54	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=54,US)
23.92.216.30	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=30,US)
23.92.222.170	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=170,US)
23.92.28.150	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=150,US)
23.92.83.218	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=218,US)
23.94.104.5	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=5,US)
23.94.145.169	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=169,US)
23.94.145.240	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=240,US)
23.94.159.183	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=183,US)
23.94.182.107	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=107,US)
23.94.183.107	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=107,US)
23.94.211.52	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=52,US)
23.94.22.145	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=145,US)
23.94.24.12	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malware Activity
23.94.26.140	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=140,US)
23.94.4.98	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
23.94.50.251	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:49	HIVE Case #7894 CTO 22-187 (IP=251,US)
23.94.7.115	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6166 CTO 21-246 (IP=115,US)
23.94.91.218	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:20	HIVE Case #7341 CTO 22-092 (IP=218,US)
23.95.13.180	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=180,US)
23.95.137.162	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=162,US)
23.95.214.125	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
23.95.215.51	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=51,US)
23.95.218.240	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=240,US)
23.95.50.66	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=66,US)
23.95.50.68	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=68,US)
23.95.50.69	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=69,US)
23.95.9.100	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=100,US)
23.95.9.233	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=233,US)
23.95.96.27	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6512 CTO 21-308 (IP=27,US)
23000knw.mypressonline.com	---	TLM	None	2021-10-25 00:00:00	2022-10-25 00:00:00	2023-01-19 23:03:54	HIVE Case #6410 CTO 21-293
2311829733.smartwife.in	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:16	HIVE Case #5940 TO-S-2021-1447
24.111.179.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.122.102.164	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
24.122.65.106	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
24.128.88.223	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=223,US)
24.133.160.35	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
24.143.190.42	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
24.145.0.107	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.148.117.121	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.152.38.218	24	RR	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 13:49:55	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=218,BR)
24.154.134.5	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:50	HIVE Case #7874 CTO 22-181 (IP=5,US)
24.154.134.54	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:50	HIVE Case #7874 CTO 22-181 (IP=54,US)
24.199.247.222	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=222,US)
24.212.12.119	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:49	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=119,CA)
24.224.104.83	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.224.113.154	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.229.150.54	32	EE	None	2021-11-29 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:55	HIVE Case #6580 IOC_Squirrelwaffle Exploits (IP=54,US) | updated by AS Block was inactive. Reactivated on 20220315 with reason HIVE Case #7199 CTO 22-074 (IP=54,US)
24.231.216.246	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
24.233.120.33	32	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=33,US)
24.244.144.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BS TO-S-2021-1037 Hive Case 4785 Malware Activity
24.34.255.86	32	TLM	None	2022-06-08 00:00:00	2022-12-08 00:00:00	2022-06-09 14:48:04	HIVE Case #7739 CTO 22-159 (IP=86,US) | updated by TLM Block expiration extended with reason HIVE Case #7747 TO-S-2022-0194 (IP=86,US)
24.37.230.243	32	JP	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:04	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01774 (IP=243,CA)
24.39.220.218	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:07	HIVE Case #7199 CTO 22-074 (IP=218,US)
24.53.80.18	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=18,CA)
24.54.164.30	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.54.164.36	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.55.112.61	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:56	HIVE Case #7199 CTO 22-074 (IP=61,PR)
24.88.70.72	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:50	HIVE Case #7894 CTO 22-187 (IP=72,US)
24.96.155.79	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
24.96.94.11	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:08	HIVE Case #7199 CTO 22-074 (IP=11,US)
24.97.0.20	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5734 CTO-21-173 (IP=20,US)
24.jr.short.gy	---	TLM	None	2021-10-29 00:00:00	2022-10-29 00:00:00	2023-01-19 23:04:21	HIVE Case #6448 TO-S-2022-0058
241465639.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:20	HIVE Case #5940 TO-S-2021-1447
2481823026.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
2489707907.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
2522084069.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
26.95.37.109	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=109,US)
260620210710010626riverton.kutaplaya.com	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
26iip.app.link	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:37	HIVE Case #5991 TO-S-2021-1421
27.1.1.34	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:25	HIVE Case #7767 TO-S-2022-0197 (IP=34,KR)
27.102.101.26	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:09	HIVE Case #7807 CTO 22-169 (IP=26,KR)
27.102.102.237	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=237,KR)
27.102.102.237	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=237,KR)
27.102.113.240	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=240,KR)
27.102.113.57	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=57,KR)
27.102.114.55	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=55,KR)
27.102.115.216	32	AS	None	2022-04-08 00:00:00	2022-10-04 00:00:00	2022-04-08 17:37:01	HIVE Case #7363 CTO 22-097 (IP=216,KR)
27.102.115.51	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=51,KR)
27.102.127.247	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=247,KR)
27.102.129.120	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=120,KR)
27.102.130.239	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:50	HIVE Case #7164 CTO 22-067.1 (IP=239,KR)
27.102.130.63	24	EE	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	HIVE Case #6451 IOC_FontOnLake (IP=63,KR)
27.102.66.162	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:51	HIVE Case #7820 CTO 22-174 (IP=162,KR)
27.102.67.154	32	TLM	None	2022-03-30 00:00:00	2022-09-30 00:00:00	2022-03-30 13:05:06	HIVE Case #7300 CTO 22-089 (IP=154,KR)
27.106.48.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
27.109.166.144	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=144,MO)
27.109.225.159	24	WR	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr Web Attacks (IP=159,MO)
27.109.225.159	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Source Fire (IP=159,MO)
27.109.226.91	24	AR	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 Hr Web Attacks (IP=91,MO)
27.109.30.109	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
27.110.249.254	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:17	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01596 (IP=254,PH)
27.111.35.81	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
27.112.79.0	24	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,ID)
27.116.60.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KH TO-S-2021-1037 Hive Case 4785 Malware Activity
27.118.20.157	32	AR	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-13 13:54:42	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR # 22C01372 (IP=157,VN)
27.121.215.4	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	JP TO-S-2021-1143 Malware Activity
27.122.13.2	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:50	HIVE Case #7894 CTO 22-187 (IP=2,HK)
27.122.56.142	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:09	HIVE Case #7807 CTO 22-169 (IP=142,HK)
27.123.216.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
27.124.32.170	32	FTP	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:19	Login Failed - Failed Logons (IP=170,US)
27.124.32.176	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:05	FTP Login Failed - Failed Logons (IP=176,US)
27.124.40.199	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=199,SG)
27.124.40.234	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=234,SG)
27.124.40.245	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=245,SG)
27.124.41.203	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
27.124.43.69	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
27.124.45.179	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:11	HIVE Case #7862 CTO 22-176 (IP=179,SG)
27.124.45.182	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:17	HIVE Case #7881 CTO 22-182 (IP=182,SG)
27.124.45.186	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:31	HIVE Case #7813 CTO 22-173 (IP=186,SG)
27.124.47.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
27.124.5.117	24	WR	None	2021-01-01 00:00:00	2022-04-01 00:00:00	None	FTP Login Failed - Failed Logons (IP=117,SG)
27.125.12.38	32	TLM	None	2022-01-26 00:00:00	2022-07-26 00:00:00	None	HIVE Case #6837 CTO 22-025 (IP=38,KR)
27.131.0.8	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:38	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=8,ID)
27.145.104.161	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
27.147.128.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BD TO-S-2021-1117 DOS-DDOS Activity
27.147.183.45	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=45,BD)
27.147.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BD TO-S-2021-1117 DOS-DDOS Activity
27.147.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malware Activity
27.147.226.179	24	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:31	SQL injection - 6HR Web Attacks (IP=179,BD)
27.155.41.53	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:06	Generic URI Injection wget Attempt - FE IPS Events (IP=53,CN)
27.17.177.137	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:51	HIVE Case #7894 CTO 22-187 (IP=137,CN)
27.191.65.183	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:11	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=183,CN)
27.194.64.207	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:56	SIPVicious Security Scanner - IPS Events (IP=207,CN)
27.198.47.203	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:55	SIPVicious Security Scanner - IPS Events (IP=203,CN)
27.2.6.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
27.202.37.73	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:51	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - IPS Events (IP=73,CN)
27.203.116.233	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:14	SIPVicious Security Scanner - IPS Events (IP=233,CN)
27.203.78.219	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:30	File /etc/passwd Access Attempt Detect - IPS Events (IP=219,CN)
27.215.140.111	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:03	Generic URI Injection wget Attempt - CMS IPS Events (IP=111,CN)
27.215.213.216	24	RS	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:31	SIPVicious Security Scanner - IPS Events (IP=216,CN)
27.223.92.142	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:56	HIVE Case #7199 CTO 22-074 (IP=142,CN)
27.254.215.22	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=22,TH)
27.255.75.134	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=134,KR)
27.255.75.136	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:02:55	HIVE Case #7441 CTO 22-111 (IP=136,KR)
27.255.75.141	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6162 CTO 21-245 (IP=141,KR)
27.255.79.197	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=197,KR)
27.255.79.204	32	TLM	None	2021-08-26 00:00:00	2022-02-26 00:00:00	None	HIVE Case #6070 CTO 21-233 (IP=204,KR)
27.255.79.225	32	TLM	None	2022-03-30 00:00:00	2022-09-30 00:00:00	2022-03-30 13:05:05	HIVE Case #7300 CTO 22-089 (IP=225,KR)
27.255.79.240	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 12:32:09	HIVE Case #7143 CTO 22-063 (IP=240,KR)
27.255.81.114	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6162 CTO 21-245 (IP=114,KR)
27.255.81.57	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=57,KR)
27.255.81.57	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=57,KR)
27.255.81.71	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=71,KR)
27.255.81.73	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6162 CTO 21-245 (IP=73,KR)
27.255.81.77	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=77,KR)
27.3.32.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malware Activity
27.34.108.83	32	BB	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	Webshell.Binary.php.FEC2 (IP=205,NR)
27.34.12.219	24	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=219,NP)
27.34.22.128	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:37	HIVE Case #7258 CTO 22-082 (IP=128,NP)
27.34.68.175	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:15	SQL injection - Web Attacks (IP=175,NP)
27.35.122.226	24	WR	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=226,KR)
27.35.229.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
27.43.205.60	24	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=60,CN)
27.43.206.153	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:04	SIPVicious Security Scanner - IPS Events (IP=153,CN)
27.45.10.169	24	RS	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:30	SIPVicious Security Scanner - IPS Events (IP=169,CN)
27.45.17.192	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:08	SIPVicious Security Scanner - IPS Events (IP=192,CN)
27.45.50.27	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:55:59	SIPVicious Security Scanner - IPS Events (IP=27,CN)
27.46.29.140	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:31	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=140,CN)
27.47.0.113	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:54	Possible Cross-site Scripting Attack - FE IPS Events (IP=113,CN)
27.47.1.172	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:01	SIPVicious Security Scanner - IPS Events (IP=172,US)
27.47.125.46	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:35	WSO2 CVE-2022-29464 RCE - IPS Events (IP=46,CN)
27.47.126.170	24	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:45	SIPVicious Security Scanner - IPS Events (IP=170,CN)
27.47.38.22	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:07	Generic URI Injection wget Attempt - FE IPS Events (IP=22,CN)
27.47.40.133	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:02	SIPVicious Security Scanner - IPS Events (IP=133,CN)
27.47.41.46	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:55	SQLi Attempt in Username Field - IPS Events (IP=46,CN)
27.5.115.0	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=0,IN)
27.5.28.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
27.5.4.111	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:57	HIVE Case #7199 CTO 22-074 (IP=111,IN)
27.5.99.148	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=148,IN)
27.50.19.117	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=117,ID)
27.54.165.1	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00659
27.56.141.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
27.58.152.231	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:15	SQL injection - Web Attacks (IP=231,IN)
27.58.20.82	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:31	SQL injection - 6hr Web Attacks (IP=82,IN)
27.59.240.0	21	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
27.64.133.222	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
27.67.122.230	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=230,VN)
27.69.216.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
27.71.233.201	24	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=201,VN)
27.71.98.242	24	RT	None	2022-04-03 00:00:00	2022-07-01 00:00:00	2022-04-03 22:59:50	HTTP: PHP File Inclusion Vulnerability - IR # 22C01129 (IP=242,VN)
27.72.108.45	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
27.72.23.160	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=160,VN)
27.72.64.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
27.72.96.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
27.75.191.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
27.76.152.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
2735807-tapapp.me	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:25	HIVE Case #5940 TO-S-2021-1447
28dmd.today	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:57:56	HIVE Case #5644 TO-S-2021-1352
295.yao.cl	---	NHL	None	2020-11-17 00:00:00	2022-11-17 00:00:00	2023-01-19 22:49:19	Case # 4289 - IOC_ SilverHawk_Android_Spyware
2957641-www.tapapp.me	---	jkc	None	2021-04-14 00:00:00	2022-04-14 00:00:00	2023-01-19 22:55:03	Case # 5240 IOC_TO-S-2021-1218 Malicious callback domain
2965784329.marsstream.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
2hwldklgyhq80uwnffwe.cementeriodelinares.cl	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:34	HIVE Case #5775 TO-S-2021-1390
2on.biz	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:11	HIVE Case #5985 TO-S-2021-1459
2qups.r.a.d.sendibm1.com	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:20	HIVE Case #6025 TO-S-2021-1472
2track.info	---	TLM	None	2021-10-25 00:00:00	2022-10-25 00:00:00	2023-01-19 23:04:01	HIVE Case #6412 TO-S-2022-1635
2u5dunanshdgu.jhvbuh.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:34	HIVE Case #5775 TO-S-2021-1390
2v1dk.provedecide.work	---	TLM	None	2021-06-14 00:00:00	2022-06-14 00:00:00	2023-01-19 22:57:12	HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
2vtdv.atsushikikuchiwatercolors.com	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:37	HIVE Case #5629 TO-S-2021-1303
2www.team29er.pl	---	jkc	None	2021-05-07 00:00:00	2022-08-10 00:00:00	2023-01-19 22:56:31	Case # 5405 IOC_ TO-S-2021-1269 Malicious domain | updated by TLM Block expiration extended with reason HIVE Case #5969 TO-S-2021-1289
3.1.92.70	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:20	HIVE Case #7928 CTO 22-194 (IP=70,SG)
3.10.227.34	24	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=34,GB)
3.10.24.17	24	KH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=17,GB)
3.108.80.71	24	WR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00621 (IP=71,IN)
3.109.202.100	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=100,IN)
3.110.148.54	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:51	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Report (IP=54,IN)
3.110.56.219	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:02	HIVE Case #7904 CTO 22-189 (IP=219,IN)
3.121.201.91	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:44	HIVE Case #7904 CTO 22-189 (IP=91,DE)
3.121.211.81	24	RT	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 22:48:05	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR WebAttack (IP=81,DE)
3.121.212.75	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:45	SERVER-WEBAPP Java ClassLoader access attempt (1:30790:8) - SourceFire (IP=75,DE)
3.123.236.170	24	DT	None	2020-09-09 00:00:00	2022-03-05 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=170,DE) | updated by RR Block was inactive. Reactivated on 20211205 with reason SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt - SourceFire (IP=170,MA)
3.123.236.170	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 22C00484 (IP=170,US)
3.126.205.164	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=164,DE)
3.126.56.137	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:58	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=137,DE)
3.126.57.221	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=221,DE)
3.127.137.11	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:06	HIVE Case #7862 CTO 22-176 (IP=11,DE)
3.128.244.63	32	SW	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00426 (IP=63,US)
3.128.63.216	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:43	HIVE Case #7198 CTO 22-071 (IP=216,US)
3.133.7.69	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:03	HIVE Case #7904 CTO 22-189 (IP=69,US)
3.134.93.15	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:42	HIVE Case #7198 CTO 22-071 (IP=15,US)
3.136.154.168	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=168,US)
3.139.134.24	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:18	Apache Log4j CVE-2021-44228 Remote Code Execution - FE NX (IP=24,US)
3.139.28.151	32	RB	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:41	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01242 (IP=151,US)
3.140.185.101	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=101,US)
3.140.247.252	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:44	HIVE Case #7198 CTO 22-071 (IP=252,US)
3.141.30.146	32	ZH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=146,US)
3.142.219.234	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=234,US)
3.142.249.175	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:25	HIVE Case #7458 CTO 22-113 (IP=175,US)
3.142.54.140	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=140,US)
3.144.105.178	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=178,US)
3.144.113.178	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=178,US)
3.144.30.106	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=106,US)
3.145.27.202	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:28	HIVE Case #7769 CTO 22-165 (IP=202,US)
3.145.62.82	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:28	HIVE Case #7813 CTO 22-173 (IP=82,US)
3.145.88.201	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=201,US)
3.145.91.231	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:44	HIVE Case #7904 CTO 22-189 (IP=231,US)
3.15.203.176	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=176,US)
3.16.81.254	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=254,US)
3.20.59.76	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=76,US)
3.208.25.122	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=122,US)
3.216.214.193	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:37	HIVE Case #7088 CTO 22-056 (IP=193,US)
3.227.86.32	32	AS	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-26 22:35:48	HIVE Case #8170 COLS-NA TIP 22-0284 (IP=32,US)
3.229.76.130	32	TH	None	2022-02-23 00:00:00	2022-05-24 00:00:00	2022-02-24 23:33:35	Hive Case #7068 WaveBrowser IOC (IP=130,US)
3.235.28.168	32	SW	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:22	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=168, US)
3.237.90.13	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=13,US)
3.238.137.0	32	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:55	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=0,US)
3.238.137.10	32	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:56	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=10,US)
3.238.137.11	32	BMP	None	2021-01-08 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:54	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=11,US) | updated by NAB Block was inactive. Reactivated on 20220427 with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=11,US)
3.238.137.12	32	NAB	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:56:54	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=12,US)
3.238.137.13	32	RS	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:34	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=13,US)
3.32.239.188	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	2022-02-25 03:53:28	HIVE Case #7081 TO-S-2022-0135 (IP=188,US)
3.32.46.224	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:55	HIVE Case #7662 CTO 22-145 (IP=224,US)
3.32.51.155	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:25	HIVE Case #8100 CTO 22-211 (IP=155,US)
3.37.136.173	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=173,KR)
3.6.89.184	24	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=184,IN)
3.64.163.50	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=50,DE)
3.67.39.119	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=119,DE)
3.67.9.31	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=31,DE)
3.68.107.192	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:32	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=192,DE)
3.72.95.15	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:09	HTTP Unauthorized Brute Force Attack - 6 hr Failed Logons Report (IP=15,DE)
3.8.2.138	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=138,GB)
3.80.147.66	32	SW	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=66, US)
3.80.151.181	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:41	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=181, US)
3.80.157.162	32	RW	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=162,US)
3.80.170.230	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:15	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=230,US)
3.80.176.91	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=91,US)
3.80.183.195	32	SW	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 22:02:32	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=195, US)
3.80.211.56	32	SW	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=56, US)
3.80.253.42	32	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=42,US)
3.80.31.130	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=130,US)
3.80.44.28	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:56	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=28,US)
3.80.54.216	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=216,US)
3.80.57.195	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=195,US)
3.80.61.51	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:02	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=51,US)
3.80.99.95	32	DT	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=95,US)
3.81.145.2	32	RT	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=2,US)
3.81.151.219	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:10	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=219, US)
3.81.164.233	32	SW	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=233, US)
3.81.170.172	32	RT	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt-Sourcefire Report (IP=172,US)
3.81.170.246	32	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=246,US)
3.81.187.122	32	RT	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=122,US)
3.81.205.14	32	ZH	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=14,US)
3.81.214.174	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=174,US)
3.81.217.71	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:32	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=71,US)
3.81.218.131	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:45	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=131, US)
3.81.224.238	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:00	Possible Cross-site Scripting Attack - IPS Events (IP=238,US)
3.81.41.42	32	RT	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report(IP=42,US)
3.82.114.237	32	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=237,US)
3.82.139.28	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:03	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=28,US)
3.82.142.59	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=59,US)
3.82.174.46	24	KD	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=46,US)
3.82.2.246	32	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=246,US)
3.82.209.219	32	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:48:39	Known Attack Tool - IR# 22C01379 (IP=219,US)
3.82.25.42	32	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:42	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=42, US)
3.82.35.99	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=99,US)
3.82.47.12	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:43	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=12,US)
3.82.58.164	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:49	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report(IP=164,US)
3.83.101.49	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=49,US)
3.83.127.215	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6860 TO-S-2022-0117 (IP=215,US)
3.83.133.68	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=68,US)
3.83.144.175	32	RT	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-08 18:08:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=175,US)
3.83.145.141	32	RT	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=141,US)
3.83.23.235	32	ZH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=235,US)
3.83.232.61	32	KD	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-12 14:30:08	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire(IP=61,US)
3.83.242.198	32	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=198,US)
3.83.49.22	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=22,US)
3.83.65.160	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:02	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=160,US)
3.83.88.37	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:36	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=37,US)
3.83.94.147	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:13	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) SourceFire (IP=147,US)
3.84.143.216	32	RT	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=216,US)
3.84.169.113	32	WR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=133,US)
3.84.199.160	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:09	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=160,US)
3.84.21.1	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=1,US)
3.84.226.143	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:16	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=143,US)
3.84.242.227	32	RW	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=227,US)
3.84.8.173	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:30	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=173,US)
3.84.96.147	32	RT	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=147,US)
3.84.96.227	32	KD	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=227,US)
3.85.118.171	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:17	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=171,US)
3.85.119.235	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:14	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) SourceFire (IP=235,US)
3.85.129.223	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=223,US)
3.85.13.95	32	RT	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=95,US)
3.85.183.220	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:49	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=220,US)
3.85.184.52	32	RT	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SOURCEFIRE REPORT (IP=52,US)
3.85.220.37	32	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:34	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=37,US)
3.85.221.237	32	RW	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=237,US)
3.85.225.159	32	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=159,US)
3.85.227.43	32	SW	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:45	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=43,US)
3.85.32.130	32	WR	None	2022-02-20 00:00:00	2022-05-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=130,US)
3.85.51.202	32	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=202,US)
3.85.93.188	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=188,US)
3.86.17.22	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire Rpt (IP=22,US)
3.86.194.57	32	TLM	None	2022-01-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=57,US)
3.86.199.156	32	RT	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=156,US)
3.86.220.49	32	RT	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt-Sourcefire Report (IP=49,US)
3.86.225.98	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:31	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=98,US)
3.86.230.201	32	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-07 15:00:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=201,US)
3.86.34.82	32	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=82,US)
3.86.49.60	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=60,US)
3.86.64.149	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:36	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - CMS IPS Events (IP=149,CN)
3.86.64.149	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:02	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=149,US)
3.87.182.149	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=149,US)
3.87.235.170	32	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=170,US)
3.87.250.170	32	BMP	None	2020-02-23 00:00:00	2022-04-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=170,US) | updated by ZH Block was inactive. Reactivated on 20220125 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=170,US)
3.87.40.146	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=146,US)
3.87.61.215	32	RT	None	2021-10-03 00:00:00	2022-01-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=215,US)
3.87.64.176	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=176,US)
3.87.9.57	32	RT	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=57,US)
3.88.115.160	32	AR	None	2022-02-19 00:00:00	2022-05-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=160,US)
3.88.135.75	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:30	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=75, US)
3.88.146.106	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:49	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=106,US)
3.88.167.153	32	ZH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) Sourcefire Rpt (IP=153,US)
3.88.191.195	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=195,US)
3.88.206.60	32	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=60,US)
3.88.22.174	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:16	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=174,US)
3.88.223.37	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire(IP=37,US)
3.88.228.226	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:08	HIVE Case #7237 CTO 22-077 (IP=226,US)
3.88.244.158	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:16	HIVE Case #7341 CTO 22-092 (IP=158,US)
3.88.43.155	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:14	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) SourceFire (IP=155,US)
3.88.52.102	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:16	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=102,US)
3.88.72.131	32	SW	None	2022-03-31 00:00:00	2022-06-29 00:00:00	2022-03-31 22:39:51	SSLv2 Client Hello Request Detected - IPS Events (IP=131,US)
3.88.8.114	32	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=114,US)
3.89.112.165	32	DT	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=165,US)
3.89.128.23	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:18	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=23, US)
3.89.162.240	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire(IP=240,US)
3.89.194.185	32	KH	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:32	HTTP: PHP File Inclusion Vulnerability - IR# 22C01081 (IP=185,US)
3.89.36.233	32	ZH	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=233,US)
3.89.96.182	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:34	HIVE Case #7813 CTO 22-173 (IP=182,US)
3.9.13.62	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=62,GB)
3.9.22.86	32	ZH	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 13:48:20	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=86,US)
3.90.110.71	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=71,US)
3.90.13.42	32	KD	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=42,US)
3.90.144.57	32	RT	None	2021-10-03 00:00:00	2022-01-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=57,US)
3.90.148.15	32	SW	None	2022-08-19 00:00:00	2022-08-20 00:00:00	2022-10-11 19:11:29	SSLv2 Client Hello Request Detected- IPS Events (IP=15,US) | Unblocked - Owned by AWS, SSLv2 Client Hello Request deemed as a non-threat signature, not actively blocked on the routers
3.90.168.160	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=160,US)
3.90.176.80	32	RT	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=80,US)
3.90.183.0	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=0,US)
3.90.229.1	32	RT	None	2021-11-30 00:00:00	2022-02-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=1,US)
3.90.234.38	24	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=38,US)
3.90.38.195	32	RT	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=195,US)
3.90.49.121	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:43	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=121,US)
3.90.51.145	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:43	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=145, US)
3.90.53.79	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=79,US)
3.91.100.110	32	RT	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=110,US)
3.91.159.49	32	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:35	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=49,US)
3.91.17.146	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:15	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) SourceFire (IP=146,US)
3.91.246.86	32	RT	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=86,US)
3.91.251.10	32	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=10,US)
3.91.51.63	32	RT	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=63,US)
3.91.54.63	32	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=63,US)
3.91.58.222	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:36	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=222,US)
3.91.60.134	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=134,US)
3.91.89.196	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:36	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - CMS IPS Events (IP=196,US)
3.91.90.251	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=251,US)
3.91.90.255	32	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=255,US)
3.92.1.103	32	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=103,US)
3.92.186.94	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire Rpt (IP=94,US)
3.92.188.242	32	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:38	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=242, US)
3.92.203.83	32	TH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=83,US)
3.92.204.105	32	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=105,US)
3.92.211.130	32	RT	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt-Sourcefire Report(IP=130,US)
3.92.215.91	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:01	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=91,US)
3.92.227.70	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:43:05	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=70,US)
3.92.28.216	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=216, US)
3.92.62.181	32	RT	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=181,US)
3.92.70.197	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:50	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report(IP=197,US)
3.92.82.24	32	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=24,US)
3.92.87.63	32	SW	None	2022-08-19 00:00:00	2022-08-20 00:00:00	2022-10-11 19:10:21	SSLv2 Client Hello Request Detected- IPS Events (IP=63,US) | Unblocked - Owned by AWS, SSLv2 Client Hello Request deemed as a non-threat signature, not actively blocked on the routers
3.93.175.97	32	RT	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=97,US)
3.93.178.214	32	AR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=214,US)
3.93.19.230	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:10	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=230,US)
3.93.192.98	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:12	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=98,US)
3.93.194.98	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=98,US)
3.93.234.241	32	SW	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=241,US)
3.93.237.42	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=42, US)
3.93.53.210	32	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=210,US)
3.93.65.26	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 22C00833 (IP=26,US)
3.94.100.157	32	NAB	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=157,US)
3.94.114.30	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=30,US)
3.94.159.98	32	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:16	SIPVicious Security Scanner - IPS Events (IP=98,US)
3.94.161.139	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:57	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=139,US)
3.94.251.255	32	JP	None	2022-08-08 00:00:00	2022-11-06 00:00:00	2022-08-08 22:53:45	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=255,US)
3.95.162.152	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=152,US)
3.95.180.195	32	AR	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=195,US)
3.95.230.192	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=192,US)
3.95.248.206	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:12	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=206,US)
3.95.254.148	32	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:45	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire(IP=148,US)
3.98.205.30	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=30,CA)
300620210710010630riverton.kutaplaya.com	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
3021919278.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
302520210701022530cfsd.kutaplaya.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:20	HIVE Case #5985 TO-S-2021-1459
3045764734.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
31.11.36.16	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=16,IT)
31.11.36.16	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=16,IT)
31.11.36.16	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=16,IT)
31.11.36.16	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=16,IT)
31.11.36.16	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=16,IT)
31.11.36.16	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=16,IT)
31.128.18.25	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
31.128.19.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
31.129.29.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
31.13.195.218	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=218,BG)
31.13.195.89	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6581 CTO 21-321 (IP=89,BG)
31.13.213.64	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:34	HIVE Case #7199 CTO 22-074 (IP=64,US)
31.13.213.64	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:35	HIVE Case #7199 CTO 22-074 (IP=64,US)
31.130.64.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
31.131.16.127	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=127,UA)
31.131.16.127	24	RR	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=127,UA)
31.131.21.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
31.132.1.41	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
31.134.16.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
31.14.40.220	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=220,RO)
31.145.58.185	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
31.154.162.118	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:41	HIVE Case #7110 CTO 22-057 (IP=118,IL)
31.155.108.185	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
31.155.228.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
31.155.241.105	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
31.166.109.48	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:50	HIVE Case #7768 CTO 22-161 (IP=48,SA)
31.166.117.200	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:14	HIVE Case #7696 CTO 22-152 (IP=200,SA)
31.166.13.96	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:44	HIVE Case #7779 CTO 22-162 (IP=96,SA)
31.166.147.175	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:00	HIVE Case #7458 CTO 22-113 (IP=175,SA)
31.166.160.166	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:50	HIVE Case #7768 CTO 22-161 (IP=166,SA)
31.166.171.213	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:15	HIVE Case #7705 CTO 22-153 (IP=213,SA)
31.166.202.205	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:04	HIVE Case #7745 CTO 22-160 (IP=205,SA)
31.166.215.52	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:23	HIVE Case #7705 CTO 22-153 (IP=52,SA)
31.166.218.245	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:14	HIVE Case #7696 CTO 22-152 (IP=245,SA)
31.166.220.15	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:17	HIVE Case #7894 CTO 22-187 (IP=15,SA)
31.166.222.61	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:03	HIVE Case #7696 CTO 22-152 (IP=61,SA)
31.166.60.142	32	TLM	None	2022-06-08 00:00:00	2022-12-07 00:00:00	2022-06-09 13:12:45	HIVE Case #7739 CTO 22-159 (IP=142,SA)
31.168.158.239	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=239,IL)
31.170.107.186	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
31.170.127.252	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:41	HIVE Case #7327 COLS-NA TIP 22-0114 (IP=252,GB)
31.170.22.88	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=88,LV)
31.170.233.251	24	WR	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	FTP Login Failed - 6 hr Failed Logon (IP=251,AZ)
31.170.33.21	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:01	Suspicious Scan Activity (IP=21,RU)
31.171.152.246	24	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:23	SQL injection - Web Attacks (IP=246,AL)
31.172.77.158	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:15	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01592 (IP=158,DE)
31.179.240.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
31.179.255.244	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
31.180.165.127	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:45:59	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=127,RU)
31.184.198.83	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:03	HIVE Case #7904 CTO 22-189 (IP=83,RU)
31.184.215.97	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:55	HIVE Case #7894 CTO 22-187 (IP=97,RU)
31.185.157.108	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
31.186.48.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KG TO-S-2021-1037 Hive Case 4785 Malware Activity
31.192.237.183	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:29	HIVE Case #7387 CTO 22-103(IP=183,DE)
31.192.237.215	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=215,DE)
31.200.250.4	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:00	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=4,RU)
31.202.30.5	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
31.204.150.119	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=119,NL)
31.204.150.119	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=119,NL)
31.204.150.119	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=119,NL)
31.204.150.119	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=119,NL)
31.204.150.119	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=119,NL)
31.206.108.183	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:38	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire Report (IP=183,TR) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=183,TR) SQL injection - WebAttacks (IP=183,TR) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=183,TR) SQL injection - Web Attacks (IP=183,TR)
31.206.108.183	24	TH	None	2022-07-05 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:38	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire Report (IP=183,TR) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=183,TR) SQL injection - WebAttacks (IP=183,TR) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=183,TR) SQL injection - Web Attacks (IP=183,TR)
31.206.108.183	24	RB	None	2022-07-07 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:38	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:7) - SourceFire Report (IP=183,TR) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=183,TR) SQL injection - WebAttacks (IP=183,TR) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=183,TR) SQL injection - Web Attacks (IP=183,TR)
31.207.47.44	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	Known Attack Tool / Name : HTTP: SqlMap SQL Injection - Scanning - TT# 22C00362 (IP=44,NL)
31.210.171.188	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=188,NL)
31.210.20.109	24	WR	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 13:58:41	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=109,US)
31.210.20.110	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=110,US)
31.210.20.110	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=110,US)
31.210.20.110	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=110,US)
31.210.20.110	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=110,US)
31.210.20.110	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=110,US)
31.214.240.235	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=235,DE)
31.214.245.180	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
31.214.245.253	24	EE	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:42	HIVE Case #7418 IOC_Fodcha Botnet (IP=253,DE)
31.215.34.253	24	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:50	SQL injection - 6 Hr Web Report (IP=253,AE)
31.215.40.127	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:12	SQL injection - 6Hr Web Attacks (IP=127,AE)
31.215.98.160	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:57	HIVE Case #7199 CTO 22-074 (IP=160,AE)
31.217.24.94	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	HR TO-S-2021-1102 Malware Activity
31.22.108.32	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
31.22.4.109	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:40	HIVE Case #7673 TO-S-2022-0189 (IP=109,GB)
31.22.4.145	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:40	HIVE Case #7338 COLS-NA TIP 22-0116 (IP=145,GB)
31.220.104.239	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
31.220.3.140	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	Axis SSI - Remote Command Execution Attempt - IPS Events (IP=140,DE)
31.220.3.140	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:00	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=140,DE)
31.220.40.0	23	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=0,NL)
31.220.50.16	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:15	HIVE Case #7115 CTO 22-060 (IP=16,US)
31.220.61.79	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=79,CY)
31.223.108.205	32	RB	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00780 (IP=205,TR)
31.223.2.50	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:06	HIVE Case #7381 CTO 22-102 v2 (IP=50,TR)
31.223.3.131	24	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:13	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire Report (IP=131,TR) | updated by AR Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56138:3) - SourceFire (IP=131,TR) SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56138:3) - SourceFire (IP=131,TR)
31.223.3.131	24	TH	None	2022-04-01 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:13	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire Report (IP=131,TR) | updated by AR Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56138:3) - SourceFire (IP=131,TR) SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56138:3) - SourceFire (IP=131,TR)
31.223.3.131	32	DT	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:59	Self-Report / ColdFusion / IP Block - IR# 22C01118 (IP=131,TR)
31.24.129.103	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=103,DE)
31.24.148.37	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:52	SQL injection - 6Hr Web Attacks (IP=37,DE)
31.24.158.56	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:37	HIVE Case #7535 TO-S-2022-0176 (IP=56,ES)
31.24.230.223	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
31.24.230.223	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
31.28.1.226	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:01	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=226,RU)
31.28.112.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
31.31.196.215	32	TLM	None	2022-01-10 00:00:00	2022-07-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=215,RU)
31.31.198.122	32	TLM	None	2022-01-10 00:00:00	2022-07-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=122,RU)
31.31.201.226	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=226,RU)
31.31.203.17	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=17,RU)
31.31.203.17	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=17,RU)
31.31.74.79	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:44	HIVE Case #7189 CTO 22-068.1 (IP=79,CZ)
31.40.195.16	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=16,US)
31.40.195.16	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=16,US)
31.40.195.16	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=16,US)
31.40.251.145	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=145,RU)
31.40.251.145	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=145,RU)
31.40.32.0	19	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	RU TO-S-2021-1102 Malware Activity
31.41.244.114	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:04	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=114,RU)
31.41.244.119	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:12	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=119,RU)
31.41.45.112	32	AS	None	2022-03-10 00:00:00	2022-09-10 00:00:00	2022-03-11 00:50:56	HIVE Case #7187 CTO 22-069 (IP=112,RU)
31.41.46.120	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=120,RU)
31.41.46.132	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=132,RU)
31.42.176.19	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:23	SSH2 Failed Login Attempt- 6 hour failed Login(IP=19,PL)
31.42.177.227	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=227,PL)
31.42.177.227	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=227,PL)
31.42.177.227	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=227,PL)
31.42.177.78	32	TLM	None	2021-10-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6385 CTO 21-286 (IP=78,PL)
31.42.186.120	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=120,UA)
31.42.191.0	24	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=0,RU)
31.42.95.47	24	RR	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 14:47:00	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=47,LV)
31.43.156.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
31.43.96.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
31.44.184.100	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:58	HIVE Case #7381 CTO 22-102 v2 (IP=100,RU)
31.44.184.232	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:56	HIVE Case #7381 CTO 22-102 v2 (IP=232,RU)
31.44.184.63	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:57	HIVE Case #7381 CTO 22-102 v2 (IP=63,RU)
31.44.184.73	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:57	HIVE Case #7381 CTO 22-102 v2 (IP=73,RU)
31.44.184.74	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:58	HIVE Case #7381 CTO 22-102 v2 (IP=74,RU)
31.44.184.82	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6624 CTO 21-341 (IP=82,RU)
31.44.184.84	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:59	HIVE Case #7381 CTO 22-102 v2 (IP=84,RU)
31.44.185.8	24	SW	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:35	Hive Case 7278 (IP=8,RU)
31.45.250.75	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HR TO-S-2021-1050 Hive Case 4821 Malware Activity
31.47.0.101	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BA TO-S-2021-1037 Hive Case 4785 Malware Activity
31.47.103.163	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
31.47.192.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AM TO-S-2021-1037 Hive Case 4785 Malware Activity
31.51.45.231	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
31.56.60.119	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=119,IR)
31.6.19.41	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6684 CTO 21-355 (IP=41,IE)
31.6.3.222	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=222,DE)
31.6.3.222	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=222,DE)
31.6.3.222	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=222,DE)
31.6.3.222	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=222,DE)
31.6.3.222	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=222,DE)
31.6.3.222	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=222,DE)
31.7.147.137	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IT TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
31.7.147.15	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
31.7.34.210	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
31.7.74.42	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:58	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01484(IP=42,IR)
3171689966.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
3230824282.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
3242119575.partyfest.cl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:21	HIVE Case #5940 TO-S-2021-1447
3290164268.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
334767062.ujsd.jumperctin.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:37	HIVE Case #6042 TO-S-2021-1484
3371381734.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
34-230-59-252.cprapid.com	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:57:55	HIVE Case #5644 TO-S-2021-1352
34.101.33.135	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:34	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=135,SG)
34.105.0.78	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:43	SIPVicious Security Scanner - FE IPS Events (IP=78,US)
34.105.131.207	32	RT	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 23:05:33	Attempted Access - Inbound Brute Force - TT# 22C01088 (IP=207,GB)
34.105.160.57	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=57,GB)
34.105.187.190	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Source Fire (IP=190,GB)
34.105.206.192	24	WR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:45199:2) - Web Attacks (IP=192,GB)
34.105.221.29	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=29,GB)
34.105.228.45	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=45,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=45,GB)
34.105.57.38	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:15	SSLv2 Client Hello Request Detected - IPS Events (IP=38,US)
34.116.156.24	24	RR	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=24,PO)
34.116.157.159	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=159,PL)
34.116.170.231	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=231,PL) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=231,PL)
34.116.172.9	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=9,PL) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=9,PL)
34.116.179.251	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=251,PL)
34.116.213.151	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=151,PL)
34.118.101.31	24	WR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:45199:2) - Web Attacks (IP=31,PL)
34.118.118.135	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=135,PL)
34.118.22.98	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=98,PL)
34.118.91.198	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=198,PL)
34.121.11.90	32	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00226 (IP=90,US)
34.122.192.35	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:36	HIVE Case #7769 CTO 22-165 (IP=35,US)
34.122.23.251	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:09	Attempted Access - Inbound Brute Force - IR# 22C01836 (IP=251,US)
34.124.187.117	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:19	SQL injection - 6hr Web Attacks (IP=117,SG)
34.124.226.216	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=216,GB)
34.125.0.44	32	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C00337 (IP=44,US)
34.125.10.164	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:50	HIVE Case #7904 CTO 22-189 (IP=164,US)
34.125.104.110	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - WebAttacks (IP=110,US)
34.125.153.66	32	RT	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt (1:34194:4) - Sourcefire Report (IP=66,US)
34.125.224.165	32	RR	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-30 13:47:00	HTTP: Apache Struts ConversionErrorInterceptor OGNL - IR #22C01105 (IP=165,US)
34.125.39.190	32	KH	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00181 (IP=190,US)
34.125.7.233	32	SW	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=233, US)
34.125.73.27	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:43	SIPVicious Security Scanner - IPS Events(IP=27,US)
34.126.164.236	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=236,SG)
34.126.171.176	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:53	SQL injection - 6hr Web Attacks (IP=176,SG)
34.133.162.37	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=37,US)
34.136.247.71	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=71,US)
34.138.166.158	32	NAB	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:31	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=158,US)
34.139.107.170	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=170,US)
34.139.13.46	32	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:36	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=46,US)
34.139.150.64	32	KH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00169 (IP=64,US)
34.139.233.128	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:24	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=128, US)
34.139.236.80	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=80,US)
34.139.245.23	32	NAB	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:48	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=23,US)
34.140.1.37	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Source Fire (IP=37,BE)
34.140.115.8	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:39	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=8,BE)
34.140.117.65	32	WR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00887 (IP=65,BE)
34.140.15.123	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:39	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=123,BE)
34.140.201.31	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:40	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=31,BE)
34.140.248.32	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	FTP Login Failed- 6 hr Failed Logons (IP=32,BE)
34.140.81.136	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=136,BE)
34.141.25.112	32	AR	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:33	Known Attack Tool/UDS-OpenVAS_RC8776 - IR# 22C01862 (IP=112,US)
34.141.38.32	24	TH	None	2022-06-07 00:00:00	2022-09-05 00:00:00	2022-06-08 13:48:16	SIPVicious Security Scanner - FE CMS IPS Events (IP=32,DE)
34.141.71.131	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:40	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=131,BE)
34.141.94.212	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:41	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=212,BE)
34.142.109.138	24	RR	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:57	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=138,GB)
34.142.19.18	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=18,GB)
34.142.45.182	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=182,GB)
34.142.51.138	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=138,GB)
34.142.52.207	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=207,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=207,GB)
34.142.71.86	24	RR	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=86,GB)
34.142.86.43	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=43,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=43,GB)
34.143.131.58	24	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:14	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=58,SG)
34.143.186.74	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:42	HIVE Case #7793 CTO 22-168 (IP=74,SG)
34.143.234.49	24	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:26	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=49,SG)
34.143.236.63	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:12	HIVE Case #7904 CTO 22-189 (IP=63,SG)
34.145.235.231	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:33	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01676 (IP=231,US)
34.145.239.186	32	TH	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 22:18:24	Attempted Access - Inbound Brute Force - IR# 22C01842 (IP=186,US)
34.145.65.70	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:47	SQL injection - 6Hr Web Attacks (IP=70,US)
34.145.91.245	32	KH	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=245,US)
34.150.152.5	32	AR	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:40	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=5,US)
34.150.19.173	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:46	HIVE Case #7731 CTO 22-158 (IP=173,HK)
34.159.106.83	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:42	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=83,BE)
34.159.108.114	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:42	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=114,BE)
34.159.143.247	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=247,DE)
34.159.144.238	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=238,DE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=238,DE)
34.159.170.43	32	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:25:59	Attempted Access - Inbound Brute Force - IR#22C01818 (IP=43,US)
34.159.171.174	24	RR	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:38	FIREEYE Web: Infection Match - FE NX(IP=174,BE)
34.159.176.178	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:43	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=178,BE)
34.159.191.169	24	SW	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:37	FIREEYE Web: Infection Match - FE NX(IP=169,BE)
34.159.196.246	24	WR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:45199:2) - Web Attacks (IP=246,DE)
34.159.203.81	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=81,DE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=81,DE)
34.159.27.244	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=244,DE)
34.159.28.90	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=90,DE)
34.159.31.192	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=192,DE)
34.159.6.249	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:43	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=249,BE)
34.159.64.117	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:44	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=117,BE)
34.159.7.41	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=41,DE)
34.159.73.210	24	SW	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:38	FIREEYE Web: Infection Match - FE NX(IP=210,BE)
34.159.88.117	24	RR	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=117,DE)
34.168.143.68	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:02	SIPVicious Security Scanner - IPS Events (IP=68,US)
34.168.147.149	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:00	SIPVicious Security Scanner - IPS Events (IP=149,US)
34.168.199.251	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:05	SIPVicious Security Scanner - IPS Events (IP=251,US)
34.168.255.192	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:59	SIPVicious Security Scanner - IPS Events (IP=192,US)
34.172.225.121	32	TH	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 22:12:51	Attempted Access - Inbound Brute Force - IR#: 22C01783 (IP=121,US)
34.195.122.225	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:04	HIVE Case #7904 CTO 22-189 (IP=225,US)
34.198.171.11	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=11,US)
34.200.148.180	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=180,US)
34.201.133.204	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:32	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=204,US)
34.201.138.72	32	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=72,US)
34.201.51.63	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:28	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=63,US)
34.201.66.162	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:50	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report(IP=162,US)
34.201.92.104	32	RT	None	2021-10-03 00:00:00	2022-01-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=104,US)
34.202.181.101	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=101,US)
34.202.235.21	32	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:32	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=21,US)
34.202.54.169	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=169,US)
34.203.14.101	32	RT	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=101,US)
34.203.248.89	32	RT	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt-Sourcefire Report (IP=89,US)
34.204.163.185	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=185,US)
34.204.49.222	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:52	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=222, US)
34.204.90.157	32	RW	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=157,US)
34.204.99.24	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=24,US)
34.206.151.148	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=148,US)
34.207.115.42	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:15	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=42,US)
34.207.119.238	32	ZH	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=238,US)
34.207.123.219	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:09	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=219,US)
34.207.204.114	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:05	SERVER-APACHE Apache Struts remote code execution attempt (1:39190:3) - SourceFire (IP=114,US)
34.207.207.237	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=237,US)
34.207.210.106	32	ZH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) Sourcefire Rpt (IP=106,US)
34.207.71.33	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire Rpt (IP=33,US)
34.212.215.103	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:07	HIVE Case #7341 CTO 22-092 (IP=103,US)
34.213.172.122	32	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00427 (IP=122,US)
34.213.237.117	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=117,US)
34.216.161.97	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=97,US)
34.217.120.206	32	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:20	SSLv2 Client Hello Request Detected - FE CMS IPS Events (IP=206,US)
34.219.234.134	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=134,US)
34.221.37.166	32	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:46	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01570 (IP=166,US)
34.224.238.93	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=93,US)
34.224.87.173	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=173,US)
34.224.93.169	32	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=169,US)
34.225.27.178	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=178,US)
34.226.143.250	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:04	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=250,US)
34.226.205.96	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:58	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=96, US)
34.226.222.217	24	WR	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=15,US)
34.226.70.57	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:11	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01406 (IP=57,US)
34.227.142.165	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:09	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire (IP=165,US)
34.227.17.148	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:46	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=148,US)
34.227.171.85	32	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:41	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=85,US)
34.227.207.72	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:45	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=72,US)
34.227.57.63	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SOURCEFIRE REPORT (IP=63,US)
34.227.61.236	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=236,US)
34.227.71.205	32	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=205,US)
34.227.75.183	32	RT	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=183,US)
34.227.88.118	32	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=118,US)
34.227.9.236	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:18	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=236,US)
34.227.97.139	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:43	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=139, US)
34.228.140.121	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:43:05	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=121,US)
34.228.190.193	32	SW	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=193,US)
34.228.216.120	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:09	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=120,US)
34.228.227.11	32	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=11,US)
34.228.229.189	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=189,US)
34.228.57.114	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=114,US)
34.228.82.120	32	SW	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=120,US)
34.229.138.144	32	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=144,US)
34.229.149.174	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=174,US)
34.229.152.143	32	RT	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire Report (IP=143,US)
34.229.180.220	32	WR	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	Known Attack Tool / UDS-WhatWeb_RC8766 TT# 22C00837 (IP=220,US)
34.229.200.15	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report(IP=15,US)
34.229.202.13	32	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=13,US)
34.229.228.23	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 22C00043 (IP=23,US)
34.229.23.46	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:27	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=46, US)
34.229.59.15	32	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=15,US)
34.229.73.228	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report(IP=228,US)
34.230.179.11	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:27	FIREEYE Web: Malware Callback Detected - FE NX(IP=11,US)
34.230.21.76	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=76,US)
34.230.28.52	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:42	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=52, US)
34.230.44.84	32	RW	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) (IP=84,US)
34.233.120.19	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:07	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=19,US)
34.233.125.190	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=190,US)
34.234.75.26	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:17	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=26,US)
34.234.79.63	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:25	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=63,US)
34.234.84.130	32	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=130,US)
34.234.92.128	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:27	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=128,US)
34.235.5.141	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:00	HIVE Case #7282 CTO 22-085 (IP=141,US)
34.236.143.192	32	RT	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=192,US)
34.236.157.32	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=32,US)
34.237.223.0	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:28	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01515 (IP=0,US)
34.238.152.139	32	ZH	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-03 13:44:42	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=139,US)
34.238.158.98	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=98, US)
34.238.241.55	32	RW	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=55,US)
34.238.250.112	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:19	HIVE Case #7653 CTO 22-144 (IP=112,US)
34.238.251.63	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:15	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)SourceFire (IP=63,US)
34.239.104.181	32	ZH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=181,US)
34.239.114.51	32	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=51,US)
34.239.122.151	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:30	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=151, US)
34.239.131.250	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:50	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=250,US)
34.239.181.88	32	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=88,US)
34.241.218.46	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:10	HIVE Case #7458 CTO 22-113 (IP=46,IE)
34.242.73.233	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=233,IE)
34.243.172.90	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:04	HIVE Case #7904 CTO 22-189 (IP=90,IE)
34.246.183.223	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=223,IE)
34.248.81.205	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:16	HIVE Case #7495 CTO 22-120 (IP=205,IE)
34.249.130.10	32	TLM	None	2021-11-29 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:06	HIVE Case #6585 CTO 21-323 (IP=10,IE) | updated by TLM Block expiration extended with reason HIVE Case #7458 CTO 22-113 (IP=10,IE)
34.249.180.228	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-02 12:29:08	HIVE Case #7494 CTO 22-119 (IP=228,IE)
34.250.219.43	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=43,IE)
34.251.132.170	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=170,IE)
34.255.181.131	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:16	HIVE Case #7495 CTO 22-120 (IP=131,IE)
34.64.166.119	24	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	File/etc/passwd Access Attempt Detect- IPS Events (IP=119,KR)
34.64.68.78	24	WR	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	HTTP SQL Injection Attempt - 6 Hr Web Attacks (IP=78,KR)
34.65.112.53	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:47	FTP Login Failed - 6 hr Failed Logons Report (IP=53,CH)
34.65.121.142	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=142,CH)
34.65.127.150	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=150,CH)
34.65.135.2	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=2,CH) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=2,CH)
34.65.149.129	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=129,CH) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=129,CH)
34.65.154.144	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=144,CH)
34.65.172.148	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=148,CH) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=148,CH)
34.65.195.42	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=42,CH)
34.65.197.10	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:37	Directory Traversal Attempt - CMS IPS Events (IP=10,US)
34.65.234.51	24	WR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:45199:2) - Web Attacks (IP=51,CH)
34.65.37.1	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=1,CH)
34.65.58.133	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=133,CH)
34.65.66.128	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=128,CH)
34.65.74.138	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=138,CH)
34.65.99.219	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=219,CH)
34.67.230.22	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:54	HIVE Case #7904 CTO 22-189 (IP=22,US)
34.69.66.218	32	BB	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00380 (IP=218,US)
34.69.84.66	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=66,US)
34.70.217.244	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:24	SSH User Authentication Brute Force Attempt- 6 hr Failed Logons (IP=244,US)
34.73.190.231	32	RW	None	2021-10-08 00:00:00	2022-01-10 00:00:00	None	Suspected Bitcoin/Crypto mining RFI - TT# 22C00098 (IP=231,US)
34.73.210.86	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:48	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=86,US)
34.74.101.20	32	NAB	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=20,US)
34.74.93.194	32	RT	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:31	Attempted Access - Inbound Brute Force - IR#: 22C01084 (IP=194,US)
34.75.174.223	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=223,US)
34.75.36.4	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=4,US)
34.75.39.119	32	BB	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=119,US)
34.75.66.35	32	NAB	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=35,US)
34.76.158.233	24	TH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 22:32:24	FTP Login Failed - 6 hr Failed Logons Report (IP=233,BE)
34.76.170.111	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:44	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=111,BE)
34.76.211.25	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=25,BE)
34.76.245.139	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:45	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=139,BE)
34.76.58.74	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=74,BE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=74,BE)
34.76.64.128	32	SW	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=128,US)
34.76.78.202	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=202,BE)
34.77.113.137	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=137,BE)
34.77.120.149	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=149,BE)
34.77.137.252	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:45	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=252,BE)
34.78.14.144	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:46	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=144,BE)
34.78.217.100	32	TH	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-30 13:56:48	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01483 (IP=100,BE)
34.78.236.136	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:47	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=136,BE)
34.79.164.19	24	SW	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:37	FIREEYE Web: Infection Match - FE NX(IP=19,BE)
34.79.220.154	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:47	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=154,BE)
34.79.225.168	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:48	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=154,BE)
34.79.55.92	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=92,BE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=92,BE)
34.80.118.173	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=173,TW)
34.81.119.13	32	JP	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-08 22:52:30	Multiple IPs Block - IR# 22C01923 (IP=13,TW)
34.82.171.49	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:25:01	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=49,US)
34.83.178.207	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:48	SIPVicious Security Scanner - FE IPS Events (IP=207,US)
34.83.186.58	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=58,US)
34.83.198.237	32	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:48:04	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=237,US)
34.84.227.11	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:32	HIVE Case #7769 CTO 22-165 (IP=11,JP)
34.85.25.89	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=89,JP)
34.86.57.31	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:25	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=31, US)
34.87.148.97	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:38	HIVE Case #7198 CTO 22-071 (IP=97,SG)
34.87.161.229	24	RS	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:48	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=229,SG)
34.87.29.23	24	KH	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=23,SG)
34.88.171.120	32	TLM	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-05 14:32:04	HIVE Case #7312 COLS-NA-TIP 22-0110 (IP=120,FI)
34.89.115.158	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=158,GB)
34.89.152.41	24	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:47	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=41,DE)
34.89.161.201	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:48	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=168,BE)
34.89.163.43	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:49	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=43,BE)
34.89.18.225	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=225,GB)
34.89.245.194	24	AR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:49	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=194,BE)
34.89.30.123	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:30	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=123,GB)
34.89.77.134	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=134,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=134,GB)
34.90.87.251	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:46	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=251,US)
34.91.186.44	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:10	HIVE Case #7341 CTO 22-092 (IP=44,NL)
34.92.193.13	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:58	HIVE Case #7904 CTO 22-189 (IP=13,HK)
34.92.30.54	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=54,HK)
34.92.45.208	32	TLM	None	2021-10-12 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:01	HIVE Case #6346 CTO 21-278 (IP=208,HK) | updated by TLM Block was inactive. Reactivated on 20220602 with reason HIVE Case #7705 CTO 22-153 (IP=208,HK)
34.94.6.20	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:52	HIVE Case #7904 CTO 22-189 (IP=20,US)
34.95.136.51	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:42:54	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR# 22C01440 (IP=51,US)
34.96.224.226	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:03	HIVE Case #7705 CTO 22-153 (IP=226,HK)
34.98.64.218	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:02	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=218,US)
35.142.192.51	32	RT	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	UDS-WhatWeb_RC8766 - TT# 22C00346 (IP=51,US)
35.153.180.211	32	KD	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=211,US)
35.153.53.92	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:04	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=92,US)
35.153.69.99	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=99,US)
35.155.226.62	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:25	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=62,US)
35.156.254.34	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:48	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01575 (IP=34 ,US)
35.166.148.163	32	SA	None	2022-06-09 00:00:00	2022-08-30 00:00:00	2022-06-09 13:21:44	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=163,US) | ec2-35-166-148-163.us-west-2.compute.amazonaws.com This IP was blocked by mistake by TH
35.166.49.83	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:53	HIVE Case #7458 CTO 22-113 (IP=83,US)
35.168.114.242	32	RT	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=242,US)
35.168.24.22	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=22,US)
35.169.68.112	32	TH	None	2022-02-23 00:00:00	2022-05-24 00:00:00	2022-02-24 23:33:35	Hive Case #7068 WaveBrowser IOC (IP=112,US)
35.170.185.64	32	ZH	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=64,US)
35.170.243.216	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:05	HIVE Case #7904 CTO 22-189 (IP=216,US)
35.170.249.144	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=144,US)
35.171.25.149	32	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=149,US)
35.172.135.235	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:03	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=235,US)
35.172.135.247	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=247,US)
35.172.190.57	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:50	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=57,US)
35.172.200.205	32	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=205,US)
35.173.198.60	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=60,US)
35.173.226.117	32	TH	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=117,US)
35.173.229.72	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:37	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - CMS IPS Events (IP=72,US)
35.173.233.59	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:09	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=59,US)
35.173.239.226	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:26	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=226, US)
35.174.114.49	32	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=49,US)
35.174.136.10	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:34	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=10,US)
35.174.148.3	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:16	HIVE Case #7653 CTO 22-144 (IP=3,US)
35.174.168.63	32	SW	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=63,US)
35.174.75.69	32	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - 22C00889 (IP=69,US)
35.175.206.151	32	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=151,US)
35.175.245.135	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=135,US)
35.176.133.81	24	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=81,GB)
35.176.165.170	24	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=170,GB)
35.177.91.111	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:05	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=111,US)
35.178.107.48	32	AR	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00494 (IP=48,US)
35.178.160.123	24	KH	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=123,GB)
35.182.56.85	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=85,CA)
35.185.236.252	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:42	SIPVicious Security Scanner - FE IPS Events (IP=252,US)
35.185.240.62	32	KH	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:36	SIPVicious Security Scanner - FE IPS (IP=62,US)
35.185.90.120	32	RW	None	2021-10-08 00:00:00	2022-01-10 00:00:00	None	PKTSEARCH: Bitcoin Mining or Client Activity Detected - IR# 22C00099 (IP=120,US)
35.186.238.101	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:41	Hive Case # 7527(IP=101,US)
35.187.249.215	24	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:39	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=215,SG)
35.189.112.178	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:30	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=178,GB)
35.189.145.119	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=119,JP)
35.189.82.234	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=234,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=234,GB) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=234,GB)
35.189.82.234	24	WR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=234,GB) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=234,GB) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=234,GB)
35.190.43.134	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:02	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=134,US)
35.193.254.230	32	NAB	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=230,US)
35.194.126.89	24	WR	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=89,JP)
35.194.141.201	32	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:43	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01366 (IP=201,US)
35.194.27.55	32	NAB	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-28 13:41:36	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=55,US)
35.195.93.98	24	KD	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	FTP Login Failed- 6 hr Failed Logons (IP=98,BE)
35.196.149.211	32	RW	None	2021-10-08 00:00:00	2022-01-10 00:00:00	None	Suspected Bitcoin/Crypto mining - TT# 22C00097 (IP=211,US)
35.197.140.190	24	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:22	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=190, SG)
35.197.92.150	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:49	SIPVicious Security Scanner - FE IPS Events (IP=150,US)
35.198.108.118	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:31	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=118,DE)
35.198.218.22	24	DT	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=22,SG)
35.198.222.167	24	KH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44233 (IP=167,SG)
35.200.183.255	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:43	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=255,IN)
35.200.237.45	24	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:30	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=45,IN)
35.203.109.231	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:50	HIVE Case #7676 CTO 22-147 (IP=231,CA)
35.203.249.225	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:06	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=225,US)
35.203.249.236	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:07	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=236,US)
35.203.251.4	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:07	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=4,US)
35.203.251.73	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:28	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - SourceFire (IP=73,US)
35.203.252.42	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:08	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=42,US)
35.203.254.229	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:08	OpenSSL SSL_get_shared_ciphers Function Buffer Overflow (SSLv3) FE CMS IPS alert (IP=229,US)
35.203.254.230	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:09	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=230,US)
35.205.137.195	24	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:23	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=195,BE)
35.206.94.38	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:22	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch - SourceFire (IP=38, US)
35.212.151.75	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:36:40	HIVE Case #7451 TO-S-2022-0167 (IP=75,US)
35.220.154.238	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=238,HK)
35.220.176.90	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=90,HK)
35.220.214.142	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=142,HK)
35.221.63.107	32	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:25:58	Attempted Access - Inbound Brute Force - IR#22C01815 (IP=107,US)
35.222.146.56	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-20 16:36:34	HIVE Case #7599 COLS-NA-TIP 22-0172 (IP=56,US)
35.223.41.151	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:25	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=151, US)
35.224.246.78	32	SW	None	2022-01-23 00:00:00	2022-04-23 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=78,US)
35.224.99.197	32	AR	None	2022-01-18 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:54	SQL injection - 6HR Web Attacks (IP=197,US) | updated by RS Block was inactive. Reactivated on 20220513 with reason SQL injection - 6Hr Web Attacks (IP=197,US) SQL injection - 6Hr Web Attacks (IP=197,US)
35.224.99.197	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:54	SQL injection - 6HR Web Attacks (IP=197,US) | updated by RS Block was inactive. Reactivated on 20220513 with reason SQL injection - 6Hr Web Attacks (IP=197,US) SQL injection - 6Hr Web Attacks (IP=197,US)
35.225.160.88	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
35.225.63.14	32	NAB	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=14,US)
35.226.81.213	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=213,US)
35.227.106.105	32	NAB	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:48	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=105,US)
35.227.134.64	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=64,US)
35.227.17.237	32	NAB	None	2022-02-04 00:00:00	2022-05-05 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=237,US)
35.229.71.66	32	NAB	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=66,US)
35.230.135.86	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=86,GB)
35.230.149.56	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:09	Attempted Access - Inbound Brute Force - IR# 22C01837 (IP=56,US)
35.231.114.220	32	NAB	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	HIVE Case #6651 Exploit.CVE -2021-44228 (IP=220,US)
35.233.185.200	32	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:50	File /etc/passwd Access Attempt Detect - IPS Events (IP=200,US)
35.233.185.200	32	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:56	File /etc/passwd Access Attempt Detect - IPS Events (IP=200,US)
35.233.24.49	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=49,BE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=49,BE) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=49,BE)
35.233.24.49	24	WR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=49,BE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=49,BE) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=49,BE)
35.233.62.116	24	WR	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	FTP Login Failedk - 6 hr Failed Logon (IP=116,BE)
35.234.146.78	24	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=78,GB)
35.234.152.182	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=182,GB)
35.234.39.26	24	AR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SQL injection - Web Attacks (IP=26,TW)
35.234.69.218	24	TH	None	2021-12-20 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=218,DE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=218,DE) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=218,DE)
35.234.69.218	24	WR	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=218,DE) | updated by WR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=218,DE) SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=218,DE)
35.236.131.116	32	RB	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-12 17:03:13	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=116,TW)
35.240.3.249	24	TH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-24 13:52:36	Exploit.Log4Shell.CVE-2021-44228 - FE CMS Alerts (IP=249,BE)
35.240.80.153	32	ZH	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 13:48:20	SQL injection - 6hr Web Attacks (IP=153,US)
35.241.73.126	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=126,HK)
35.242.138.9	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:39	Attempted Access - Inbound Brute Force - IR# 22C01795(IP=9,GB)
35.242.148.167	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=167,GB)
35.242.153.24	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=24,GB)
35.243.200.34	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=34,US)
35.243.211.2	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:38	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01737 (IP=2,US)
35.244.159.8	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:03	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=8,US)
35.244.57.172	24	RR	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:59	SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt - SourceFire (IP=172,IN)
35.244.90.180	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=180,AU)
35.246.12.29	24	WR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=29,GB)
35.246.174.95	32	TC	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:06	Attempted Access - Inbound Brute Force - IR# 22C01810 (IP=95,US)
35.246.215.141	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=141,DE)
35.246.93.126	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=126,GB)
35.247.34.225	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:48	SIPVicious Security Scanner - FE IPS Events (IP=225,US)
35.35.35.35	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=35,US)
35.76.31.198	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=198,JP)
35.82.13.119	32	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:51	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01415 (IP=119,US)
35.86.71.182	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=182,US)
35.87.175.170	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=170,US)
35.88.76.25	32	BB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00692 (IP=25,US)
35.88.96.231	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:46:51	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR#22C01358 (IP=231,US)
3506192436.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
36.103.243.106	24	BB	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=106,CN)
36.106.178.190	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:21	HIVE Case #7341 CTO 22-092 (IP=190,CN)
36.107.246.226	32	SA	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:08	Generic URI Injection wget Attempt - FE IPS Alerts (IP=121,US)
36.110.228.254	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=254,CN)
36.110.58.103	32	JEB	None	2022-06-06 00:00:00	2022-09-06 00:00:00	2022-06-08 16:56:01	REV Malicious Bumblebee Hardcoded C2 (IP=103,CN)
36.112.124.166	32	AR	None	2021-11-14 00:00:00	2022-02-10 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00347 (IP=166,CN)
36.129.3.143	24	BB	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=143,CN)
36.135.78.100	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 22:47:30	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=100,CN)
36.138.125.119	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=119,CN)
36.154.241.126	24	WR	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00291 (IP=126,CN)
36.155.14.163	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=163,CN)
36.225.248.175	32	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:19	Threat Team Request / Ukraine IOCs - TT# 22C00988 (IP=175,TW)
36.227.172.146	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:34	SQL injection - Web Attacks (IP=146,TW)
36.255.134.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
36.255.134.210	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
36.33.26.181	32	BB	None	2021-10-23 00:00:00	2022-01-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00229 (IP=181,CN)
36.37.140.78	24	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:12	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=78,KH)
36.37.182.117	24	WR	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:33	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=117,KH)
36.37.185.65	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:44	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=65,KH)
36.37.185.94	24	TH	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=94,KH)
36.39.67.18	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=18,KR)
36.65.112.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
36.65.149.145	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.65.176.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.65.188.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.65.96.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.66.252.234	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=234,ID)
36.66.77.220	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:02:59	SQL injection - WebAttacks (IP=220,ID)
36.68.236.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.68.56.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.68.88.0	21	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
36.69.108.29	24	TC	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-11 22:52:13	Attempted Access - Inbound Brute Force - IR# 22C01792 (IP=29,ID)
36.71.235.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.71.237.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.71.240.0	21	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
36.72.192.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.72.212.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.72.218.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.72.219.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.72.229.126	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.72.64.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1092 Hive Case 4875 Malware Activity
36.73.16.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 Malware Activity
36.73.228.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.73.35.172	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.73.35.177	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.73.77.128	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.74.119.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.74.152.0	21	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	ID TO-S-2021-1156 Malware Activity
36.74.248.0	21	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1081 Hive Case 4872 Malware Activity
36.74.42.185	24	TH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	SQL injection - 6 Hr Web Report (IP=185,ID)
36.75.143.82	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.76.244.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.76.64.0	20	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	ID TO-S-2021-1143 Malicious Connections Activity
36.76.80.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.77.224.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.77.234.163	24	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 13:52:59	SQL injection - 6hr Web Attacks (IP=163,ID)
36.78.121.203	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.78.200.245	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.78.207.10	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.79.0.0	19	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,ID) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,ID)
36.79.125.251	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.79.54.16	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.80.152.90	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.80.58.0	23	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1081 Hive Case 4872 Malware Activity
36.80.64.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.80.85.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.80.88.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.81.144.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.82.109.118	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.82.116.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.82.96.221	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.83.0.0	24	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
36.83.112.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1081 Hive Case 4872 Malware Activity
36.84.112.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.84.222.4	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.85.88.166	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.88.146.214	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.89.18.195	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.89.64.95	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.90.12.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.90.163.48	24	RR	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=48,ID)
36.90.164.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.90.17.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.90.182.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.90.19.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.90.208.0	23	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,ID) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,ID)
36.90.208.60	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.90.56.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,ID)
36.90.78.221	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.91.203.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.91.90.247	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.92.106.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.92.120.5	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.92.135.82	24	SW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - WebAttacks (IP=82, ID)
36.92.140.39	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	ID TO-S-2021-1143 Malicious Email Activity
36.92.172.18	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.92.179.210	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.92.193.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.92.45.217	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.92.59.35	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
36.92.73.61	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
36.92.98.131	24	KH	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=131,ID)
36.94.137.167	32	TH	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 13:49:06	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00430 (IP=167,ID) | updated by TH Block was inactive. Reactivated on 20220620 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01425 (IP=167,ID) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01425 (IP=167,ID)
36.94.137.167	32	RR	None	2021-11-27 00:00:00	2022-09-18 00:00:00	2022-06-21 13:49:06	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00430 (IP=167,ID) | updated by TH Block was inactive. Reactivated on 20220620 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01425 (IP=167,ID) HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01425 (IP=167,ID)
36.94.217.171	24	RB	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=171,ID)
36.94.77.211	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ID TO-S-2021-1081 Hive Case 4872 Malware Activity
36.95.154.43	24	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:48	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attacks (IP=43,ID)
36.95.175.213	24	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability- 6hr Web Attacks (IP=213,ID)
36.95.48.181	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 22:53:38	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=181,ID)
36.96.158.61	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:09	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=61,CN)
362com.com	---	TLM	None	2021-08-30 00:00:00	2022-08-30 00:00:00	2023-01-19 23:01:54	HIVE Case #6085 TO-S-2021-1500
3636033114.pathashala.in	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:11	HIVE Case #5985 TO-S-2021-1459
365-login-online.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:38	HIVE Case #5991 TO-S-2021-1421
365-online-new-login.com	---	TLM	None	2021-12-09 00:00:00	2022-12-09 00:00:00	2023-01-19 23:05:35	HIVE Case #6626 CTO 21-343
365account-support.com	---	TLM	None	2021-09-14 00:00:00	2022-09-14 00:00:00	2023-01-19 23:02:22	HIVE Case #6166 CTO 21-246
365customer-security.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:33	HIVE Case #6042 TO-S-2021-1484
365login-online.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:30	HIVE Case #5991 TO-S-2021-1421
365online-login.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:30	HIVE Case #5991 TO-S-2021-1421
365online-security.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:30	HIVE Case #5991 TO-S-2021-1421
365onlinesupport-account.com	---	TLM	None	2021-11-29 00:00:00	2022-11-29 00:00:00	2023-01-19 23:05:19	HIVE Case #6584 CTO 21-322
37.0.10.187	24	RR	None	2022-05-29 00:00:00	2022-09-06 00:00:00	2022-06-08 23:25:03	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=187,NL) | updated by RB Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=187,NL)
37.0.11.220	24	EE	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HIVE Case #6556 BotenaGo (IP=220,NL)
37.0.8.174	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=174,NL)
37.0.8.54	32	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:20	Known Attack Tool - "20086 HTTP Muieblackcat Security Scanner" - IR#22C01324(IP=54,NL)
37.1.208.0	21	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:42	HIVE Case #7840 CTO 22-175 (IP=0,US)
37.1.209.20	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:42	HIVE Case #7813 CTO 22-173 (IP=20,US)
37.1.212.253	32	TH	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SQL injection - 6 Hr Web Report (IP=253,US)
37.1.212.4	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=4,US)
37.1.213.37	32	TLM	None	2022-06-17 00:00:00	2022-12-16 00:00:00	2022-06-17 17:07:28	HIVE Case #7775 COLS-NA-TIP 22-0208 (IP=37,US)
37.1.220.84	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:35	HIVE Case #7226 CTO 22-075 (IP=84,NL)
37.116.246.200	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
37.120.140.171	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=171,RO)
37.120.144.106	24	RB	None	2021-01-09 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:11	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - 6hr web attack (IP=106,HU) | updated by KD Block was inactive. Reactivated on 20220227 with reason Infection Match (blocked)- FIREEYE Web(IP=106,HU)
37.120.144.106	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:03	SERVER-OTHER Apache Log4j logging remote code execution attempt- SourceFire(IP=106,HU)
37.120.153.77	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:16	Infection Match (blocked)- FIREEYE Web(IP=77,SE)
37.120.155.26	24	RR	None	2020-03-04 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:33	TCP: SYN Host Sweep (IP=26,AT) | updated by WR Block was inactive. Reactivated on 20220228 with reason ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) (1:2034673:2) - Sourcefire (IP=26,AT)
37.120.156.186	24	RB	None	2021-01-09 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:04	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - 6hr web attack (IP=186,PL) | updated by KD Block was inactive. Reactivated on 20220227 with reason Infection Match (blocked)- FIREEYE Web(IP=186,PL)
37.120.160.91	24	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:24	SQL injection - Web Attacks (IP=91,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=91,DE) SQL injection - Web Attacks (IP=91,DE)
37.120.160.91	24	KH	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:24	SQL injection - Web Attacks (IP=91,DE) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=91,DE) SQL injection - Web Attacks (IP=91,DE)
37.120.185.151	24	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:47	SQL injection - 6Hr Web Attacks (IP=151,DE)
37.120.193.123	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6624 CTO 21-341 (IP=123,RS)
37.120.215.62	32	TH	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution- IPS Alerts (IP=62,US)
37.120.216.234	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=234,US)
37.120.222.42	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=42,DE)
37.120.232.51	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=51,DK)
37.120.233.92	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:50	HIVE Case #7361 CTO 22-098 (IP=92,GB)
37.120.234.42	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-09 13:49:43	IP linked to malicious domain - Hive Case 7346 (IP=42,AU)
37.120.237.249	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=249,CA)
37.120.237.251	32	srm	None	2021-09-13 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:50	HIVE Case 6148 Forcepoint FP Custom-Encrypted Uploads (IP=251,CA) | updated by AS Block was inactive. Reactivated on 20220408 with reason HIVE Case #7361 CTO 22-098 (IP=251,CA)
37.120.238.107	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:33	HIVE Case #7189 CTO 22-068.1 (IP=107,NL)
37.120.238.58	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:03	HIVE Case #7441 CTO 22-111 (IP=58,NL)
37.120.247.125	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:51	HIVE Case #7361 CTO 22-098 (IP=125,RO)
37.120.247.130	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:51	HIVE Case #7361 CTO 22-098 (IP=130,RO)
37.120.247.163	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=163,RO)
37.120.247.176	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:06	HIVE Case #7627 CTO 22-140 (IP=176,RO)
37.120.247.199	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:52	HIVE Case #7361 CTO 22-098 (IP=199,RO)
37.120.247.200	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:52	HIVE Case #7361 CTO 22-098 (IP=200,RO)
37.120.247.201	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:53	HIVE Case #7361 CTO 22-098 (IP=201,RO)
37.120.247.66	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:54	HIVE Case #7361 CTO 22-098 (IP=66,RO)
37.122.160.0	19	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=0,ME)
37.122.210.206	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
37.122.250.92	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=92,GB)
37.123.163.58	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:22	SSH2 Failed Login Attempt- 6 hour failed Login(IP=58,SE)
37.130.224.22	24	ZH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication TT# 22C00041 (IP=22,NL)
37.131.208.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
37.140.192.138	24	BB	None	2022-01-22 00:00:00	2022-04-22 00:00:00	None	SERVER-WEBAPP Multiple products invalid HTTP request attempt - Web Attacks (IP=138,RU)
37.140.195.137	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=137,RU)
37.140.197.206	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=206,RU)
37.140.197.251	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=251,RU)
37.140.199.20	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=20,RU)
37.140.199.20	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=20,RU)
37.140.199.217	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=217,RU)
37.140.241.20	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=20,RU)
37.144.189.93	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:02	Suspicious Scan Activity (IP=93,RU)
37.146.56.117	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:02	Suspicious Scan Activity (IP=117,RU)
37.148.212.29	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
37.157.184.9	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6626 CTO 21-343 (IP=9,BG)
37.157.212.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	AM TO-S-2021-1092 Hive Case 4875 Unknown Malicious Activity
37.157.245.38	32	dbc	None	2020-02-20 00:00:00	2022-03-24 00:00:00	None	IE TO-S-2020-0303 Malware Activity | updated by TLM Block was inactive. Reactivated on 20210924 with reason HIVE Case #6252 CTO 21-265 (IP=38,GB)
37.157.254.10	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:07	SIPVicious Security Scanner - IPS Events (IP=10,DE)
37.157.255.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
37.18.21.238	24	GL	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-28 00:35:47	HIVE Case #7097 IOC_PULSE REPORT U-GM-117179-22 (IP=238,NL)
37.18.24.16	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:55:38	HIVE Case #7152 CTO 22-064 F1 (IP=16,RU)
37.182.63.144	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
37.187.122.141	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.187.125.153	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
37.187.126.17	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.187.128.60	32	ZH	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:20	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) IR# 22C01650 (IP=60,FR)
37.187.148.105	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=105,FR)
37.187.148.105	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=105,FR)
37.187.148.105	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=105,FR)
37.187.18.168	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.187.18.212	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:34	HIVE Case #7342 CTO 22-092 FRAGO (IP=212,FR)
37.187.2.76	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=76,FR)
37.187.27.125	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:28	HIVE Case #7404 CTO 22-105 (IP=125,FR)
37.187.30.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.187.50.99	24	DT	None	2020-06-14 00:00:00	2022-03-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=99,FR) | updated by AR Block was inactive. Reactivated on 20211221 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - SourceFire (IP=99,FR)
37.187.90.103	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.187.96.183	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:35	HIVE Case #7342 CTO 22-092 FRAGO (IP=183,FR)
37.189.31.75	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PT TO-S-2021-1037 Hive Case 4785 Malware Activity
37.19.195.69	24	RW	None	2021-11-17 00:00:00	2022-02-16 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=69,UA) | updated by SW Block expiration extended with reason SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=69, AT)
37.19.197.62	32	ZH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:11	HTTP: PHP File Inclusion Vulnerability IR#22C01029 (IP=62,US)
37.19.205.170	24	TC	None	2022-09-04 00:00:00	2022-12-03 00:00:00	2022-09-05 12:31:07	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=170,JP)
37.191.37.207	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
37.191.63.177	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
37.203.14.32	24	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:15	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - Sourcefire (IP=32,UK)
37.207.227.222	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
37.211.48.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	QA TO-S-2021-1037 Hive Case 4785 Malware Activity
37.220.64.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	RS TO-S-2021-1117 DOS-DDOS Activity
37.220.78.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	RS TO-S-2021-1117 DOS-DDOS Activity
37.221.113.115	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:39	HIVE Case #7387 CTO 22-103(IP=115,GB)
37.221.114.23	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=23,DE)
37.221.253.62	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=62,CZ)
37.223.74.108	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:52	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=108,ES)
37.225.74.102	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:40	SQL injection - 6HR Web Attacks (IP=102,PL)
37.228.116.224	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:41	HIVE Case #7296 CTO 22-088 (IP=224,RU)
37.228.126.15	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
37.228.129.5	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:35	HIVE Case #7342 CTO 22-092 FRAGO (IP=5,FI)
37.228.232.109	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity
37.228.70.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KZ TO-S-2021-1117 DOS-DDOS Activity
37.230.106.141	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=141,TR)
37.230.130.159	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=159,NL)
37.230.130.197	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=197,NL)
37.230.130.204	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=204,NL)
37.230.130.217	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=217,NL)
37.230.130.60	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=60,NL)
37.230.177.101	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=101,US)
37.230.177.166	32	TH	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:28	SQL injection - 6 Hr Web Report (IP=166,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=166,US) SQL injection - Web Attacks (IP=166,US)
37.230.177.166	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:28	SQL injection - 6 Hr Web Report (IP=166,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=166,US) SQL injection - Web Attacks (IP=166,US)
37.230.177.37	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=37,US)
37.235.228.124	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
37.238.118.46	24	KD	None	2022-03-06 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:25	SQL use of sleep function with select - likely SQL injection- Web Attacks(IP=46,IQ) | updated by SW Block expiration extended with reason File /etc/passwd Access Attempt Detect - IPS Events(IP=46,IQ) File /etc/passwd Access Attempt Detect - IPS Events(IP=46,IQ)
37.238.118.46	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:25	SQL use of sleep function with select - likely SQL injection- Web Attacks(IP=46,IQ) | updated by SW Block expiration extended with reason File /etc/passwd Access Attempt Detect - IPS Events(IP=46,IQ) File /etc/passwd Access Attempt Detect - IPS Events(IP=46,IQ)
37.239.25.12	24	KH	None	2022-06-27 00:00:00	2022-09-25 00:00:00	2022-06-27 22:37:36	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire (IP=12,IQ)
37.239.25.17	24	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 13:55:30	SQL injection - WebAttacks (IP=17,IQ)
37.239.25.17	24	ZH	None	2022-08-27 00:00:00	2022-11-25 00:00:00	2022-08-27 13:55:30	SQL injection - WebAttacks (IP=17,IQ) SQL injection - WebAttacks (IP=17,IQ)
37.239.25.20	24	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:52	SQL injection - 6hr Web Attacks (IP=20,IQ)
37.239.25.20	24	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:52	SQL injection - 6hr Web Attacks (IP=20,IQ) SQL injection - 6hr Web Attacks (IP=20,IQ)
37.239.66.42	24	RR	None	2022-02-12 00:00:00	2022-05-13 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - SourceFire (IP=42,IQ)
37.247.104.157	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=157,TR)
37.247.231.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
37.25.13.33	24	RT	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-26 14:44:14	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6HR WebAttack (IP=33,SA)
37.28.157.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
37.28.157.148	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
37.34.176.37	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=37,KW)
37.34.202.131	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:18	HIVE Case #7862 CTO 22-176 (IP=131,KW)
37.34.234.250	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KW TO-S-2021-1050 Hive Case 4821 Malware Activity
37.34.248.24	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=24,KW)
37.34.80.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PS TO-S-2021-1037 Hive Case 4785 Malware Activity
37.36.48.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,KW)
37.44.19.231	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
37.44.238.117	32	TH	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 23:25:01	FSS_Malware Known IOT bot scanner IR# 22C01333 (IP=117,FR)
37.46.56.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
37.47.160.219	32	CR	None	2021-08-25 00:00:00	2022-08-25 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=219,PL)
37.48.106.69	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:54	HIVE Case #7356 CTO 22-096 (IP=69,NL)
37.48.84.96	24	KD	None	2021-12-13 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:09	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=96,NL) | updated by SA Block was inactive. Reactivated on 20220531 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=96,NL)
37.49.230.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
37.49.230.17	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
37.49.230.18	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
37.49.230.64	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
37.49.230.9	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
37.59.158.233	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:08	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=233,FR)
37.59.164.98	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=98,FR)
37.59.209.141	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:37	HIVE Case #7535 TO-S-2022-0176 (IP=141,FR)
37.59.26.59	24	RT	None	2021-12-22 00:00:00	2022-03-22 00:00:00	None	FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (1:28961:9) - Sourcefire Report (IP=59,FR)
37.59.45.83	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.59.63.219	32	RW	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C00890 (IP=219,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason FR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.59.87.81	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=81,FR)
37.59.87.89	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=89,FR)
37.59.87.90	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=90,FR)
37.6.10.202	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.6.176.88	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.6.184.94	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.6.185.137	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.6.185.199	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.6.186.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.6.188.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.6.191.229	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.6.245.50	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.6.34.56	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.6.48.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.6.50.59	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.6.91.245	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.60.16.54	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:03	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=54,RU)
37.61.229.104	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:59	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=104,GB)
37.65.23.133	32	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:39	HTTP: PHP File Inclusion Vulnerability - IR# 22C01487 (IP=133,FR)
37.70.131.219	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.70.131.53	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.70.131.67	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:34	Custom Violation - ArcSight (IP=67,FR)
37.70.43.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
37.70.53.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
37.71.147.186	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=186,FR)
37.72.172.100	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:11	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=100,US)
37.72.174.9	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:32	HIVE Case #7669 TO-S-2022-0187 (IP=9,US)
37.76.160.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
37.77.104.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
37.77.105.0	24	TLM	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 22:29:40	HIVE Case #7139 TO-S-2022-0140 (IP=0,RU)
37.8.145.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:04	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
37.9.13.112	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:56	HIVE Case #7894 CTO 22-187 (IP=112,RU)
37.9.13.98	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:56	HIVE Case #7894 CTO 22-187 (IP=98,RU)
37.9.209.107	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
37.9.45.7	24	KH	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=7,RU)
37.9.47.153	24	BB	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=153,RU)
37.97.157.135	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=135,NL)
37.97.195.84	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=84,NL)
37.98.224.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IQ TO-S-2021-1117 DOS-DDOS Activity
37.99.163.162	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=162,SA)
37.99.163.163	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:08	HIVE Case #7199 CTO 22-074 (IP=163,SA)
37.99.163.164	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:09	HIVE Case #7199 CTO 22-074 (IP=164,SA)
37.99.163.165	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:09	HIVE Case #7199 CTO 22-074 (IP=165,SA)
37.99.163.166	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:10	HIVE Case #7199 CTO 22-074 (IP=166,SA)
3709907447.crm7.eu	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:37	HIVE Case #5991 TO-S-2021-1421
3729.xg4ken.com	---	TLM	None	2021-06-14 00:00:00	2022-06-14 00:00:00	2023-01-19 22:57:23	HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
38.100.173.215	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=215,US)
38.104.245.26	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
38.108.182.5	32	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=5,US)
38.113.170.5	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
38.121.43.215	32	KH	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:37	File /etc/passwd Access Attempt Detect - FE IPS (IP=215,US)
38.121.77.42	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:02:59	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=42,CA)
38.123.129.85	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
38.123.65.17	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
38.124.197.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
38.124.198.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
38.126.102.152	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:41	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=152,US)
38.130.107.32	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=32,US)
38.132.109.186	32	srm	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	HIVE Case #NA FP Security (IP=186,US)
38.132.122.137	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=137,US)
38.133.143.143	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
38.143.103.61	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
38.143.68.82	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=82,US)
38.22.109.7	24	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:06	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=7,CA)
38.242.135.198	24	KH	None	2022-08-06 00:00:00	2022-11-04 00:00:00	2022-08-06 22:54:31	SIPVicious Security Scanner - FE IPS (IP=198,DE)
38.242.143.219	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:12	SQL injection - 6HR Web Attacks (IP=219,US)
38.242.197.202	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:13	HIVE Case #7126 CTO 22-061 (IP=202,US)
38.242.202.24	32	DW	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	Hive Case #6959 COLS-NA-TIP 22-0047 (IP=24, US)
38.242.232.9	24	SW	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-25 13:54:26	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=9, DE)
38.242.233.188	24	RR	None	2022-05-09 00:00:00	2022-08-09 00:00:00	2022-05-10 13:48:34	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=188,DE)
38.242.238.209	32	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:35	SQL injection - WebAttacks (IP=209,US)
38.242.242.45	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:49	SQL injection - Web Attacks (IP=45,US)
38.27.106.53	32	TLM	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 22:41:27	HIVE Case #7249 COLS-NA-TIP 22-0093 (IP=53,US)
38.55.30.119	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:39	HIVE Case #7198 CTO 22-071 (IP=119,US)
38.63.122.69	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:08	HIVE Case #7546 CTO 22-127 (IP=69,US)
38.64.138.132	32	AR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 13:27:16	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire Report (IP=132,US)
38.64.138.138	32	TH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-02 13:50:48	SIPVicious Security Scanner - FE CMS IPS Events (IP=138,US)
38.70.11.110	32	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 22:51:16	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=110,US)
38.70.11.67	32	TH	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 22:41:21	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=67,US)
38.74.14.139	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=139,US)
38.86.199.7	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:04	HIVE Case #7881 CTO 22-182 (IP=7,US)
38.90.226.36	32	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Intel Active Management Technology Remote Privilege Escalation - FE IPS (IP=36,US)
38.90.226.38	32	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Intel Active Management Technology Remote Privilege Escalation - FE IPS (IP=38,US)
38.90.226.40	32	dcg	None	2018-07-30 05:00:00	2022-01-09 00:00:00	None	US TO-S-2018-0983 associated with malicious web application and malware activity | updated by KH Block was inactive. Reactivated on 20211011 with reason Intel Active Management Technology Remote Privilege Escalation - FE IPS (IP=40,US)
38.91.107.152	32	TH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:13	SIPVicious Security Scanner - FE CMS IPS Events (IP=152,US)
38.92.176.16	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=16,US)
38.98.139.11	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:16	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=11,US)
3813999073.dripcosmetic.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:17	HIVE Case #5985 TO-S-2021-1459
3857179248.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
39.100.157.15	32	KH	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00503 (IP=15,CN)
39.100.78.108	32	RB	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00382 (IP=108,CN)
39.100.78.108	32	RW	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00382 (IP=108,CN)
39.101.134.19	24	RT	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=19,CN)
39.101.200.61	24	RR	None	2021-11-15 00:00:00	2022-02-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=61,CN)
39.104.14.142	24	AR	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=142,CN)
39.104.20.55	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:05	HIVE Case #7282 CTO 22-085 (IP=55,CN)
39.104.92.13	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=13,CN)
39.105.28.118	24	RR	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 14:22:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=118,CN)
39.105.60.40	24	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:03	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire Report (IP=40,CN)
39.106.141.187	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=187,CN)
39.106.83.166	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:17	HIVE Case #7653 CTO 22-144 (IP=166,CN)
39.107.138.123	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:50	Directory Traversal Attempt - IPS Events (IP=123,CN)
39.107.32.219	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=219,CN)
39.108.60.102	24	KD	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- TT# 22C00083(IP=102,CN)
39.109.112.228	24	SW	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:30	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=228,HK)
39.109.123.138	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:09	HIVE Case #7282 CTO 22-085 (IP=138,HK)
39.110.244.122	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
39.155.215.175	24	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=175,CN)
39.34.133.160	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=160,PK)
39.45.90.94	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:50	SIPVicious Security Scanner - IPS Events (IP=94,PK)
39.49.44.85	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:58	HIVE Case #7199 CTO 22-074 (IP=85,PK)
39.59.107.152	32	TLM	None	2022-06-08 00:00:00	2022-12-07 00:00:00	2022-06-09 13:12:43	HIVE Case #7739 CTO 22-159 (IP=152,PK)
39.60.26.58	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:25	HIVE Case #7904 CTO 22-189 (IP=58,PK)
39.70.4.103	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=103,CN)
39.74.140.49	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:22	SERVER-WEBAPP rConfig compliance policies SQL injection attempt - Source Fire (IP=49,CN)
39.76.127.181	24	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:46	SIPVicious Security Scanner - IPS Events (IP=181,CN)
39.85.206.181	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:47	Generic URI Injection wget Attempt - FE CMS IPS Events (IP=181,CN)
3909946563.partyfest.cl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:21	HIVE Case #5940 TO-S-2021-1447
3984811861.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
3987968041.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
3hlnnxrnshdgu.jhvbuh.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:34	HIVE Case #5775 TO-S-2021-1390
4.14.141.202	32	TLM	None	2021-12-02 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=202,US)
4.59.139.184	32	ZH	None	2021-11-03 00:00:00	2022-02-01 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack TT# 22C00284 (IP=184,US)
40.112.52.61	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:03	HIVE Case #7820 CTO 22-174 (IP=61,US)
40.115.103.70	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity
40.115.162.72	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6624 CTO 21-341 (IP=72,JP)
40.117.148.149	32	GL	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-08 23:25:02	HIVE Case #7743 DISA-G-TIP22-3837 (IP=149,US)
40.118.29.76	24	RR	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=76,NL)
40.122.123.27	32	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=27,US)
40.69.122.83	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:26	SIPVicious Security Scanner - IPS Events(IP=83,CA)
40.69.133.174	32	SW	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=174, US)
40.69.99.155	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:55	SIPVicious Security Scanner - FE CMS IPS Events (IP=155,CA)
40.69.99.155	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:55:00	SIPVicious Security Scanner - FE CMS IPS Events (IP=155,CA)
40.71.85.25	32	KH	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=25,US)
40.72.177.247	24	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	HTTP:PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP= 247,CN)
40.74.236.71	32	KH	None	2021-11-04 00:00:00	2022-02-03 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=71,US) | updated by SW Block expiration extended with reason SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=71,US) SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=71,US)
40.74.236.71	32	SW	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=71,US) | updated by SW Block expiration extended with reason SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=71,US) SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - SourceFire (IP=71,US)
40.74.77.165	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=165,JP)
40.74.77.24	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malware Activity
40.76.42.186	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:04	FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (1:42298:3) - SourceFire Report (IP=186,US)
40.77.120.113	32	SW	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:35	SIPVicious Security Scanner -IPS Events(IP=113,US)
40.77.46.20	32	SW	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=20, US)
40.79.197.35	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:04	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=35,JP)
40.83.103.7	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:05	HIVE Case #7705 CTO 22-153 (IP=7,HK)
40.83.127.50	32	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=50,US)
40.83.19.253	32	NAB	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=253,US)
40.85.186.41	32	AR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=41,US)
40.87.124.178	32	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:11	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=178,US)
40.87.124.178	32	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:40:43	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=178,US)
40.87.124.178	32	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 15:26:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=178,US)
401k-login.info	---	TLM	None	2021-10-29 00:00:00	2022-10-29 00:00:00	2023-01-19 23:04:08	HIVE Case #6441 CTO 21-301
401k-logins.com	---	TLM	None	2021-11-10 00:00:00	2022-11-10 00:00:00	2023-01-19 23:04:54	HIVE Case #6512 CTO 21-308
401klogin.site	---	TLM	None	2021-10-29 00:00:00	2022-10-29 00:00:00	2023-01-19 23:04:08	HIVE Case #6441 CTO 21-301
4033588063.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
4066606129.medpharmasd.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:29	HIVE Case #5940 TO-S-2021-1447
41.105.12.135	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:02	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=135,DZ)
41.105.156.177	24	SW	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-05 13:42:39	SQL injection - WebAttacks (IP=177,DZ)
41.105.34.6	24	TH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-16 13:51:58	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) - SourceFire Report (IP=6,DZ)
41.107.0.147	24	RB	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	SQL injection - 6hr web attacks (IP=147,DZ)
41.110.147.50	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=50,DZ)
41.131.164.156	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:54	HIVE Case #7356 CTO 22-096 (IP=156,EG)
41.141.101.70	24	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	Multiple web exploit attempts - FE Alerts (IP=70,MA)
41.141.218.158	24	AR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-17 13:55:33	SQL injection - Web Attack (IP=158,MA)
41.146.0.150	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=150,ZA)
41.146.144.205	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=205,ZA)
41.151.0.177	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
41.152.160.0	19	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,EG)
41.157.42.239	24	WR	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=239,ZA)
41.175.22.226	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=226,ZM)
41.189.170.154	24	RB	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 13:43:41	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=154,GH)
41.191.222.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GN TO-S-2021-1050 Hive Case 4821 Malware Activity
41.192.5.142	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
41.193.138.255	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
41.198.60.226	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6310 CTO 21-273 (IP=226,NA)
41.203.140.114	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=114,NE)
41.203.213.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KE TO-S-2021-1050 Hive Case 4821 Malware Activity
41.203.79.74	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=74,NG)
41.204.160.0	19	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,KE)
41.205.3.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CM TO-S-2021-1050 Hive Case 4821 Malware Activity
41.206.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KE TO-S-2021-1117 DOS-DDOS Activity
41.211.101.32	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CM TO-S-2021-1050 Hive Case 4821 Malware Activity
41.211.96.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MU TO-S-2021-1117 DOS-DDOS Activity
41.213.192.168	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RE TO-S-2021-1050 Hive Case 4821 Malware Activity
41.213.96.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
41.215.0.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KE TO-S-2021-1117 DOS-DDOS Activity
41.215.32.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KE TO-S-2021-1117 DOS-DDOS Activity
41.216.189.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
41.217.216.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MW TO-S-2021-1037 Hive Case 4785 Malware Activity
41.220.29.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,ZW) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,ZW)
41.221.48.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TZ TO-S-2021-1117 DOS-DDOS Activity
41.222.209.14	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:59	HIVE Case #7874 CTO 22-181 (IP=14,NG)
41.223.64.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NE TO-S-2021-1037 Hive Case 4785 Malware Activity
41.223.91.217	32	jky	None	2017-09-28 05:00:00	2022-03-24 00:00:00	None	CD TO-S-2017-1551 Intrusion Set CNE | updated by AS Block was inactive. Reactivated on 20210924 with reason HIVE Case #6244 CTO 21-267 (IP=217,CG)
41.224.254.90	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:55	HIVE Case #7356 CTO 22-096 (IP=90,TN)
41.239.143.223	24	KH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - 6hr Web Attacks (IP=223,EG)
41.239.178.109	24	KD	None	2021-10-30 00:00:00	2022-01-28 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=109,EG)
41.239.72.127	24	WR	None	2021-11-03 00:00:00	2022-02-01 00:00:00	None	HTTP Request Brute Force Attack - Failed Logons (IP=127,EG)
41.239.74.217	24	RS	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:50	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=217,EG)
41.242.16.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LY TO-S-2021-1117 DOS-DDOS Activity
41.242.57.73	32	RB	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-30 13:47:01	Known Attack Tool - IR #22C01107 (IP=73,NG)
41.36.190.150	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:54	SIPVicious Security Scanner - IPS Events (IP=150,EG)
41.36.190.150	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:59	SIPVicious Security Scanner - IPS Events (IP=150,EG)
41.50.81.214	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
41.50.84.55	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
41.57.188.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ZA TO-S-2021-1037 Hive Case 4785 Malware Activity
41.74.0.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BJ TO-S-2021-1117 DOS-DDOS Activity
41.74.112.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TZ TO-S-2021-1037 Hive Case 4785 Malware Activity
41.76.108.46	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:22	HIVE Case #7535 TO-S-2022-0176 (IP=46,ZA)
41.76.112.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ZA TO-S-2021-1117 DOS-DDOS Activity
41.77.131.22	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MZ TO-S-2021-1050 Hive Case 4821 Malware Activity
41.78.73.147	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SO TO-S-2021-1050 Hive Case 4821 Malware Activity
41.79.225.122	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BI TO-S-2021-1050 Hive Case 4821 Malware Activity
41.79.225.76	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BI TO-S-2021-1050 Hive Case 4821 Malware Activity
41.79.49.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GQ TO-S-2021-1117 DOS-DDOS Activity
41.80.96.131	24	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:15	SERVER-WEBAPP Multiple products invalid HTTP request attempt (1:40880:8) - SourceFire (IP=131,KE)
41.86.224.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BJ TO-S-2021-1117 DOS-DDOS Activity
41.86.248.174	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BJ TO-S-2021-1050 Hive Case 4821 Malware Activity
41.90.224.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KE TO-S-2021-1117 DOS-DDOS Activity
41.93.160.28	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=28,GH)
41.93.45.130	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:11	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=130,TZ)
411huracan.info	---	TLM	None	2021-10-29 00:00:00	2022-10-29 00:00:00	2023-01-19 23:04:21	HIVE Case #6448 TO-S-2022-0058
4196949049.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
42.110.224.0	19	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	IN TO-S-2021-1156 Malware Activity
42.112.28.137	32	RR	None	2021-10-19 00:00:00	2022-01-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00190 (IP=137,VN)
42.114.16.201	24	KH	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 22:50:29	SERVER-OTHER Supervisord remote code execution attempt (1:44483:3) - Sourcefire (IP=201,VN)
42.115.139.135	24	KH	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Web Attacks (IP=135,VN)
42.116.112.243	24	BB	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=243,VN)
42.116.115.234	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44231 (IP=234,VN)
42.116.188.61	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:44	HIVE Case #7676 CTO 22-147 (IP=61,VN)
42.117.65.15	24	RT	None	2021-12-22 00:00:00	2022-03-23 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58742:4) - Sourcefire Report (IP=15,VN) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=15,VN)
42.118.236.223	24	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:55	SERVER-WEBAPP Java ClassLoader access attempt (1:30790:7) - SourceFire Report (IP=223,VN)
42.124.161.134	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
42.124.161.200	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
42.124.181.238	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
42.125.157.92	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
42.125.29.169	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
42.176.196.19	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:33	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58723:5) - SourceFire (IP=19,CN)
42.188.41.154	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
42.190.40.200	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
42.191.237.243	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MY TO-S-2021-1050 Hive Case 4821 Malware Activity
42.192.70.111	32	RR	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:48:38	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR #22C01377 (IP=111,CN)
42.193.37.101	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=101,CN)
42.193.98.243	24	DT	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-11 14:39:47	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=243,CN)
42.200.70.164	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:51	HIVE Case #7894 CTO 22-187 (IP=164,HK)
42.201.171.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PK TO-S-2021-1117 DOS-DDOS Activity
42.224.205.67	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:08	Generic URI Injection wget Attempt - FE IPS Events (IP=67,CN)
42.225.172.231	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:43	SIPVicious Security Scanner - IPS Events (IP=231,CN)
42.227.184.115	24	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=115,CN)
42.228.225.107	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:18	SSLv2 Client Hello Request Detected - FE IPS Events (IP=107,CN)
42.230.129.233	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:10	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=233,CN)
42.232.225.101	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:45	WordPress Contact Form 7 CVE-2020-35489 File Upload Vulnerability - IPS Events (IP=101,CN)
42.235.162.205	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:07	SIPVicious Security Scanner - IPS Events (IP=205,CN)
42.236.212.180	24	KH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=180,CN)
42.51.211.19	32	BB	None	2021-11-24 00:00:00	2022-02-22 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 22C00412 (IP=19,CN)
42.51.46.118	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:13	HIVE Case #7881 CTO 22-182 (IP=118,CN)
42.82.224.75	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ZA TO-S-2021-1050 Hive Case 4821 Malware Activity
42.84.159.46	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=46,CN)
42.99.116.14	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=14,HK)
420720210710010742riverton.kutaplaya.com	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
4260095274.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
4270413427.dripcosmetic.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:18	HIVE Case #5985 TO-S-2021-1459
43.101.100.53	32	JP	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-04 22:59:38	HUNT IP Block Request - IR#: 22C01771 (IP=53,SG)
43.128.109.65	24	WR	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=65,SG)
43.128.190.16	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:30	HIVE Case #7653 CTO 22-144 (IP=16,IN)
43.128.242.141	24	SW	None	2022-02-04 00:00:00	2022-05-05 00:00:00	None	Masscan TCP Port Scanner - IPS Events(IP=141,JP)
43.129.181.98	32	BB	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00501 (IP=98,SG)
43.129.208.226	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:15	HIVE Case #6346 CTO 21-278 (IP=226,HK) | updated by TLM Block was inactive. Reactivated on 20220511 with reason HIVE Case #7564 TO-S-2022-0180 (IP=226,HK) HIVE Case #7564 TO-S-2022-0180 (IP=226,HK)
43.129.208.226	32	TLM	None	2021-10-12 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:15	HIVE Case #6346 CTO 21-278 (IP=226,HK) | updated by TLM Block was inactive. Reactivated on 20220511 with reason HIVE Case #7564 TO-S-2022-0180 (IP=226,HK) HIVE Case #7564 TO-S-2022-0180 (IP=226,HK)
43.129.227.93	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:25	HIVE Case #7714 CTO 22-154 (IP=93,HK)
43.129.228.86	24	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=86,HK)
43.129.235.209	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:41	HIVE Case #8395 TO-S-2022-0233 (IP=209,HK)
43.129.246.75	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 22:46:04	Attempted Access - Inbound Brute Force - IR#22C01939 (IP=75,HK)
43.129.33.99	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:35	HIVE Case #7557 CTO 22-130 (IP=99,ID)
43.129.35.207	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:36	HIVE Case #7557 CTO 22-130 (IP=207,ID)
43.129.36.145	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:35	HIVE Case #7557 CTO 22-130 (IP=145,ID)
43.129.39.176	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:36	HIVE Case #7557 CTO 22-130 (IP=176,ID)
43.129.40.155	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:37	HIVE Case #7557 CTO 22-130 (IP=155,ID)
43.130.10.173	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:22	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=173,US)
43.130.53.156	32	WR	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=156,US)
43.131.68.129	24	UA	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=129,RU)
43.131.91.178	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:10	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=178,RU)
43.131.94.145	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:11	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) SourceFire (IP=30,SW)
43.132.102.63	24	UA	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=63,HK)
43.132.163.22	24	WR	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=22,HK)
43.132.203.33	24	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=33,HK)
43.132.205.224	24	WR	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=224,SG)
43.133.160.31	24	WR	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=31,JP)
43.133.6.211	24	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=211,JP)
43.133.9.191	24	WR	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=191,JP)
43.134.18.119	24	WR	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=119,SG)
43.134.210.66	24	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attacks (IP=66,JP)
43.135.143.208	32	KD	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=208,US)
43.135.154.102	32	TH	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=102,US)
43.135.162.212	32	KH	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-22 13:54:59	Attempted Access - Inbound Brute Force - IR# 22C01948 (IP=212,US)
43.135.167.75	32	KD	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=75,US)
43.135.94.88	32	AR	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00310 (IP=88,SG)
43.138.112.203	32	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 13:48:38	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01378 (IP=203,CN)
43.138.114.64	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:15	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire (IP=64,CN)
43.138.56.237	24	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:43	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=237, CN)
43.142.21.72	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:00	HTTP: PHPUnit Remote Code Execution - IR#22C01420 (IP=72,CN)
43.142.33.173	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:15	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=173,CN)
43.142.60.207	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:29	HIVE Case #7813 CTO 22-173 (IP=207,CN)
43.142.71.220	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:09	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=220,CN )
43.152.200.62	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:25:02	HIVE Case #7608 CTO 22-137 (IP=62,IN)
43.154.137.141	24	KH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=141,HK)
43.154.17.58	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:11	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=58,HK)
43.154.2.224	24	RS	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-17 13:46:17	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=224,HK)
43.154.23.65	32	AR	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00555 (IP=65,CN)
43.155.117.195	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:10	HIVE Case #7862 CTO 22-176 (IP=195,HK)
43.155.62.28	24	AR	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attacks (IP=28,JP)
43.155.65.157	32	RR	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00485 (IP=157,CN)
43.155.98.251	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:23	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=251,HK)
43.156.1.14	32	AR	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00546 (IP=14,CN)
43.204.89.150	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:39	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01738 (IP=150,IN)
43.224.181.247	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
43.226.23.88	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:45	HIVE Case #7198 CTO 22-071 (IP=88,HK)
43.226.54.121	24	WR	None	2022-02-22 00:00:00	2022-05-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=121,CN)
43.227.132.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
43.228.125.9	32	dbc	None	2020-06-10 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:07	SG TO-S-2020-0601 Malicious Web Application Activity | updated by TLM Block was inactive. Reactivated on 20220602 with reason HIVE Case #7705 CTO 22-153 (IP=9,SG)
43.229.153.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
43.229.224.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
43.229.88.160	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:25	SQL injection - Web Attacks (IP=160,IN)
43.230.156.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
43.230.161.70	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:07	HIVE Case #7282 CTO 22-085 (IP=70,JP)
43.230.161.71	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:08	HIVE Case #7282 CTO 22-085 (IP=71,JP)
43.230.161.83	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:25	HIVE Case #7341 CTO 22-092 (IP=83,JP)
43.230.212.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
43.231.60.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PK TO-S-2021-1092 Hive Case 4875 Malware Activity
43.239.132.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
43.240.13.178	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:04	HIVE Case #7282 CTO 22-085 (IP=178,HK)
43.240.13.214	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:23	HIVE Case #7714 CTO 22-154 (IP=214,HK)
43.243.60.197	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NZ TO-S-2021-1117 DOS-DDOS Activity
43.243.62.244	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NZ TO-S-2021-1117 DOS-DDOS Activity
43.243.62.44	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NZ TO-S-2021-1117 DOS-DDOS Activity
43.243.63.31	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NZ TO-S-2021-1117 DOS-DDOS Activity
43.245.94.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NP TO-S-2021-1117 DOS-DDOS Activity
43.246.208.141	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:53	HIVE Case #7104 TO-S-2022-0138 (IP=141,HK)
43.246.208.17	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:54	HIVE Case #7104 TO-S-2022-0138 (IP=17,HK)
43.247.126.60	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AU TO-S-2021-1117 DOS-DDOS Activity
43.247.170.1	24	RR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=1,JP)
43.247.171.1	24	RR	None	2022-03-16 00:00:00	2022-06-14 00:00:00	2022-03-16 13:45:42	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire (IP=1,JP)
43.248.213.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
43.249.192.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
43.249.206.0	24	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
43.249.206.0	24	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
43.249.207.136	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:05	HIVE Case #7881 CTO 22-182 (IP=136,HK)
43.249.224.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
43.250.43.162	24	BB	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=162,IN)
43.252.156.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
43.252.159.100	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
43.252.8.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
43.254.126.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
43.254.218.42	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:11	HIVE Case #7282 CTO 22-085 (IP=42,HK)
43.254.218.98	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:00	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=98,HK)
43.254.54.195	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=195,CN)
44.192.64.79	32	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:43	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01365 (IP=79,US)
44.197.210.51	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 19:45:37	HIVE Case #7902 COLS-NA TIP 22-0238 (IP=51,US)
44.197.6.110	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=110,US)
44.201.133.88	32	TH	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- SourceFire (1:45200:2)- SourceFire (IP=88,US)
44.201.162.114	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=114,US)
44.201.168.231	32	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=231,US)
44.201.38.148	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:43	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01741 (IP=148,US)
44.201.80.103	32	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=103,US)
44.202.101.199	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:08	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=199,US)
44.202.107.35	32	ZH	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 22:57:04	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=35, US)
44.202.115.217	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=217,US)
44.202.138.3	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:12	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=3,US)
44.202.166.73	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:11	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=73,US)
44.202.246.65	32	ZH	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 22:25:59	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=65,US)
44.202.38.83	32	ZH	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=83,US)
44.202.48.223	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:12	SSLv2 Client Hello Request Detected FE CMS IPS alert (IP=223,US)
44.202.51.213	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:30	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=213,US)
44.202.6.7	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:30	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=7,US)
44.202.93.206	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:52	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report(IP=206,US)
44.203.123.106	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:58	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=106,US)
44.203.150.169	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:09	SIPVicious Security Scanner - CMS IPS Events (IP=169,US)
44.203.161.168	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:02	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=168,US)
44.203.164.198	32	SW	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:22	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=198, US)
44.203.187.68	32	SW	None	2022-03-30 00:00:00	2022-06-28 00:00:00	2022-03-30 22:02:31	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=68, US)
44.203.95.76	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:12	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=76,US)
44.204.156.166	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:46	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=166,US)
44.204.175.124	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:02	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - IPS Events (IP=124,US)
44.204.183.160	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:09	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=160,US)
44.206.252.146	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=146,US)
44.234.152.166	32	BB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00827 (IP=166,US)
44.240.146.137	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=137,US)
44.240.151.83	32	AR	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:32	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=83,US)
44.242.181.196	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:06	HIVE Case #7381 CTO 22-102 v2 (IP=196,US)
440720210710010744riverton.kutaplaya.com	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
4413471479.zingerrolstoel-nederland.nl	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:57:58	HIVE Case #5644 TO-S-2021-1352
4445075192.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
4473789734.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
4479697997.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
44k3k599.count.bestedm.org	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:13	HIVE Case #5985 TO-S-2021-1459
45.10.152.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
45.10.154.144	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:22	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=144,US)
45.10.166.182	24	NAB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=182,RU)
45.10.167.11	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=11,RU)
45.10.32.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
45.11.0.113	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
45.11.180.153	24	KH	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	Malicious IP HIVE Case 6498 (IP=153,GB)
45.11.183.164	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=164,EE)
45.11.183.237	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=237,EE)
45.11.19.224	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:32	HIVE Case #7669 TO-S-2022-0187 (IP=224,DE)
45.11.19.248	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=248,DE)
45.11.19.93	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=93,DE)
45.112.124.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
45.112.138.214	24	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=214,IN) | updated by SW Block was inactive. Reactivated on 20211121 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=214, IN) INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=214, IN)
45.112.138.214	24	RR	None	2020-05-09 00:00:00	2022-02-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=214,IN) | updated by SW Block was inactive. Reactivated on 20211121 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=214, IN) INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=214, IN)
45.112.138.214	24	RR	None	2020-05-09 00:00:00	2022-02-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=214,IN) | updated by SW Block was inactive. Reactivated on 20211121 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=214, IN) INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=214, IN)
45.112.196.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MY TO-S-2021-1037 Hive Case 4785 Malware Activity
45.112.52.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
45.113.1.3	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=3,HK)
45.114.129.139	32	AS	None	2022-03-22 00:00:00	2022-09-22 00:00:00	2022-03-22 14:48:48	HIVE Case #7254 CTO 22-078 (IP=139,KR)
45.114.180.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.114.246.6	32	RB	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-21 22:50:14	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01431 (IP=6,IN)
45.115.168.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.115.236.222	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:04	HIVE Case #7862 CTO 22-176 (IP=222,CN)
45.115.252.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.116.13.153	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:00	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=153,JP)
45.116.156.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
45.116.68.28	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
45.117.50.173	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
45.117.80.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	VN TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.118.115.99	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:23	HIVE Case #7535 TO-S-2022-0176 (IP=99,ID)
45.118.134.19	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:47	HIVE Case #7416 CTO 22-106 (IP=19,SG)
45.118.32.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.118.75.0	24	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
45.118.8.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.119.81.95	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:56	HIVE Case #7381 CTO 22-102 v2 (IP=95,VN)
45.12.111.82	32	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 22:55:26	SIPVicious Security Scanner - IPS Events (IP=82,US)
45.12.134.108	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=108,NL)
45.12.221.18	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:09	Infection Match (blocked)- FIREEYE Web(IP=18,DK)
45.12.32.14	24	NAB	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=14,SC)
45.120.156.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
45.120.70.0	24	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,KR)
45.121.145.94	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:54	HIVE Case #7731 CTO 22-158 (IP=94,MY)
45.121.146.88	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=88,MY)
45.121.50.230	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:01	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=230,TW)
45.122.244.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	VN TO-S-2021-1117 DOS-DDOS Activity
45.122.255.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	VN TO-S-2021-1050 Hive Case 4821 Malware Activity
45.123.190.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LT TO-S-2021-1050 Hive Case 4821 Malware Activity
45.123.190.168	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LT TO-S-2021-1050 Hive Case 4821 Malware Activity
45.124.143.97	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:05	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=97,IN)
45.124.48.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.124.65.180	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6684 CTO 21-355 (IP=180,HK)
45.124.66.28	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=28,HK)
45.124.84.253	24	TH	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:24	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=253,VN)
45.125.116.0	22	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
45.125.236.14	24	SW	None	2022-08-19 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:33	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=14,VN) | updated by RR Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=14,VN) | updated by RR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=14,VN) | updated by RR Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=14,VN)
45.125.239.142	24	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=142,VN)
45.125.65.126	24	DBC	None	2022-03-20 00:00:00	2022-06-20 00:00:00	2022-03-20 23:01:42	Corelight SSH Scan (IP=126,HK)
45.125.65.71	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=71,LT)
45.125.65.71	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=71,LT)
45.125.65.71	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=71,LT)
45.126.20.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.126.210.66	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=66,US)
45.126.211.2	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=2,US)
45.126.56.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.127.108.132	24	WR	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 13:43:31	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=132,IN)
45.127.184.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
45.127.220.165	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
45.127.247.3	24	RR	None	2022-06-19 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:46	SQL injection - Web Attacks (IP=3,BD) | updated by RS Block expiration extended with reason Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=3,BD)
45.127.96.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.128.132.6	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=6,ES)
45.128.135.15	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=15,NL)
45.128.151.15	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:25	HIVE Case #7432 CTO 22-110 (IP=15,LV)
45.128.156.102	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=102,US)
45.128.156.106	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=106,US)
45.128.156.177	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=177,US)
45.128.156.27	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=27,US)
45.128.156.46	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:22	HIVE Case #7894 CTO 22-187 (IP=46,US)
45.128.221.0	23	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:08	HIVE Case #7826 TO-S-2022-0203 (IP=0,NL)
45.128.221.169	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:02	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=169,NL)
45.128.36.154	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:20	Infection Match (blocked)- FIREEYE Web(IP=154,US)
45.129.136.33	24	RR	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter - SourceFire (IP=33,PA)
45.129.229.48	32	dbc	None	2020-08-04 00:00:00	2022-01-28 00:00:00	None	HIVE Case #3470 CTO-20-210 EUCOM JCC SR 101-20 (IP=48,SG) | updated by dbc Block was inactive. Reactivated on 20210128 with reason SG TO-S-2021-1050 Hive Case 4821 Malware Activity
45.129.56.200	32	DT	None	2021-03-14 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:36	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00677 (IP=200,DK) | updated by AS Block was inactive. Reactivated on 20220405 with reason HIVE Case #7342 CTO 22-092 FRAGO (IP=200,DK)
45.13.254.223	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.130.151.194	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:38	HIVE Case #7557 CTO 22-130 (IP=194,RU)
45.130.83.86	32	KH	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	SQL generic convert injection attempt - GET parameter (1:26925:2) - Sourcefire (IP=86,US)
45.131.179.179	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:11	HIVE Case #7282 CTO 22-085 (IP=179,US)
45.131.195.72	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:52	HIVE Case #7894 CTO 22-187 (IP=72,US)
45.131.66.28	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=28,DE)
45.131.83.9	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=9,ES)
45.132.185.106	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=106,RU)
45.132.186.24	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=24,RU)
45.132.19.132	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=132,RU)
45.132.227.100	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:02	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=100,US)
45.132.227.103	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:03	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=103,US)
45.132.227.105	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:03	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=105,US)
45.132.227.107	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:04	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=107,US)
45.132.227.250	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:34	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=250,US)
45.132.240.97	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.132.244.135	32	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00308 (IP=135,DE)
45.132.244.92	24	TH	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:18	Phishing.DTI.URL - HIVE Case # 7518 (IP=92,DE)
45.132.84.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KZ TO-S-2021-1117 DOS-DDOS Activity
45.133.172.229	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:45	HIVE Case #7768 CTO 22-161 (IP=229,GB)
45.133.180.154	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:19	Infection Match (blocked)- FIREEYE Web(IP=154,BR)
45.133.180.2	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:14	Infection Match (blocked)- FIREEYE Web(IP=2,MX)
45.133.181.66	24	EE	None	2021-01-09 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:34	SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (1:43810:2) - SourceFire (IP=66,TW) | updated by WR Block was inactive. Reactivated on 20220228 with reason ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228) (1:2034673:2) - Sourcefire (IP=66,TW)
45.133.192.230	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:00	SERVER-WEBAPP Apache Log4j logging remote code execution attempt- Web Attacks(IP=230,IS)
45.133.193.153	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=153,IS)
45.133.194.150	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=150,KR)
45.133.203.230	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=230,SC)
45.133.216.145	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:21	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=145,LV)
45.133.238.234	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:13	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=234,GB)
45.134.144.10	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=10,DE)
45.134.144.182	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:05	SIPVicious Security Scanner - FE CMS IPS Events (IP=182,NL) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=182,DE) SIPVicious Security Scanner - FE IPS (IP=182,DE)
45.134.144.182	24	TH	None	2022-06-03 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:05	SIPVicious Security Scanner - FE CMS IPS Events (IP=182,NL) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=182,DE) SIPVicious Security Scanner - FE IPS (IP=182,DE)
45.134.144.203	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:22	SIPVicious Security Scanner - FE IPS (IP=203,DE)
45.134.144.203	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:25	SIPVicious Security Scanner - FE IPS (IP=203,DE)
45.134.144.47	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:56	SIPVicious Security Scanner - FE CMS IPS Events (IP=47,NL)
45.134.168.171	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=171,DE)
45.134.168.171	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=171,DE)
45.134.169.147	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:14	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=147,DE)
45.134.179.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
45.134.20.66	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:01	HIVE Case #7441 CTO 22-111 (IP=66,NL)
45.134.22.11	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=11,IT)
45.134.225.20	24	RW	None	2021-11-17 00:00:00	2022-02-16 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=20,DE) | updated by SW Block expiration extended with reason SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=20, NL)
45.134.23.252	24	JP	None	2022-09-27 00:00:00	2022-12-26 00:00:00	2022-09-28 16:36:33	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attacks (IP=252,NL)
45.134.255.131	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=131,RU)
45.135.187.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,SE)
45.135.232.112	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=112,RU)
45.135.232.131	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:54	HIVE Case #7361 CTO 22-098 (IP=131,RU)
45.136.187.0	22	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:09	HIVE Case #7826 TO-S-2022-0203 (IP=0,DE)
45.136.187.98	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:15	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=98,DE)
45.136.230.0	24	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:13	HIVE Case #8328 TO-S-2022-0230 (IP=0,NL)
45.136.230.191	32	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:37	HIVE Case #7840 CTO 22-175 (IP=191,NL)
45.136.4.119	24	WR	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 14:30:11	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=119,TR)
45.137.152.30	24	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Associated with malicious domain - Hive Case 6498 (IP=30,RU)
45.137.155.0	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,UA)
45.137.155.55	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=55,UA)
45.137.21.166	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:00	HIVE Case #7381 CTO 22-102 v2 (IP=166,NL)
45.137.21.9	24	WR	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=9,BD)
45.137.21.9	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=9,BD)
45.137.23.19	24	KH	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=19,BD)
45.137.23.190	32	TLM	None	2022-06-08 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:55	HIVE Case #7739 CTO 22-159 (IP=190,NL) | updated by TLM Block expiration extended with reason HIVE Case #7745 CTO 22-160 (IP=190,NL) HIVE Case #7745 CTO 22-160 (IP=190,NL)
45.137.23.190	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:55	HIVE Case #7739 CTO 22-159 (IP=190,NL) | updated by TLM Block expiration extended with reason HIVE Case #7745 CTO 22-160 (IP=190,NL) HIVE Case #7745 CTO 22-160 (IP=190,NL)
45.138.100.140	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=140,RU)
45.138.102.50	24	RB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=50,RU)
45.138.172.37	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=37,DE)
45.138.172.51	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=51,DE)
45.138.26.17	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=17,US)
45.138.70.66	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=66,CA)
45.138.87.31	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=31,RO)
45.139.239.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.139.239.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.139.239.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.139.239.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU) HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.139.239.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.139.239.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.139.239.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.14.114.27	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:53	HIVE Case #7894 CTO 22-187 (IP=27,US)
45.14.13.25	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 Malicious Email Activity
45.14.224.145	24	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:31	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=145,NL)
45.14.224.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,NL)
45.14.224.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,NL)
45.14.224.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,NL)
45.14.224.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,NL)
45.14.224.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,NL)
45.14.224.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,NL)
45.14.224.96	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:54	HIVE Case #7904 CTO 22-189 (IP=96,NL)
45.14.49.211	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
45.14.66.230	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:15	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=230,JP)
45.14.71.8	32	RR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 13:46:36	Possible SQLi attempt - TT#: 22C01089 (IP=8,JP)
45.140.140.192	24	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:44	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt - SourceFire (IP=192,NL)
45.140.141.76	24	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:44	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=76,NL)
45.140.146.0	24	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:00	HIVE Case #7669 TO-S-2022-0187 (IP=0,MD)
45.141.152.194	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	DE TO-S-2021-1156 Malicious Email Activity
45.141.157.120	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=120,BG)
45.141.157.123	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	BG TO-S-2021-1156 Malicious Email Activity
45.141.239.45	24	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:46	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=45,NL)
45.141.56.0	24	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6412 TO-S-2022-1635 (IP=0,AT)
45.141.58.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SC TO-S-2021-1117 DOS-DDOS Activity
45.141.59.0	24	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,SC)
45.141.84.230	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:46	HIVE Case #7258 CTO 22-082 (IP=230,RU)
45.142.114.231	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:38	HIVE Case #7535 TO-S-2022-0176 (IP=231,DE)
45.142.122.34	24	RB	None	2022-04-19 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:59	SQL injection - 6hr web attacks (IP=34,RU) | updated by WR Block expiration extended with reason HTTP Request Brute Force Attack - 6 Hr Failed Logons (IP=34,RU)
45.142.166.13	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	JP TO-S-2021-1143 Command and Control Exploit
45.142.166.237	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=237,JP)
45.142.188.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.142.212.100	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:23	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=100,MD)
45.142.212.61	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:21	HIVE Case #7088 CTO 22-056 (IP=61,MD)
45.142.213.17	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:20	HIVE Case #7088 CTO 22-056 (IP=17,LV)
45.142.215.50	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:23	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=50,LV)
45.142.215.92	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:24	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=92,LV)
45.142.215.92	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:47	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=92,LV)
45.143.138.72	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:28	HIVE Case #7432 CTO 22-110 (IP=72,RU)
45.143.200.122	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 14:40:41	HIVE Case #7190 CTO 22-070 (IP=122,RU)
45.143.200.18	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 14:40:42	HIVE Case #7190 CTO 22-070 (IP=18,RU)
45.143.200.50	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:05	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=50,RU)
45.143.203.3	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:06	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=3,RU)
45.143.204.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AM TO-S-2021-1117 DOS-DDOS Activity
45.143.223.35	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:39	SIPVicious Security Scanner - FE CMS IPS alert (IP=35,NL)
45.143.97.183	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
45.144.112.131	32	RR	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 12:28:38	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=131,US)
45.144.124.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.144.138.119	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=119,US)
45.144.138.120	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=120,US)
45.144.138.121	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=121,US)
45.144.179.204	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:16	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=204,RU)
45.144.225.5	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:08	ZmEu phpMyAdmin Vulnerability Scanner - FE CMS IPS Events (IP=5,NL)
45.144.241.151	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=151,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=151,US)
45.144.29.166	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=166,NL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=166,NL)
45.144.29.2	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:29	HIVE Case #7189 CTO 22-068.1 (IP=2,NL)
45.144.30.203	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6599 CTO 21-335 (IP=203,RU)
45.144.30.53	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:23	HIVE Case #7894 CTO 22-187 (IP=53,RU)
45.145.130.163	24	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=163,RU)
45.145.185.33	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	NL TO-S-2021-1102 Malicious Email Activity
45.146.164.131	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:57	HIVE Case #7894 CTO 22-187 (IP=131,RU)
45.146.164.183	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=183,RU)
45.146.164.193	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:42	HIVE Case #7189 CTO 22-068.1 (IP=193,RU)
45.146.164.234	24	KH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:45	Masscan TCP Port Scanner - FE IPS (IP=234,RU)
45.146.164.234	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:03	Suspicious Scan Activity (IP=234,RU)
45.146.164.234	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:03	Suspicious Scan Activity (IP=234,RU) Suspicious Scan Activity (IP=234,RU)
45.146.164.4	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:57	HIVE Case #7894 CTO 22-187 (IP=4,RU)
45.146.165.37	24	RR	None	2022-03-16 00:00:00	2022-06-14 00:00:00	2022-03-16 13:45:41	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=37,RU)
45.146.165.76	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=76,RU)
45.146.166.0	23	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.146.253.46	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=46,DE) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=46,DE)
45.146.55.71	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44229 (IP=71,US)
45.147.228.0	22	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=0,DE)
45.147.228.115	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=115,DE)
45.147.228.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,DE)
45.147.228.59	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=59,DE)
45.147.229.156	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:14	HIVE Case #7862 CTO 22-176 (IP=156,DE)
45.147.229.161	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=161,DE)
45.147.229.185	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=185,DE)
45.147.229.212	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=212,DE)
45.147.229.242	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=242,DE)
45.147.229.254	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:00	HIVE Case #7745 CTO 22-160 (IP=254,DE)
45.147.229.50	32	JEB	None	2022-06-06 00:00:00	2022-09-06 00:00:00	2022-06-08 16:56:04	REV Malicious Bumblebee Hardcoded C2 (IP=50,DE)
45.147.229.65	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=65,DE)
45.147.229.93	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=93,DE)
45.147.229.94	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=94,DE)
45.147.230.132	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=132,DE)
45.147.230.143	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=143,DE)
45.147.230.155	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=155,DE)
45.147.230.236	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=236,DE)
45.147.230.64	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=64,DE)
45.147.230.69	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=69,DE)
45.147.230.71	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=71,DE)
45.147.230.84	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=84,DE)
45.147.230.87	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=87,DE)
45.147.231.195	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=195,DE)
45.147.231.213	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=213,DE)
45.147.231.249	32	TLM	None	2021-10-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6294 CTO 21-268 (IP=249,DE)
45.148.10.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NL)
45.148.10.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NL)
45.148.10.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NL)
45.148.10.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NL) HIVE Case #5 TO-S-2021-1447 (IP=0,NL)
45.148.10.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NL)
45.148.10.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NL)
45.148.10.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,NL)
45.148.10.140	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
45.148.10.241	24	TH	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 13:57:21	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=241,NL)
45.148.10.241	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:07	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=241,NL)
45.148.10.81	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:41	SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (1:45237:2) - SourceFire (IP=81, GB)
45.148.10.83	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AD TO-S-2021-1050 Hive Case 4821 Malware Activity
45.148.120.127	24	AR	None	2022-07-24 00:00:00	2022-10-22 00:00:00	2022-07-25 13:54:53	Backdoor.Meterpreter - FE CMS (IP=127,NL)
45.148.120.162	32	dbc	None	2020-09-17 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:23	NL TO-S-2020-0805 Malware Activity | updated by AS Block was inactive. Reactivated on 20220708 with reason HIVE Case #7904 CTO 22-189 (IP=162,NL)
45.148.123.33	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=33,NL)
45.148.124.100	24	NAB	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=100,RU)
45.149.77.39	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:16	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=39,IR)
45.15.143.185	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=185,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=185,US)
45.15.143.220	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
45.15.143.230	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.15.144.146	32	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:54:02	SIPVicious Security Scanner - IPS Events (IP=146,US)
45.15.160.20	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:52:12	ZmEu phpMyAdmin Vulnerability Scanner - IPS Events (IP=20,US)
45.150.67.175	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:47	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=175,MD)
45.151.123.155	24	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:46	SQL injection- Web Attacks (IP=155,DE)
45.152.86.98	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:48	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=98,TR)
45.153.160.131	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=131,NL)
45.153.160.132	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:44	HIVE Case #7894 CTO 22-187 (IP=132,NL)
45.153.160.134	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:37	HIVE Case #7342 CTO 22-092 FRAGO (IP=134,NL)
45.153.160.138	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=138,NL)
45.153.160.139	32	TLM	None	2022-01-04 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:45	HIVE Case #6729 CTO 22-004 (IP=139,NL) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=139,NL)
45.153.160.140	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:07	HIVE Case #7441 CTO 22-111 (IP=140,NL)
45.153.203.124	32	RB	None	2021-02-22 00:00:00	2022-03-04 00:00:00	None	TO-S-2021-1136 / SHARKSEER-TIP-21-3006 - TT# 21C00525 (IP=124,NL) | updated by dbc Block expiration extended with reason NL TO-S-2021-1143 Malware Activity
45.153.203.174	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
45.153.228.0	22	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,NL)
45.153.230.183	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:49	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=183,DE)
45.153.240.127	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6409 TO-S-2022-1619 (IP=127,DE)
45.153.240.198	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:35	HIVE Case #7227 CTO 22-076 (IP=198,DE)
45.153.240.220	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=220,DE)
45.153.240.234	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=234,DE)
45.153.240.52	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=52,DE)
45.153.240.54	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=54,DE)
45.153.240.72	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=72,DE)
45.153.241.127	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=127,DE)
45.153.241.250	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=250,DE)
45.153.241.251	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=251,DE)
45.153.242.111	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=111,DE)
45.153.242.112	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=112,DE)
45.153.242.132	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:18	HIVE Case #7458 CTO 22-113 (IP=132,DE) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=132,DE) HIVE Case #8395 TO-S-2022-0233 (IP=132,DE)
45.153.242.132	32	TLM	None	2022-04-25 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:18	HIVE Case #7458 CTO 22-113 (IP=132,DE) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=132,DE) HIVE Case #8395 TO-S-2022-0233 (IP=132,DE)
45.153.242.33	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=33,DE)
45.153.242.52	32	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6196 CTO 21-258 (IP=52,DE)
45.153.243.0	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:09	HIVE Case #8328 TO-S-2022-0230 (IP=0,DE)
45.154.14.0	22	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:10	HIVE Case #7826 TO-S-2022-0203 (IP=0,GB)
45.154.14.235	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:13	HIVE Case #7282 CTO 22-085 (IP=235,GB)
45.154.14.254	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:16	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=254,GB)
45.154.168.209	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
45.154.255.138	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:37	HIVE Case #7342 CTO 22-092 FRAGO (IP=138,SE)
45.154.255.139	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:38	HIVE Case #7342 CTO 22-092 FRAGO (IP=139,SE)
45.154.255.147	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:39	HIVE Case #7342 CTO 22-092 FRAGO (IP=147,SE)
45.154.48.87	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.154.98.253	32	JP	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:23	Multiple IPs Block - IR# 22C01923 (IP=253,NL)
45.155.165.86	32	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:49	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=86,US)
45.155.173.242	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=242,DE)
45.155.204.105	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:00	HIVE Case #7894 CTO 22-187 (IP=105,RU)
45.155.204.109	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:01	HIVE Case #7894 CTO 22-187 (IP=109,RU)
45.155.204.132	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:01	HIVE Case #7894 CTO 22-187 (IP=132,RU)
45.155.204.146	24	RR	None	2022-03-27 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:04	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=146,RU) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=146,RU) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attcks (IP=146,RU)
45.155.204.16	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:02	HIVE Case #7894 CTO 22-187 (IP=16,RU)
45.155.204.52	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:02	HIVE Case #7894 CTO 22-187 (IP=52,RU)
45.155.204.63	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:03	HIVE Case #7894 CTO 22-187 (IP=63,RU)
45.155.204.74	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:04	HIVE Case #7894 CTO 22-187 (IP=74,RU)
45.155.205.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.155.205.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.155.205.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.155.205.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU) HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.155.205.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.155.205.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.155.205.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
45.155.205.120	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:27	HIVE Case #7399 CTO 22-104 (IP=120,RU)
45.155.205.136	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:04	HIVE Case #7894 CTO 22-187 (IP=136,RU)
45.155.205.138	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:55	HIVE Case #7361 CTO 22-098 (IP=138,RU)
45.155.205.196	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:23	HIVE Case #7399 CTO 22-104 (IP=196,RU)
45.155.205.233	24	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=233,RU)
45.155.205.233	24	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=233,RU) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=233,RU)
45.155.205.40	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:18	HIVE Case #7399 CTO 22-104 (IP=40,RU)
45.155.205.41	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:20	HIVE Case #7399 CTO 22-104 (IP=41,RU)
45.155.205.42	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:19	HIVE Case #7399 CTO 22-104 (IP=42,RU)
45.155.205.43	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:21	HIVE Case #7399 CTO 22-104 (IP=43,RU)
45.155.205.44	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:22	HIVE Case #7399 CTO 22-104 (IP=44,RU)
45.155.205.45	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:18	HIVE Case #7399 CTO 22-104 (IP=45,RU)
45.155.205.46	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:20	HIVE Case #7399 CTO 22-104 (IP=46,RU)
45.155.205.48	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:19	HIVE Case #7399 CTO 22-104 (IP=48,RU)
45.155.205.49	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:22	HIVE Case #7399 CTO 22-104 (IP=49,RU)
45.155.205.56	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:17	HIVE Case #7399 CTO 22-104 (IP=56,RU)
45.155.205.77	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:05	HIVE Case #7894 CTO 22-187 (IP=77,RU)
45.155.205.80	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:05	HIVE Case #7894 CTO 22-187 (IP=80,RU)
45.155.205.88	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:25	HIVE Case #7399 CTO 22-104 (IP=88,RU)
45.155.205.97	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:55	HIVE Case #7361 CTO 22-098 (IP=97,RU)
45.155.40.34	32	KH	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 22:53:26	SIPVicious Security Scanner - FE CMS (IP=34,US)
45.156.184.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.156.192.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.156.26.154	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:45	HIVE Case #7779 CTO 22-162 (IP=154,RU)
45.157.120.218	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
45.157.231.141	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=141,IT)
45.158.14.34	32	TLM	None	2022-03-04 00:00:00	2022-09-04 00:00:00	2022-03-04 14:18:54	HIVE Case #7142 COLS-NA-TIP 22-0075 (IP=34,TR)
45.158.230.131	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:08	HIVE Case #7282 CTO 22-085 (IP=131,HK)
45.158.37.10	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=10,NL)
45.159.188.40	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:53	SIPVicious Security Scanner - FE CMS IPS Events (IP=40,NL)
45.159.251.21	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:49	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=21,PT)
45.159.48.19	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=19,JP)
45.160.60.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.161.160.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.161.173.178	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.161.228.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.161.99.89	32	RR	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 13:22:34	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01706 (IP=89,BR)
45.162.214.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.162.225.114	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=114,BR)
45.162.244.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.162.88.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AR TO-S-2021-1117 DOS-DDOS Activity
45.163.132.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.163.64.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.164.141.118	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=118,BR)
45.164.20.159	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 14:05:30	SQL injection - 6 Hr Web Report (IP=159,US)
45.164.28.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.165.208.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
45.166.64.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.167.1.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SV TO-S-2021-1117 DOS-DDOS Activity
45.167.220.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.170.107.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PY TO-S-2021-1050 Hive Case 4821 Malware Activity
45.170.220.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.170.253.102	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 14:05:31	HTTP: SQL Injection - Exploit - 6 Hr Web Report (IP=102,US)
45.171.196.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.171.236.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.172.240.0	23	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,BR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,BR)
45.172.76.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.173.176.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BR TO-S-2021-1081 Hive Case 4872 Malware Activity
45.175.30.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.176.108.249	24	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:25	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=249,AR)
45.176.110.244	24	ZH	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-12 14:00:17	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=244,AR)
45.176.232.0	22	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:41	HIVE Case #7535 TO-S-2022-0176 (IP=0,CO)
45.179.112.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.179.178.134	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=134,BR)
45.179.208.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.179.56.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.179.84.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.179.89.37	24	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:57	HIVE Case #7532 IOC_SOLARDEFLECTION C2 (IP=37,BR)
45.180.129.15	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00914 (IP=15,BR)
45.181.88.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.182.189.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,PA)
45.182.200.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.185.112.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.189.72.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.196.126.158	32	RB	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 14:47:51	Scanner or Short-Description: HTTP: ThinkPHP CMS Getshell - IR# 22C00981 (IP=158,HK)
45.197.132.0	24	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:46	HIVE Case #7704 TO-S-2022-0190 (IP=0,ZA)
45.199.160.117	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=117,US)
45.201.204.240	24	KH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=240,KH)
45.207.37.128	24	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:37	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=128,HK)
45.207.50.102	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=102,HK)
45.207.50.104	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=104,HK)
45.207.53.204	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:53	HIVE Case #7380 CTO 22-099 (IP=204,HK)
45.207.55.223	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=223,HK)
45.207.61.179	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=179,HK)
45.221.72.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UG TO-S-2021-1117 DOS-DDOS Activity
45.224.130.43	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=43,BR)
45.224.248.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.224.43.41	24	RR	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=41,BR)
45.226.166.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=0,BR)
45.227.148.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.227.252.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BZ TO-S-2021-1037 Hive Case 4785 Malware Activity
45.227.253.21	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:02	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=21,PA)
45.227.254.17	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-30 14:04:41	Possible SQLi attempt/HTTP: Blind SQL Injection - Timing - IR# 22C01892 (IP=17,PA)
45.227.255.190	24	EE	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=190,PA)
45.227.72.50	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:45	HIVE Case #7894 CTO 22-187 (IP=50,BR)
45.228.252.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.229.0.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.229.104.78	24	RS	None	2022-05-22 00:00:00	2022-11-20 00:00:00	2022-08-22 22:53:08	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=78,BR) | updated by JP Block was inactive. Reactivated on 20220822 with reason SIPVicious Security Scanner - IPS Events (IP=78,BR)
45.229.52.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.230.56.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.231.144.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
45.233.168.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CO TO-S-2021-1037 Hive Case 4785 Malware Activity
45.233.198.95	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=95,BR)
45.234.173.89	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.234.24.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.235.8.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.235.95.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,BR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,BR)
45.236.128.93	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-08-02 15:22:02	HIVE Case #7276 COLS-NA TIP 22-0102 (IP=93,CL)
45.236.8.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.236.9.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.237.116.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.237.240.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.238.56.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
45.239.108.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,CL)
45.239.111.70	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=70,CL)
45.248.149.219	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:12	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01586 (IP=219,BD)
45.248.192.80	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
45.248.26.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
45.248.41.191	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
45.248.87.162	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:57	HIVE Case #7546 CTO 22-127 (IP=162,CN)
45.249.94.77	32	BB	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00230 (IP=77,CN)
45.251.241.36	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=36,JP)
45.251.56.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
45.253.64.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.32.101.191	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:21	HIVE Case #7862 CTO 22-176 (IP=191,SG)
45.32.106.240	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:44	HIVE Case #7380 CTO 22-099 (IP=240,SG)
45.32.107.157	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=157,SG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=157,SG) HIVE Case #5969 TO-S-2021-1289 (IP=157,SG)
45.32.107.157	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=157,SG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=157,SG) HIVE Case #5969 TO-S-2021-1289 (IP=157,SG)
45.32.107.157	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=157,SG) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=157,SG) HIVE Case #5969 TO-S-2021-1289 (IP=157,SG)
45.32.11.27	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:03	HIVE Case #7282 CTO 22-085 (IP=27,JP)
45.32.111.103	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=103,SG)
45.32.112.162	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=162,SG)
45.32.115.242	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:20	HIVE Case #7458 CTO 22-113 (IP=242,SG)
45.32.119.153	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=153,SG)
45.32.121.191	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=191,SG)
45.32.124.178	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.32.125.79	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:31	HIVE Case #6595 CTO 21-327 (IP=79,SG) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=79,SG) HIVE Case #7894 CTO 22-187 (IP=79,SG)
45.32.125.79	32	TLM	None	2021-11-30 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:31	HIVE Case #6595 CTO 21-327 (IP=79,SG) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=79,SG) HIVE Case #7894 CTO 22-187 (IP=79,SG)
45.32.125.79	32	TLM	None	2021-11-30 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:31	HIVE Case #6595 CTO 21-327 (IP=79,SG) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=79,SG) HIVE Case #7894 CTO 22-187 (IP=79,SG)
45.32.137.94	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:11	HIVE Case #7237 CTO 22-077 (IP=94,US)
45.32.180.186	24	DT	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=186,GB)
45.32.29.205	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:30	HIVE Case #7813 CTO 22-173 (IP=205,JP)
45.32.40.134	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
45.32.44.226	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=226,JP)
45.32.44.75	32	SW	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00329 (IP=75,JP)
45.32.45.110	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:25	HIVE Case #7653 CTO 22-144 (IP=110,JP)
45.32.49.144	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:44	HIVE Case #7198 CTO 22-071 (IP=144,JP)
45.32.52.188	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=188,JP)
45.32.57.218	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6166 CTO 21-246 (IP=218,JP)
45.32.57.227	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=227,JP)
45.32.59.31	24	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:56	HIVE Case #7532 IOC_SOLARDEFLECTION C2 (IP=31,JP)
45.32.90.247	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 13:55:36	SQL injection - 6hr Web Attacks (IP=247,US)
45.32.92.156	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=156,US)
45.33.0.181	32	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	Malicious IPS - HIVE Case 6711 (IP=181,US)
45.33.101.246	32	JKC	None	2022-03-16 00:00:00	2022-06-16 00:00:00	2022-03-21 14:49:25	excessive Web malformed attacks ESM Hive Case 7212 (IP=246, US)
45.33.119.180	32	NAB	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=180,US)
45.33.119.254	32	NAB	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=254,US)
45.33.124.13	32	WR	None	2022-02-19 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:47	Exploit.Log4Shell.CVE-2021-44228 - FE IPS events (13,US) | updated by SW Block was inactive. Reactivated on 20220703 with reason SQL injection - WebAttacks (IP=13,US)
45.33.125.175	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - Sourcefire (IP=175,US)
45.33.125.176	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Sourcefire (IP=176,US)
45.33.14.161	32	TH	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:52	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=160,US)
45.33.16.92	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=92,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=92,US)
45.33.26.194	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - Sourcefire (IP=194,US)
45.33.26.43	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (CVE-2021-44228) (1:2034665:1) - Sourcefire (IP=43,US)
45.33.3.219	32	NAB	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:49	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=219,US)
45.33.3.91	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:34	SQL injection - 6Hr Web Attacks (IP=91,US)
45.33.47.115	32	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 115, US)
45.33.47.128	32	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 128, US)
45.33.47.173	32	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 173, US)
45.33.47.214	32	WR	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Self Report/Ft. Detrick/Log4j Attempts - TT# 22C00601 (IP=214,US)
45.33.47.53	32	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 53, US)
45.33.47.90	32	WR	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	ColfFusion/Self-report - IR# 22C00600 (IP=90,US)
45.33.47.97	32	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 97, US)
45.33.47.97	24	KH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44237 (IP=97,US)
45.33.50.26	32	AR	None	2022-03-08 00:00:00	2022-06-06 00:00:00	2022-03-08 18:08:51	SQL injection - 6Hr Web Attack (IP=26,US)
45.33.73.168	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:02	SQL injection - WebAttacks (IP=168,US)
45.33.73.19	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:01	SQL injection - WebAttacks (IP=19,US)
45.33.73.67	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:01	SQL injection - WebAttacks (IP=67,US)
45.33.83.193	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=193,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=193,US) HIVE Case #5969 TO-S-2021-1289 (IP=193,US)
45.33.83.193	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=193,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=193,US) HIVE Case #5969 TO-S-2021-1289 (IP=193,US)
45.33.83.193	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=193,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=193,US) HIVE Case #5969 TO-S-2021-1289 (IP=193,US)
45.33.84.239	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=239,US)
45.33.98.190	32	RR	None	2022-07-07 00:00:00	2022-11-16 00:00:00	2022-08-18 22:50:37	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=190,US) | updated by JP Block expiration extended with reason SQL injection - 6HR Web Attacks (IP=190,US) | updated by ZH Block expiration extended with reason SERVER-WEBAPP Apache Log4j logging remote code execution attempt (3:58802:4) - SourceFire (IP=190,US)
45.34.14.101	32	SW	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-19 13:56:38	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01827 (IP=101,US)
45.38.70.86	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=86,US)
45.4.184.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
45.4.216.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.4.4.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.4.56.139	32	RB	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:14	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=139,BR)
45.40.134.229	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=229,US)
45.40.136.61	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=61,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=61,US)
45.40.196.167	24	DT	None	2021-11-16 00:00:00	2022-02-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=167,VN)
45.41.136.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,GB)
45.41.180.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,US)
45.41.181.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,US)
45.41.204.25	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=25,US)
45.42.201.154	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=154,US)
45.42.201.248	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=248,US)
45.43.19.91	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:52	HIVE Case #7728 TO-S-2022-0192 (IP=91,US)
45.43.50.197	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:58	HIVE Case #7546 CTO 22-127 (IP=197,PH)
45.43.60.190	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=190,JP)
45.46.53.140	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:59	HIVE Case #7199 CTO 22-074 (IP=140,US)
45.5.179.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.55.32.244	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:19	ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt - SourceFire (IP=244,US)
45.55.32.31	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:53	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=31,US)
45.55.32.57	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:24	SQL injection - WebAttacks (IP=57,US)
45.55.33.155	32	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:33	HTTP: SQL Injection - Exploit II - WebAttacks (IP=155,US)
45.55.34.147	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:12	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=147,US)
45.55.34.33	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:44	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt - SourceFire (IP=33,US)
45.55.34.89	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:09	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=89,US)
45.55.35.158	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:43	SQL injection - WebAttacks (IP=158,US)
45.55.35.186	32	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:54:01	SIPVicious Security Scanner - IPS Events (IP=186,US)
45.55.36.23	32	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:44	SQL injection - WebAttacks (IP=23,US)
45.55.36.75	32	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:18	SQL injection - Web Attacks (IP=75,US)
45.55.37.180	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:48	DoctorAppointmentSystem SQL Injection Vulnerability (IP=180,US)
45.55.37.184	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:42	SQL injection - Web Attacks (IP=184,US)
45.55.37.35	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:09	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - SourceFire Report (IP=35,US)
45.55.38.144	32	NAB	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=144,US)
45.55.38.202	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:23	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire Report (IP=202,US)
45.55.38.211	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:13	SQL injection - Web Attacks (IP=211,US)
45.55.38.47	32	SW	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 13:54:34	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=47,US)
45.55.39.146	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:15	SQL injection - WebAttacks (IP=146,US)
45.55.41.10	32	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:48	SQL injection - Web Attacks (IP=10,US)
45.55.42.17	32	RS	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:17	SQL injection - 6Hr Web Attacks (IP=17,US)
45.55.42.203	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:54	SQL injection - WebAttacks (IP=203,US)
45.55.42.231	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:13	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attacks (IP=231,US)
45.55.42.34	32	JP	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:12	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attacks (IP=34,US)
45.55.43.228	32	SW	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-14 13:50:25	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=228,US)
45.55.44.208	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:53	SQL injection - 6Hr Web Attacks (IP=208,US)
45.55.44.24	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 14:05:31	SQL 1 = 1 - possible sql injection attempt - 6 Hr Web Report (IP=24,US)
45.55.44.81	32	JP	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:19	Webshell.Binary.php.FEC2 - FE NX (IP=81,US)
45.55.46.137	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:43	SQL injection - Web Attacks (IP=137,US)
45.55.46.138	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:02	SQL injection - 6 hr Web Attacks (IP=138,US)
45.55.46.159	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:52	SQL injection - Web Attacks (IP=159,US)
45.55.46.215	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 13:47:16	SQL injection - WebAttacks (IP=215,US)
45.55.48.136	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:02	SQL injection - Web Attacks (IP=136,US)
45.55.49.134	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:08	SERVER-WEBAPP WebSVN search command injection attempt (1:58821:1) - SourceFire (IP=134,US)
45.55.50.20	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:51	SQL injection - 6Hr Web Attacks (IP=20,US)
45.55.54.216	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:19	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - SourceFire (IP=216,US)
45.55.54.246	32	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:23	SQL injection - 6 Hr Web Report (IP=246,US)
45.55.55.165	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:27	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=165,US)
45.55.57.135	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:14	SQL injection - Web Attacks (IP=100,US)
45.55.57.78	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:18	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=78,US)
45.55.58.41	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:05	SERVER-WEBAPP System Information Library for node.js command injection attempt - SourceFire (IP=41,US)
45.55.58.97	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:53	Possible Cross-site Scripting Attack - FE IPS Events (IP=97,US)
45.55.59.104	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:52	SQL injection - 6Hr Web Attacks (IP=104,US)
45.55.59.113	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:11	SQL injection - 6hr Web Attacks (IP=113,US)
45.55.62.207	32	AR	None	2022-05-01 00:00:00	2022-07-29 00:00:00	2022-05-01 13:52:42	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (1:51924:4) - SourceFire (IP=207,US)
45.55.62.52	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:56	SQL injection - Web Attacks (IP=52,US)
45.55.63.246	32	NAB	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:03	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=246,US)
45.56.101.142	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:42	HTTP: PHP File Inclusion Vulnerability - IR# 22C01526(IP=142,US)
45.56.101.72	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:45	HTTP: PHP File Inclusion Vulnerability - IR# 22C01530 (IP=72,US)
45.56.104.101	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:42	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01524 (IP=101,US)
45.56.109.128	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:17	SQL injection - Web Attacks (IP=128,US)
45.56.109.139	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:18	SQL injection - Web Attacks (IP=139,US)
45.56.109.149	32	RR	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:18	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=149,US) | updated by KH Block expiration extended with reason SQL injection - Web Attacks (IP=149,US)
45.56.109.158	32	RR	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:19	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt - SourceFire (IP=158,US) | updated by KH Block expiration extended with reason SQL injection - Web Attacks (IP=158,US)
45.56.109.187	32	RR	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:20	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=187,US) | updated by KH Block expiration extended with reason SQL injection - Web Attacks (IP=187,US)
45.56.109.197	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:20	SQL injection - Web Attacks (IP=197,US)
45.56.109.227	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:56	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt - SourceFire (IP=227,US)
45.56.109.253	32	KH	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:21	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - Sourcefire (IP=253,US) | updated by KH Block expiration extended with reason SQL injection - Web Attacks (IP=253,US)
45.56.116.190	32	RT	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-04 14:42:56	SQL injection - 6HR Web Attack (IP=190,US)
45.56.125.105	32	NAB	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=105,US)
45.56.125.141	32	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SQL injection - Web Attacks (IP=141,US)
45.56.127.149	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 23:23:59	SQL injection - 6 Hr Web Report (IP=149,US)
45.56.165.63	32	AR	None	2022-06-12 00:00:00	2022-09-10 00:00:00	2022-06-13 13:54:49	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=63,US)
45.56.228.21	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=21,GR)
45.56.67.22	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 23:23:58	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - SourceFire Report (IP=22,US)
45.56.80.11	32	BMP	None	2021-12-15 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=11,US)
45.56.92.19	32	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=19,US)
45.58.112.202	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=202,US)
45.58.112.77	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6446 CTO 21-272 (IP=77,US)
45.58.113.178	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=178,US)
45.58.117.178	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=178,US)
45.58.117.98	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=98,US)
45.58.123.178	32	dbc	None	2020-05-07 00:00:00	2022-03-24 00:00:00	None	US TO-S-2020-0493 Malware Activity | updated by TLM Block was inactive. Reactivated on 20210924 with reason HIVE Case #6252 CTO 21-265 (IP=178,US)
45.58.124.98	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=98,US)
45.58.127.226	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=226,US)
45.58.138.186	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:18	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=186, US)
45.58.138.187	24	AR	None	2022-05-01 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:31	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=187,NL) | updated by RS Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6Hr Web Attacks (IP=187,NL)
45.58.142.25	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.58.177.50	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44229 (IP=50,US)
45.58.190.82	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=82,US)
45.58.32.100	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=100,US)
45.58.52.227	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=227,US)
45.58.52.73	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=73,US)
45.58.52.99	32	TLM	None	2021-08-23 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=99,US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=99,US)
45.58.55.73	32	TLM	None	2021-06-14 00:00:00	2022-08-17 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=73,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=73,US) | updated by TLM Block was inactive. Reactivated on 20220216 with reason HIVE Case #7008 CTO 22-047 (IP=73,US)
45.6.224.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EC TO-S-2021-1037 Hive Case 4785 Malware Activity
45.6.28.156	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:09	SQL injection - 6HR web Attacks (IP=156,BR)
45.60.153.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.60.99.47	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=47,US)
45.61.136.0	24	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:43	HIVE Case #7840 CTO 22-175 (IP=0,US)
45.61.136.39	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:43	HIVE Case #7813 CTO 22-173 (IP=39,US)
45.61.137.195	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=195,NL)
45.61.137.239	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=239,NL)
45.61.138.145	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=145,GB)
45.61.138.203	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=203,GB)
45.61.138.219	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=219,GB)
45.61.139.138	32	AS	None	2022-04-08 00:00:00	2022-10-04 00:00:00	2022-04-08 17:37:02	HIVE Case #7363 CTO 22-097 (IP=138,GB)
45.61.139.232	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=232,GB)
45.61.139.38	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:21	HIVE Case #7862 CTO 22-176 (IP=38,GB)
45.61.139.99	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=99,GB)
45.61.146.0	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,US)
45.61.147.87	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.61.161.150	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:07	HIVE Case #7133 CTO 22-062 (IP=150,US)
45.61.184.118	32	KH	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:10	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire (IP=118,US)
45.61.184.133	32	KH	None	2022-08-16 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:15	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire (IP=133,US) | updated by RR Block expiration extended with reason SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=133,US)
45.61.184.138	32	KH	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:16	SIPVicious Security Scanner - FE IPS (IP=138,US)
45.61.184.208	32	KH	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 22:45:55	SIPVicious Security Scanner - FE IPS (IP=208,US)
45.61.185.88	32	ZH	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 23:23:09	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=88,US)
45.61.186.160	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:39	HIVE Case #7342 CTO 22-092 FRAGO (IP=160,US)
45.61.186.172	32	KH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=172,US)
45.61.187.34	32	NAB	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=34,US)
45.61.188.160	32	NAB	None	2022-05-05 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:33	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=160,US) | updated by TLM Block expiration extended with reason HIVE Case #7623 CTO 22-139 (IP=160,US)
45.62.228.11	32	DT	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:44	ColdFusion Error reporting Scanner or Short-Description: Self-Report / ColdFusion Error reporting - IR#: 22C01039 (IP=11,CA)
45.63.10.246	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:15	HIVE Case #7894 CTO 22-187 (IP=246,US)
45.63.100.115	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:23	HIVE Case #7894 CTO 22-187 (IP=115,GB)
45.63.114.71	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=71,FR)
45.63.117.40	24	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:57	SIPVicious Security Scanner - IPS Events (IP=40,DE)
45.63.41.180	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=180,NL)
45.63.61.172	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=172,US)
45.63.62.109	32	dbc	None	2019-10-23 00:00:00	2022-07-26 00:00:00	None	US TO-S-2020-0056 Malware Activity | updated by TLM Block was inactive. Reactivated on 20220126 with reason HIVE Case #6837 CTO 22-025 (IP=109,US)
45.63.83.186	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=186,US)
45.63.89.250	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:31	HIVE Case #7189 CTO 22-068.1 (IP=250,US)
45.63.92.102	32	KH	None	2022-08-06 00:00:00	2022-11-04 00:00:00	2022-08-06 22:54:33	Phish.URL.Emotet - FE NX (IP=102,US)
45.64.112.51	24	EE	None	2022-02-22 00:00:00	2022-05-23 00:00:00	2022-02-25 23:37:20	HIVE Case #7087 IOC_ Vul MS-SQL Servers - Cobalt Strike (IP=51,HK)
45.64.132.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BD TO-S-2021-1117 DOS-DDOS Activity
45.64.176.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
45.64.60.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NZ TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
45.64.75.134	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=134,TW)
45.67.116.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MD TO-S-2021-1037 Hive Case 4785 Malware Activity
45.67.156.18	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=18,HU)
45.67.229.164	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:09	HIVE Case #8395 TO-S-2022-0233 (IP=164,MD)
45.67.230.0	24	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=0,RU)
45.67.230.138	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:47	HIVE Case #7904 CTO 22-189 (IP=138,RU)
45.67.34.152	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:14	HIVE Case #7882 IOC_Recordbreaker_Stealer(IP=152,RO)
45.70.0.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.70.192.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BR TO-S-2021-1050 Hive Case 4821 Malware Activity
45.70.196.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
45.70.236.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	EC TO-S-2021-1117 DOS-DDOS Activity
45.70.48.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
45.71.120.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BR TO-S-2021-1117 DOS-DDOS Activity
45.72.112.245	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:15	HIVE Case #7668 CTO 22-146 (IP=245,US)
45.72.3.158	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:56	HIVE Case #7361 CTO 22-098 (IP=158,US)
45.72.85.172	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:17	HIVE Case #7668 CTO 22-146 (IP=172,US)
45.74.14.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.74.14.6	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	AU TO-S-2021-1143 Malicious Email Activity
45.74.22.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.74.25.23	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
45.74.56.36	32	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:40	Self Report / ColdFusion Error Reporting - IR# 22C01567 (IP=36,US)
45.74.56.40	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:30:37	Self Report / ColdFusion Error Reporting - IR#22C1601 (IP=40,US)
45.76.102.192	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=192,JP)
45.76.113.163	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:09	HIVE Case #7774 CTO 22-166 (IP=163,AU)
45.76.122.6	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=6,AU)
45.76.124.255	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=255,AU)
45.76.144.182	32	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:47	HIVE Case #7840 CTO 22-175 (IP=182,SG
45.76.153.100	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:03	HIVE Case #7282 CTO 22-085 (IP=100,SG)
45.76.154.24	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=24,SG)
45.76.155.71	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:06	HIVE Case #7904 CTO 22-189 (IP=71,SG)
45.76.162.210	24	KD	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=210,SG)
45.76.162.210	24	KD	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=210,SG)
45.76.162.210	24	KD	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=210,SG)
45.76.163.151	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=151,SG)
45.76.173.103	32	dbc	None	2019-10-23 00:00:00	2022-07-26 00:00:00	None	US TO-S-2020-0056 Malware Activity | updated by TLM Block was inactive. Reactivated on 20220126 with reason HIVE Case #6837 CTO 22-025 (IP=103,US)
45.76.179.238	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=238,SG)
45.76.187.64	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=64,SG)
45.76.191.146	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:34	HIVE Case #7458 CTO 22-113 (IP=146,SG)
45.76.192.182	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	JP TO-S-2021-1143 Command and Control Exploit
45.76.196.30	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:53	HIVE Case #7894 CTO 22-187 (IP=30,JP)
45.76.202.167	32	KH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution(CVE-2017-5638) IR#22C00960 (IP=167,JP)
45.76.207.178	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6166 CTO 21-246 (IP=178,JP)
45.76.218.232	32	TLM	None	2022-05-04 00:00:00	2022-11-03 00:00:00	2022-05-04 18:17:17	HIVE Case #7515 CTO 22-124 (IP=232,JP)
45.76.222.113	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	JP TO-S-2021-1143 Command and Control Exploit
45.76.222.201	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=201,JP)
45.76.238.53	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 18:56:24	HIVE Case #8121 CTO 22-223 (IP=53,US)
45.76.28.14	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:15	HIVE Case #7862 CTO 22-176 (IP=14,US)
45.76.30.99	32	ZH	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Rpt (IP=99,US)
45.76.37.222	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=222,NL)
45.76.39.145	24	NAB	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 13:50:42	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=145,NL)
45.76.48.18	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=18,JP)
45.76.53.253	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:40	HIVE Case #7768 CTO 22-161 (IP=253,JP)
45.76.56.110	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=110,US)
45.76.89.237	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=237,DE)
45.77.123.183	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=183,US)
45.77.127.48	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=48,US)
45.77.139.50	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6310 CTO 21-273 (IP=50,NL)
45.77.141.178	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=178,DE)
45.77.141.47	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=47,DE)
45.77.143.251	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=251,DE)
45.77.150.145	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=145,US)
45.77.156.179	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:41	HIVE Case #7768 CTO 22-161 (IP=179,US)
45.77.16.91	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:15	HIVE Case #7564 TO-S-2022-0180 (IP=91,JP)
45.77.169.18	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=18,SG)
45.77.175.5	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:59	HIVE Case #7104 TO-S-2022-0138 (IP=5,SG)
45.77.178.134	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:24	HIVE Case #7894 CTO 22-187 (IP=134,JP)
45.77.18.156	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JP TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.77.195.173	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=173,US)
45.77.200.14	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:11	HIVE Case #7705 CTO 22-153 (IP=14,US)
45.77.229.130	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6346 CTO 21-278 (IP=130,GB)
45.77.237.243	32	TLM	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 15:03:16	HIVE Case #8328 TO-S-2022-0230 (IP=243,AU)
45.77.246.42	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=42,SG)
45.77.250.141	32	TLM	None	2022-05-06 00:00:00	2022-11-05 00:00:00	2022-05-06 18:07:11	HIVE Case #7533 CTO 22-126 (IP=141,SG)
45.77.250.209	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=209,SG)
45.77.31.175	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=175,JP) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=175,JP)
45.77.33.35	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=35,SG)
45.77.40.222	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=222,SG)
45.77.51.180	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=180,AU)
45.77.57.126	32	AS	None	2022-04-06 00:00:00	2022-10-05 00:00:00	2022-04-06 18:02:15	HIVE Case #7345 CTO 22-095 (IP=126,GB)
45.77.60.46	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=46,FR)
45.78.65.155	32	EE	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HIVE Case #6288 IOC_MIRAI_MALWARE_CVE-2021-22204 (IP=155,US)
45.79.10.169	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - Sourcefire (IP=169,US)
45.79.10.170	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (CVE-2021-44228) (1:2034665:1) - Sourcefire (IP=170,US)
45.79.101.187	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SQL Injection - ABC Report (IP=187,US)
45.79.101.205	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQL Injection - ABC Report (IP=205,US)
45.79.101.243	32	AR	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	T1190 - Command Injection,SQL Injection - ABC Report (IP=243,US)
45.79.101.77	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=77,US)
45.79.101.85	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=85,US)
45.79.102.238	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=238,US)
45.79.104.202	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=202,US)
45.79.122.225	32	TLM	None	2022-05-17 00:00:00	2022-11-16 00:00:00	2022-05-17 18:25:01	HIVE Case #7608 CTO 22-137 (IP=225,IN)
45.79.140.220	32	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:12	SQL injection - 6Hr Web Attacks (IP=220,US)
45.79.142.211	32	TLM	None	2022-01-04 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:50	HIVE Case #6729 CTO 22-004 (IP=211,US) | updated by AS Block was inactive. Reactivated on 20220711 with reason HIVE Case #7913 CTO 22-190 (IP=211,US)
45.79.148.108	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:56:00	SQL injection - WebAttacks (IP=108,US)
45.79.148.162	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:55:59	SQL injection - WebAttacks (IP=162,US)
45.79.148.170	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:55:59	SQL injection - WebAttacks (IP=170,US)
45.79.148.28	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:55:58	SQL injection - WebAttacks (IP=28,US)
45.79.150.78	32	TC	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-24 13:55:57	Phish.URL - FE NX (IP=78,US)
45.79.152.251	32	DT	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-02 14:08:04	SERVER-WEBAPP Java ClassLoader access attempt (1:30792:7) - Sourcefire (IP=251,US)
45.79.163.65	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:44	HTTP: PHP File Inclusion Vulnerability - IR# 22C01529(IP=65,US)
45.79.164.158	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=158,US)
45.79.165.135	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:39	HIVE Case #7676 CTO 22-147 (IP=135,US)
45.79.165.140	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:40	HIVE Case #7676 CTO 22-147 (IP=140,US)
45.79.166.113	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:46	HIVE Case #7904 CTO 22-189 (IP=113,US)
45.79.167.31	32	TH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-29 13:57:17	HTTP: PHP File Inclusion Vulnerability - IR# 22C01882 (IP=31,US)
45.79.178.40	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
45.79.179.108	32	KD	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-05 00:07:03	SQL injection- Web Attacks (IP=108,US)
45.79.195.168	32	KH	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-06 14:06:22	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=168,US) | updated by KH Block expiration extended with reason SQL injection - Web Attacks (IP=168,US)
45.79.20.228	32	NAB	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:49	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=228,US)
45.79.20.48	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:53	SQL injection - 6Hr Web Attacks (IP=48,US)
45.79.218.149	32	RT	None	2022-01-04 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:03	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58741:4) - Sourcefire Report (IP=149,US) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=149,US) | updated by AS Block was inactive. Reactivated on 20220412 with reason HIVE Case #7381 CTO 22-102 v2 (IP=149,US)
45.79.220.42	32	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:09	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=42,US)
45.79.239.23	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=23,AU)
45.79.250.216	24	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:34	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=216,DE)
45.79.27.125	32	RR	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:53	SQL injection - Web Attacks (IP=125,US)
45.79.27.163	32	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:49	SQL injection - 6 Hr Web Report (IP=163,US)
45.79.27.51	32	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-13 13:58:39	SQL injection - 6 Hr Web Report (IP=51,US)
45.79.27.65	32	DT	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:44	Self-Report / ColdFusion Error reporting - IR#: 22C01040 (IP=65,US)
45.79.27.98	32	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-13 13:58:38	SQL injection - 6 Hr Web Report (IP=98,US)
45.79.28.243	32	KH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire (IP=243,US)
45.79.33.48	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=48,US)
45.79.36.192	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:06	HIVE Case #7904 CTO 22-189 (IP=192,US)
45.79.43.34	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 22:46:04	PHP File Inclusion Vulnerability - IR#22C01936 (IP=34,US)
45.79.47.64	32	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	Malicious IPS - HIVE Case 6711 (IP=64,US)
45.79.50.108	32	WR	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 14:39:49	SQL injection - Web Attacks (IP=108,US)
45.79.50.109	32	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:48	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - SourceFire Report (IP=109,US)
45.79.50.244	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
45.79.52.155	32	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-13 13:58:38	SQL injection - 6 Hr Web Report (IP=155,US)
45.79.54.114	32	TH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 (IP=114,US)
45.79.54.7	32	BB	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	HTTP Request Brute Force Attack - Failed Logons (IP=7,US)
45.79.59.222	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=222,US)
45.79.77.204	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection - ABC Report (IP=204,US)
45.79.87.156	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=156,US)
45.79.87.168	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=168,US)
45.79.87.94	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SQL Injection - ABC Report (IP=94,US)
45.79.91.18	32	KH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44236 (IP=18,US)
45.8.126.0	24	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
45.8.158.0	23	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	RU TO-S-2021-1158 Malware Activity
45.80.148.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	OM TO-S-2021-1050 Hive Case 4821 Malware Activity
45.80.148.40	24	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Report (IP=40,FR)
45.81.148.25	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:57	SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt - SourceFire (IP=25,CA)
45.82.254.130	32	JP	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 22:29:33	SIPVicious Security Scanner - IPS Events (IP=130,US)
45.82.254.34	32	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:48:04	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - Sourcefire (IP=34,US)
45.83.122.223	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:06	HIVE Case #7894 CTO 22-187 (IP=223,VG)
45.83.123.8	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:05	HIVE Case #7874 CTO 22-181 (IP=8,VG)
45.83.193.150	24	AR	None	2021-12-14 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6658 - Exploit.CVE-2021-44228 (IP=150,EE) | updated by WR Block expiration extended with reason HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=150,EE)
45.83.220.194	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=194,SE)
45.83.27.2	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:48	SIPVicious Security Scanner - FE CMS IPS Events (IP=2,US)
45.83.64.1	24	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=1,DE)
45.83.64.145	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.64.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.64.161	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.64.181	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.64.207	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.64.237	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.65.118	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.65.155	24	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=155,DE)
45.83.65.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.65.211	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.65.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.65.5	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.65.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.66.172	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.66.204	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.66.248	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.66.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.66.79	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.67.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.67.155	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=155,DE)
45.83.67.159	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
45.83.67.169	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=169,DE)
45.83.67.169	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=169,DE)
45.83.67.17	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
45.83.67.175	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=175,DE)
45.83.67.175	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=175,DE)
45.83.67.179	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=179,DE)
45.83.67.179	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=179,DE)
45.83.67.188	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=188,DE)
45.83.67.188	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=188,DE)
45.83.67.190	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=190,DE)
45.83.67.190	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=190,DE)
45.83.67.215	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=215,DE)
45.83.67.215	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=215,DE)
45.83.67.219	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=219,DE)
45.83.67.219	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=219,DE)
45.83.67.220	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=220,DE)
45.83.67.220	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=220,DE)
45.83.67.222	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=222,DE)
45.83.67.222	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=222,DE)
45.83.67.227	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=227,DE)
45.83.67.227	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=227,DE)
45.83.67.230	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=230,DE)
45.83.67.230	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=230,DE)
45.83.67.238	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=238,DE)
45.83.67.238	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=238,DE)
45.83.67.250	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=250,DE)
45.83.67.250	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=250,DE)
45.83.67.252	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=252,DE)
45.83.67.252	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=252,DE)
45.84.0.116	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:43	HIVE Case #7325 CTO 22-091 (IP=116,MD)
45.84.0.152	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:51	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=152,MD)
45.84.1.181	24	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:36	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=181,RU)
45.84.189.3	24	RB	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	HIVE Case # 6942 (IP=3,TR)
45.84.191.215	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=215,TR) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=215,TR)
45.84.205.151	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=151,DE)
45.85.190.152	32	WR	None	2021-11-03 00:00:00	2022-02-01 00:00:00	None	SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt - Sourcefire (IP=152,US)
45.85.190.62	32	NAB	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:56:59	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=62,US)
45.86.146.67	24	TH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-02 13:50:48	SIPVicious Security Scanner - FE CMS IPS Events (IP=67,IT)
45.86.162.116	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	NL TO-S-2021-1156 Malicious Email Activity
45.86.202.146	24	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (1:25975:3) - SOURCEFIRE REPORT (IP=146,DE)
45.87.152.0	22	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6643 TO-S-2022-0073 (IP=0,US)
45.87.251.10	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:43	HIVE Case #7904 CTO 22-189 (IP=10,SC)
45.87.80.108	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	NL TO-S-2021-1102 Malicious Email Activity
45.87.95.101	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:54	HIVE Case #7894 CTO 22-187 (IP=101,JP)
45.88.202.115	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:38	HIVE Case #8395 TO-S-2022-0233 (IP=115,NO)
45.88.3.239	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=239,SC)
45.88.6.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HK TO-S-2021-1050 Hive Case 4821 Malware Activity
45.89.104.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,US)
45.89.127.244	32	TLM	None	2021-10-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6387 CTO 21-289 (IP=244,DE)
45.89.127.72	32	TLM	None	2021-10-29 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6447 CTO 21-287 (IP=72,DE)
45.89.172.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	OM TO-S-2021-1037 Hive Case 4785 Malware Activity
45.89.228.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
45.89.66.155	24	RR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:30	Hive Case # 7537 (IP=155,RU)
45.89.67.226	32	TLM	None	2022-05-11 00:00:00	2022-11-08 00:00:00	2022-05-13 17:39:11	HIVE Case #7567 COLS-NA-TIP 22-0165 (IP=226,RU)
45.9.148.37	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=37,NL)
45.9.150.113	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:11	HIVE Case #7341 CTO 22-092 (IP=113,CH)
45.9.20.101	32	TH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-11 00:04:58	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01251 (IP=101,RU)
45.9.20.11	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:07	HIVE Case #7894 CTO 22-187 (IP=11,RU)
45.9.20.200	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:00	HIVE Case #7199 CTO 22-074 (IP=200,RU)
45.9.20.85	24	RR	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	SQL injection - Web Attacks (IP=85,RU)
45.9.251.178	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:16	Infection Match (blocked)- FIREEYE Web(IP=178,IT)
45.90.108.130	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=130,US)
45.90.161.56	24	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:54	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire Report (IP=56,FR)
45.90.162.186	24	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - FE IPS (IP=186,FR)
45.90.58.67	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:07	HIVE Case #7627 CTO 22-140 (IP=67,CH)
45.90.59.131	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:30	HIVE Case #7189 CTO 22-068.1 (IP=131,CH)
45.91.168.64	24	KH	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 22:45:56	SIPVicious Security Scanner - FE IPS (IP=64,NL)
45.91.20.198	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=198,IT)
45.91.225.139	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=139,KR)
45.91.225.73	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=73,KR)
45.91.24.69	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=69,AT)
45.91.24.73	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=73,AT)
45.91.67.114	24	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:05	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=114, BG)
45.91.67.29	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=29,RU)
45.91.83.57	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:49	HIVE Case #7380 CTO 22-099 (IP=57,US)
45.91.93.75	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:41	HIVE Case #7189 CTO 22-068.1 (IP=75,GB)
45.92.126.210	32	TH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:11	SIPVicious Security Scanner - FE CMS IPS Events (IP=210,US)
45.92.156.153	24	AR	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 13:40:50	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=153,NL)
45.92.33.18	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:17	Infection Match (blocked)- FIREEYE Web(IP=18,GR)
45.92.9.122	32	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:15	Exploit.Log4Shell.CVE-2021-44228 - IPS Event (IP=122,US)
45.93.16.167	24	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:00	SIPVicious Security Scanner - IPS Events (IP=167,DE)
45.93.16.46	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:05	SIPVicious Security Scanner - FE IPS (IP=46,DE)
45.93.16.46	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:05	SIPVicious Security Scanner - FE IPS (IP=46,DE) SIPVicious Security Scanner - FE IPS (IP=46,DE)
45.93.16.62	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:12	SSLv2 Client Hello Request Detected - IPS Events (IP=62,DE)
45.93.16.80	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:50	SIPVicious Security Scanner - FE CMS IPS Events (IP=80,PS)
45.93.16.80	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:56	SIPVicious Security Scanner - FE CMS IPS Events (IP=80,PS)
45.93.17.10	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:45	HIVE Case #7662 CTO 22-145 (IP=10,DE)
45.93.201.119	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:07	HIVE Case #7894 CTO 22-187 (IP=119,RU)
45.94.215.109	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
45.95.11.34	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:41	HIVE Case #8395 TO-S-2022-0233 (IP=34,SK)
45.95.147.7	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:06	SIPVicious Security Scanner FE CMS IPS alert (IP=7,NL) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=7,NL) SIPVicious Security Scanner - FE IPS (IP=7,NL)
45.95.147.7	24	SA	None	2022-05-31 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:06	SIPVicious Security Scanner FE CMS IPS alert (IP=7,NL) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=7,NL) SIPVicious Security Scanner - FE IPS (IP=7,NL)
45.95.169.109	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=109,HR)
45.95.169.114	24	ZH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt- 6hr Web Attacks (IP=114,HR)
45.95.235.111	24	KH	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=111,RU)
45.95.243.61	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:11	SQL injection - Web Attacks (IP=61,AT)
45.95.55.36	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:53	HIVE Case #7898 CTO 22-188 (IP=36,DE)
45.95.55.42	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:05	HIVE Case #7862 CTO 22-176 (IP=42,DE)
45.95.55.69	24	NAB	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 13:50:43	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=69,DE)
4538635151.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
46.1.120.52	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.1.127.83	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.1.14.51	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.1.148.137	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.101.114.227	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:09	SIPVicious Security Scanner - CMS IPS Events (IP=227,DE)
46.101.137.169	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:18	HIVE Case #7928 CTO 22-194 (IP=169,DE)
46.101.137.222	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=222,DE)
46.101.15.90	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=90,GB)
46.101.163.80	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00365 (IP=80,DE)
46.101.164.72	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:13	HIVE Case #7705 CTO 22-153 (IP=72,DE)
46.101.209.249	32	wmp	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HIVE Case #6758 QUIETCANARY Malware IOC (IP=249,DE)
46.101.212.216	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:31	4640 HTTP PHP Code Injection - IR# 22C01671 (IP=216,US)
46.101.213.92	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=92,DE)
46.101.25.250	24	ZH	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=250,GB)
46.101.27.73	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:08	HIVE Case #7341 CTO 22-092 (IP=73,GB)
46.101.35.138	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=138,GB)
46.101.53.95	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:15	HIVE Case #7458 CTO 22-113 (IP=95,GB)
46.101.76.121	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=121,GB)
46.101.76.63	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:58	HIVE Case #7731 CTO 22-158 (IP=63,GB)
46.101.85.217	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=217,GB)
46.102.152.102	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:56	HIVE Case #7361 CTO 22-098 (IP=102,CH)
46.102.235.194	24	DT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	IP linked to Exploit.Kit.Malvertisement.FakeUpdates Case #6749 (IP=194,RO)
46.103.2.106	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.105.108.138	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=138,FR)
46.105.108.138	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=138,FR)
46.105.108.138	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=138,FR)
46.105.81.76	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=76,FR)
46.107.208.166	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
46.11.6.104	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:53	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=104,MT)
46.11.83.236	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:53	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=236,MT)
46.11.88.157	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:54	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=157,MT)
46.11.88.251	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:55	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=251,MT)
46.12.131.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.135.230.120	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=120,CZ)
46.137.201.254	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=254,SG)
46.137.47.161	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00392(IP=161, IE)
46.139.246.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
46.139.71.250	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
46.14.160.185	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:50	HIVE Case #7913 CTO 22-190 (IP=185,CH)
46.148.128.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	RU TO-S-2021-1102 Malware Activity
46.148.167.135	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
46.148.224.27	24	NAB	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 14:50:37	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=27,RU)
46.149.110.195	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:07	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=195,RU)
46.149.126.150	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
46.151.8.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
46.152.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SA TO-S-2021-1117 DOS-DDOS Activity
46.152.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SA TO-S-2021-1037 Hive Case 4785 Malware Activity
46.16.59.90	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	ES TO-S-2021-1143 Malicious Email Activity
46.16.8.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
46.161.27.143	24	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:41	Masscan TCP Port Scanner - IPS Events(IP=143,RU)
46.161.52.37	24	NAB	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=37,RU)
46.161.54.57	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:08	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=57,RU)
46.161.59.64	24	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=64,RU)
46.161.62.175	24	KH	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=175,RU)
46.162.108.219	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
46.165.205.14	24	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:21	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=14,DE)
46.165.230.5	32	jky	None	2017-01-06 06:00:00	2022-05-17 00:00:00	None	TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | updated by wmp Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 Mandiant Intel Report (IP=5,DE)
46.166.129.159	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:22	HIVE Case #7088 CTO 22-056 (IP=159,NL)
46.166.139.111	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	NL TO-S-2021-1007 Malware Activity | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=111,NL) HIVE Case #6729 CTO 22-004 (IP=111,NL)
46.166.139.111	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=111,NL)
46.166.139.111	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=111,NL)
46.166.139.111	32	dbc	None	2020-12-18 00:00:00	2022-07-04 00:00:00	None	NL TO-S-2021-1007 Malware Activity | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=111,NL) HIVE Case #6729 CTO 22-004 (IP=111,NL)
46.166.139.111	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=111,NL)
46.166.139.111	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=111,NL)
46.166.186.231	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
46.167.230.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
46.167.248.165	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
46.17.104.127	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:11	HIVE Case #7881 CTO 22-182 (IP=127,RU)
46.170.112.205	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
46.172.208.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
46.173.215.54	24	SW	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:35	Phish.LIVE.DTI.URL - Case 7556(IP=54,RU)
46.173.64.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,UA)
46.174.0.162	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
46.174.1.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
46.174.208.126	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
46.174.214.6	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
46.175.111.144	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
46.175.144.0	21	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:15	HIVE Case #8395 TO-S-2022-0233 (IP=0,NL)
46.175.144.63	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=63,NL)
46.176.151.132	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.176.199.246	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.176.90.127	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.177.139.226	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.177.198.83	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.18.226.132	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
46.18.230.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
46.182.106.190	24	ged	None	2016-06-04 05:00:00	2022-05-16 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (IP=106, NL) | updated by jky with reason TO-S-2017-0381 GRIZZLY STEP | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=190,NL)
46.182.173.244	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	AM TO-S-2021-1102 Malicious Email Activity
46.182.21.248	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=248,DE)
46.19.137.50	24	KH	None	2022-06-07 00:00:00	2022-09-05 00:00:00	2022-06-07 22:42:00	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=50,CH)
46.19.139.42	24	DBC	None	2022-03-20 00:00:00	2022-06-20 00:00:00	2022-03-20 23:01:44	Corelight SSH Scan (IP=42,CH)
46.190.100.15	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.190.102.149	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.190.17.5	24	SW	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:30	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=5,GR)
46.194.138.182	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=182,SE)
46.194.33.115	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:09	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=115,SE)
46.196.253.195	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.198.141.228	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GR TO-S-2021-1117 DOS-DDOS Activity
46.198.223.41	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.198.238.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.2.179.211	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.20.101.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LB TO-S-2021-1117 DOS-DDOS Activity
46.20.34.60	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
46.20.71.161	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:30	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01518 (IP=161,RU)
46.21.102.163	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=163,SE)
46.21.102.163	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=163,SE)
46.21.102.163	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=163,SE)
46.21.103.70	24	BB	None	2021-11-20 00:00:00	2022-02-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=70,SE)
46.21.153.145	32	JEB	None	2022-06-06 00:00:00	2022-09-06 00:00:00	2022-06-08 16:56:04	REV Malicious Bumblebee Hardcoded C2 (IP=145,US)
46.21.242.56	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:03	Suspicious Scan Activity (IP=56,RU)
46.217.252.172	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:55	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=172,MK)
46.217.252.5	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:20	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=5,MK)
46.221.46.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.221.46.5	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.221.60.28	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TR TO-S-2021-1117 DOS-DDOS Activity
46.227.200.53	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	ET INFO Possible Apache log4j RCE Attempt - Any Protocol UDP (CVE-2021-44228) (1:2034662:2) - Source Fire (IP=53,GB)
46.227.201.53	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228) (1:2034701:1) - Sourcefire Rpt (IP=53,GB)
46.227.202.53	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228) (1:2034701:1) - Sourcefire Rpt (IP=53,GB)
46.227.203.53	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228) (1:2034701:1) - Sourcefire Rpt (IP=53,GB)
46.227.204.53	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228) (1:2034701:1) - Sourcefire Rpt (IP=53,GB)
46.227.205.53	24	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228) (1:2034701:1) - Sourcefire Rpt (IP=53,GB)
46.229.194.154	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
46.229.194.207	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
46.229.194.64	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
46.229.55.46	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=46,UA)
46.235.210.101	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:58	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt - SourceFire (IP=101,BH)
46.235.210.159	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:31	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire (IP=159, BH)
46.24.44.151	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
46.242.183.229	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=229,PL)
46.242.8.123	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:04	Suspicious Scan Activity (IP=123,RU)
46.243.184.6	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00605 (IP=6,RU)
46.244.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PS TO-S-2021-1037 Hive Case 4785 Malware Activity
46.246.150.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
46.246.155.152	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
46.246.235.240	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:21	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=240,GR)
46.249.143.60	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
46.249.159.2	32	TLM	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 16:04:07	HIVE Case #7466 TO-S-2022-0170 (IP=2,HU)
46.249.231.60	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=60,NO)
46.249.25.226	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:04	Suspicious Scan Activity (IP=226,RU)
46.249.32.109	24	BB	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SQL injection - SourceFire (IP=109,NL)
46.249.32.126	32	AR	None	2022-08-07 00:00:00	2022-11-05 00:00:00	2022-08-07 13:50:03	Known Attack Tool - IR#22C01776 (IP=126,NL)
46.249.33.115	24	SW	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:49	SIPVicious Security Scanner - IPS Events (IP=115,NL)
46.249.35.243	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:02	HIVE Case #7881 CTO 22-182 (IP=243,NL)
46.249.69.112	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
46.249.89.233	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
46.249.92.21	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
46.250.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
46.251.32.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LT TO-S-2021-1050 Hive Case 4821 Malware Activity
46.252.181.103	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=103,FR)
46.252.34.191	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AL TO-S-2021-1117 DOS-DDOS Activity
46.28.163.76	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
46.3.197.43	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:08	HIVE Case #7894 CTO 22-187 (IP=43,RU)
46.3.242.35	32	SW	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54574:2) - SourceFire (IP=35,US)
46.30.189.3	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:48	HIVE Case #7325 CTO 22-091 (IP=3,DE)
46.30.189.83	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6313 CTO 21-274 (IP=83,DE)
46.30.213.248	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DK TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
46.30.215.192	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DK TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
46.30.42.185	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:23	HIVE Case #7432 CTO 22-110 (IP=185,RU)
46.30.67.253	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=253,CZ)
46.31.236.1	32	KD	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-12 14:30:06	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt - SourceFire(IP=1,US)
46.33.102.178	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
46.33.113.35	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
46.33.120.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
46.33.192.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ME TO-S-2021-1092 Hive Case 4875 Malware Activity
46.34.148.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
46.35.189.84	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
46.36.37.142	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
46.36.64.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LT TO-S-2021-1117 DOS-DDOS Activity
46.36.88.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LT TO-S-2021-1117 DOS-DDOS Activity
46.37.12.150	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
46.37.25.78	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=78,IT)
46.37.26.145	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
46.38.134.36	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:17	HIVE Case #7894 CTO 22-187 (IP=36,IR)
46.38.230.183	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
46.39.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
46.4.191.177	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=177,DE)
46.4.191.178	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=178,DE)
46.4.191.179	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=179,DE)
46.4.51.212	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=212,DE)
46.4.58.167	32	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:18	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR #22C01579 (IP=167,DE)
46.4.60.249	32	TLM	None	2022-04-27 00:00:00	2022-10-25 00:00:00	2022-04-27 20:54:05	HIVE Case #7480 CTO 22-117 (IP=249,DE)
46.40.115.59	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
46.41.1.167	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=167,DE)
46.41.150.134	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
46.41.150.149	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
46.42.16.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
46.43.91.216	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PS TO-S-2021-1050 Hive Case 4821 Malware Activity
46.47.143.130	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
46.47.82.137	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
46.51.135.101	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=101,IE)
46.55.217.228	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
46.55.79.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MD TO-S-2021-1050 Hive Case 4821 Malware Activity
46.60.9.45	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PS TO-S-2021-1050 Hive Case 4821 Malware Activity
46.70.199.153	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:19	HIVE Case #7277 CTO 22-084 (IP=153,AM)
46.90.94.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
46.97.168.164	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:30:59	FireEye High Attacker (IP=164,RO)
46.99.134.178	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
46.99.158.176	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
46.99.159.73	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
46.99.189.224	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
46.99.96.209	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
4684842311.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
47.101.151.102	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=102,CN)
47.101.219.3	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=3,CN)
47.101.42.212	32	RB	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=212,CN)
47.102.100.157	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
47.102.220.164	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
47.102.99.76	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.103.104.62	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=62,CN)
47.103.127.194	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
47.103.132.241	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
47.103.140.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
47.103.16.66	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=66,CN)
47.103.196.117	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=117,CN)
47.104.13.249	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:21	HIVE Case #7714 CTO 22-154 (IP=249,CN)
47.105.124.191	24	KD	None	2021-10-14 00:00:00	2022-01-12 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00143 (IP=191,CN)
47.107.247.189	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:05	HIVE Case #7282 CTO 22-085 (IP=189,CN)
47.107.60.212	24	EE	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	HIVE Case #6451 IOC_FontOnLake (IP=212,CN)
47.110.13.96	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
47.110.138.191	32	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00480 (IP=191,CN)
47.110.147.84	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.110.235.219	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.110.36.30	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.110.6.139	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=139,CN)
47.111.12.199	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.111.131.146	24	BB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=146,CN)
47.111.131.91	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.111.140.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.112.114.118	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
47.112.147.35	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=35,CN) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=35,CN)
47.112.197.119	24	EE	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	HIVE Case #6451 IOC_FontOnLake (IP=119,CN)
47.112.220.188	24	KD	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- 6hr web attacks (IP=188,CN)
47.113.218.106	24	SW	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - WebAttacks (IP=106,CN)
47.113.225.133	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00397 (IP=133,CN)
47.115.160.22	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
47.115.25.55	32	wmp	None	2021-05-10 00:00:00	2022-03-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=55,CN) | updated by AR Block was inactive. Reactivated on 20211211 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00559 (IP=55,CN)
47.136.83.73	32	KH	None	2021-10-25 00:00:00	2022-01-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=73,US)
47.146.32.175	32	NHL	None	2020-10-20 00:00:00	2022-10-20 00:00:00	None	Case # 4002 - IOC_ QakBot (IP=175,US)
47.15.89.252	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 Malware Activity
47.151.49.124	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:54	HIVE Case #7894 CTO 22-187 (IP=124,US)
47.181.48.220	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
47.195.227.98	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:55	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=98,US)
47.204.239.112	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:08	HIVE Case #7807 CTO 22-169 (IP=112,US)
47.21.54.102	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:55	HIVE Case #7894 CTO 22-187 (IP=102,US)
47.215.115.38	32	KH	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 23:43:41	SSH User Authentication Brute Force Attempt - Failed Logons (IP=38,US)
47.222.43.109	32	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:58	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - Source Fire (IP=109,US)
47.240.160.90	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:59	HIVE Case #7874 CTO 22-181 (IP=90,HK)
47.241.190.221	32	BB	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00500 (IP=221,US)
47.241.208.155	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=155,SG)
47.241.247.91	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6183 CTO 21-254 (IP=91,SG)
47.241.3.232	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:55	HIVE Case #7894 CTO 22-187 (IP=232,SG)
47.241.59.72	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=72,SG)
47.242.155.10	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:06	FTP Login Failed - Failed Logons (IP=144,NL)
47.242.39.225	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:56	HIVE Case #7894 CTO 22-187 (IP=225,HK)
47.243.27.47	24	BB	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00176 (IP=47,US)
47.243.7.66	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=66,HK)
47.244.138.18	24	BMP	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=18,HK)
47.246.136.130	32	srm	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HIVE Case #NA FP Security (IP=130,US)
47.246.50.112	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
47.247.192.0	19	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,IN)
47.251.32.63	32	RR	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 13:54:23	HTTP: PHP File Inclusion Vulnerability - Web Attcks (IP=63,US)
47.252.20.101	32	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	FTP Login Failed- 6 hr Failed Logons (IP=101,US)
47.252.38.12	32	AR	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=12,US)
47.252.4.64	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:52	HIVE Case #7874 CTO 22-181 (IP=64,US)
47.253.50.237	32	KH	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-16 18:12:43	SQL injection - Web Attacks (IP=237,US)
47.253.82.78	32	AR	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=78,US)
47.253.93.30	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 19:15:19	HIVE Case #7897 TO-S-2022-0205 (IP=30,US)
47.254.131.6	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:45	HIVE Case #7258 CTO 22-082 (IP=6,DE)
47.254.178.13	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:45	HIVE Case #7258 CTO 22-082 (IP=13,DE)
47.254.192.79	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:17	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=79,MY)
47.254.250.117	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:18	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=117,MY)
47.29.92.75	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=75,IN)
47.35.60.92	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:38	HIVE Case #7189 CTO 22-068.1 (IP=92,US)
47.41.42.147	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:15	HIVE Case #7894 CTO 22-187 (IP=147,US)
47.5.141.69	32	KH	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=69,US)
47.56.124.191	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
47.56.140.120	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
47.56.22.238	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
47.56.66.163	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
47.56.8.203	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malware Activity
47.57.106.110	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
47.62.21.60	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:21	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=60,ES)
47.62.80.170	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:22	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=170,ES)
47.89.157.54	32	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:10	FTP Login Failed - 6 hr Failed Logons Report (IP=54,US)
47.89.158.178	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:53	HIVE Case #7874 CTO 22-181 (IP=178,US)
47.89.185.178	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:54	HIVE Case #7874 CTO 22-181 (IP=178,US)
47.89.192.110	32	SW	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:14	Coinminer.JS.MinerJswebcoin.FEC3 - Hive Case 7980
47.90.161.18	32	AR	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=18,US)
47.91.106.61	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 18:10:00	HIVE Case #7921 CTO 22-193 (IP=61,AE)
47.91.92.75	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:47	HIVE Case #7258 CTO 22-082 (IP=75,DE)
47.94.151.171	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=171,CN)
47.94.151.171	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=171,CN)
47.94.154.169	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=169,CN)
47.94.81.224	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:15	HIVE Case #7341 CTO 22-092 (IP=224,CN)
47.95.7.223	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=223,CN)
47.96.74.156	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=156,CN)
47.97.121.75	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=75,CN)
47.98.205.194	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=194,CN)
47.99.126.71	24	WR	None	2022-02-20 00:00:00	2022-05-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=71,CN)
47.99.217.190	32	DT	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00232 (IP=190,CN)
4708912430.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
4781998383.bieropdinsdag.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
48.32.32.32	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=32,US)
488ocean.com	---	TLM	None	2021-10-29 00:00:00	2022-10-29 00:00:00	2023-01-19 23:04:21	HIVE Case #6448 TO-S-2022-0058
49.0.36.98	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
49.0.41.54	24	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:12	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=54, BD)
49.0.80.62	24	RB	None	2022-09-13 00:00:00	2022-12-12 00:00:00	2022-09-13 13:47:53	HTTP: Detect PHP-CGI Remote code Execution vulnerability - WebAttacks (IP=62,TH)
49.12.101.68	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
49.12.104.232	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=232,DE)
49.12.119.204	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=204,DE)
49.12.131.60	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=60,DE)
49.12.208.0	20	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:43	HIVE Case #7840 CTO 22-175 (IP=0,DE)
49.12.212.231	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:35	HIVE Case #7189 CTO 22-068.1 (IP=231,DE)
49.12.241.35	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:33	HIVE Case #7669 TO-S-2022-0187 (IP=35,DE)
49.12.71.68	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=68,DE)
49.12.72.175	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
49.14.124.0	22	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,IN)
49.142.208.145	32	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00609 (IP=145,KR)
49.143.32.6	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
49.143.41.253	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
49.144.160.57	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PH TO-S-2021-1081 Hive Case 4872 Malware Activity
49.145.129.133	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=133,PH)
49.145.199.240	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=240,PH) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=240,PH)
49.145.224.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PH TO-S-2021-1092 Hive Case 4875 Malware Activity
49.146.32.60	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=60,PH)
49.150.110.180	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	PH TO-S-2021-1156 Malware Activity
49.150.118.239	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=239,PH)
49.150.119.147	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=147,PH)
49.163.136.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
49.171.122.25	24	SW	None	2022-07-03 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:41	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - SourceFire (IP=25,KR) | updated by RR Block expiration extended with reason SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=25,KR)
49.206.20.214	24	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=214, IN)
49.207.193.194	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:38	FTP Login Failed - Failed Logons (IP=194,IN)
49.207.9.128	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01601 (IP= 128, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=128,IN)
49.212.18.122	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=112,JP)
49.213.213.152	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
49.216.72.0	22	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,TW) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,TW)
49.228.8.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
49.229.22.10	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:00	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01421 (IP=10,TH)
49.231.238.246	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TH TO-S-2021-1050 Hive Case 4821 Malware Activity
49.232.149.47	24	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- 6HR Web Attacks (IP=47,CN)
49.232.166.165	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=165,CN)
49.232.3.22	24	SW	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=22, CN)
49.233.170.31	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:00	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01637 (IP=31,CN)
49.233.9.106	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:52	HIVE Case #7904 CTO 22-189 (IP=106,CN)
49.234.103.85	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=85,CN)
49.234.138.133	32	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:47	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01572 (IP=133,CN)
49.234.148.193	32	SW	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00453 (IP=193,CN)
49.234.148.23	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:28	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=23,CN)
49.235.107.178	24	BB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=178,CN)
49.235.168.174	24	RR	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=174,CN)
49.235.232.110	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=110,CN)
49.235.247.25	24	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=25,CN)
49.235.250.133	24	BB	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=133,CN)
49.235.86.97	24	AR	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:51:31	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=97,CN)
49.235.99.134	32	AR	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00720 (IP=134,CN)
49.244.79.169	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=169,NP)
49.245.113.218	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:57	HIVE Case #7894 CTO 22-187 (IP=218,SG)
49.248.106.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 DOS-DDOS Activity
49.248.110.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 Malware Activity
49.32.234.71	24	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:50	SERVER-WEBAPP LG N1A1 NAS command injection attempt (1:59805:1) - SourceFire Report (IP=71,IN)
49.34.98.120	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:47	SQL injection - 6Hr Web Attacks (IP=120,IN)
49.36.105.180	24	DT	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	FTP Login Failed - Failed logons (IP=180,IN)
49.36.42.101	24	RR	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 13:46:16	FTP Login Failed - Failed Logons (IP=101,IN)
49.37.132.63	32	RB	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:18	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=63,IN)
49.37.132.63	24	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:22	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=63,IN)
49.37.149.5	32	RR	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT 22C00464 (IP=5,IN)
49.37.153.228	32	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - TT# 22C00908 (IP=228,IN)
49.4.4.129	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=129,CN)
49.4.54.108	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=108,CN)
49.50.51.52	32	AS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 17:31:10	HIVE Case #8052 TO-S-2022-0216 (IP=52,KR)
49.51.95.136	24	UA	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=136,CA)
49.65.250.50	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00832 (IP=50,CN)
49.72.110.242	24	AR	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	SERVER-WEBAPP Movable Type CMS command injection attempt - 6HR Web Attacks (IP=242,CN)
49.89.129.193	24	RS	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:46	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - IPS Events (IP=193,CN)
4917282996.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
4a4u.org	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:58:05	HIVE Case #5644 TO-S-2021-1352
4cpricomgmail-my.sharepoint.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:07	HIVE Case #5985 TO-S-2021-1459
4eiorz8xshdgu.jhvbuh.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:34	HIVE Case #5775 TO-S-2021-1390
4htgqn.theadvisers.org	---	TLM	None	2021-10-29 00:00:00	2022-10-30 00:00:00	2023-01-19 23:04:18	HIVE Case #6448 TO-S-2022-0058 | updated by TLM Block expiration extended with reason HIVE Case #6448 TO-S-2022-0058
4i7i.comjo5rkysv.dongtaiyuming.net	---	TLM	None	2021-08-30 00:00:00	2022-08-30 00:00:00	2023-01-19 23:01:54	HIVE Case #6085 TO-S-2021-1500
4i7tl.codesandbox.io	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:22	HIVE Case #5940 TO-S-2021-1447
4iajr.app.link	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:28	HIVE Case #5940 TO-S-2021-1447
4uid.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:25	HIVE Case #5940 TO-S-2021-1447
4xde9.r.ah.d.sendibm4.com	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:23	HIVE Case #6025 TO-S-2021-1472
4zdbhj.gutmorgen.shop	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:37	HIVE Case #5629 TO-S-2021-1303
4zy9.steampfm.com	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:37	HIVE Case #5629 TO-S-2021-1303
5.101.0.243	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:21	HIVE Case #7432 CTO 22-110 (IP=243,RU)
5.101.0.245	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:22	HIVE Case #7432 CTO 22-110 (IP=245,RU)
5.101.118.127	24	BB	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=127,EE)
5.101.152.216	32	AS	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:49:18	HIVE Case #8364 COLS-NA TIP 22-0333 (IP=216,RU)
5.101.166.57	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.101.192.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
5.101.208.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
5.101.216.43	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
5.101.4.196	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:49	HIVE Case #7731 CTO 22-158 (IP=196,RU)
5.101.45.7	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-05 15:14:28	HIVE Case #7498 COLS-NA-TIP 22-0155 (IP=7,NL)
5.101.5.196	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:02	HIVE Case #7282 CTO 22-085 (IP=196,RU)
5.102.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IL TO-S-2021-1037 Hive Case 4785 Malware Activity
5.102.53.66	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
5.104.107.68	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
5.104.110.200	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
5.104.17.126	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
5.104.18.8	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
5.104.18.9	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
5.105.196.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.11.171.100	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
5.11.241.84	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
5.11.64.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
5.13.37.6	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	OM TO-S-2021-1050 Hive Case 4821 Malware Activity
5.133.66.22	24	RR	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:54	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=22,LT)
5.134.122.130	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=130,IT)
5.134.122.130	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=130,IT)
5.134.122.130	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=130,IT)
5.134.45.124	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
5.134.48.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AZ TO-S-2021-1037 Hive Case 4785 Malware Activity
5.134.5.224	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 14:00:42	HIVE Case #7673 TO-S-2022-0189 (IP=224,BE)
5.134.79.129	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
5.134.79.227	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
5.134.79.237	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
5.135.141.56	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=56,FR)
5.135.250.245	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=245,FR)
5.135.255.240	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:34	HIVE Case #7227 CTO 22-076 (IP=240,FR)
5.135.255.243	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:34	HIVE Case #7227 CTO 22-076 (IP=243,FR)
5.145.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
5.149.101.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IQ TO-S-2021-1117 DOS-DDOS Activity
5.149.248.239	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:18	HIVE Case #7714 CTO 22-154 (IP=239,NL)
5.149.250.53	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=53,GB)
5.149.255.14	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=14,NL)
5.153.218.201	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=201,GB)
5.157.115.145	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
5.157.38.50	24	NAB	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=50,SE)
5.157.38.50	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:40	HIVE Case #7704 TO-S-2022-0190 (IP=50,SE)
5.158.67.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
5.161.101.164	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:57	HIVE Case #7894 CTO 22-187 (IP=164,US)
5.161.135.173	32	RS	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:47	Possible SQLi attempt - IR#22C01270 (IP=173,US)
5.161.155.0	32	TH	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 13:57:21	SIPVicious Security Scanner - FE CMS IPS Events (IP=0,US)
5.161.43.22	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=22,US)
5.161.53.122	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:58	HIVE Case #7894 CTO 22-187 (IP=122,US)
5.161.54.0	25	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:44	HIVE Case #7840 CTO 22-175 (IP=0,US)
5.161.54.126	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:43	HIVE Case #7813 CTO 22-173 (IP=126,US)
5.166.47.194	24	RR	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=194,RU)
5.167.55.11	24	RR	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 13:49:55	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - SourceFire (IP=11,RU)
5.172.144.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.172.190.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
5.175.72.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
5.179.0.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,LV)
5.180.137.44	24	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:05	SIPVicious Security Scanner - FE CMS IPS Events (IP=44,AF)
5.180.185.130	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	TR TO-S-2021-1143 Malicious Email Activity
5.180.186.4	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=4,TR)
5.180.186.87	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=87,TR)
5.180.76.245	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=245,JP)
5.180.99.189	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:58	HIVE Case #7894 CTO 22-187 (IP=189,HK)
5.181.124.144	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=144,GB)
5.181.168.68	24	RB	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=68,RU)
5.181.170.38	24	RB	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=38,RU)
5.181.218.177	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
5.181.25.42	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6166 CTO 21-246 (IP=42,RO)
5.181.25.55	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:18	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=55,RO)
5.181.77.44	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:41	HIVE Case #7557 CTO 22-130 (IP=44,HU)
5.181.80.103	24	NAB	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=103,BG)
5.181.80.120	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:08	HIVE Case #7894 CTO 22-187 (IP=120,BG)
5.181.80.37	24	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-12 14:00:10	Known Attack Tool / 20086 HTTP Muieblackcat Security Scanner - IR#: 22C01929 (IP=37,BG)
5.181.86.78	24	ZH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-01 13:56:01	SQL injection - 6hr Web Attacks (IP=78,UA)
5.181.86.94	32	RR	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	Known Attack Tool/HTTP: SqlMap SQL Injection - Scanning I - TT# 22C00375 (IP=94,EU)
5.182.140.51	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
5.182.210.84	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
5.182.210.90	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:15	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=90,NL)
5.182.211.5	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=5,NL)
5.183.101.114	32	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=114,US)
5.183.101.21	32	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=21,US)
5.183.103.122	32	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=122,US)
5.183.152.196	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:05	Suspicious Scan Activity (IP=196,RU)
5.183.209.217	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:22	SSH2 Failed Login Attempt- 6 hour failed Login(IP=217,SC)
5.183.253.148	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=148,RU)
5.183.95.144	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=144,DE)
5.187.0.211	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	DE TO-S-2021-1143 Malicious Email Activity
5.187.6.135	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
5.188.0.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
5.188.108.201	24	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=201,PL)
5.188.152.194	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:09	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=194,KZ)
5.188.156.171	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:46	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=171,RU)
5.188.158.74	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:09	HIVE Case #7894 CTO 22-187 (IP=74,RU)
5.188.206.75	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:06	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=75,BG)
5.188.210.227	24	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:43:07	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=227,RU)
5.188.210.227	32	RR	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=227,US)
5.188.226.28	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:24	HIVE Case #7894 CTO 22-187 (IP=28,IT)
5.188.228.150	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=150,IN)
5.188.228.40	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:34	HIVE Case #7853 CTO 22-179 (IP=40,IN)
5.188.238.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	BR TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
5.188.238.157	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:26	HIVE Case #7495 CTO 22-120 (IP=157,BR)
5.188.33.228	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:07	HIVE Case #7705 CTO 22-153 (IP=228,HK)
5.188.33.237	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:19	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=237,HK)
5.188.34.126	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:44	HIVE Case #7416 CTO 22-106 (IP=126,SG)
5.188.34.127	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=127,SG)
5.188.34.152	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=152,SG)
5.188.34.189	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:23	HIVE Case #7341 CTO 22-092 (IP=189,SG)
5.188.34.229	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:04	HIVE Case #7282 CTO 22-085 (IP=229,SG)
5.188.34.234	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01602 (IP= 234, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=234,SG)
5.188.36.102	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:58	HIVE Case #7894 CTO 22-187 (IP=102,TR)
5.188.62.21	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:06	Suspicious Scan Activity (IP=21,RU)
5.188.62.214	32	wmp	None	2021-06-29 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:06	ArcSight ESM High Attacker Suspicious Scan Activity (IP=214,RU) | updated by wmp Block was inactive. Reactivated on 20220324 with reason Suspicious Scan Activity (IP=214,RU) Suspicious Scan Activity (IP=214,RU)
5.188.62.214	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:06	ArcSight ESM High Attacker Suspicious Scan Activity (IP=214,RU) | updated by wmp Block was inactive. Reactivated on 20220324 with reason Suspicious Scan Activity (IP=214,RU) Suspicious Scan Activity (IP=214,RU)
5.188.9.57	24	TLM	None	2022-04-11 00:00:00	2022-10-10 00:00:00	2022-04-11 22:54:25	HIVE Case #7371 COLS-NA-TIP 22-0123 (IP=57,RU)
5.188.93.132	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=132,FR)
5.189.132.31	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.133.141	32	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	UDS-Paros_RC8766 - TT# 22C00324 (IP=141,US)
5.189.133.190	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.134.236	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.141.207	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.189.141.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.142.121	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.155.14	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.156.164	32	SW	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00919(IP=164,DE)
5.189.161.70	32	AR	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:38	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01828 (IP=70,DE)
5.189.162.107	24	KH	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=107,DE)
5.189.163.253	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.168.206	24	RB	None	2022-01-08 00:00:00	2022-04-08 00:00:00	None	SERVER-OTHER Mikrotik RouterOS directory traversal attempt (3:47684:1) - Sourcefire (IP=206,DE)
5.189.170.207	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.170.96	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.172.182	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:24	HIVE Case #7769 CTO 22-165 (IP=182,DE)
5.189.174.234	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.179.2	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.186.191	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.187.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.188.207	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.189.207	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.189.190.67	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:56	HIVE Case #7356 CTO 22-096 (IP=67,DE)
5.189.222.140	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
5.192.144.204	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=204,AE)
5.192.195.28	24	DT	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-02 14:47:52	FTP Login Failed - Failed Logons (IP=28,AE)
5.193.208.47	24	KH	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=47,AE)
5.196.11.146	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
5.196.111.161	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=161,FR)
5.196.189.99	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:29	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01516 (IP=99,FR)
5.199.133.149	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:20	HIVE Case #7088 CTO 22-056 (IP=149,DE)
5.199.143.202	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=202,DE)
5.199.163.100	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=100,LT)
5.199.163.101	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=101,LT)
5.199.163.102	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=102,LT)
5.199.163.103	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=103,LT)
5.199.163.104	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=104,LT)
5.199.163.105	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=105,LT)
5.199.163.106	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=106,LT)
5.199.163.107	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=107,LT)
5.199.163.108	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=108,LT)
5.199.163.109	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=109,LT)
5.199.163.110	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=110,LT)
5.199.163.111	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=111,LT)
5.199.163.112	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=112,LT)
5.199.163.113	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=113,LT)
5.199.163.114	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=114,LT)
5.199.163.115	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=115,LT)
5.199.163.116	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=116,LT)
5.199.163.117	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=117,LT)
5.199.163.118	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=118,LT)
5.199.163.119	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=119,LT)
5.199.163.120	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=120,LT)
5.199.163.121	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=121,LT)
5.199.163.122	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=122,LT)
5.199.163.123	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=123,LT)
5.199.163.124	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=124,LT)
5.199.163.125	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=125,LT)
5.199.163.126	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=126,LT)
5.199.163.96	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=96,LT)
5.199.163.97	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=97,LT)
5.199.163.98	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=98,LT)
5.199.163.99	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=99,LT)
5.199.174.136	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:36	HIVE Case #7227 CTO 22-076 (IP=136,LT)
5.199.232.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
5.2.137.212	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.143.125	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	OM TO-S-2021-1037 Hive Case 4785 Malware Activity
5.2.148.193	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.154.169	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.154.205	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.171.224	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.178.102	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.179.53	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.181.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.190.94	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.191.94	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.193.98	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.196.164	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.201.125	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.201.172	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.203.9	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.209.75	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.212.228	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.214.108	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.220.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.225.9	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.230.170	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.249.120	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.249.123	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.249.190	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.250.91	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
5.2.64.142	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:15	HIVE Case #7495 CTO 22-120 (IP=142,NL)
5.2.65.149	32	TLM	None	2021-10-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6385 CTO 21-286 (IP=149,NL)
5.2.67.186	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:38	HIVE Case #7227 CTO 22-076 (IP=186,NL)
5.2.69.50	32	TLM	None	2022-01-04 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:32	HIVE Case #6729 CTO 22-004 (IP=50,NL) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=50,NL)
5.2.70.140	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:09	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=140,NL)
5.2.72.110	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=110,NL)
5.2.72.226	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=226,NL)
5.2.76.207	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:28	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=207,NL)
5.2.76.221	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=221,NL)
5.2.76.221	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=221,NL)
5.2.76.221	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=221,NL)
5.2.76.221	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=221,NL)
5.2.76.221	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=221,NL)
5.2.77.22	24	KD	None	2022-02-26 00:00:00	2022-05-27 00:00:00	2022-02-27 01:15:23	SSH2 Failed Login Attempt- 6 hour failed Login(IP=22,NL)
5.2.79.179	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:46	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=179,NL)
5.2.79.179	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:51	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=179,NL)
5.206.224.15	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:04	HIVE Case #7874 CTO 22-181 (IP=15,PT)
5.206.224.167	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:58	HIVE Case #7546 CTO 22-127 (IP=167,PT)
5.206.26.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
5.22.253.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
5.226.137.139	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
5.23.48.143	32	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6196 CTO 21-258 (IP=143,RU)
5.230.67.166	24	TLM	None	2022-04-19 00:00:00	2022-10-19 00:00:00	2022-04-20 12:44:26	HIVE Case #7424 CTO 22-109 (IP=166,DE)
5.230.67.191	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:42:53	HIVE Case #7381 CTO 22-102 v2 (IP=191,DE)
5.230.67.22	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:11	HIVE Case #7133 CTO 22-062 (IP=22,DE)
5.230.68.69	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=69,DE)
5.230.71.181	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:45	HIVE Case #7894 CTO 22-187 (IP=181,DE)
5.230.71.195	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=195,DE)
5.230.71.36	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=36,DE)
5.230.71.95	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:32	HIVE Case #7653 CTO 22-144 (IP=95,DE)
5.231.233.132	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.231.233.211	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.25.134.209	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	TR TO-S-2021-1156 Malware Activity
5.25.146.185	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	TR TO-S-2021-1102 Malware Activity
5.252.178.129	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=129,RO)
5.252.179.197	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=197,RU)
5.252.179.197	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=197,RU)
5.252.35.4	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.253.18.207	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:19	HIVE Case #7862 CTO 22-176 (IP=207,NL)
5.253.19.34	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=34,NL)
5.253.204.58	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:00	SERVER-WEBAPP Apache Log4j logging remote code execution attempt- Web Attacks (IP=58,LU)
5.253.63.93	24	TLM	None	2022-06-16 00:00:00	2022-12-15 00:00:00	2022-06-16 14:05:32	HIVE Case #7783 CTO 22-167 (IP=93,NL)
5.254.118.22	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:57	HIVE Case #7361 CTO 22-098 (IP=22,RO)
5.254.118.226	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:58	HIVE Case #7361 CTO 22-098 (IP=226,RO)
5.255.103.41	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:25	HIVE Case #7894 CTO 22-187 (IP=41,NL)
5.255.97.172	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=172,NL)
5.255.98.103	24	NAB	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:42	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=103,NL)
5.3.176.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
5.32.32.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AE TO-S-2021-1117 DOS-DDOS Activity
5.32.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AE TO-S-2021-1117 DOS-DDOS Activity
5.34.183.39	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=39,UA)
5.34.75.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KZ TO-S-2021-1117 DOS-DDOS Activity
5.35.128.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
5.35.221.127	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
5.39.216.203	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=203,NL)
5.39.216.203	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=203,NL)
5.39.216.203	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=203,NL)
5.39.217.212	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:17	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=212,NL)
5.39.219.80	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
5.39.220.54	24	RB	None	2022-01-09 00:00:00	2022-04-09 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=54,NL)
5.39.221.190	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=190,NL)
5.39.222.20	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=20,NL)
5.39.222.20	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=20,NL)
5.39.222.20	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=20,NL)
5.39.25.233	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:44	HIVE Case #7325 CTO 22-091 (IP=233,FR)
5.39.85.147	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
5.39.99.49	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-08-02 15:16:57	HIVE Case #7272 COLS-NA TIP 22-0101 (IP=49,FR)
5.44.174.110	24	SW	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 00:05:07	SQL injection - WebAttacks (IP=110,RU)
5.45.102.93	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:51	SQL injection - 6Hr Web Attacks (IP=93,DE)
5.45.106.207	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:57:52	SQL injection - 6Hr Web Attacks (IP=207,DE)
5.45.110.136	24	RT	None	2022-04-08 00:00:00	2022-07-08 00:00:00	2022-04-09 13:49:45	SQL injection - 6 HR WebAttack (IP=136,DE) | updated by AR Block expiration extended with reason SQL injection - 6HR WebAttack (IP=136,DE)
5.45.234.205	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:09	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=205,RU)
5.45.65.52	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:43	HIVE Case #7189 CTO 22-068.1 (IP=52,NL)
5.55.144.187	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
5.55.209.139	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
5.56.96.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MD TO-S-2021-1037 Hive Case 4785 Malware Activity
5.57.0.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LB TO-S-2021-1037 Hive Case 4785 Malware Activity
5.58.0.170	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.0.204	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.0.252	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.1.171	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.10.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.11.52	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.11.90	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.115.29	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.12.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.125.195	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.128.10	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.128.222	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.13.112	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.130.251	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.131.93	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.132.10	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.135.29	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.137.208	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.137.60	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.138.140	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.138.175	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.138.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.138.24	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.138.85	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.139.27	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.14.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.14.223	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.15.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.15.23	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.153.109	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.154.218	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.168.46	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.17.139	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.17.186	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.177.77	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.178.99	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.18.188	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.18.3	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.186.165	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.19.60	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.196.76	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.2.129	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.2.4	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.20.188	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.20.219	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.203.91	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.208.52	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.217.105	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.234.254	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.237.172	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.24.189	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.24.219	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.24.84	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.242.95	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.243.28	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.243.91	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.245.249	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.247.113	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.25.124	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.252.152	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.253.105	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.255.227	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.28.101	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.28.12	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.29.139	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.29.179	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.3.173	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.3.99	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.30.169	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.31.123	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.32.183	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.33.125	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.33.130	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.33.133	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.33.167	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.34.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.34.62	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.35.197	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.35.222	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.36.202	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.4.162	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.4.20	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.4.85	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.44.236	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.5.106	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.5.52	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.50.36	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.56.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.57.10	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.57.130	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.57.49	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.59.132	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.6.37	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.6.7	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.61.37	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	UA TO-S-2021-1092 Hive Case 4875 Malware Activity
5.58.71.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.79.92	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.8.57	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.82.80	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.88.175	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.88.211	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.88.97	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.9.237	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.58.99.91	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
5.61.11.123	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:10	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=123,RU)
5.61.250.177	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=177,NL)
5.62.126.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.62.126.213	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.62.126.214	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.62.126.215	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.62.40.70	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=70,GB)
5.62.42.123	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=123,GB)
5.62.43.192	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
5.62.60.9	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:44	HIVE Case #7768 CTO 22-161 (IP=9,AO)
5.62.61.11	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:48	HIVE Case #7768 CTO 22-161 (IP=11,CZ)
5.62.63.1	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:02	HIVE Case #7745 CTO 22-160 (IP=1,MT)
5.63.153.110	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=110,RU)
5.63.154.128	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=128,RU)
5.63.154.128	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=128,RU)
5.63.157.127	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=127,RU)
5.63.158.233	32	TLM	None	2022-02-08 00:00:00	2022-08-09 00:00:00	None	HIVE Case #6947 CTO 22-039 (IP=233,RU)
5.63.158.238	32	TLM	None	2022-02-08 00:00:00	2022-08-09 00:00:00	None	HIVE Case #6947 CTO 22-039 (IP=238,RU)
5.66.202.101	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
5.75.0.125	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
5.75.12.227	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
5.75.21.9	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
5.75.24.70	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
5.75.32.239	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
5.75.38.141	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
5.75.41.38	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
5.77.36.99	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=99,GB)
5.77.41.161	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=161,GB)
5.79.111.123	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
5.79.111.124	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
5.79.75.37	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=37,NL)
5.8.16.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MD TO-S-2021-1037 Hive Case 4785 Malware Activity
5.8.33.5	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:22	HIVE Case #7881 CTO 22-182 (IP=5,GB)
5.8.41.134	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 17:00:04	HIVE Case #7745 CTO 22-160 (IP=134,US)
5.8.71.0	24	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 18:36:10	HIVE Case #7826 TO-S-2022-0203 (IP=0,JP)
5.8.71.115	24	BB	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Web Attacks (IP=115,JP)
5.8.71.97	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:09	HIVE Case #7774 CTO 22-166 (IP=97,JP)
5.8.76.216	24	JKC	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	HIVE Case #6498 MALTEGO (IP=216,RU)
5.8.95.101	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=101,JP)
5.83.160.134	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.83.160.150	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.83.161.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.83.162.187	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
5.86.229.92	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:40	HIVE Case #7662 CTO 22-145 (IP=92,IT)
5.89.160.250	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.9.106.143	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:03	HIVE Case #7820 CTO 22-174 (IP=143,DE)
5.9.116.246	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:39	HIVE Case #7535 TO-S-2022-0176 (IP=246,DE)
5.9.138.189	32	TLM	None	2022-04-27 00:00:00	2022-10-25 00:00:00	2022-04-27 20:54:05	HIVE Case #7480 CTO 22-117 (IP=189,DE)
5.9.140.242	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:56	HIVE Case #7308 CTO 22-090 (IP=242,DE)
5.9.141.8	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:57	HIVE Case #7308 CTO 22-090 (IP=8,DE)
5.9.144.234	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:39	HIVE Case #7416 CTO 22-106 (IP=234,DE)
5.9.151.57	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=57,DE)
5.9.154.69	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=69,DE)
5.9.155.226	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:46	HIVE Case #7227 CTO 22-076 (IP=226,DE)
5.9.156.121	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=121,DE)
5.9.156.20	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-02 12:29:06	HIVE Case #7494 CTO 22-119 (IP=20,DE)
5.9.156.30	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:19	HIVE Case #7277 CTO 22-084 (IP=30,DE)
5.9.16.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
5.9.219.160	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=160,DE)
5.9.224.217	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:36	NullMixer Malware - IR# 23C02034 (IP=217,DE) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=217,DE) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=217,DE) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=217,DE) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=217,DE)
5.9.29.165	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=165,DE)
5.9.61.101	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:54	HIVE Case #7913 CTO 22-190 (IP=101,DE)
5.9.61.232	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 14:40:43	HIVE Case #7190 CTO 22-070 (IP=232,DE)
5.9.66.153	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:26	HIVE Case #7198 CTO 22-071 (IP=153,DE)
5.9.70.113	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:11	HIVE Case #7627 CTO 22-140 (IP=113,DE)
5.9.70.72	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:09	HIVE Case #7696 CTO 22-152 (IP=72,DE)
5.9.71.213	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:14	HIVE Case #7237 CTO 22-077 (IP=213,DE)
5.9.77.102	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=102,DE)
5.9.88.113	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:45	HIVE Case #7227 CTO 22-076 (IP=113,DE)
5.9.97.200	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:16	HIVE Case #7733 CTO 22-155 (IP=200,DE)
5.9.98.234	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:05	HIVE Case #7133 CTO 22-062 (IP=234,DE)
5.95.37.185	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
50.115.172.61	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
50.115.173.172	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:59	HIVE Case #7894 CTO 22-187 (IP=172,US)
50.116.1.89	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:20	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt - SourceFire (IP=89,US)
50.116.109.72	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-14 11:18:30	HIVE Case #8297 TO-S-2022-0229 (IP=72,US)
50.116.113.83	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=83,US)
50.116.114.77	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
50.116.19.23	32	srm	None	2022-02-24 00:00:00	2022-05-25 00:00:00	None	HIVE Case #NA FP Security (IP=23,US)
50.116.54.215	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:39	HIVE Case #7535 TO-S-2022-0176 (IP=215,US)
50.116.58.241	32	JP	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:24	HTTP: PHP File Inclusion Vulnerability - IR# 22C01884 (IP=241,US)
50.116.60.85	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=85,US)
50.116.62.104	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=104,US)
50.116.8.112	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=112,US)
50.116.84.204	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
50.116.86.23	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=23,US)
50.116.86.79	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=79,US)
50.116.87.113	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
50.116.87.245	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=245,US)
50.116.87.250	32	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=250,US)
50.116.92.247	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=247,US)
50.116.95.28	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=28,US)
50.117.124.12	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=12,US)
50.117.124.13	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=13,US)
50.16.1.178	32	DT	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=178,US)
50.16.138.30	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:08	File /etc/passwd Access Attempt Detect - IPS Events (IP=30,US)
50.16.166.129	32	RT	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=129,US)
50.16.60.249	32	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=249,US)
50.17.171.120	32	RT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=120,US)
50.17.37.236	32	RT	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=236,US)
50.17.48.57	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:39	HIVE Case #7652 CTO 22-141 (IP=57,US)
50.19.11.176	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:09	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=176,US)
50.19.146.27	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:13	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=27,US)
50.19.202.177	32	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=177,US)
50.19.31.1	32	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=1,US)
50.19.45.96	32	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=96,US)
50.192.49.210	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:10	HIVE Case #7199 CTO 22-074 (IP=210,US)
50.196.104.201	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:11	HIVE Case #7199 CTO 22-074 (IP=201,US)
50.201.185.11	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:38	HIVE Case #7189 CTO 22-068.1 (IP=11,US)
50.205.202.249	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:07	HIVE Case #7874 CTO 22-181 (IP=249,US)
50.208.9.33	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
50.226.8.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
50.23.66.138	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=138,US)
50.236.173.162	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
50.243.3.153	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:11	HIVE Case #7199 CTO 22-074 (IP=153,US)
50.243.3.154	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:12	HIVE Case #7199 CTO 22-074 (IP=154,US)
50.243.3.155	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:12	HIVE Case #7199 CTO 22-074 (IP=155,US)
50.243.3.157	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:13	HIVE Case #7199 CTO 22-074 (IP=157,US)
50.255.126.65	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=65,US)
50.28.1.55	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
50.28.106.226	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=226,US)
50.28.14.206	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=206,US)
50.28.32.97	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:16	HIVE Case #8395 TO-S-2022-0233 (IP=97,US)
50.28.34.211	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=211,US)
50.28.49.55	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=55,US)
50.28.56.8	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=8,US)
50.28.59.175	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=175,US)
50.28.61.126	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=126,US)
50.28.63.67	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=67,US)
50.28.8.45	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
50.3.177.114	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
50.30.40.196	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:40	HIVE Case #7535 TO-S-2022-0176 (IP=196,US)
50.31.146.24	32	TLM	None	2022-06-01 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:30	HIVE Case #7696 CTO 22-152 (IP=24,US) | updated by AS Block was inactive. Reactivated on 20220930 with reason HIVE Case #8395 TO-S-2022-0233 (IP=24,US)
50.31.177.152	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
50.31.188.22	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=22,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=22,US)
50.35.30.244	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
50.62.139.59	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:32	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=59, US)
50.62.141.176	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=176,US)
50.62.141.184	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
50.62.141.98	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=98,US)
50.62.148.229	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
50.62.151.45	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=45,US)
50.62.195.83	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
50.62.6.163	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
50.63.103.1	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=1,US)
50.63.133.158	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
50.63.7.230	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
50.63.7.232	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=232,US)
50.63.77.1	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
50.7.143.106	24	TC	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:14	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - Sourcefire (IP=106,NL)
50.7.178.140	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=140,NL)
50.7.252.138	32	KH	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	TO-S-2022-1622/Pulse 192613-21/Malicious Activity - TT# 22C00140 (IP=138,US)
50.71.222.72	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
50.72.188.50	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=50,CA)
50.73.3.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
50.80.92.183	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:27	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - SourceFire (IP=183, US)
50.84.144.2	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=2,US)
50.87.132.174	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
50.87.144.192	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=192,US)
50.87.144.192	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=192,US)
50.87.144.192	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=192,US)
50.87.144.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=68,US)
50.87.144.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=68,US)
50.87.144.68	32	RR	None	2018-05-23 05:00:00	2022-02-05 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=68,US) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=68,US) HIVE Case #5 TO-S-2021-1447 (IP=68,US)
50.87.144.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=68,US) | updated by TLM Block was inactive. Reactivated on 20210805 with reason HIVE Case #5 TO-S-2021-1447 (IP=68,US) HIVE Case #5 TO-S-2021-1447 (IP=68,US)
50.87.144.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=68,US)
50.87.144.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=68,US)
50.87.144.68	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=68,US)
50.87.144.74	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=74,US)
50.87.144.79	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
50.87.146.97	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
50.87.147.129	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
50.87.150.133	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=133,US)
50.87.150.177	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=177,US)
50.87.151.118	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=118,US)
50.87.151.13	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=13,US)
50.87.151.13	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=13,US)
50.87.151.13	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=13,US)
50.87.152.241	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
50.87.153.172	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
50.87.153.172	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
50.87.153.43	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=43,US)
50.87.164.49	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=49,US)
50.87.164.49	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=49,US)
50.87.164.49	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=49,US)
50.87.164.49	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=49,US)
50.87.164.49	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=49,US)
50.87.164.49	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=49,US)
50.87.170.84	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
50.87.193.51	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=51,US)
50.87.198.46	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
50.87.223.209	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=209,US)
50.87.237.169	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
50.87.238.228	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
50.87.253.17	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=17,US)
50.87.253.32	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=32,US)
50.87.34.24	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=24,US)
50.87.34.24	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=24,US)
50.87.34.24	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=24,US)
50.87.34.24	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=24,US)
50.87.34.24	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=24,US)
50.87.34.24	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=24,US)
50.87.52.131	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=131,US)
5003728918.partyfest.cl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:21	HIVE Case #5940 TO-S-2021-1447
5005856041.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
5050money.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:16	HIVE Case #5940 TO-S-2021-1447
50skn.codesandbox.io	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:58:05	HIVE Case #5644 TO-S-2021-1352
51.104.15.252	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:10	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=252,GB)
51.104.45.170	24	JP	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 22:53:08	SIPVicious Security Scanner - IPS Events (IP=170,GB)
51.104.59.241	24	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:11	SIPVicious Security Scanner - IPS Events (IP=241,GB)
51.104.62.207	24	TH	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-08 13:52:33	SQL injection - 6 Hr Web Report (IP=207,GB)
51.105.55.17	32	NAB	None	2021-12-15 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=17,GB)
51.105.56.104	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=104,GB)
51.105.71.136	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:11	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=136,GB)
51.12.217.112	24	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:32	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=112,SE)
51.13.96.153	24	TH	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:42	SIPVicious Security Scanner - FE CMS IPS Events (IP=153,NO)
51.132.193.105	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:12	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=105,GB)
51.140.141.107	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=107,GB)
51.141.165.66	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:30	ColdFusion Error reporting - IR # 22C01135 (IP=66,US)
51.142.125.9	24	TH	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-22 22:41:26	HIVE Case # 7206 (IP=9,GB)
51.142.161.34	24	SW	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=34,GB)
51.142.224.253	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:14	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01558 (IP=253,GB)
51.142.83.78	32	TH	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 22:49:29	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01618 (IP=78,GB)
51.144.139.238	24	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attacks (IP=238,NL)
51.145.114.15	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:41	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=15,GB)
51.148.159.81	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
51.15.10.235	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:24	PHP PHP-CGI Query String Argument Injection - IPS Events (IP=235,NL)
51.15.112.47	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
51.15.127.227	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:46	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=227,NL)
51.15.141.186	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=186,FR)
51.15.15.73	32	AS	None	2022-03-07 00:00:00	2022-09-03 00:00:00	2022-03-07 16:19:34	HIVE Case #7151 TO-S-2022-0142 (IP=73,NL)
51.15.153.151	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.15.153.164	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
51.15.170.31	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.15.172.57	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=57,FR)
51.15.175.180	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=180,FR)
51.15.18.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.15.183.245	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:38	SIPVicious Security Scanner - FE CMS IPS alert (IP=245,FR)
51.15.183.245	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:05	Generic URI Injection wget Attempt - IPS Events (IP=245,FR)
51.15.189.190	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
51.15.189.190	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
51.15.196.221	24	SW	None	2021-09-07 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:43	File /etc/passwd Access Attempt Detect - IPS Events (IP=221,FR) | updated by RR Block was inactive. Reactivated on 20220819 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=221,FR) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=221,FR)
51.15.196.221	24	RR	None	2021-09-07 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:43	File /etc/passwd Access Attempt Detect - IPS Events (IP=221,FR) | updated by RR Block was inactive. Reactivated on 20220819 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=221,FR) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=221,FR)
51.15.196.221	24	RR	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 13:56:43	File /etc/passwd Access Attempt Detect - IPS Events (IP=221,FR) | updated by RR Block was inactive. Reactivated on 20220819 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=221,FR) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=221,FR)
51.15.214.202	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
51.15.216.220	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.15.219.193	24	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=193,FR) | updated by SW Block was inactive. Reactivated on 20220816 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=193, FR) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=193, FR)
51.15.219.193	24	GM	None	2021-01-20 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=193,FR) | updated by SW Block was inactive. Reactivated on 20220816 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=193, FR) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=193, FR)
51.15.235.211	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=211,FR)
51.15.24.118	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.15.24.121	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.15.43.205	32	DT	None	2021-03-14 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=205,FR) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=205,NL) HIVE Case #6652 CTO 21-345 F1 (IP=205,NL)
51.15.43.205	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=205,FR) | updated by TLM Block was inactive. Reactivated on 20211213 with reason HIVE Case #6652 CTO 21-345 F1 (IP=205,NL) HIVE Case #6652 CTO 21-345 F1 (IP=205,NL)
51.15.5.91	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:19	SIPVicious Security Scanner - FE CMS IPS Events (IP=91,NL)
51.15.63.128	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
51.15.7.145	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	NL TO-S-2021-1156 Malicious Email Activity
51.15.71.175	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
51.15.76.60	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:40	HIVE Case #7342 CTO 22-092 FRAGO (IP=60,NL)
51.15.8.227	24	TH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-09 13:27:15	SIPVicious Security Scanner - FE CMS IPS Events (IP=227,NL)
51.15.80.14	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=14,NL)
51.15.91.36	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.158.108.61	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:39	Abnormally Long Header Line - ArcSight (IP=61,FR)
51.158.109.3	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:37	Abnormally Long Header Line - ArcSight (IP=3,FR)
51.158.115.148	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:40	Abnormally Long Header Line - ArcSight (IP=148,FR)
51.158.118.231	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:37	HTTP/1.x Protocol Policy - ArcSight (IP=231,FR)
51.158.145.51	24	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:31:59	SIPVicious Security Scanner - IPS Events (IP=51,FR)
51.158.147.92	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=92,FR)
51.158.149.218	24	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:06	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire Report (IP=218,NL)
51.158.150.194	24	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire (IP=194,FR)
51.158.182.83	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.158.29.152	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.158.29.48	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
51.158.29.49	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.158.31.121	24	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:47	SIPVicious Security Scanner - IPS Events (IP=121,FR)
51.158.66.83	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:38	High Severity IDS Event - ArcSight (IP=83,FR)
51.158.74.47	24	NAB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:21	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=47,FR)
51.158.90.166	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.158.90.179	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.158.98.24	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:39	Abnormally Long Header Line - ArcSight (IP=24,FR)
51.158.98.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.159.1.170	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.159.1.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.159.16.211	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:12	SIPVicious Security Scanner - CMS IPS Events (IP=211,FR)
51.159.17.21	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:10	SIPVicious Security Scanner - CMS IPS Events (IP=21,FR)
51.159.19.252	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	FR TO-S-2021-1143 Malicious Email Activity
51.159.21.239	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=239,FR)
51.159.4.144	24	TH	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 23:14:32	FTP Login Failed - 6 hr Failed Logons Report (IP=144,FR)
51.159.6.228	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:23	Generic URI Injection wget Attempt - IPS Events (IP=228,FR)
51.161.105.89	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
51.161.47.119	24	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:57	SIPVicious Security Scanner - FE CMS IPS Events (IP=119,CA)
51.161.54.188	24	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:23	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=188,CA)
51.161.64.197	24	NAB	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:07	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=197,CA)
51.178.11.56	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	FR TO-S-2021-1143 Malicious Email Activity
51.178.17.108	24	AR	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=108, FR)
51.178.29.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
51.178.61.60	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=60,FR)
51.178.81.195	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=195,FR)
51.178.86.137	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:32	High Severity IDS Event - ArcSight (IP=137,FR)
51.195.107.236	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:40	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=236,FR)
51.195.107.236	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:33	Exploit Attempt Detected by IDS - ArcSight (IP=236,FR)
51.195.107.27	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=27,FR)
51.195.133.76	24	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:49:59	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX Alerts (IP=76,FR)
51.195.192.123	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:25	HIVE Case #7115 CTO 22-060 (IP=123,FR)
51.195.193.92	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	GB TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
51.195.221.70	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=70,GB)
51.195.235.253	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=253,FR)
51.195.42.226	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:53	SQL injection - Web Attacks (IP=226,FR)
51.195.60.209	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:45	ips-event - ArcSight (IP=209,FR)
51.195.68.217	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=217,FR)
51.210.111.113	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:01	HIVE Case #7881 CTO 22-182 (IP=113,FR)
51.210.138.65	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=65,FR)
51.210.179.255	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	FR TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
51.210.242.234	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=234,FR)
51.210.84.37	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	FR TO-S-2021-1156 Malicious Email Activity
51.211.0.0	16	ZH	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	Web Attacks Case 6565 (IP=210,SA)
51.211.41.35	24	AR	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=35,SA)
51.211.49.210	24	ZH	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	Web Attacks Case 6565 (IP=210, SA)
51.222.103.105	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=105,CA)
51.222.20.137	24	RS	None	2022-06-29 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:11	SIPVicious Security Scanner - IPS Events (IP=137,CN) | updated by KH Block was inactive. Reactivated on 20221002 with reason SIPVicious Security Scanner (IP=137,CA)
51.222.253.18	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:36	HIVE Case #7813 CTO 22-173 (IP=18,CA)
51.222.253.3	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:35	HIVE Case #7813 CTO 22-173 (IP=3,CA)
51.222.253.4	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:36	HIVE Case #7813 CTO 22-173 (IP=4,CA)
51.222.253.7	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:32	Custom Violation - ArcSight (IP=7,CA)
51.222.35.113	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:26	HIVE Case #7115 CTO 22-060 (IP=113,CA)
51.222.40.217	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-VOIP SIP REGISTER flood attempt (1:19389:9) - Source Fire (IP=217,CA)
51.222.48.196	32	AS	None	2022-04-06 00:00:00	2022-10-05 00:00:00	2022-04-06 18:02:15	HIVE Case #7345 CTO 22-095 (IP=196,CA)
51.235.9.215	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SA TO-S-2021-1050 Hive Case 4821 Malware Activity
51.250.72.84	24	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:27	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=84,RU)
51.250.91.63	32	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:50:58	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01634 (IP=63,RU)
51.252.39.69	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:14	HTTP: PHP File Inclusion Vulnerability - IR# 22C01590 (IP=69,SA)
51.253.34.0	23	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SA TO-S-2021-1092 Hive Case 4875 Malware Activity
51.254.113.106	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=106,FR)
51.254.172.178	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=178,FR)
51.254.21.210	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=210,FR)
51.254.24.19	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:59	HIVE Case #7894 CTO 22-187 (IP=19,FR)
51.254.243.180	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:36	SIPVicious Security Scanner - IPS Events (IP=130,FR)
51.254.93.42	24	KH	None	2021-10-22 00:00:00	2022-01-21 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire (IP=42,FR) | updated by BB Block expiration extended with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=42,CO)
51.254.99.141	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:28	HIVE Case #7769 CTO 22-165 (IP=141,FR)
51.255.106.85	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=85,FR)
51.255.213.177	24	RT	None	2021-11-09 00:00:00	2022-03-10 00:00:00	None	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt - 6HR Web Attack (IP=177,FR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=177,FR)
51.38.127.41	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=41,FR)
51.38.146.122	24	AR	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 13:47:57	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - SourceFire (IP=122,PL)
51.38.156.195	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=195,FR)
51.38.162.228	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=228,FR)
51.38.165.28	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:55	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01693 (IP=28,FR)
51.38.233.93	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=93,FR)
51.39.198.247	24	SW	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:47	SQL injection - WebAttacks (IP=247,SA)
51.68.124.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.68.124.31	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=31,FR)
51.68.124.31	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=31,FR)
51.68.137.11	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.68.152.96	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=96,FR)
51.68.175.8	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=8,FR)
51.68.190.9	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=9,FR)
51.68.203.101	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
51.68.212.57	24	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:11	SIPVicious Security Scanner (IP=57,GB)
51.75.12.49	24	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	malware-object detected - FireEye (IP=49,FR)
51.75.130.155	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.75.130.34	32	AS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 20:19:21	HIVE Case #7930 TO-S-2022-0209 (IP=34,FR)
51.75.133.142	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:42	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25886:3) - SourceFire (IP=142, FR)
51.75.165.228	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=228,FR)
51.75.166.227	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
51.75.27.232	24	DT	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=232,FR)
51.75.28.70	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.75.53.16	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:04	HIVE Case #7820 CTO 22-174 (IP=16,FR)
51.75.64.23	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=23,FR)
51.77.103.151	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:03	HIVE Case #7133 CTO 22-062 (IP=151,FR)
51.77.156.11	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:17	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=11,FR)
51.77.247.119	24	DT	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=119,FR)
51.79.108.114	24	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:12	Generic URI Injection wget Attempt - IPS Events (IP=114,CA)
51.79.145.78	24	AR	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 13:51:24	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=78,SG)
51.79.152.55	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=55,SG)
51.79.161.22	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
51.79.167.185	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=185,CA)
51.79.168.174	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:26	HIVE Case #7115 CTO 22-060 (IP=174,SG)
51.79.171.53	32	wmp	None	2022-05-05 00:00:00	2022-08-05 00:00:00	2022-05-05 22:44:32	HIVE Case #7509 IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=53,SG)
51.79.191.17	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SG TO-S-2021-1117 Malicious Email Activity
51.79.197.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
51.79.207.46	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:30	HIVE Case #7653 CTO 22-144 (IP=46,SG)
51.79.235.172	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=172,SG)
51.79.236.132	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=132,SG)
51.79.236.147	32	TLM	None	2021-12-23 00:00:00	2022-06-23 00:00:00	None	HIVE Case #6695 CTO 21-357 (IP=147,SG)
51.79.240.74	24	NAB	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=74,SG)
51.79.241.215	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=215,SG)
51.79.248.8	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:26	HIVE Case #7894 CTO 22-187 (IP=8,SG)
51.79.31.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,CA)
51.79.31.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,CA)
51.79.31.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,CA)
51.79.31.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,CA)
51.79.31.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,CA)
51.79.31.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,CA)
51.79.55.53	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:17	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=53,CA)
51.79.6.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
51.79.62.98	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=98,CA)
51.79.78.177	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:07	PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt - SourceFire (IP=177,CA)
51.79.82.87	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:05	SIPVicious Security Scanner - IPS Events (IP=87,CA)
51.81.0.134	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:15:15	Phish.LIVE.DTI.URL Case # 7675(IP=134,US)
51.81.133.91	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:18	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=91,US)
51.81.155.131	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:19	FIREEYE Web: Infection Match - FE NX (IP=131,US)
51.81.212.101	32	RW	None	2021-10-08 00:00:00	2022-01-10 00:00:00	None	Cold Fusion Errors - IR# 22C00096 (IP=101,FR)
51.81.27.157	32	TH	None	2022-05-30 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:06	SIPVicious Security Scanner - FE CMS IPS Events (IP=157,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=157,US)
51.81.41.80	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=80,US)
51.81.85.169	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=169,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=169,US)
51.83.106.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
51.83.148.178	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=178,FR)
51.83.183.151	32	TLM	None	2021-12-23 00:00:00	2022-06-23 00:00:00	None	HIVE Case #6695 CTO 21-357 (IP=151,US)
51.83.234.52	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
51.83.253.244	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:33	HIVE Case #7669 TO-S-2022-0187 (IP=244,RU)
51.83.37.60	24	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:46	PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt - SourceFire (IP=60,FR)
51.89.115.112	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:26	HIVE Case #7705 CTO 22-153 (IP=112,GB)
51.89.115.96	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=96,GB)
51.89.124.57	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:12	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=57,GB)
51.89.138.51	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:47	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=51,GB)
51.89.138.51	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:53	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=51,GB)
51.89.181.117	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=117,GB)
51.89.181.118	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=118,GB)
51.89.181.120	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:13	HIVE Case #7133 CTO 22-062 (IP=120,GB)
51.89.190.220	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:13	HIVE Case #7733 CTO 22-155 (IP=220,GB)
51.89.204.164	24	DT	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=164,GB)
51.89.210.140	32	TLM	None	2022-01-19 00:00:00	2022-07-19 00:00:00	None	HIVE Case #6798 CTO 22-019 (IP=140,GB)
51.89.214.192	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=192,GB)
51.89.228.124	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
51.89.228.2	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
51.89.230.50	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
51.89.251.136	32	RR	None	2019-11-05 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent - TT# 20C00848 (IP=136,FR) | updated by dbc Block was inactive. Reactivated on 20210120 with reason GB TO-S-2021-1037 Hive Case 4785 Malware Activity
51.89.253.10	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:32	ColdFusion Error reporting - IR# 22C01139 (IP=10,GB)
51.89.6.46	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
51.89.70.16	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:53:31	HIVE Case #7199 CTO 22-074 (IP=16,GB)
51.89.70.16	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:51:23	HIVE Case #7199 CTO 22-074 (IP=16,GB)
51.89.73.150	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:35	HIVE Case #7227 CTO 22-076 (IP=150,GB)
51.89.73.156	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=156,GB)
51.9.104.40	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
51.91.105.214	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:08	PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt - SourceFire (IP=214,FR)
51.91.17.116	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=116,FR)
51.91.173.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
51.91.19.20	32	dbc	None	2019-07-05 00:00:00	2022-09-10 00:00:00	2022-03-10 13:14:23	FR TO-S-2019-0800 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20220310 with reason HIVE Case #7179 COLS-NA-TIP 22-0082 (IP=20,FR)
51.91.190.40	24	JP	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 22:41:08	SIPVicious Security Scanner - IPS Events (IP=40,FR)
51.91.203.225	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=225,FR)
51.91.214.162	24	BB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=162,FR)
51.91.219.186	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
51.91.236.255	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
51.91.253.126	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:14	HIVE Case #7705 CTO 22-153 (IP=126,FR)
51.91.7.5	32	WR	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=5,FR)
51.91.76.89	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:23	HIVE Case #7535 TO-S-2022-0176 (IP=89,FR)
5132795248.zingerrolstoel-nederland.nl	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:58:05	HIVE Case #5644 TO-S-2021-1352
5170606251.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
52.0.117.86	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=86,US)
52.114.128.75	32	RT	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	Intrusion Event Record - TT# 22C00776 (IP=75,US)
52.12.177.231	32	WR	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 Hr Web Attacks (IP=231,US)
52.12.55.135	32	SW	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 13:50:52	Hive Case 7577 (IP=135,US)
52.127.65.5	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:00	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - SourceFire Report (IP=5,US)
52.127.65.50	32	ZH	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - Sourcefire Rpt (IP=50,US)
52.127.65.53	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:16	SERVER-APACHE Apache Struts remote code execution attempt (1:39190:3) - SourceFire (IP=53,US)
52.127.65.86	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:29	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=86,US)
52.127.70.81	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:14	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - SourceFire Report (IP=81,US)
52.128.56.70	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
52.128.58.218	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
52.131.238.74	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=74,CN)
52.14.172.238	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:31	ColdFusion Error reporting - IR # 22C01138 (IP=238,US)
52.14.29.65	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:29	HIVE Case #7769 CTO 22-165 (IP=65,US)
52.141.26.43	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:33	FSS_Outbound PHP File & FSS_Inbound PHP File from TCP Client - IR# 22C01675 (IP=43,US)
52.141.26.43	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 22:50:39	FSS_Outbound PHP File & FSS_Inbound PHP File from TCP Client - IR# 22C01675 (IP=43,US)
52.141.26.43	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:48	Exploit.Log4Shell.CVE-2021-44228 - FE NX(IP=43,KR)
52.141.26.43	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:54	Exploit.Log4Shell.CVE-2021-44228 - FE NX(IP=43,KR)
52.142.186.245	24	SW	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:34	SIPVicious Security Scanner -IPS Events(IP=245,GB)
52.144.44.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
52.144.44.17	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
52.144.44.91	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
52.149.228.45	32	AS	None	2022-03-22 00:00:00	2022-09-22 00:00:00	2022-03-22 14:48:49	HIVE Case #7254 CTO 22-078 (IP=45,US)
52.158.167.180	32	SW	None	2021-12-09 00:00:00	2022-03-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00507(IP=180,US)
52.16.21.24	24	BMP	None	2021-12-15 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 - burpcollaborator.net (IP=24,IE)
52.161.101.211	32	ZH	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	Unauthorized Access-Probe TT# 22C00437 (IP=211,US)
52.162.36.242	32	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	SERVER-WEBAPP Movable Type CMS command injection attempt (1:58687:1) - SourceFire (IP=242,US)
52.163.216.142	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:56	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=142,SG)
52.163.98.57	32	KD	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00446 (IP=57,US)
52.165.191.84	32	SW	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=84, US)
52.165.21.56	32	SW	None	2021-11-02 00:00:00	2022-01-31 00:00:00	None	SQL injection - WebAttacks (IP=56,US)
52.165.26.198	32	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - FE IPS (IP=198,US)
52.166.194.86	24	KH	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-18 22:54:57	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - Sourcefire (IP=86,NL)
52.168.128.80	32	RB	None	2022-02-24 00:00:00	2022-05-25 00:00:00	2022-02-24 23:33:34	ColdFusion Error reporting - IR# 22C00967 (IP=80,US)
52.170.21.200	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=200,US)
52.170.68.222	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=222,US)
52.173.20.200	32	KH	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=200,US)
52.173.26.224	32	AR	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=224,US)
52.173.94.24	32	RR	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	T1190 - Command Injection,SQL Injection - Automated Block Calculations (IP=24,US)
52.18.63.80	24	BMP	None	2021-12-15 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 - canarytokens.com (IP=80,IE)
52.18.63.80	24	BMP	None	2021-12-15 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 - canarytokens.com (IP=80,IE)
52.181.166.119	32	ZH	None	2021-08-02 00:00:00	2022-12-15 13:13:34	2022-11-15 13:13:07	ZeroLogonExploit 40130339 UN DEF CVE_2020_1472 (1:40130339:2) - SourceFire Rpt (IP=119,US)
52.184.23.218	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:00	HIVE Case #7705 CTO 22-153 (IP=218,HK)
52.185.188.46	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:20	HIVE Case #7495 CTO 22-120 (IP=46,JP)
52.186.80.240	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:00	HIVE Case #7381 CTO 22-102 v2 (IP=240,US)
52.187.52.183	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:51	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01711 (IP=183,US)
52.188.150.17	32	SW	None	2022-01-23 00:00:00	2022-04-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - SourceFire (IP=17, US)
52.188.53.161	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:04	HIVE Case #7820 CTO 22-174 (IP=161,US)
52.189.104.85	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:15	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) - SourceFire (IP=85,US)
52.199.25.134	24	ZH	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 22:57:06	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (1:21492:23) - SourceFire (IP=134,JP)
52.20.171.201	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:41	HIVE Case #7361 CTO 22-098 (IP=201,US)
52.200.14.37	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=37,US)
52.200.57.50	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:28	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=50,US)
52.201.227.206	32	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=206,US)
52.201.243.225	32	SW	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 13:47:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=225,US)
52.202.193.124	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6446 CTO 21-272 (IP=124,US)
52.203.167.18	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:16	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=18,US)
52.204.210.180	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00653
52.204.210.180	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00653
52.204.210.180	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00653
52.204.210.180	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00653
52.204.210.180	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00653
52.204.210.180	32	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00653
52.205.190.251	32	SW	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=251, US)
52.205.252.33	32	SW	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:34	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=33, US)
52.207.142.152	32	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:35	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=152,US)
52.207.240.149	32	AR	None	2021-10-31 00:00:00	2022-01-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=149,US)
52.210.25.220	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=220,IE)
52.218.160.50	32	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Rpt (IP=50,US)
52.218.176.234	32	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:29	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01665 (IP=234,US)
52.221.67.195	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:57	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR #22C01221(IP=195,SG)
52.221.92.67	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=67,SG)
52.222.149.89	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-15 18:48:07	HIVE Case #8292 COLS-NA-TIP 22-0316 (IP=89,US)
52.222.8.24	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:24	HIVE Case #8100 CTO 22-211 (IP=24,US)
52.222.86.139	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:25	HIVE Case #8100 CTO 22-211 (IP=139,US)
52.222.90.57	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:22	HIVE Case #8100 CTO 22-211 (IP=57,US)
52.222.91.138	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:23	HIVE Case #8100 CTO 22-211 (IP=138,US)
52.224.37.188	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:54	HIVE Case #7874 CTO 22-181 (IP=188,US)
52.23.170.46	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:35	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=46,US)
52.23.192.165	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=165,US)
52.23.209.203	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire Rpt (IP=203,US)
52.23.211.201	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:16	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01594 (IP=201,US)
52.23.252.98	32	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=98,US)
52.23.255.1	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire Rpt (IP=1,US)
52.231.14.124	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:52	HIVE Case #7458 CTO 22-113 (IP=124,KR)
52.234.210.133	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=133,US)
52.24.161.80	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 22:46:06	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01361 (IP=80,US)
52.24.183.20	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=20,US)
52.24.183.20	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=20,US)
52.247.168.18	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:21	HIVE Case #8100 CTO 22-211 (IP=18,US)
52.250.30.131	32	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=131,US)
52.252.7.55	32	KH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00328 (IP=55,US)
52.253.113.181	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:51	HIVE Case #7380 CTO 22-099 (IP=181,JP)
52.255.186.158	32	NAB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:35	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=158,US)
52.29.134.186	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=186,DE)
52.34.76.65	32	dbc	None	2020-01-30 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:05	US TO-S-2020-0285 Malware Activity | updated by RW Block was inactive. Reactivated on 20210629 with reason SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - Sourcefire (IP=65,US) SERVER-APACHE Apache Struts java.la | updated by ZH Block was inactive. Reactivated on 20220515 with reason File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=65,US) File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=65,US)
52.34.76.65	32	RW	None	2021-06-29 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:05	US TO-S-2020-0285 Malware Activity | updated by RW Block was inactive. Reactivated on 20210629 with reason SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - Sourcefire (IP=65,US) SERVER-APACHE Apache Struts java.la | updated by ZH Block was inactive. Reactivated on 20220515 with reason File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=65,US) File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=65,US)
52.34.76.65	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:05	US TO-S-2020-0285 Malware Activity | updated by RW Block was inactive. Reactivated on 20210629 with reason SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - Sourcefire (IP=65,US) SERVER-APACHE Apache Struts java.la | updated by ZH Block was inactive. Reactivated on 20220515 with reason File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=65,US) File /etc/passwd Access Attempt Detect - CMS IPS Events (IP=65,US)
52.37.20.54	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:41	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=54,US)
52.4.153.107	32	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 22:51:12	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01832 (IP=107,US)
52.47.189.158	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:42	Custom Violation - ArcSight (IP=158,FR)
52.48.51.67	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:07	HIVE Case #7904 CTO 22-189 (IP=67,IE)
52.5.116.138	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:42	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=138, US)
52.50.68.51	32	TH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-09 13:27:12	HTTP: PHPUnit Remote Code - IR# 22C01616 (IP=51,US)
52.51.89.237	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=237,IE)
52.53.211.236	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-15 18:48:08	HIVE Case #8292 COLS-NA-TIP 22-0316 (IP=236,US)
52.55.183.117	32	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:22	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=117,US)
52.55.237.33	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=33,US)
52.56.68.191	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:51	HIVE Case #7282 CTO 22-085 (IP=191,GB)
52.56.81.92	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=92,GB)
52.57.62.22	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:39	HIVE Case #7296 CTO 22-088 (IP=22,DE)
52.58.20.78	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:01	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01663 (IP=78,DE)
52.58.51.176	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:18	HIVE Case #7696 CTO 22-152 (IP=176,DE)
52.61.153.156	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=156,US)
52.61.206.70	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5)- Sourcefire Rpt (IP=70,US)
52.61.209.94	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:20	HIVE Case #8100 CTO 22-211 (IP=94,US)
52.61.211.189	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:21	HIVE Case #8100 CTO 22-211 (IP=189,US)
52.61.220.111	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:22	HIVE Case #8100 CTO 22-211 (IP=111,US)
52.63.97.122	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=122,AU)
52.64.251.138	32	RW	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00322 (IP=138,US)
52.65.235.185	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=185,AU)
52.65.88.94	24	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=94,AU)
52.66.182.77	24	RR	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=77,IN)
52.7.36.190	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:14	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=190,US)
52.7.99.72	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:39	HIVE Case #7652 CTO 22-141 (IP=72,US)
52.71.250.191	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:24	HIVE Case #7905 COLS-NA TIP 22-0239 (IP=191,US)
52.71.39.88	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:10	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=88,US)
52.71.39.88	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:46	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=88,US)
52.72.92.112	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:13	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01411 (IP=112,US)
52.73.57.14	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:55	HIVE Case #7662 CTO 22-145 (IP=14,US)
52.77.247.53	24	KH	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=53,SG)
52.87.166.39	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=39,US)
52.87.178.78	32	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:46	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire(IP=78,US)
52.87.178.78	32	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:47:40	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire(IP=78,US)
52.87.178.78	32	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:47:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire(IP=78,US)
52.87.179.251	32	NAB	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:02	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=251,US)
52.87.202.218	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:47	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=218,US)
52.87.209.47	32	KD	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-12 14:30:07	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire(IP=47,US)
52.90.151.37	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:52	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=37,US)
52.90.206.115	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:43	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=115, US)
52.90.214.250	32	ZH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=250,US)
52.90.228.203	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:07	HIVE Case #7904 CTO 22-189 (IP=203,US)
52.90.25.71	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:54	Possible Cross-site Scripting Attack - FE IPS Events (IP=71,US)
52.90.65.83	32	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=83,US)
52.90.71.86	32	SW	None	2022-08-19 00:00:00	2022-08-20 00:00:00	2022-10-11 19:13:02	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=86,US) | Unblocked - IP is owned by AWS, SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt has been deemed as a false positive, not actively blocked on the routers
52.90.87.160	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:39	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=160,US)
52.91.113.137	32	SW	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=137,US)
52.91.15.219	32	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	OS-WINDOWS Microsoft Windows HTTP protocol stack remote code execution attempt (1:57605:2)- Sourcefire Rpt (IP=219,US)
52.91.19.194	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:41	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=194,US)
52.91.20.58	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2)- SourceFire Rpt (IP=58,US)
52.91.48.224	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:38	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=224, US)
52.91.71.122	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=122,US)
53.218.169.8	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=8,DE)
535.ridhantours.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:24	HIVE Case #5940 TO-S-2021-1447
53pwymshshdgu.jhvbuh.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:36	HIVE Case #5775 TO-S-2021-1390
54.144.8.10	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=10,US)
54.144.94.138	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:46	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire(IP=138,US)
54.144.94.138	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:52	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire(IP=138,US)
54.145.125.18	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=18,US)
54.145.159.73	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire Rpt (IP=73,US)
54.145.204.32	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:58	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=32,US)
54.145.250.182	32	RB	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:30	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01667 (IP=182,US)
54.147.143.192	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:16	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01595 (IP=192,US)
54.147.225.69	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:18	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=69,US)
54.147.241.112	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=112,US)
54.147.56.131	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:49	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=131, US)
54.147.56.131	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:57	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - CMS IPS Events (IP=131,US)
54.151.228.40	24	RS	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:17:59	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=40,SG)
54.151.249.217	32	RR	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 13:49:07	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01427 (IP=217,US)
54.152.124.41	32	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:46	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=41,US)
54.152.141.51	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:05	SIPVicious Security Scanner - IPS Events (IP=51,US)
54.152.163.232	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:32	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=232,US)
54.152.21.119	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=119,US)
54.152.24.175	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:29	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=175,US)
54.155.41.65	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:33	HIVE Case #7380 CTO 22-099 (IP=65,IE)
54.156.20.138	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=138,US)
54.157.220.181	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:28	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=181,US)
54.157.220.181	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=181,US)
54.157.51.14	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:33	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=14, US)
54.158.109.174	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire Rpt (IP=174,US)
54.158.112.82	32	ZH	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-03 13:44:43	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=82,US)
54.158.194.151	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=151,US)
54.158.216.33	32	ZH	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=33,US)
54.158.222.139	32	RB	None	2022-01-15 00:00:00	2022-04-15 00:00:00	None	Known Attack Tool - TT# 22C00838 (IP=139,US)
54.159.9.92	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:14	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) SourceFire (IP=92,US)
54.160.132.189	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:30	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=189,US)
54.160.132.22	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=22,US)
54.160.164.222	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:54:20	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01435 (IP=222,US)
54.161.104.148	32	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-07 15:00:02	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=148,US)
54.161.114.235	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:58	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=235,US)
54.161.194.100	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:10	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=100,US)
54.161.194.100	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:35	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=100,US)
54.161.29.173	32	KD	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=173,US)
54.162.102.2	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2)- Sourcefire Rpt (IP=2,US)
54.162.146.1	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:08	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=1,US)
54.162.205.241	32	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=241,US)
54.163.129.237	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=237,US)
54.163.195.177	32	ZH	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=177,US)
54.163.211.115	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:18	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) SourceFire (IP=115,US)
54.163.212.108	32	KD	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=108,US)
54.164.157.50	32	ZH	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=50,US)
54.164.22.243	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=243,US)
54.164.227.220	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:30	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=220,US)
54.165.25.159	32	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=159,US)
54.165.6.144	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:05	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=144,US)
54.165.6.144	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:40:37	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=144,US)
54.165.6.144	32	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 15:25:56	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=144,US)
54.166.148.242	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:03	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=242,US)
54.166.157.8	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:12	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=8, US)
54.166.175.15	32	ZH	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=15,US)
54.166.184.103	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:26	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=103,US)
54.166.248.4	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=4,US)
54.167.115.172	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:26	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - SourceFire (IP=172,US)
54.167.199.149	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:53	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - CMS IPS Events (IP=149,US)
54.167.219.22	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=22,US)
54.167.41.96	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:18	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=96,US)
54.167.63.199	32	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:22	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=199,US)
54.167.74.146	32	SW	None	2022-01-24 00:00:00	2022-04-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=146,US)
54.167.89.227	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:50	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=227, US)
54.169.30.236	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:59	HIVE Case #7282 CTO 22-085 (IP=236,SG)
54.172.104.228	32	NAB	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 14:34:31	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=228,US)
54.172.118.182	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=182,US)
54.172.118.182	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=182,US)
54.172.149.228	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=228, US)
54.172.232.14	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=14,US)
54.172.249.251	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:08	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=251,US)
54.172.254.49	32	SW	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:28	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=49,US)
54.172.6.235	32	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=235,US)
54.173.61.36	32	RR	None	2021-10-06 00:00:00	2022-01-04 00:00:00	None	Known Attack Tool User Agent V2 - TT# 22C00078 (IP=36,US)
54.173.99.121	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=121,US)
54.174.133.123	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:29	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - SourceFire (IP=123,US)
54.174.158.111	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=111, US)
54.174.178.55	32	AR	None	2021-10-30 00:00:00	2022-01-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=55,US)
54.174.21.134	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:10	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=134,US)
54.175.131.127	32	KD	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=211,US)
54.175.15.58	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:52	SIPVicious Security Scanner - IPS Events (IP=58,US)
54.175.150.87	32	SW	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:31	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=87,US)
54.175.194.191	32	ZH	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=191,US)
54.175.33.6	32	ZH	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=6,US)
54.175.5.171	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:23	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 2C01507 (IP=171,US)
54.175.6.51	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=51, US)
54.175.89.50	32	ZH	None	2021-11-03 00:00:00	2022-02-01 00:00:00	None	Known Attack Tool User Agent V2 TT# 22C00286 (IP=50,US)
54.182.205.99	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:40	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13)- Sourcefire Rpt (IP=99,US)
54.185.88.124	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:54	HIVE Case #7458 CTO 22-113 (IP=124,US)
54.191.104.176	32	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:11	DT SQLi Attempts - IR# 22C01796 (IP=176,US)
54.194.119.219	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=219,IE)
54.194.119.219	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=219,IE)
54.194.119.219	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=219,IE)
54.194.119.219	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=219,IE)
54.194.119.219	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=219,IE)
54.194.119.219	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=219,IE)
54.194.166.138	32	TLM	None	2022-04-27 00:00:00	2022-10-25 00:00:00	2022-04-27 20:54:07	HIVE Case #7480 CTO 22-117 (IP=138,IE)
54.194.32.135	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:58	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=135,IE)
54.194.58.90	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:11	HIVE Case #7458 CTO 22-113 (IP=90,IE)
54.196.101.225	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:37	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - FE CMS IPS alert (IP=225,US)
54.196.101.225	32	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:06	SIPVicious Security Scanner - IPS Events (IP=225,US)
54.196.118.79	32	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:22	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=79,US)
54.196.124.224	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:37	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=224,US)
54.196.223.232	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:29	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=232,US)
54.196.249.40	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=40,US)
54.196.30.189	32	KD	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=189,US)
54.197.152.8	32	KH	None	2022-06-14 00:00:00	2022-09-12 00:00:00	2022-06-14 22:32:20	Known Attack Tool - IR#22C01380 (IP=8 ,US)
54.198.225.135	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:05	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=135,US)
54.198.53.214	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:26	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=214, US)
54.201.175.246	32	WR	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	HTTP: HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C00417 (IP=246,US)
54.201.189.64	32	TH	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 13:27:18	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=64,US)
54.201.225.177	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=177,US)
54.201.225.231	32	TC	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 22:28:48	HTTP: PHP File Inclusion Vulnerability - IR# 22C01858 (IP=231,US)
54.202.64.47	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=47,US)
54.204.115.4	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=4,US)
54.204.127.246	32	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:35	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=246,US)
54.204.235.236	32	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=236,US)
54.205.136.19	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:11	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=19,US)
54.205.136.19	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=19,US)
54.208.116.9	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:27	SERVER-WEBAPP Unraid Operating System PHP code injection attempt (1:58550:1) - SourceFire (IP=9,US)
54.208.169.197	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire Rpt (IP=197,US)
54.208.200.191	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=191,US)
54.208.57.135	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:02	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=135,US)
54.208.65.99	32	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=99,US)
54.209.160.116	32	wmp	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6642 Wave Browser IOCs (IP=116,US)
54.209.163.38	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:23	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=38, US)
54.209.37.44	32	ZH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) Sourcefire Rpt (IP=44,US)
54.209.58.77	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:19	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=77,US)
54.209.78.15	32	ZH	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 22:57:04	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=15, US)
54.210.143.254	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=254, US)
54.210.161.91	32	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=91,US)
54.210.178.141	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:19	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) SourceFire (IP=141,US)
54.210.25.209	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:11	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=209,US)
54.210.25.209	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=209,US)
54.210.35.215	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:00	SIPVicious Security Scanner - IPS Events (IP=215,US)
54.211.0.137	32	TH	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=137,US)
54.211.143.4	32	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=4,US)
54.211.70.101	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:27	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Rpt (IP=101,US)
54.211.79.153	32	RR	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 13:55:39	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01486 (IP=153,US)
54.215.206.234	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:35	HIVE Case #7769 CTO 22-165 (IP=234,US)
54.218.70.236	32	RW	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	T1190 - Command Injection,SQL Injection (IP=236,US)
54.221.120.205	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:29	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=205,US)
54.221.130.246	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:20	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=246, US)
54.221.171.235	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=235,US)
54.221.171.235	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=235,US)
54.221.179.65	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=65, US)
54.224.66.145	32	RW	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=145,US)
54.225.4.63	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire Rpt (IP=63,US)
54.226.156.136	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:45	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire(IP=136,US)
54.226.156.136	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:52	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire(IP=136,US)
54.226.197.35	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire Rpt (IP=35,US)
54.226.37.97	32	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=97,US)
54.226.57.66	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:38	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - CMS IPS Events (IP=66,US)
54.227.116.124	32	AR	None	2021-10-31 00:00:00	2022-01-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=124,US)
54.227.161.225	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:10	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=225,US)
54.227.161.225	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:36	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=225,US)
54.227.175.140	32	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=140,US)
54.227.214.79	32	AR	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=79,US)
54.227.228.52	32	ZH	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-13 22:30:27	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=52, US)
54.229.102.30	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:08	HIVE Case #7904 CTO 22-189 (IP=30,IE)
54.229.214.66	32	AR	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00339 (IP=66,US)
54.234.122.49	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:48	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=49,US)
54.234.182.4	32	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:50	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=4,US)
54.234.22.153	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=153, US)
54.234.37.168	32	ZH	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 22:51:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=168, US)
54.234.40.242	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:49	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=242,US)
54.234.7.120	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire Rpt (IP=120,US)
54.234.94.130	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:13	HIVE Case #7904 CTO 22-189 (IP=130,US)
54.236.13.102	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:13	HIVE Case #7904 CTO 22-189 (IP=102,US)
54.236.29.148	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:49:10	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire (IP=148,US)
54.237.204.211	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=211,US)
54.237.204.211	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=211,US)
54.237.243.53	32	ZH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) Sourcefire Rpt (IP=53,US)
54.241.238.187	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:32	ColdFusion Error reporting - TT# 22C01140 (IP=187,US)
54.241.91.49	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=49,US)
54.242.105.214	32	SW	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:28	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=214,US)
54.242.11.36	32	ZH	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 22:26:00	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=36,US)
54.242.113.214	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:45	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire(IP=214,US)
54.242.113.214	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire(IP=214,US)
54.242.116.27	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:04	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=27,US)
54.242.159.219	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:47	SSH_EVENT_RESPOVERFLOW - SourceFire (IP=219,US)
54.242.52.28	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:05	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=28,US)
54.243.2.165	32	SA	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:55:06	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=165,US)
54.244.149.136	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:41	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=136,US)
54.250.248.177	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:19	HIVE Case #7341 CTO 22-092 (IP=177,JP)
54.251.207.69	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:14	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01557 (IP=69,SG)
54.254.214.31	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=31,SG)
54.255.251.35	24	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Rpt (IP=35,SG)
54.255.47.177	24	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:38	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=177,SG)
54.36.102.179	24	BB	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=179,FR)
54.36.108.118	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
54.36.108.162	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=162,FR)
54.36.113.62	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.36.123.171	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.36.123.171	32	RW	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	28744: HTTP: MASSCAN Tool Usage - TT# 20C00899 (IP=171,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.36.126.184	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
54.36.127.165	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
54.36.148.0	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=0,FR)
54.36.148.0	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=0,FR)
54.36.148.1	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=1,FR)
54.36.148.1	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=1,FR)
54.36.148.10	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=10,FR)
54.36.148.10	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=10,FR)
54.36.148.100	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=100,FR)
54.36.148.100	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=100,FR)
54.36.148.101	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=101,FR)
54.36.148.101	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=101,FR)
54.36.148.102	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=102,FR)
54.36.148.103	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=103,FR)
54.36.148.103	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=103,FR)
54.36.148.104	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=104,FR)
54.36.148.104	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=104,FR)
54.36.148.105	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=105,FR)
54.36.148.105	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=105,FR)
54.36.148.106	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=106,FR)
54.36.148.107	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=107,FR)
54.36.148.107	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=107,FR)
54.36.148.108	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=108,FR)
54.36.148.108	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=108,FR)
54.36.148.109	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=109,FR)
54.36.148.11	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=11,FR)
54.36.148.11	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=11,FR)
54.36.148.110	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=110,FR)
54.36.148.110	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=110,FR)
54.36.148.111	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=111,FR)
54.36.148.111	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=111,FR)
54.36.148.112	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=112,FR)
54.36.148.112	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=112,FR)
54.36.148.113	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=113,FR)
54.36.148.113	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=113,FR)
54.36.148.114	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=114,FR)
54.36.148.114	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=114,FR)
54.36.148.115	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=115,FR)
54.36.148.115	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=115,FR)
54.36.148.116	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=116,FR)
54.36.148.116	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=116,FR)
54.36.148.117	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=117,FR)
54.36.148.117	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=117,FR)
54.36.148.118	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=118,FR)
54.36.148.118	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=118,FR)
54.36.148.119	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=119,FR)
54.36.148.119	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=119,FR)
54.36.148.12	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=12,FR)
54.36.148.12	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=12,FR)
54.36.148.120	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=120,FR)
54.36.148.120	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=120,FR)
54.36.148.121	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=121,FR)
54.36.148.121	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=121,FR)
54.36.148.122	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=122,FR)
54.36.148.122	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=122,FR)
54.36.148.123	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=123,FR)
54.36.148.123	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=123,FR)
54.36.148.124	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=124,FR)
54.36.148.124	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=124,FR)
54.36.148.125	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=125,FR)
54.36.148.125	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=125,FR)
54.36.148.126	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=126,FR)
54.36.148.126	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=126,FR)
54.36.148.127	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=127,FR)
54.36.148.127	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=127,FR)
54.36.148.128	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=128,FR)
54.36.148.128	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=128,FR)
54.36.148.129	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=129,FR)
54.36.148.129	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=129,FR)
54.36.148.13	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=13,FR)
54.36.148.13	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=13,FR)
54.36.148.130	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=130,FR)
54.36.148.130	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=130,FR)
54.36.148.131	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=131,FR)
54.36.148.131	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=131,FR)
54.36.148.132	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=132,FR)
54.36.148.132	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=132,FR)
54.36.148.133	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=133,FR)
54.36.148.133	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=133,FR)
54.36.148.134	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=134,FR)
54.36.148.134	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=134,FR)
54.36.148.135	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=135,FR)
54.36.148.135	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=135,FR)
54.36.148.136	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=136,FR)
54.36.148.136	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=136,FR)
54.36.148.137	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=137,FR)
54.36.148.137	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=137,FR)
54.36.148.138	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=138,FR)
54.36.148.138	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=138,FR)
54.36.148.139	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=139,FR)
54.36.148.139	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=139,FR)
54.36.148.14	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=14,FR)
54.36.148.14	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=14,FR)
54.36.148.140	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=140,FR)
54.36.148.141	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=141,FR)
54.36.148.141	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=141,FR)
54.36.148.142	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=142,FR)
54.36.148.142	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=142,FR)
54.36.148.143	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=143,FR)
54.36.148.144	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=144,FR)
54.36.148.144	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=144,FR)
54.36.148.145	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=145,FR)
54.36.148.145	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=145,FR)
54.36.148.146	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=146,FR)
54.36.148.146	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=146,FR)
54.36.148.147	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=147,FR)
54.36.148.147	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=147,FR)
54.36.148.148	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=148,FR)
54.36.148.148	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=148,FR)
54.36.148.149	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=149,FR)
54.36.148.149	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=149,FR)
54.36.148.15	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=15,FR)
54.36.148.15	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=15,FR)
54.36.148.15	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=15,FR)
54.36.148.15	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=15,FR)
54.36.148.15	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=15,FR)
54.36.148.150	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=150,FR)
54.36.148.151	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=151,FR)
54.36.148.151	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=151,FR)
54.36.148.152	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=152,FR)
54.36.148.152	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=152,FR)
54.36.148.153	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=153,FR)
54.36.148.153	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=153,FR)
54.36.148.154	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=154,FR)
54.36.148.154	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=154,FR)
54.36.148.155	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=155,FR)
54.36.148.155	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=155,FR)
54.36.148.156	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=156,FR)
54.36.148.157	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=157,FR)
54.36.148.157	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=157,FR)
54.36.148.158	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=158,FR)
54.36.148.158	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=158,FR)
54.36.148.159	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=159,FR)
54.36.148.159	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=159,FR)
54.36.148.16	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=16,FR)
54.36.148.16	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=16,FR)
54.36.148.160	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=160,FR)
54.36.148.160	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=160,FR)
54.36.148.161	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=161,FR)
54.36.148.161	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=161,FR)
54.36.148.162	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=162,FR)
54.36.148.162	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=162,FR)
54.36.148.163	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=163,FR)
54.36.148.163	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=163,FR)
54.36.148.164	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=164,FR)
54.36.148.164	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=164,FR)
54.36.148.165	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=165,FR)
54.36.148.165	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=165,FR)
54.36.148.166	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=166,FR)
54.36.148.166	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=166,FR)
54.36.148.167	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=167,FR)
54.36.148.167	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=167,FR)
54.36.148.168	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=168,FR)
54.36.148.168	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=168,FR)
54.36.148.169	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=169,FR)
54.36.148.17	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=17,FR)
54.36.148.17	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=17,FR)
54.36.148.170	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=170,FR)
54.36.148.170	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=170,FR)
54.36.148.171	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=171,FR)
54.36.148.171	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=171,FR)
54.36.148.172	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=172,FR)
54.36.148.172	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=172,FR)
54.36.148.173	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=173,FR)
54.36.148.173	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=173,FR)
54.36.148.174	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=174,FR)
54.36.148.174	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=174,FR)
54.36.148.175	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=175,FR)
54.36.148.175	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=175,FR)
54.36.148.176	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=176,FR)
54.36.148.176	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=176,FR)
54.36.148.177	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=177,FR)
54.36.148.177	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=177,FR)
54.36.148.178	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=178,FR)
54.36.148.178	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=178,FR)
54.36.148.179	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=179,FR)
54.36.148.179	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=179,FR)
54.36.148.18	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=18,FR)
54.36.148.18	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=18,FR)
54.36.148.180	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=180,FR)
54.36.148.181	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=181,FR)
54.36.148.181	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=181,FR)
54.36.148.182	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=182,FR)
54.36.148.182	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=182,FR)
54.36.148.183	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=183,FR)
54.36.148.183	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=183,FR)
54.36.148.184	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=184,FR)
54.36.148.184	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=184,FR)
54.36.148.185	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=185,FR)
54.36.148.185	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=185,FR)
54.36.148.186	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=186,FR)
54.36.148.186	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=186,FR)
54.36.148.187	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=187,FR)
54.36.148.187	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=187,FR)
54.36.148.188	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=188,FR)
54.36.148.188	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=188,FR)
54.36.148.189	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=189,FR)
54.36.148.189	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=189,FR)
54.36.148.19	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=19,FR)
54.36.148.19	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=19,FR)
54.36.148.190	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=190,FR)
54.36.148.190	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=190,FR)
54.36.148.191	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=191,FR)
54.36.148.191	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=191,FR)
54.36.148.192	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=192,FR)
54.36.148.192	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=192,FR)
54.36.148.193	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=193,FR)
54.36.148.193	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=193,FR)
54.36.148.194	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=194,FR)
54.36.148.194	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=194,FR)
54.36.148.195	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=195,FR)
54.36.148.195	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=195,FR)
54.36.148.196	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=196,FR)
54.36.148.196	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=196,FR)
54.36.148.197	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=197,FR)
54.36.148.197	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=197,FR)
54.36.148.198	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=198,FR)
54.36.148.198	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=198,FR)
54.36.148.198	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=198,FR)
54.36.148.198	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=198,FR)
54.36.148.198	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=198,FR)
54.36.148.199	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=199,FR)
54.36.148.199	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=199,FR)
54.36.148.2	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=2,FR)
54.36.148.2	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=2,FR)
54.36.148.20	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=20,FR)
54.36.148.20	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=20,FR)
54.36.148.200	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=200,FR)
54.36.148.200	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=200,FR)
54.36.148.201	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=201,FR)
54.36.148.201	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=201,FR)
54.36.148.202	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=202,FR)
54.36.148.203	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=203,FR)
54.36.148.203	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=203,FR)
54.36.148.204	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=204,FR)
54.36.148.204	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=204,FR)
54.36.148.205	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=205,FR)
54.36.148.205	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=205,FR)
54.36.148.206	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=206,FR)
54.36.148.206	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=206,FR)
54.36.148.207	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=207,FR)
54.36.148.208	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=208,FR)
54.36.148.208	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=208,FR)
54.36.148.209	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=209,FR)
54.36.148.209	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=209,FR)
54.36.148.21	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=21,FR)
54.36.148.21	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=21,FR)
54.36.148.210	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=210,FR)
54.36.148.210	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=210,FR)
54.36.148.211	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=211,FR)
54.36.148.211	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=211,FR)
54.36.148.212	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=212,FR)
54.36.148.212	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=212,FR)
54.36.148.213	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=213,FR)
54.36.148.213	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=213,FR)
54.36.148.214	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=214,FR)
54.36.148.214	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=214,FR)
54.36.148.215	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=215,FR)
54.36.148.215	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=215,FR)
54.36.148.216	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=216,FR)
54.36.148.216	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=216,FR)
54.36.148.217	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=217,FR)
54.36.148.217	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=217,FR)
54.36.148.218	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=218,FR)
54.36.148.218	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=218,FR)
54.36.148.219	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=219,FR)
54.36.148.219	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=219,FR)
54.36.148.22	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=22,FR)
54.36.148.22	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=22,FR)
54.36.148.220	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=220,FR)
54.36.148.220	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=220,FR)
54.36.148.221	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=221,FR)
54.36.148.221	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=221,FR)
54.36.148.222	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=222,FR)
54.36.148.222	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=222,FR)
54.36.148.223	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=223,FR)
54.36.148.223	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=223,FR)
54.36.148.224	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=224,FR)
54.36.148.224	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=224,FR)
54.36.148.225	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=225,FR)
54.36.148.225	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=225,FR)
54.36.148.226	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:05	HIVE Case #7133 CTO 22-062 (IP=226,FR)
54.36.148.227	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=227,FR)
54.36.148.227	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=227,FR)
54.36.148.228	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=228,FR)
54.36.148.228	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=228,FR)
54.36.148.229	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=229,FR)
54.36.148.229	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=229,FR)
54.36.148.229	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=229,FR)
54.36.148.229	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=229,FR)
54.36.148.229	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=229,FR)
54.36.148.23	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=23,FR)
54.36.148.23	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=23,FR)
54.36.148.230	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=230,FR)
54.36.148.230	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=230,FR)
54.36.148.231	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=231,FR)
54.36.148.231	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=231,FR)
54.36.148.232	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=232,FR)
54.36.148.232	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=232,FR)
54.36.148.233	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=233,FR)
54.36.148.233	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=233,FR)
54.36.148.234	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=234,FR)
54.36.148.234	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=234,FR)
54.36.148.235	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=235,FR)
54.36.148.235	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=235,FR)
54.36.148.236	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=236,FR)
54.36.148.236	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=236,FR)
54.36.148.237	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=237,FR)
54.36.148.237	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=237,FR)
54.36.148.238	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=238,FR)
54.36.148.238	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=238,FR)
54.36.148.239	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=239,FR)
54.36.148.239	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=239,FR)
54.36.148.24	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=24,FR)
54.36.148.24	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=24,FR)
54.36.148.240	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=240,FR)
54.36.148.240	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=240,FR)
54.36.148.241	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=241,FR)
54.36.148.241	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=241,FR)
54.36.148.242	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=242,FR)
54.36.148.242	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=242,FR)
54.36.148.242	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=242,FR)
54.36.148.242	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=242,FR)
54.36.148.242	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=242,FR)
54.36.148.243	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=243,FR)
54.36.148.243	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=243,FR)
54.36.148.244	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=244,FR)
54.36.148.245	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=245,FR)
54.36.148.245	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=245,FR)
54.36.148.246	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=246,FR)
54.36.148.246	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=246,FR)
54.36.148.247	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=247,FR)
54.36.148.247	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=247,FR)
54.36.148.248	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=248,FR)
54.36.148.248	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=248,FR)
54.36.148.249	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=249,FR)
54.36.148.249	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=249,FR)
54.36.148.25	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=25,FR)
54.36.148.25	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=25,FR)
54.36.148.250	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=250,FR)
54.36.148.250	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=250,FR)
54.36.148.251	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=251,FR)
54.36.148.251	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=251,FR)
54.36.148.252	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=252,FR)
54.36.148.252	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=252,FR)
54.36.148.253	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=253,FR)
54.36.148.253	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=253,FR)
54.36.148.254	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=254,FR)
54.36.148.254	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=254,FR)
54.36.148.255	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=255,FR)
54.36.148.26	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=26,FR)
54.36.148.26	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=26,FR)
54.36.148.27	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=27,FR)
54.36.148.27	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=27,FR)
54.36.148.28	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=28,FR)
54.36.148.28	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=28,FR)
54.36.148.29	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=29,FR)
54.36.148.29	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=29,FR)
54.36.148.3	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=3,FR)
54.36.148.3	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=3,FR)
54.36.148.30	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=30,FR)
54.36.148.30	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=30,FR)
54.36.148.31	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=31,FR)
54.36.148.31	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=31,FR)
54.36.148.32	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=32,FR)
54.36.148.32	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=32,FR)
54.36.148.33	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=33,FR)
54.36.148.33	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=33,FR)
54.36.148.34	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=34,FR)
54.36.148.34	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=34,FR)
54.36.148.35	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:56	HIVE Case #7308 CTO 22-090 (IP=35,FR)
54.36.148.36	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=36,FR)
54.36.148.36	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=36,FR)
54.36.148.37	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=37,FR)
54.36.148.37	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=37,FR)
54.36.148.38	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=38,FR)
54.36.148.38	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=38,FR)
54.36.148.39	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=39,FR)
54.36.148.39	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=39,FR)
54.36.148.4	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=4,FR)
54.36.148.4	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=4,FR)
54.36.148.40	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=40,FR)
54.36.148.40	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=40,FR)
54.36.148.41	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=41,FR)
54.36.148.41	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=41,FR)
54.36.148.42	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=42,FR)
54.36.148.43	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=43,FR)
54.36.148.43	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=43,FR)
54.36.148.44	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=44,FR)
54.36.148.44	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=44,FR)
54.36.148.45	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=45,FR)
54.36.148.45	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=45,FR)
54.36.148.46	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:35	HIVE Case #7226 CTO 22-075 (IP=46,FR)
54.36.148.47	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=47,FR)
54.36.148.47	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=47,FR)
54.36.148.48	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=48,FR)
54.36.148.48	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=48,FR)
54.36.148.49	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=49,FR)
54.36.148.49	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=49,FR)
54.36.148.5	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=5,FR)
54.36.148.5	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=5,FR)
54.36.148.50	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=50,FR)
54.36.148.50	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=50,FR)
54.36.148.51	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=51,FR)
54.36.148.51	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=51,FR)
54.36.148.52	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=52,FR)
54.36.148.52	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=52,FR)
54.36.148.53	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=53,FR)
54.36.148.53	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=53,FR)
54.36.148.54	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=54,FR)
54.36.148.54	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=54,FR)
54.36.148.55	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=55,FR)
54.36.148.55	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=55,FR)
54.36.148.56	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=56,FR)
54.36.148.56	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=56,FR)
54.36.148.57	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=57,FR)
54.36.148.57	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=57,FR)
54.36.148.58	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=58,FR)
54.36.148.58	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=58,FR)
54.36.148.59	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=59,FR)
54.36.148.59	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=59,FR)
54.36.148.6	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=6,FR)
54.36.148.6	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=6,FR)
54.36.148.60	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=60,FR)
54.36.148.60	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=60,FR)
54.36.148.61	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=61,FR)
54.36.148.61	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=61,FR)
54.36.148.62	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=62,FR)
54.36.148.62	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=62,FR)
54.36.148.63	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=63,FR)
54.36.148.64	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=64,FR)
54.36.148.64	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=64,FR)
54.36.148.65	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=65,FR)
54.36.148.66	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=66,FR)
54.36.148.66	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=66,FR)
54.36.148.67	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=67,FR)
54.36.148.67	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=67,FR)
54.36.148.68	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=68,FR)
54.36.148.68	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=68,FR)
54.36.148.69	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=69,FR)
54.36.148.69	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=69,FR)
54.36.148.7	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=7,FR)
54.36.148.7	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=7,FR)
54.36.148.70	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=70,FR)
54.36.148.70	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=70,FR)
54.36.148.71	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=71,FR)
54.36.148.71	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=71,FR)
54.36.148.72	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=72,FR)
54.36.148.72	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=72,FR)
54.36.148.73	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=73,FR)
54.36.148.74	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=74,FR)
54.36.148.75	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=75,FR)
54.36.148.75	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=75,FR)
54.36.148.76	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=76,FR)
54.36.148.76	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=76,FR)
54.36.148.77	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=77,FR)
54.36.148.77	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=77,FR)
54.36.148.78	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=78,FR)
54.36.148.78	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=78,FR)
54.36.148.79	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=79,FR)
54.36.148.79	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=79,FR)
54.36.148.8	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=8,FR)
54.36.148.8	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=8,FR)
54.36.148.80	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=80,FR)
54.36.148.80	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=80,FR)
54.36.148.81	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=81,FR)
54.36.148.81	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=81,FR)
54.36.148.82	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=82,FR)
54.36.148.83	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=83,FR)
54.36.148.83	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=83,FR)
54.36.148.84	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=84,FR)
54.36.148.84	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=84,FR)
54.36.148.85	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=85,FR)
54.36.148.85	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=85,FR)
54.36.148.86	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=86,FR)
54.36.148.87	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=87,FR)
54.36.148.87	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=87,FR)
54.36.148.88	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=88,FR)
54.36.148.88	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=88,FR)
54.36.148.89	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=89,FR)
54.36.148.9	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=9,FR)
54.36.148.9	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=9,FR)
54.36.148.90	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=90,FR)
54.36.148.90	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=90,FR)
54.36.148.91	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=91,FR)
54.36.148.91	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=91,FR)
54.36.148.92	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=92,FR)
54.36.148.92	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=92,FR)
54.36.148.93	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=93,FR)
54.36.148.93	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=93,FR)
54.36.148.94	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=94,FR)
54.36.148.94	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=94,FR)
54.36.148.95	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=95,FR)
54.36.148.95	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=95,FR)
54.36.148.96	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=96,FR)
54.36.148.96	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=96,FR)
54.36.148.97	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=97,FR)
54.36.148.97	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=97,FR)
54.36.148.98	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=98,FR)
54.36.148.98	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=98,FR)
54.36.148.99	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=99,FR)
54.36.148.99	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=99,FR)
54.36.149.0	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=0,FR)
54.36.149.1	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=1,FR)
54.36.149.10	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=10,FR)
54.36.149.100	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=100,FR)
54.36.149.101	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=101,FR)
54.36.149.102	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=102,FR)
54.36.149.103	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=103,FR)
54.36.149.104	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=104,FR)
54.36.149.105	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=105,FR)
54.36.149.106	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=106,FR)
54.36.149.107	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=107,FR)
54.36.149.11	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=11,FR)
54.36.149.12	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=12,FR)
54.36.149.13	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=13,FR)
54.36.149.14	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=14,FR)
54.36.149.15	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=15,FR)
54.36.149.16	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=16,FR)
54.36.149.17	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=17,FR)
54.36.149.18	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=18,FR)
54.36.149.19	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=19,FR)
54.36.149.2	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=2,FR)
54.36.149.20	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=20,FR)
54.36.149.21	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=21,FR)
54.36.149.22	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=22,FR)
54.36.149.23	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=23,FR)
54.36.149.24	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=24,FR)
54.36.149.25	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=25,FR)
54.36.149.26	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=26,FR)
54.36.149.27	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=27,FR)
54.36.149.28	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=28,FR)
54.36.149.29	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=29,FR)
54.36.149.3	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=3,FR)
54.36.149.30	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=30,FR)
54.36.149.31	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=31,FR)
54.36.149.32	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=32,FR)
54.36.149.33	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=33,FR)
54.36.149.34	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=34,FR)
54.36.149.35	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=35,FR)
54.36.149.36	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=36,FR)
54.36.149.37	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=37,FR)
54.36.149.38	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=38,FR)
54.36.149.39	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=39,FR)
54.36.149.4	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=4,FR)
54.36.149.40	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=40,FR)
54.36.149.41	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=41,FR)
54.36.149.42	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=42,FR)
54.36.149.43	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=43,FR)
54.36.149.44	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=44,FR)
54.36.149.45	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=45,FR)
54.36.149.46	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=46,FR)
54.36.149.47	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=47,FR)
54.36.149.48	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=48,FR)
54.36.149.49	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=49,FR)
54.36.149.5	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=5,FR)
54.36.149.50	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=50,FR)
54.36.149.51	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=51,FR)
54.36.149.52	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=52,FR)
54.36.149.53	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=53,FR)
54.36.149.54	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=54,FR)
54.36.149.55	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=55,FR)
54.36.149.56	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=56,FR)
54.36.149.57	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=57,FR)
54.36.149.58	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=58,FR)
54.36.149.59	32	TLM	None	2022-02-23 00:00:00	2022-08-24 00:00:00	None	HIVE Case #7054 CTO 22-054 (IP=59,FR)
54.36.149.6	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=6,FR)
54.36.149.6	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=6,FR)
54.36.149.6	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=6,FR)
54.36.149.6	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=6,FR)
54.36.149.6	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=6,FR)
54.36.149.60	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=60,FR)
54.36.149.61	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=61,FR)
54.36.149.62	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=62,FR)
54.36.149.63	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=63,FR)
54.36.149.64	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=64,FR)
54.36.149.65	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=65,FR)
54.36.149.66	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=66,FR)
54.36.149.67	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=67,FR)
54.36.149.68	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=68,FR)
54.36.149.69	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=69,FR)
54.36.149.7	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=7,FR)
54.36.149.7	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=7,FR)
54.36.149.7	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=7,FR)
54.36.149.7	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=7,FR)
54.36.149.7	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=7,FR)
54.36.149.70	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=70,FR)
54.36.149.71	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=71,FR)
54.36.149.72	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=72,FR)
54.36.149.73	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=73,FR)
54.36.149.74	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=74,FR)
54.36.149.75	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=75,FR)
54.36.149.76	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=76,FR)
54.36.149.77	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=77,FR)
54.36.149.78	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=78,FR)
54.36.149.79	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=79,FR)
54.36.149.8	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=8,FR)
54.36.149.80	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=80,FR)
54.36.149.81	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=81,FR)
54.36.149.82	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=82,FR)
54.36.149.83	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=83,FR)
54.36.149.84	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=84,FR)
54.36.149.85	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=85,FR)
54.36.149.86	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=86,FR)
54.36.149.87	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=87,FR)
54.36.149.88	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=88,FR)
54.36.149.89	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=89,FR)
54.36.149.9	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=9,FR)
54.36.149.90	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=90,FR)
54.36.149.91	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=91,FR)
54.36.149.92	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=92,FR)
54.36.149.93	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=93,FR)
54.36.149.94	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=94,FR)
54.36.149.95	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=95,FR)
54.36.149.96	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=96,FR)
54.36.149.97	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=97,FR)
54.36.149.98	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=98,FR)
54.36.149.99	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=99,FR)
54.36.150.83	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:33	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=83,FR)
54.36.154.234	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:50	SQL injection - Web Attacks (IP=234,FR)
54.36.158.35	24	ZH	None	2021-10-07 00:00:00	2022-01-13 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt - Sourcefire Rpt (IP=35,FR) | updated by ZH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=35,FR) HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=35,FR) | updated by ZH Block expiration extended with reason SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt- 6hr Web Attacks (IP=35,FR) SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt- 6hr Web Attacks (IP=35,FR)
54.36.158.35	24	ZH	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt - Sourcefire Rpt (IP=35,FR) | updated by ZH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=35,FR) HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=35,FR) | updated by ZH Block expiration extended with reason SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt- 6hr Web Attacks (IP=35,FR) SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt- 6hr Web Attacks (IP=35,FR)
54.36.158.35	24	ZH	None	2021-08-09 00:00:00	2022-01-13 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt - Sourcefire Rpt (IP=35,FR) | updated by ZH Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=35,FR) HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=35,FR) | updated by ZH Block expiration extended with reason SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt- 6hr Web Attacks (IP=35,FR) SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt- 6hr Web Attacks (IP=35,FR)
54.36.165.7	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=7,FR)
54.36.175.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
54.36.189.124	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=124,FR)
54.36.19.240	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.36.19.240	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.36.196.96	24	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=96,FR)
54.36.239.205	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
54.36.24.135	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
54.36.5.222	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
54.36.63.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.36.85.194	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.36.85.194	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.37.106.167	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:40	HIVE Case #7535 TO-S-2022-0176 (IP=167,FR)
54.37.137.80	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
54.37.16.241	24	GM	None	2018-01-09 06:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=241,FR) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=241,FR) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=241,FR)
54.37.16.241	24	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=241,FR) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=241,FR) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=241,FR)
54.37.164.134	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.37.164.134	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.37.164.254	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.37.164.254	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
54.37.18.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
54.37.209.56	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
54.37.225.195	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.37.225.195	32	RWB	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	Signature: Known Attack Tool User Agent//28744: HTTP: MASSCAN Tool Usage - TT# 20C00904 (IP=195,FR) | updated by dbc Block was inactive. Reactivated on 20210120 with reason FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.37.225.27	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:28	HIVE Case #7458 CTO 22-113 (IP=27,FR)
54.37.31.155	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:46	Abnormally Long Request - ArcSight (IP=155,FR)
54.37.70.200	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.37.78.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
54.37.79.151	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
54.37.88.144	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
54.37.93.31	24	NAB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=31,FR)
54.38.103.1	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:40	HIVE Case #7704 TO-S-2022-0190 (IP=1,FR)
54.38.157.127	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
54.38.178.106	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.38.207.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
54.38.209.31	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=31,FR)
54.38.209.32	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=32,FR)
54.38.229.8	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=8,FR)
54.38.232.140	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=140,FR)
54.38.255.52	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
54.38.34.203	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=203,FR)
54.38.49.6	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=6,FR)
54.39.17.214	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:30	Masscan TCP Port Scanner - FE CMS IPS alert (IP=214,CA)
54.39.17.214	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:06	SIPVicious Security Scanner - IPS Events (IP=214,CA)
54.39.234.204	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=204,CA)
54.39.78.148	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:14	HIVE Case #7115 CTO 22-060 (IP=148,CA)
54.39.83.152	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=152,CA)
54.64.241.32	24	SW	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-20 13:23:17	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=32,JP)
54.75.207.238	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:13	HIVE Case #7495 CTO 22-120 (IP=238,IE)
54.76.101.57	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:26	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=,IE)
54.78.33.97	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=97,IE)
54.80.11.123	32	KD	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-12 14:30:08	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire(IP=123,US)
54.80.151.207	32	SW	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 13:55:12	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=207,US)
54.80.255.32	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:28	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=32,US)
54.80.93.58	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:03	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=58,US)
54.81.129.189	32	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:21	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=189,US)
54.81.166.217	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:58	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=217, US)
54.81.227.61	32	ZH	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 22:26:01	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=61,US)
54.81.239.146	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:22	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=146, US)
54.81.239.146	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:51	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=146, US)
54.81.96.109	32	BMP	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite
54.82.122.141	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:27	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Rpt (IP=141,US)
54.82.164.30	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=30,US)
54.82.5.253	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:22	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=253, US)
54.82.82.177	32	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=177,US)
54.83.111.131	32	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=131,US)
54.83.113.93	32	RS	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-11 22:52:16	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=93,US)
54.83.155.232	32	AR	None	2022-05-22 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:41	Webshell.Binary.php.FEC2 - FE CMS (IP=232,US) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=232,US) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=232,US)
54.83.155.232	32	NAB	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-23 13:49:41	Webshell.Binary.php.FEC2 - FE CMS (IP=232,US) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=232,US) HIVE Case #6651 Exploit.CVE-2021-44228 (IP=232,US)
54.83.182.154	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:32	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=154,US)
54.83.99.140	32	SW	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=140,US)
54.84.14.141	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=141,US)
54.84.238.172	32	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=172,US)
54.85.166.37	32	SW	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=37,US)
54.85.166.37	32	SW	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=37,US)
54.85.166.37	32	SW	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=37,US)
54.85.166.37	32	SW	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=37,US)
54.85.166.37	32	SW	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=37,US)
54.86.182.135	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:49	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=135,US)
54.86.193.137	32	AR	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:34	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=137,US)
54.86.77.13	32	ZH	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=13,US)
54.86.78.194	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:47	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire(IP=194,US)
54.86.78.194	32	SW	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:53	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire(IP=194,US)
54.87.147.196	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:44	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=196,US)
54.87.232.241	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:20	HIVE Case #8100 CTO 22-211 (IP=241,US)
54.87.53.176	32	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=176,US)
54.87.90.153	32	BMP	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite
54.88.202.55	32	TH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=55,US)
54.88.26.134	32	KD	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- Sourcefire(IP=134,US)
54.88.4.185	32	ZH	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=185,US)
54.88.75.202	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=202,US) | UNBLOCKED per CTO 22-305
54.88.75.202	32	TLM	Kristen Pope	2022-10-17 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=202,US) | UNBLOCKED per CTO 22-305
54.89.71.211	32	SW	None	2022-01-24 00:00:00	2022-04-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=211,US)
54.90.114.198	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=198,US)
54.90.114.198	32	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=198,US)
54.90.137.213	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:08	HIVE Case #7904 CTO 22-189 (IP=213,US)
54.90.204.166	32	SA	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 22:13:29	SERVER-OSAER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=166,US)
54.90.230.176	32	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:24	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=176,US)
54.91.121.160	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:14	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=160,US)
54.91.135.67	32	ZH	None	2021-11-27 00:00:00	2022-02-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Rpt (IP=67,US)
54.91.16.149	32	AR	None	2022-02-20 00:00:00	2022-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=149,US)
54.91.199.243	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:55	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=243,US)
54.91.235.153	32	SW	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 22:37:33	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=153, US)
54.91.6.3	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:53:59	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=3, US)
54.91.69.62	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 13:10:24	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=62,US)
54.94.235.195	24	KH	None	2021-12-31 00:00:00	2022-03-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=195,BR)
54.95.184.173	32	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:34	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01712 (IP=173,JP)
55.32.224.21	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 12:25:41	HIVE Case #7306 TO-S-2022-0157 (IP=21,US)
55.92.138.181	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=181,US)
5543458610.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
5625827064.smartwife.in	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:16	HIVE Case #5940 TO-S-2021-1447
5654227362.kdsncompany.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:43	HIVE Case #5940 TO-S-2021-1447
5669299035.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
58.11.80.147	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:31	HIVE Case #7653 CTO 22-144 (IP=147,TH)
58.124.228.242	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=242,KR)
58.136.99.89	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
58.137.52.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	TH TO-S-2021-1117 DOS-DDOS Activity
58.145.184.244	24	AR	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:28	SQL injection - WebAttacks (IP=244,BD)
58.145.187.248	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:12	POLICY-OTHER Adobe ColdFusion component browser access attempt (1:25977:3) - SourceFire Report (IP=248,BD)
58.147.183.122	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
58.153.47.183	24	RR	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=183,HK)
58.167.155.100	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AU TO-S-2021-1050 Hive Case 4821 Malware Activity
58.178.248.228	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
58.185.116.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SG TO-S-2021-1050 Hive Case 4821 Malware Activity
58.187.172.182	24	BMP	None	2021-12-14 00:00:00	2022-03-12 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=182,VN)
58.187.32.0	20	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	VN TO-S-2021-1156 Malware Activity
58.187.57.123	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:39	HIVE Case #7557 CTO 22-130 (IP=123,VN)
58.20.254.76	24	JP	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:52	SIPVicious Security Scanner - IPS Events (IP=76,CN)
58.209.250.41	24	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=101,CN)
58.210.96.99	24	RR	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=99,CN)
58.218.38.250	32	SW	None	2022-03-28 00:00:00	2022-06-26 00:00:00	2022-03-29 02:13:33	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C01098(IP=250,CN)
58.219.156.60	24	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:56	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - IPS Events (IP=60,CN)
58.227.54.150	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=150,KR)
58.235.189.190	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=190,KR)
58.235.189.192	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:31	HIVE Case #7623 CTO 22-139 (IP=192,KR)
58.241.245.2	24	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 00:57:07	FTP Login Failed- 6 hour failed Login(IP=2,CN)
58.248.145.11	24	KH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=11,CN)
58.248.175.229	24	BB	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=229,CN)
58.252.164.225	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:12	Generic URI Injection wget Attempt - FE IPS Events (IP=224,CN)
58.253.10.68	32	WMP	None	2021-11-09 00:00:00	2022-02-09 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=68,CN)
58.253.51.125	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:56	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=125,CN)
58.255.205.26	24	KH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=26,CN)
58.27.192.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PK TO-S-2021-1081 Hive Case 4872 Malware Activity
58.27.248.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PK TO-S-2021-1081 Hive Case 4872 Malware Activity
58.34.57.226	24	BB	None	2021-11-10 00:00:00	2022-02-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,CN)
58.35.199.121	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=121,CN)
58.37.145.160	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=160,CN)
58.44.219.185	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:52	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - IPS Events (IP=185,CN)
58.57.82.238	32	RW	None	2021-11-17 00:00:00	2022-02-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00361 (IP=238,CN)
58.65.128.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,PK)
58.69.160.157	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=157,PH) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=157,PH)
58.69.214.68	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PH TO-S-2021-1117 Malware Activity
58.71.87.123	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PH TO-S-2021-1081 Hive Case 4872 Malware Activity
58.76.186.54	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
58.8.156.77	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
58.8.52.132	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:27	HIVE Case #7881 CTO 22-182 (IP=132,TH)
58.8.52.45	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:16:00	HIVE Case #7904 CTO 22-189 (IP=45,TH)
58.84.146.191	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AU TO-S-2021-1117 DOS-DDOS Activity
58.84.172.197	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AU TO-S-2021-1037 Hive Case 4785 Malware Activity
58.84.24.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malware Activity
58.84.32.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BD TO-S-2021-1037 Hive Case 4785 Malware Activity
58.97.72.83	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=83,TH)
58.98.174.74	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
5858625188.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:40	HIVE Case #5940 TO-S-2021-1447
59.103.191.0	24	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,PK)
59.103.96.0	19	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,PK)
59.103.97.59	24	TC	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 22:29:34	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=59,PK)
59.106.171.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
59.106.171.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JP TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
59.11.2.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
59.120.237.231	24	RB	None	2019-03-23 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:32	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=231,TW) | updated by RS Block was inactive. Reactivated on 20220502 with reason HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=231,TW)
59.120.60.229	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:38	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=229,TW)
59.125.160.178	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=178,TW)
59.125.77.54	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:24	Hello Peppa Scan - IPS Events(IP=54,TW)
59.127.158.12	32	ZH	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00884 (IP=12,TW)
59.127.196.190	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Rpt IP Blocks - TT# 21C01603 (IP= 190, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=190,TW)
59.144.158.85	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IN TO-S-2021-1117 Malware Activity
59.144.68.0	22	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=0,IN) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=0,IN)
59.148.68.114	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:00	HIVE Case #7894 CTO 22-187 (IP=114,HK)
59.153.18.94	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
59.153.74.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
59.153.85.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
59.163.248.0	21	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:57	HIVE Case #7728 TO-S-2022-0192 (IP=0,IN)
59.172.62.186	24	RR	None	2021-11-25 00:00:00	2022-02-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=186,CN) | updated by AR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=186,CN)
59.36.203.35	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 18:09:57	HIVE Case #7921 CTO 22-193 (IP=35,CN)
59.46.79.10	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:55	HTTP: Detect PHP-CGI Remote code Execution vulnerability - WebAttacks (IP=10,CN)
59.50.95.76	24	DT	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=76,CN)
59.52.78.185	24	KH	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 22:58:48	SIPVicious Security Scanner - FE IPS (IP=185,CN)
59.71.241.195	24	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:07	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 Hr Web Report (IP=195,CN)
59.91.64.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
59.92.208.0	20	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	IN TO-S-2021-1143 Malicious Email Activity
59.92.45.252	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:34	Generic URI Injection wget Attempt - CMS IPS Events (IP=252,DE)
59.92.70.191	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BD TO-S-2021-1050 Hive Case 4821 Malware Activity
59.93.80.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,IN)
59.94.130.83	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:01	Generic URI Injection wget Attempt - CMS IPS Events (IP=83,IN)
59.94.152.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malware Activity
59.94.240.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1092 Hive Case 4875 Malware Activity
59.94.99.219	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:00	SQL injection - WebAttacks (IP=219,IN)
59.96.242.94	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:05	Generic URI Injection wget Attempt - IPS Events (IP=94,IN)
59.97.160.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
59.98.32.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
59.99.138.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IN TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
59.99.80.0	20	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,IN)
5983889802.medpharmasd.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:29	HIVE Case #5940 TO-S-2021-1447
5kvnxs.lottowinnertime.com	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:37	HIVE Case #5629 TO-S-2021-1303
5m7r1.kazanhotel.com	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:37	HIVE Case #5629 TO-S-2021-1303
5muc5f.theadvisers.org	---	TLM	None	2021-10-29 00:00:00	2022-10-30 00:00:00	2023-01-19 23:04:18	HIVE Case #6448 TO-S-2022-0058 | updated by TLM Block expiration extended with reason HIVE Case #6448 TO-S-2022-0058
5ojmxv.agendamediatica.comm.mx	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:32	HIVE Case #6042 TO-S-2021-1484
5poliklinika.lviv.ua	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:37	HIVE Case #6042 TO-S-2021-1484
5starvision.com	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:20	HIVE Case #6025 TO-S-2021-1472
6.adsb.maes.com.pk	---	TLM	None	2021-10-06 00:00:00	2022-10-06 00:00:00	2023-01-19 23:03:18	HIVE Case #6314 TO-S-2021-1589
60.168.155.100	24	RR	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=100,CN)
60.170.247.162	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=162,CN)
60.173.220.24	32	DT	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00130 (IP=24,CN)
60.219.136.82	24	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:55	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=82,CN)
60.220.187.86	32	AR	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-24 13:49:06	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01750 (IP=86,CN)
60.221.228.139	24	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:48	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=139,CN)
60.241.53.60	24	RB	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 22:47:00	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=60,AU)
60.243.47.12	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:13	HIVE Case #7627 CTO 22-140 (IP=12,IN)
60.246.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MO TO-S-2021-1037 Hive Case 4785 Malware Activity
60.249.113.46	24	AR	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-27 13:49:46	POLICY-OTHER HP Universal CMDB default credentials authentication attempt - SourceFire (IP=46,TW)
60.250.207.121	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:01	HIVE Case #7894 CTO 22-187 (IP=121,TW)
60.250.93.237	24	RR	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=237,TW)
60.251.201.68	24	BB	None	2022-01-08 00:00:00	2022-04-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=68,TW)
60.251.68.150	32	BB	None	2021-08-24 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01604 (IP= 150, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=150,TW) HIVE Case #6129 CTO 21-237 (IP=150,TW)
60.251.68.150	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	TO-S-2021-1497 / Pulse Report 175393-21, IP Blocks - TT# 21C01604 (IP= 150, US) | updated by TLM Block expiration extended with reason HIVE Case #6129 CTO 21-237 (IP=150,TW) HIVE Case #6129 CTO 21-237 (IP=150,TW)
60.8.14.109	32	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:11	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C01797 (IP=109,CN)
60.8.87.190	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6997 CTO 22-046 (IP=190,CN)
61.0.32.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IN TO-S-2021-1081 Hive Case 4872 Malware Activity
61.10.96.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HK TO-S-2021-1037 Hive Case 4785 Malware Activity
61.102.75.89	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
61.110.186.65	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KR TO-S-2021-1050 Hive Case 4821 Malware Activity
61.110.186.69	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KR TO-S-2021-1037 Hive Case 4785 Malware Activity
61.111.129.238	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=238,KR)
61.113.99.196	24	KD	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-17 22:26:02	SSH2 Failed Login Attempt- 6 hr Failed Logons (IP=196,JP)
61.12.64.0	19	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,IN)
61.123.108.43	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	JP TO-S-2021-1117 DOS-DDOS Activity
61.130.100.218	24	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:49	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=218,CN)
61.14.210.212	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:56	HIVE Case #7104 TO-S-2022-0138 (IP=212,KR)
61.14.211.134	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=134,KR)
61.14.211.201	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:56	HIVE Case #7104 TO-S-2022-0138 (IP=201,KR)
61.140.125.238	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:35	Generic URI Injection wget Attempt - CMS IPS Events (IP=238,IN)
61.153.200.30	24	KD	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=30,CN)
61.157.227.21	32	KH	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00502 (IP=21,CN)
61.161.234.187	24	AR	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=187,CN)
61.163.131.191	24	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:35	Generic URI Injection wget Attempt - CMS IPS Events (IP=191,CN)
61.165.141.60	24	WR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=60,CN)
61.175.202.154	24	TH	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - IPS Events (IP= 154, CN)
61.182.111.182	32	RT	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:45	HTTP: PHPUnit Remote Code Execution Vulnerability - IR#22C01042 (IP=182,CN)
61.182.31.150	32	DT	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:59	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01119 (IP=150,CN)
61.182.31.150	24	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=150,CN)
61.19.24.122	24	NAB	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=122,TH)
61.19.25.207	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=207,TH)
61.19.50.59	24	KD	None	2022-01-05 00:00:00	2022-04-06 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt- Web Attacks (IP=59,TH) | updated by KD Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt- Sourcefire(IP=59,TH) SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt- Sourcefire(IP=59,TH)
61.19.50.59	24	KD	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt- Web Attacks (IP=59,TH) | updated by KD Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt- Sourcefire(IP=59,TH) SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt- Sourcefire(IP=59,TH)
61.194.193.152	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=152,JP) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=152,JP)
61.194.228.1	24	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:35	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=1,JP)
61.194.228.1	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:03	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 23C01986 (IP=1,JP)
61.2.0.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IN TO-S-2021-1102 Malware Activity
61.2.144.0	22	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	IN TO-S-2021-1156 Malware Activity
61.20.33.152	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=152,TW)
61.216.56.223	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=223,TW) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=223,TW)
61.220.130.32	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6411 CTO 21-294 (IP=32,TW)
61.220.191.84	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=84,TW)
61.220.45.130	24	DT	None	2022-01-23 00:00:00	2022-04-23 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=130,TW)
61.224.12.180	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:01	HIVE Case #7894 CTO 22-187 (IP=180,TW)
61.238.103.236	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=236,HK)
61.242.40.134	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=134,CN)
61.244.3.52	24	KH	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-02 23:42:53	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=52,HK)
61.246.187.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IN TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
61.255.185.201	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=201,KR)
61.3.176.0	20	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,IN)
61.36.14.230	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=230,KR)
61.38.252.166	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:15:59	HIVE Case #7546 CTO 22-127 (IP=166,KR)
61.4.233.6	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KR TO-S-2021-1117 DOS-DDOS Activity
61.53.31.92	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:20	Nuclei Vulnerability Scanner - FE IPS Events (IP=92,CN)
61.53.42.123	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:26:53	SIPVicious Security Scanner - IPS Events (IP=123,CN)
61.6.171.74	24	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:49	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=74,MY)
61.61.127.68	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:41	HIVE Case #7327 COLS-NA TIP 22-0114 (IP=68,TW)
61.61.236.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
61.7.131.140	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=140,TH)
61.7.144.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
61.7.178.179	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=179,TH)
61.70.109.73	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TW TO-S-2021-1050 Hive Case 4821 Malware Activity
61.78.34.179	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:26	HIVE Case #7816 TO-S-2022-0202 (IP=179,KR)
61.78.67.123	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:39	HIVE Case #7662 CTO 22-145 (IP=123,KR)
61.78.96.115	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:04	HIVE Case #7668 CTO 22-146 (IP=115,KR)
61.8.64.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ID TO-S-2021-1050 Hive Case 4821 Malware Activity
61.81.193.195	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:01:16	HIVE Case #7816 TO-S-2022-0202 (IP=195,KR)
61.82.110.46	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:51	HIVE Case #7164 CTO 22-067.1 (IP=46,KR)
61.82.110.60	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:52	HIVE Case #7164 CTO 22-067.1 (IP=60,KR)
61.83.191.68	24	AR	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attacks (IP=68,KR)
61.90.212.13	32	BB	None	2021-10-24 00:00:00	2022-01-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00231 (IP=13,TH)
61.91.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
61.94.131.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ID TO-S-2021-1037 Hive Case 4785 Malware Activity
61.95.174.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,IN)
61.97.243.30	24	TLM	None	2022-04-19 00:00:00	2022-10-19 00:00:00	2022-04-20 12:44:25	HIVE Case #7424 CTO 22-109 (IP=30,KR)
61.97.251.241	32	TLM	None	2022-03-08 00:00:00	2022-12-21 00:00:00	2022-09-23 18:14:32	HIVE Case #7164 CTO 22-067.1 (IP=241,KR) | updated by TLM Block was inactive. Reactivated on 20220922 with reason HIVE Case #8346 TO-S-2022-0231 (IP=241,KR)
61.97.251.243	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6410 CTO 21-293 (IP=243,KR)
61.97.251.244	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:26:06	HIVE Case #7150 CTO 22-064 (IP=244,KR)
61.97.251.247	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:10	HIVE Case #7133 CTO 22-062 (IP=247,KR)
61.97.251.250	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:40	HIVE Case #7557 CTO 22-130 (IP=250,KR)
61.98.113.68	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:31:04	FireEye High Attacker (IP=68,KR)
61.98.7.132	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=132,KR)
61.98.7.133	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=133,KR)
62.1.207.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.1.44.250	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
62.102.148.68	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	Possible SQLi attempt - TT# 20C00703 (IP=68,US) | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=68,SE) HIVE Case #6729 CTO 22-004 (IP=68,SE)
62.102.148.68	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=68,SE)
62.102.148.68	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=68,SE)
62.102.148.68	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=68,SE)
62.102.148.68	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=68,SE)
62.102.148.68	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:35	SQL injection - Web Attacks (IP=68,SE)
62.102.148.68	32	CR	None	2019-10-28 00:00:00	2022-07-04 00:00:00	None	Possible SQLi attempt - TT# 20C00703 (IP=68,US) | updated by TLM Block was inactive. Reactivated on 20220104 with reason HIVE Case #6729 CTO 22-004 (IP=68,SE) HIVE Case #6729 CTO 22-004 (IP=68,SE)
62.102.148.69	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=69,SE)
62.108.35.103	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=103,DE)
62.112.10.100	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:16	HIVE Case #7399 CTO 22-104 (IP=100,NL)
62.112.10.64	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:16	HIVE Case #7399 CTO 22-104 (IP=64,NL)
62.113.112.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
62.113.218.134	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
62.113.255.106	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=106,DE)
62.117.214.168	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:22	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=168,ES)
62.12.108.13	24	KH	None	2022-07-14 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:41	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=13,SD) | updated by JP Block expiration extended with reason SQL injection - 6HR Web Attacks (IP=13,SD) SQL injection - 6HR Web Attacks (IP=13,SD)
62.12.108.13	24	JP	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 13:53:41	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=13,SD) | updated by JP Block expiration extended with reason SQL injection - 6HR Web Attacks (IP=13,SD) SQL injection - 6HR Web Attacks (IP=13,SD)
62.12.64.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CY TO-S-2021-1050 Hive Case 4821 Malware Activity
62.121.142.137	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:09	HIVE Case #8395 TO-S-2022-0233 (IP=137,PL)
62.122.4.0	22	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	KZ TO-S-2021-1102 Malware Activity
62.129.215.229	32	TLM	None	2022-05-23 00:00:00	2022-11-22 00:00:00	2022-05-25 17:49:18	HIVE Case #7645 COLS-NA-TIP 22-0178 (IP=229,PL)
62.138.179.171	24	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:57	SIPVicious Security Scanner - FE CMS IPS Events (IP=171,FR)
62.138.184.244	24	JP	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-22 13:55:02	SIPVicious Security Scanner - IPS Events (IP=244,FR)
62.141.39.31	24	SW	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:29	SIPVicious Security Scanner - IPS Events(IP=31,DE)
62.141.46.157	24	TH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-02 13:50:47	SIPVicious Security Scanner - FE CMS IPS Events (IP=157,DE)
62.144.113.126	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=126,DE)
62.149.144.107	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=107,IT)
62.149.158.90	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=90,IT)
62.149.84.0	22	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	SA TO-S-2021-1092 Hive Case 4875 Malware Activity
62.151.181.114	32	ZH	None	2022-09-06 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:41	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - WebAttacks (IP=114,US) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=114,US)
62.151.182.30	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:22	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=30,US)
62.152.61.227	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:13	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=227,RU)
62.156.249.2	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=2,DE)
62.161.197.25	32	TH	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00628 (IP=25,FR)
62.165.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
62.168.16.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
62.169.202.4	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:56	HIVE Case #7356 CTO 22-096 (IP=4,GR)
62.171.132.242	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:11	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - SourceFire (IP=242,DE)
62.171.134.210	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=210,DE)
62.171.137.169	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:53	SQL injection - Web Attacks (IP=169,GB)
62.171.149.181	24	BMP	None	2021-03-13 00:00:00	2022-01-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=181,GB) | updated by KH Block was inactive. Reactivated on 20210730 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=181,GB) | updated by KD Block was inactive. Reactivated on 20211030 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00263(IP=181,DE)
62.171.149.181	32	KH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:09	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01309 (IP=181,DE)
62.171.149.200	24	AR	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire Report (IP=200,DE)
62.171.149.200	24	AR	None	2022-02-18 00:00:00	2022-05-19 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - 6Hr Web Attack (IP=200,GB)
62.171.150.168	24	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=168,GB)
62.171.152.184	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
62.171.152.6	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:31	SERVER-WEBAPP Apache Flink FileUploadHandler directory traversal attempt - SourceFire (IP=6,DE)
62.171.157.231	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=231,DE)
62.171.161.251	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=251,DE)
62.171.162.127	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:44	HIVE Case #7768 CTO 22-161 (IP=127,DE)
62.171.176.126	24	RR	None	2022-02-13 00:00:00	2022-05-14 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=126,DE)
62.171.182.168	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:47	SQL injection - Web Attacks (IP=168,GB)
62.171.186.158	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6181 CTO 21-257 (IP=158,DE)
62.173.139.57	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=57,RU)
62.178.15.181	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AT TO-S-2021-1037 Hive Case 4785 Malware Activity
62.182.158.156	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=156,GB)
62.182.200.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
62.182.48.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
62.182.99.57	32	SW	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=57,US)
62.183.2.190	24	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=190,RU)
62.192.153.10	24	TH	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 22:49:31	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=10,DE)
62.197.136.157	32	TH	None	2022-06-08 00:00:00	2022-09-06 00:00:00	2022-06-09 13:47:54	ReputationDV Malware Event IR# 22C01334 (IP=157,US)
62.197.136.161	32	RT	None	2022-01-17 00:00:00	2022-04-17 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Sourcefire Report (IP=161,US)
62.197.136.164	32	KH	None	2022-02-05 00:00:00	2022-05-06 00:00:00	None	ZyXEL NAS CVE-2020-9054 Remote Code Execution - FE IPS (IP=164,US)
62.197.136.31	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:23	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=31,US)
62.197.136.92	32	TH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-10 13:46:05	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire Report (IP=92,US)
62.197.136.92	24	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:10	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=92,NL)
62.2.142.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CH TO-S-2021-1050 Hive Case 4821 Malware Activity
62.204.41.33	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:43	HTTP: PHP File Inclusion Vulnerability - IR# 22C01461 (IP=33,RU)
62.210.11.39	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
62.210.111.82	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:15	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=82,FR)
62.210.113.209	24	TH	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-08 13:52:34	SIPVicious Security Scanner - FE CMS IPS Events (IP=209,FR)
62.210.122.164	24	RS	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:49	SIPVicious Security Scanner - IPS Events (IP=164,FR)
62.210.13.20	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:14	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=20,FR)
62.210.130.250	24	TH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	Hive Case 6651 - Exploit.CVE-2021-44228 (IP= 250 ,FR)
62.210.144.248	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:27	Custom Violation - ArcSight (IP=248,FR)
62.210.162.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.210.188.236	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:51	SIPVicious Security Scanner - FE CMS IPS Events (IP=236,FR)
62.210.188.236	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:54:57	SIPVicious Security Scanner - FE CMS IPS Events (IP=236,FR)
62.210.196.59	24	SW	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:45	PROTOCOL-VOIP SIP wildcard VIA address flood attempt (1:48264:2) - SourceFire (IP=59,FR) | updated by SW Block was inactive. Reactivated on 20220531 with reason PROTOCOL-VOIP SIP wildcard VIA address flood attempt (1:48264:2) - SourceFire (IP=59,FR) PROTOCOL-VOIP SIP wildcard VIA address flood attempt (1:48264:2) - SourceFire (IP=59,FR)
62.210.196.59	24	AR	None	2021-09-28 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:45	PROTOCOL-VOIP SIP wildcard VIA address flood attempt (1:48264:2) - SourceFire (IP=59,FR) | updated by SW Block was inactive. Reactivated on 20220531 with reason PROTOCOL-VOIP SIP wildcard VIA address flood attempt (1:48264:2) - SourceFire (IP=59,FR) PROTOCOL-VOIP SIP wildcard VIA address flood attempt (1:48264:2) - SourceFire (IP=59,FR)
62.210.204.233	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=233,FR)
62.210.207.247	24	KH	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:29	SIPVicious Security Scanner - FE CMS (IP=247,FR)
62.210.209.218	24	SW	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 13:53:33	SIPVicious Security Scanner - IPS Events(IP=218,FR)
62.210.217.129	24	RS	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:41	SIPVicious Security Scanner - SourceFire (IP=129,FR)
62.210.222.8	24	ZH	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:32:00	SIPVicious Security Scanner - IPS Events (IP=8,AE)
62.210.24.135	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=135,FR)
62.210.24.135	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=135,FR)
62.210.24.135	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=135,FR)
62.210.28.95	24	SW	None	2021-11-06 00:00:00	2022-02-04 00:00:00	None	PROTOCOL-VOIP SIP wildcard VIA address flood attempt (1:48264:2) - SourceFire (IP=95,FR)
62.210.29.130	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:46	SIPVicious Security Scanner - FE IPS Events (IP=130,FR)
62.210.37.82	32	tpr	None	2015-03-17 05:00:00	2022-05-17 00:00:00	None	corpslocks/TOR (ip=82, FR) | updated by YM with reason SERVER-WEBAPP Phpcms user registration remote file include attempt (IP= | updated by RB with reason FireEye Network SmartVision - CVE-2019-0708 (IP=82,FR) | 2019-09-29 | 2017-12-26 | updated by wmp Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 Mandiant Intel Report (IP=82,FR)
62.210.37.82	24	GM	None	2020-07-16 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=82,FR) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=82,FR)
62.210.53.77	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:26	Custom Violation - ArcSight (IP=77,FR)
62.210.54.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.210.7.240	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
62.210.91.16	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=16,FR)
62.210.91.16	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=16,FR)
62.210.91.16	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=16,FR)
62.211.122.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
62.213.218.167	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
62.213.218.168	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
62.216.95.18	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:13	HIVE Case #7894 CTO 22-187 (IP=18,RO)
62.225.114.14	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=14,DE)
62.233.50.179	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:29	Abnormally Long Request - ArcSight (IP=179,RU)
62.233.50.217	32	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	Possible SQLi attempt / Name : HTTP: Blind SQL Injection - Timing - TT# 22C00907 (IP=217,RU)
62.234.36.161	24	DT	None	2021-12-02 00:00:00	2022-03-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=161,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=161,CN)
62.234.74.254	24	ZH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - WebAttacks (IP=254,CN)
62.240.26.143	24	RT	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 14:15:45	SQL injection - 6 HR WebAttack (IP=143,RS)
62.254.144.210	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
62.28.98.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PT TO-S-2021-1050 Hive Case 4821 Malware Activity
62.29.105.239	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
62.31.84.122	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
62.38.154.178	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.38.159.76	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.38.255.148	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.38.89.197	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.4.13.111	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:25	Custom Violation - ArcSight (IP=111,FR)
62.4.16.59	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	FR TO-S-2021-1156 Malicious Email Activity
62.4.29.246	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=246,FR)
62.74.184.133	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.74.184.138	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.74.80.226	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
62.75.175.167	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
62.75.207.160	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=160,FR)
62.75.207.160	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=160,FR)
62.75.207.160	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=160,FR)
62.76.41.46	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=46,RU)
62.78.86.130	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:14	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=130,RU)
62.84.75.0	24	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	LB TO-S-2021-1156 Malicious Email Activity
62.87.151.132	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
62.89.146.199	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.89.146.202	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.89.146.205	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.89.148.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.89.148.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.89.148.17	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.89.148.19	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.89.75.162	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
62.93.78.21	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
62.94.96.154	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
62.96.224.156	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6860 TO-S-2022-0117 (IP=156,DE)
62.96.244.53	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=53,DE)
62.99.76.213	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=213,ES)
63.142.243.219	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=219,US)
63.147.161.71	32	BMP	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution
63.149.181.12	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
63.150.72.4	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:19	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=4,US)
63.160.14.177	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
63.160.14.49	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
63.247.140.70	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=70,US)
63.249.231.19	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
63.249.239.17	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
63.250.35.233	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
63.250.38.194	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
63.250.38.72	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
63.250.43.1	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=1,US)
63.250.43.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
63.250.43.12	32	TLM	None	2021-08-30 00:00:00	2022-03-02 00:00:00	None	HIVE Case #6085 TO-S-2021-1500 (IP=12,US)
63.250.43.128	32	AS	None	2021-11-12 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6528 TO-S-2022-0082 (IP=128,US)
63.250.43.131	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=131,US)
63.250.43.135	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=135,US)
63.250.43.15	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=15,US)
63.250.43.2	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=2,US)
63.250.47.61	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=61,US)
63.251.126.10	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=10,SG)
63.251.235.76	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:26:08	HIVE Case #7150 CTO 22-064 (IP=76,US)
63.33.155.18	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:05	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR # 22C01343 (IP=18,US)
6332962219.medpharmasd.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:29	HIVE Case #5940 TO-S-2021-1447
6355935452.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
6376432003.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
64.11.32.29	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:40	HIVE Case #7342 CTO 22-092 FRAGO (IP=29,US)
64.112.61.112	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:02	HIVE Case #7894 CTO 22-187 (IP=112,US)
64.113.32.29	32	tpr	None	2015-01-21 06:00:00	2022-05-18 00:00:00	None	SQL injection/TOR node (ip=29, US) | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | updated by GM Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulner | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=29,US)
64.132.201.92	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=92,US)
64.132.94.251	32	SA	None	2022-05-31 00:00:00	2022-06-22 00:00:00	2022-06-29 15:41:11	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=251,US) | UNBLOCKED The IP block stops https://emembership.dar.org/ from resolving
64.136.45.83	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=83,US)
64.140.191.225	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.15.131.18	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=18,CA)
64.15.147.113	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	CA TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
64.186.62.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.187.226.250	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=250,US)
64.187.238.138	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=138,US)
64.187.238.58	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=58,US)
64.187.239.138	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=138,US)
64.187.239.74	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=74,US)
64.188.17.199	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=199,US)
64.188.30.106	32	RS	None	2022-06-13 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:07	SIPVicious Security Scanner - IPS Events (IP=106,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=106,US)
64.188.30.146	32	SW	None	2022-06-06 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:08	SIPVicious Security Scanner - IPS Events(IP=146,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=146,US)
64.190.113.203	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:26	HIVE Case #7714 CTO 22-154 (IP=203,US)
64.190.62.111	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=111,DE) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=111,DE)
64.190.63.136	24	SW	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-21 13:54:52	FIREEYE Web: Infection Match - HIVE Case #7969 (IP=136,DE)
64.191.166.198	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=198,US)
64.20.35.171	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=171,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=171,US)
64.202.133.113	32	WR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:39	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Sourcefire (IP=113,US)
64.202.160.109	32	RT	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=109,US)
64.202.184.99	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=99,US)
64.225.0.190	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:12	HIVE Case #7807 CTO 22-169 (IP=190,US)
64.225.1.106	32	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:29	HTTP: rConfig ajaxServerSettingsChk.php Command Injection Vulnerability - Web Attacks (IP=106,US)
64.225.1.54	32	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:22	SQL injection - Web Attacks (IP=54,US)
64.225.10.83	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:16	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=83,CA)
64.225.101.118	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:51	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=118,DE)
64.225.106.123	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 22C00913 (IP=15,DE)
64.225.106.173	24	RT	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:37	SQL injection - 6 HR WebAttack (IP=173,DE)
64.225.107.97	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:39	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=97,DE)
64.225.11.134	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:01	SQL injection - Web Attacks (IP=134,CA)
64.225.111.54	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:11	SQL injection - WebAttacks (IP=54,US)
64.225.111.54	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:15	SQL injection - WebAttacks (IP=54,US)
64.225.12.182	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:18	SQL injection - 6Hr Web Attacks (IP=182,US)
64.225.12.186	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:11	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=186,US)
64.225.14.166	24	RR	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 13:54:30	SQL injection - Web Attacks (IP=166,CA)
64.225.14.191	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:37	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt (1:38303:2) - SourceFire (IP=191, US)
64.225.15.38	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:38	SQL injection - WebAttacks (IP=38,CA)
64.225.16.81	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:36	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - SourceFire (IP=81,US)
64.225.17.209	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:30	SQL injection - WebAttacks (IP=209,CA)
64.225.2.199	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:00	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=199,CA)
64.225.20.11	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:55	SQL injection - 6HR Web Attacks (IP=11,CA)
64.225.21.161	24	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:31	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=161,CA)
64.225.22.148	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:05	SQL injection - Web Attacks (IP=148,US)
64.225.27.1	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:04	SQL injection - Web Attacks (IP=1,CA)
64.225.28.52	32	SW	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-28 14:45:05	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=52,US)
64.225.29.117	24	AR	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 14:39:16	SQL injection - 6 Hr Web Report (IP=117,CA)
64.225.30.218	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:18	SQL injection - 6HR WebAttacks (IP=18,CA)
64.225.31.158	24	RR	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:37	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=158,CA)
64.225.48.100	32	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:15	SQL injection - Web Attacks (IP=48,US)
64.225.48.113	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:47	SQL injection- 6hr Web Attacks (IP=113,US)
64.225.48.115	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:24	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=115,US)
64.225.48.29	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:37:10	SQL injection - Web Attacks (IP=29,US)
64.225.49.125	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:10	SQL injection - Web Attacks (IP=125,US)
64.225.50.113	32	ZH	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 22:37:08	SQL injection - 6hr Web Attacks (IP=11
64.225.50.216	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:52:58	SQL injection - 6hr Web Attacks (IP=216,US)
64.225.52.193	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:05	SERVER-WEBAPP TP-Link TL-WR840N EU v5 command injection attempt - SourceFire (IP=193,US)
64.225.52.30	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 22:27:55	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01467 (IP=30,US)
64.225.54.201	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:03	SQL injection - 6 hr Web Attacks (IP=201,US)
64.225.54.229	32	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:12	SQL injection - Web Attacks (IP=229,US)
64.225.55.249	32	RT	None	2022-04-27 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:40	Exploit.CVE-2021-44228 - Apache Log4j2 (IP=249,US) | updated by RR Block expiration extended with reason SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=249,US)
64.225.57.39	24	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:50:17	HTTP: SQL Injection - Exploit II-Web Attacks (IP=39,IE)
64.225.58.52	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:51	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=52,US)
64.225.59.110	32	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:47	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=110,US)
64.225.6.109	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:35	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=109,CA)
64.225.60.5	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:59	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=5,US)
64.225.61.151	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:56	SQL injection - Web Attacks (IP=151,US)
64.225.61.233	32	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:12	SQL injection - Web Attacks (IP=233,US)
64.225.62.160	32	SW	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:22	SQL injection - WebAttacks (IP=160,US)
64.225.62.182	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:22	SQL injection - 6Hr Web Attacks (IP=182,US)
64.225.62.99	32	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:55:59	SQL injection - WebAttacks (IP=99,US)
64.225.63.106	32	RB	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:28	SQL injection - 6hr web attacks (IP=106,US)
64.225.66.246	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:17	HTTP SQL Injection Attempt - WebAttacks (IP=246,US)
64.225.68.0	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:09	HIVE Case #7341 CTO 22-092 (IP=0,NL)
64.225.69.22	24	TH	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:57	SQL injection - 6 Hr Web Report (IP=22,NL)
64.225.7.48	24	RR	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:19	SQL injection - SourceFire (IP=15,CA)
64.225.7.48	32	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:25	SQL Injection - 6Hr Web Attacks (IP=48,US)
64.225.7.52	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:34	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - SourceFire (IP=52,US)
64.225.70.116	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:31	SQL injection- 6hr Web Attacks (IP=116,NL)
64.225.71.45	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:14	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt (1:54824:1) - SourceFire (IP=45,NL)
64.225.71.53	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:53	SQL injection - Web Attacks (IP=53,US)
64.225.72.38	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 14:02:27	SQL injection - 6Hr Web Attacks (IP=38,NL)
64.225.75.236	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:19	SQL injection - 6hr Web Attacks (IP=236,NL)
64.225.76.95	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:11	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54598:2) - Sourcefire Rpt (IP=95,NL)
64.225.77.115	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:57	SQL injection - 6 Hr Web Report (IP=115,NL)
64.225.79.45	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:50:50	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Source Fire (IP=45,NL)
64.225.8.16	24	RB	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:50	SQL injection - WebAttacks (IP=16,CA)
64.225.8.254	32	NAB	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:50	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=254,US)
64.227.0.101	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:49	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=101,US)
64.227.0.181	32	AR	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:16	SQL injection - 6Hr Web Attack (IP=181,US)
64.227.10.231	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:04	SQL injection - Web Attacks (IP=231,US)
64.227.100.141	32	KH	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 22:44:25	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire (IP=141,US)
64.227.100.168	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:07	SQL injection - WebAttacks (IP=168,US)
64.227.100.25	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:14	SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt - Web Attacks (IP=25,US)
64.227.100.68	32	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:37:39	SQL injection - Web Attacks (IP=68,US)
64.227.101.199	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:52:59	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire (IP=199,US)
64.227.101.43	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:39	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=43,US)
64.227.101.95	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:45	SQL injection - Web Attacks (IP=95,US)
64.227.102.205	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:12	SQL injection - WebAttacks (IP=205,US)
64.227.102.216	32	RR	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:35	HTTP: SQL Injection - Exploit II - Web Attacks (IP=216,US)
64.227.103.111	32	RS	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-10 13:50:59	SQL injection - Web Attacks (IP=111,US)
64.227.103.85	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:55	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=85,US)
64.227.103.98	32	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:18	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=98,US)
64.227.104.241	32	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:49	SQL injection - Web Attacks (IP=241,US)
64.227.104.49	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:35	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=49,US)
64.227.105.119	32	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:11	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire Report (IP=119,US)
64.227.105.187	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:35	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - SourceFire (IP=187,US)
64.227.105.191	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:42	SERVER-WEBAPP Facade Ignition remote code execution attempt - SourceFire (IP=191,US)
64.227.105.198	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:20	SQL injection - Web Attacks (IP=198,US)
64.227.105.198	32	RR	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:20	SQL injection - Web Attacks (IP=198,US)
64.227.105.91	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:48	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=91,US)
64.227.106.114	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:13	SQL injection - WebAttacks (IP=114,US)
64.227.106.2	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:18	SQL injection - WebAttacks (IP=2,US)
64.227.106.46	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:34	SQL injection - WebAttacks (IP=46,US)
64.227.109.227	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:10	HTTP SQL Injection Attempt - SourceFire (IP=227,US)
64.227.109.26	32	WR	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:56	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - Sourcefire (IP=26,US) | updated by ZH Block expiration extended with reason SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - Sourcefire Rpt (IP=26,US)
64.227.11.129	32	DT	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-04 13:39:16	SQL injection - Web Attacks (IP=129,US)
64.227.11.90	32	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:53:00	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - Sourcefire (IP=90,US)
64.227.110.180	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:41	SQL injection - WebAttacks (IP=180,US)
64.227.111.137	32	JP	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 13:48:34	SQL injection - 6HR Web Attacks (IP=137,US)
64.227.111.203	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:55	SQL injection - Web Attacks (IP=203,US)
64.227.112.183	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:50	SQL injection- Web Attacks (IP=183,DE)
64.227.113.131	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:28	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59388:2) - SourceFire (IP=131,DE)
64.227.114.212	32	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:49	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=212,US)
64.227.114.226	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=226,DE)
64.227.117.154	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:54	SQL injection - 6Hr Web Attacks (IP=154,DE)
64.227.119.24	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:40	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - SourceFire (IP=24,DE)
64.227.12.29	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:53:01	SQL injection - 6hr Web Attacks (IP=29,US)
64.227.123.60	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:36:55	HIVE Case #7449 CTO 22-112 (IP=60,DE)
64.227.125.121	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:40:02	SQL injection - Web Attacks (IP=121,DE)
64.227.128.35	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:59	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - SourceFire (IP=35,IN)
64.227.129.213	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:37	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=213,US)
64.227.129.63	24	DT	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-26 13:48:38	SQL injection - Web Attacks (IP=63,IN)
64.227.129.63	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:39	SQL injection - Web Attacks (IP=63,US)
64.227.13.125	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 23:57:45	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=125,US)
64.227.13.30	32	TH	None	2022-05-28 00:00:00	2022-08-26 00:00:00	2022-05-29 15:24:07	Exploit.Log4Shell.CVE-2021-44228 - FE NX Alerts (IP=30,US)
64.227.13.96	32	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:23	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=96, US)
64.227.130.194	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:00	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=194,IN)
64.227.131.71	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:01	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=71,IN)
64.227.132.230	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:02	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=230,IN)
64.227.133.133	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:38	HIVE Case #7458 CTO 22-113 (IP=133,IN)
64.227.133.148	24	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:05	SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt - SourceFire (IP=148,IN)
64.227.134.138	24	TH	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 22:43:11	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire Report (IP=138,IN)
64.227.134.9	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:22	HIVE Case #7341 CTO 22-092 (IP=9,IN)
64.227.135.140	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:59	WordPress CodePeople Payment Form SQL Injection Vulnerability - 6 Hr Web Report (IP=140,IN)
64.227.14.144	32	RB	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 22:44:51	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt - Sourcefire (IP=144,US)
64.227.14.161	32	RS	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:47	SQL injection - Web Attacks (IP=161,US)
64.227.14.228	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:55:04	SQL injection - 6 Hr Web Report (IP=228,US)
64.227.14.90	32	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:24	INDICATOR-OBFUSCATION select concat statement - possible sql injection - Source Fire (IP=90,US)
64.227.16.133	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:08	SQL injection - Web Attacks (IP=133,US)
64.227.16.53	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:14	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=53,US)
64.227.160.72	24	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:18	SQL injection - 6hr web attacks (IP=72,IN)
64.227.161.123	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:46	HIVE Case #7380 CTO 22-099 (IP=123,IN)
64.227.161.154	24	SW	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:07	File /etc/passwd Access Attempt Detect - IPS Events(IP=154,IN)
64.227.161.181	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:19	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=181,US)
64.227.162.237	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:35	SQL injection - 6hr Web Attacks (IP=237,US)
64.227.162.83	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:16	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire Report (IP=83,IN)
64.227.163.186	24	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:20	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=186,IN)
64.227.164.244	24	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:02	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - SourceFire (IP=244,IN)
64.227.165.245	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:50	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=245,IN)
64.227.167.14	24	SW	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:07	File /etc/passwd Access Attempt Detect - IPS Events(IP=14,IN)
64.227.168.185	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:36	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Rpt (IP=185,IN)
64.227.169.227	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:39	SQL injection - Web Attacks (IP=227,US)
64.227.169.230	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:40	SQL injection - Web Attacks (IP=230,US)
64.227.169.234	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:41	SERVER-WEBAPP Zimbra remote code execution attempt - SourceFire (IP=234,IN)
64.227.169.68	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:57	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57244:4) - SourceFire (IP=68,IN)
64.227.17.154	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:21	SQL injection - Web Attacks (IP=154,US)
64.227.17.241	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:17	SQL injection - Web Attacks (IP=241,US)
64.227.17.241	32	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 13:55:17	SQL injection - Web Attacks (IP=241,US)
64.227.170.209	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:40:03	Possible Cross-site Scripting Attack - FE IPS (IP=209,IN)
64.227.171.206	24	RT	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:38	SQL injection - 6 HR WebAttack (IP=206,IN)
64.227.172.206	24	TH	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 13:41:01	SQL injection - 6 Hr Web Report (IP=206,IN)
64.227.172.7	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:00	SQL injection - Web Attacks (IP=7,US)
64.227.173.196	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:46	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt (1:54824:1) - SourceFire (IP=196,IN)
64.227.173.78	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:21	Artica Web Proxy SQL Injection Vulnerability - WebAttacks (IP=78,US)
64.227.174.110	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:01	SQL injection - Web Attacks (IP=110,US)
64.227.174.111	24	RT	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:39	SQL injection - 6 HR WebAttack (IP=111,IN)
64.227.175.7	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:07:58	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=7,IN)
64.227.176.123	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:47	SQL injection- 6hr Web Attacks (IP=123,IN)
64.227.177.62	24	AR	None	2022-04-14 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:53	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=62,IN)
64.227.178.66	24	TH	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:56	SQL injection - 6 Hr Web Report (IP=66,IN) | updated by RR Block expiration extended with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=66,IN)
64.227.179.101	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:09	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt - SourceFire (IP=101,IN)
64.227.180.225	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:44:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=225,US)
64.227.180.67	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:11	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=67,IN)
64.227.181.155	24	WR	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:57	Webshell.Binary.php.FEC2 - FireEye CMS (IP=155,IN) | updated by RR Block expiration extended with reason SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt - SourceFire (IP=155,IN)
64.227.182.161	24	KH	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:41	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=161,IN)
64.227.183.1	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-18 13:44:04	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) - SourceFire (IP=1,IN)
64.227.184.185	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:08	SQL injection - WebAttacks (IP=185,IN)
64.227.185.107	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 14:09:32	SQL injection - 6 Hr Web Report (IP=107,IN)
64.227.186.176	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:45	POLICY-OTHER CA ARCserve Axis2 default credential login attempt (1:18985:15) - Sourcefire Report (IP=176,IN)
64.227.187.7	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:53:10	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=7,IN)
64.227.188.237	24	RT	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 22:49:17	Exploit.Spring4Shell.CVE-2022-22965- FireEye NX (IP=237,IN)
64.227.188.239	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:36	SQL injection - Web Attacks (IP=239,US)
64.227.189.205	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:52	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=205,IN)
64.227.19.159	32	KH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:12	SQL injection - Web Attacks (IP=159,US)
64.227.19.209	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:48	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=209,US)
64.227.19.231	32	TH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	FTP Login Failed - 6 hr Failed Logon (IP=231,US)
64.227.19.41	32	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-08-01 13:56:00	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=41,US)
64.227.19.89	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:04	SQL injection - WebAttacks (IP=89,US)
64.227.190.140	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:31	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=140,IN)
64.227.191.17	24	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:31	HTTP SQL Injection Attempt - 6Hr Web Attacks (IP=17,IN)
64.227.2.82	32	DT	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-05 13:48:48	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - Source Fire (IP=82,US)
64.227.20.130	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:18	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - SourceFire (IP=130,US)
64.227.20.192	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:58	SQL injection - 6Hr Web Attacks (IP=192,US)
64.227.20.71	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:54:00	SQL injection - 6hr Web Attacks (IP=71,US)
64.227.20.72	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:21	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=72,US)
64.227.20.91	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:46	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire Report (IP=91,US)
64.227.21.164	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:55	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=164,US)
64.227.21.255	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=255,US)
64.227.22.211	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:40	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - SourceFire Report (IP=211,US)
64.227.22.224	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:25	SQL injection - 6Hr Web Attacks (IP=224,US)
64.227.23.63	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:05	SQL injection - 6hr Web Attacks (IP=63,US)
64.227.27.105	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:02	SQL injection - WebAttacks (IP=105,US)
64.227.27.16	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:56:53	SQL injection - WebAttacks (IP=16,US)
64.227.28.244	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:58	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=244,US)
64.227.28.35	32	SW	None	2021-10-29 00:00:00	2022-01-27 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=35, US)
64.227.3.189	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:56	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=189,US)
64.227.3.96	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:06	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=96,US)
64.227.30.196	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:57	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=196,US)
64.227.30.213	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:04	SQL injection - Web Attacks (IP=213,US)
64.227.31.128	32	RB	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 22:45:17	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=128,US)
64.227.31.148	32	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 13:54:05	SQL injection - Web Attacks (IP=148,US)
64.227.31.3	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:10	HIVE Case #7341 CTO 22-092 (IP=3,US)
64.227.31.45	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:38	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt - 6HR Web Attacks (IP=45,US)
64.227.32.45	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:01	SQL injection - Web Attacks (IP=45,US)
64.227.33.59	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:47	SQL injection - 6Hr Web Attacks (IP=59,GB)
64.227.33.70	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:12	SQL injection - Web Attacks (IP=70,US)
64.227.34.84	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:47	SQL injection - Web Attacks (IP=84,GB)
64.227.35.26	32	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:22	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=26,US)
64.227.35.4	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:23	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=4, GB)
64.227.36.141	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:48	SQL injection - Web Attacks (IP=141,GB)
64.227.37.137	24	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:50	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - Source Fire (IP=137,GB)
64.227.37.137	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:04	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=137,US)
64.227.38.237	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:54	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=237,GB)
64.227.39.243	24	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:01	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=243,GB)
64.227.40.50	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 22:50:08	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=50,US)
64.227.41.252	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=252,GB)
64.227.41.35	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:50:50	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - Source Fire (IP=35,GB)
64.227.42.34	24	RT	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-12 13:53:27	SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (1:58487:1) - Sourcefire Report (IP=,GB)
64.227.44.116	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:40:04	SQL injection - Web Attacks (IP=116,GB)
64.227.45.124	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-16 15:21:30	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=124,GB)
64.227.45.154	32	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:00	SQL Injection- Web Attacks (IP=154,US)
64.227.46.143	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:40	SQL injection - Web Attacks (IP=143,US)
64.227.47.245	24	TH	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-12 22:47:17	SQL injection - 6 Hr Web Report (IP=245,GB)
64.227.47.9	32	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:23	SQL injection - WebAttacks (IP=9,US)
64.227.5.241	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:17	SQL injection - 6Hr Web Attacks (IP=241,US)
64.227.6.112	32	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:56	SQL injection - 6HR Web Attacks (IP=112,US)
64.227.6.194	32	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:19	SQL Injection Attempt - 6HR WebAttacks (IP=194,US)
64.227.64.57	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=57,NL)
64.227.64.57	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=57,NL)
64.227.66.253	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:45	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt - SourceFire (IP=253,NL)
64.227.68.182	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:36	SQL injection - 6hr Web Attacks (IP=182,US)
64.227.69.26	24	WR	None	2022-04-16 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:53	Apache Log4j CVE-2021-44228 Remote Code Execution - FireEye CMS (IP=,) | updated by RB Block expiration extended with reason SQL injection (IP=26,NL) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=26,NL)
64.227.71.62	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=62,US)
64.227.72.73	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:12	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=73,NL)
64.227.73.218	24	RT	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-27 13:56:40	SQL injection - 6 HR WebAttack (IP=218,CA)
64.227.74.236	24	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:35	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=236,NL)
64.227.75.215	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:24	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=215,NL)
64.227.75.76	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:37	SQL injection - 6hr Web Attacks (IP=76,CA)
64.227.75.76	24	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:37	SQL injection - 6hr Web Attacks (IP=76,CA) SQL injection - 6hr Web Attacks (IP=76,CA)
64.227.76.36	24	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:54	SQL injection - Web Attacks (IP=36,CA)
64.227.77.241	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:34:50	SQL injection - Web Attacks (IP=241,CA)
64.227.8.105	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:06	SQL injection - Web Attacks (IP=105,US)
64.227.8.42	32	KH	None	2022-10-02 00:00:00	2022-12-31 00:00:00	2022-10-02 23:55:06	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=42,US)
64.227.9.157	32	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:07	SQL injection - Web Attacks (IP=157,US)
64.227.9.162	32	RS	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-14 13:58:11	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=162,US)
64.227.96.87	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:05	SQL injection - WebAttacks (IP=87,US)
64.227.97.231	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:32	SQL injection- 6hr Web Attacks (IP=231,US)
64.227.97.44	32	RS	None	2022-05-04 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:46	SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt (1:54824:1) - SourceFire (IP=44,US) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=44,US)
64.227.98.104	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:40	SQL injection - WebAttacks (IP=104,US)
64.227.98.133	32	JP	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:38	SQL injection - 6HR Web Attacks (IP=133,US)
64.227.99.80	24	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:23	SQL injection- Web Attacks (IP=80,SG)
64.235.209.84	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=84,CA)
64.235.33.133	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=133,NL) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=133,NL)
64.235.37.79	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=79,NL)
64.235.41.155	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
64.253.129.16	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
64.253.129.6	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
64.28.106.243	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=243,US)
64.29.77.253	32	SW	None	2022-02-04 00:00:00	2022-05-05 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=253, US)
64.31.33.206	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:52	SIPVicious Security Scanner - IPS Events(IP=206,US)
64.31.33.218	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:57	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=218,US)
64.31.33.62	32	JP	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 22:41:08	SIPVicious Security Scanner - IPS Events (IP=62,US)
64.31.35.242	32	AS	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-03-21 17:08:10	HIVE Case #7245 TO-S-2022-0151 (IP=242,US)
64.31.43.242	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6986 (IP=242,US)
64.31.47.254	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-17 13:48:03	Attempted Access - Inbound Brute Force - IR # 22C01187 (IP=254,US)
64.31.61.94	32	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:40:49	Attempted Access - Inbound Brute Force - IR # 22C01185 (IP=94,US)
64.31.7.138	32	AR	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-11 13:46:57	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire (IP=138,US)
64.31.7.194	32	WR	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 14:00:23	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Sourcefire (IP=212,US)
64.31.7.230	32	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:51	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire Report (IP=230,US)
64.31.7.62	32	TH	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-01 22:16:52	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - SourceFire Report (IP=62,US)
64.31.8.134	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=134,US)
64.31.8.14	32	DT	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-30 13:46:59	Attempted Access - Inbound Brute Force - IR #22C01104 (IP=14,US)
64.32.6.143	32	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:18	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=143,US)
64.32.8.67	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
64.34.156.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,CA)
64.39.99.125	32	TLM	None	2022-01-26 00:00:00	2022-07-26 00:00:00	None	HIVE Case #6837 CTO 22-025 (IP=125,US)
64.39.99.130	32	TLM	None	2022-01-26 00:00:00	2022-07-26 00:00:00	None	HIVE Case #6837 CTO 22-025 (IP=130,US)
64.4.10.33	32	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-05 13:49:48	Artemis
64.4.160.22	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=22,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=22,US)
64.41.200.101	32	ZH	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - sourcefire (IP=101,US) | updated by ZH Block was inactive. Reactivated on 20220121 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3)- Sourcefire Rpt (IP=101,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3)- Sourcefire Rpt (IP=101,US)
64.41.200.101	32	RWB	None	2019-10-24 00:00:00	2022-04-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - sourcefire (IP=101,US) | updated by ZH Block was inactive. Reactivated on 20220121 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3)- Sourcefire Rpt (IP=101,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3)- Sourcefire Rpt (IP=101,US)
64.41.200.102	32	RT	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=102,US) | updated by RT Block was inactive. Reactivated on 20220126 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Report (IP=102,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Report (IP=102,US)
64.41.200.102	32	BMP	None	2020-02-16 00:00:00	2022-04-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=102,US) | updated by RT Block was inactive. Reactivated on 20220126 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Report (IP=102,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Report (IP=102,US)
64.41.200.103	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:20:59	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=103,US) | updated by BMP Block was inactive. Reactivated on 20200220 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack at | updated by RS Block was inactive. Reactivated on 20220603 with reason File /etc/passwd Access Attempt Detect - IPS Events (IP=103,US) File /etc/passwd Access Attempt Detect - IPS Events (IP=103,US)
64.41.200.103	32	RR	None	2019-01-17 00:00:00	2022-09-01 00:00:00	2022-06-03 22:20:59	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=103,US) | updated by BMP Block was inactive. Reactivated on 20200220 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack at | updated by RS Block was inactive. Reactivated on 20220603 with reason File /etc/passwd Access Attempt Detect - IPS Events (IP=103,US) File /etc/passwd Access Attempt Detect - IPS Events (IP=103,US)
64.41.200.104	32	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=104,US) | updated by RR with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=104,US) | updated by ZH Block was inactive. Reactivated on 20220111 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Rpt (IP=104,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Rpt (IP=104,US)
64.41.200.104	32	RR	None	2019-01-13 06:00:00	2022-04-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=104,US) | updated by RR with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=104,US) | updated by ZH Block was inactive. Reactivated on 20220111 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Rpt (IP=104,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Rpt (IP=104,US)
64.41.200.113	32	RT	None	2022-02-02 00:00:00	2022-05-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Sourcefire Report (IP=113,US)
64.41.200.114	32	DT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:3) - Source Fire (IP=114,US)
64.44.101.250	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:34	HIVE Case #7669 TO-S-2022-0187 (IP=250,US)
64.44.106.180	32	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 15:25:53	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection-TT# 22C01015 (IP=180,US)
64.44.135.244	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:46	HIVE Case #7904 CTO 22-189 (IP=244,US)
64.44.141.16	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=16,US)
64.44.141.17	32	AS	None	2021-11-16 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:37	HIVE Case #6539 CTO 21-315 (IP=17,US) | updated by TLM Block was inactive. Reactivated on 20220602 with reason HIVE Case #7704 TO-S-2022-0190 (IP=17,US)
64.44.141.177	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:35	HIVE Case #7669 TO-S-2022-0187 (IP=177,US)
64.44.141.18	32	AS	None	2021-11-16 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:37	HIVE Case #6539 CTO 21-315 (IP=18,US) | updated by TLM Block was inactive. Reactivated on 20220602 with reason HIVE Case #7704 TO-S-2022-0190 (IP=18,US)
64.50.228.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.232.17	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.232.18	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.232.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.237.165	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.237.175	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.238.111	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.238.120	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.241.176	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.50.244.236	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.52.111.13	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=13,US)
64.52.111.161	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=161,US)
64.52.111.253	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=253,US)
64.53.131.237	32	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:49	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Report (IP=237,US)
64.57.183.94	32	WR	None	2021-01-01 00:00:00	2022-04-01 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Sourcefire (IP=94,US)
64.6.7.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.62.148.9	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:52	INDICATOR-OBFUSCATION newline only separator evasion (1:38541:3) - Sourcefire Report(IP=9,US)
64.62.197.10	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:47	SIPVicious Security Scanner - IPS Events (IP=10,US)
64.62.197.100	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=100,US)
64.62.197.101	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=101,US)
64.62.197.102	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=102,US)
64.62.197.103	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=103,US)
64.62.197.104	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=104,US)
64.62.197.106	32	SW	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:48	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=106,US)
64.62.197.107	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=107,US)
64.62.197.111	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=111,US)
64.62.197.114	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=114,US)
64.62.197.116	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=116,US)
64.62.197.118	32	SW	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:48	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=118,US)
64.62.197.121	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=121,US)
64.62.197.123	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=123,US)
64.62.197.124	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=124,US)
64.62.197.127	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=127,US)
64.62.197.128	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:58	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=128,US)
64.62.197.13	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:53	F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=13,US)
64.62.197.133	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:56	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=133,US)
64.62.197.137	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:57	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=137,US)
64.62.197.139	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:58	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=139,US)
64.62.197.15	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:50	SIPVicious Security Scanner - IPS Events (IP=15,US)
64.62.197.150	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:57	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=150,US)
64.62.197.152	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=152,US)
64.62.197.154	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=154,US)
64.62.197.155	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=155,US)
64.62.197.157	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=157,US)
64.62.197.159	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=159,US)
64.62.197.16	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:49	SIPVicious Security Scanner - IPS Events (IP=16,US)
64.62.197.162	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=162,US)
64.62.197.165	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=165,US)
64.62.197.166	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=166,US)
64.62.197.167	32	TH	None	2022-02-21 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:49	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=167,US) | updated by TH Block was inactive. Reactivated on 20220929 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=167,US)
64.62.197.168	32	TH	None	2022-02-21 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:49	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=168,US) | updated by TH Block was inactive. Reactivated on 20220929 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=168,US)
64.62.197.169	32	TH	None	2022-02-21 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:50	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=169,US) | updated by TH Block was inactive. Reactivated on 20220929 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=169,US)
64.62.197.17	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:45	SIPVicious Security Scanner - IPS Events (IP=17,US)
64.62.197.170	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:34	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - IPS Events (IP=170,US)
64.62.197.172	32	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=172,US)
64.62.197.173	32	TH	None	2022-02-21 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:51	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=173,US) | updated by TH Block was inactive. Reactivated on 20220929 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=173,US)
64.62.197.175	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:51	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=175,US)
64.62.197.177	32	TH	None	2022-02-21 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:32	HP Intelligent Management Center TFTP Server MODE Remote Code Execution- IPS Events (IP=177,US) | updated by RS Block was inactive. Reactivated on 20220702 with reason HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=177,US)
64.62.197.18	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:40	SIPVicious Security Scanner - IPS Events (IP=18,US)
64.62.197.180	32	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:27	Possible Cross-site Scripting Attack - IPS Events (IP=180,US)
64.62.197.181	32	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=181,US)
64.62.197.183	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - CMS IPS Events (IP=183,US)
64.62.197.184	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:58	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - CMS IPS Events (IP=184,US)
64.62.197.187	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - CMS IPS Events (IP=187,US)
64.62.197.192	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:57	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - CMS IPS Events (IP=192,US)
64.62.197.193	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - CMS IPS Events (IP=193,US)
64.62.197.195	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - CMS IPS Events (IP=195,US)
64.62.197.202	32	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:45:56	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - CMS IPS Events (IP=202,US)
64.62.197.212	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:14	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=212,US)
64.62.197.213	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:13	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=213,US)
64.62.197.214	32	SW	None	2022-02-25 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:57	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=214,US) | updated by RS Block was inactive. Reactivated on 20220715 with reason F5 BIG-IP CVE-2022-1388 Remote Code Execution - IPS Events (IP=214,US)
64.62.197.215	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:14	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=215,US)
64.62.197.216	32	SW	None	2022-02-25 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:49	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=216,US) | updated by RS Block was inactive. Reactivated on 20220715 with reason Possible Cross-site Scripting Attack - IPS Events (IP=216,US)
64.62.197.217	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:13	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=217,US)
64.62.197.218	32	TH	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:40	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=218,US)
64.62.197.219	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:18	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=219,US)
64.62.197.22	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:41	SIPVicious Security Scanner - IPS Events (IP=22,US)
64.62.197.220	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:15	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=220,US)
64.62.197.223	32	TH	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:42	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=223,US)
64.62.197.225	32	SW	None	2022-02-25 00:00:00	2022-12-25 00:00:00	2022-09-27 13:51:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=225,US) | updated by RS Block was inactive. Reactivated on 20220926 with reason Possible Cross-site Scripting Attack - IPS Events (IP=225,US)
64.62.197.227	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:18	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=227,US)
64.62.197.232	32	TH	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:41	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=232,US)
64.62.197.235	32	TH	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:41	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=235,US)
64.62.197.238	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:17	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=238,US)
64.62.197.239	32	SW	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 23:37:16	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=239,US)
64.62.197.24	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:42	SIPVicious Security Scanner - IPS Events (IP=24,US)
64.62.197.25	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:40	SIPVicious Security Scanner - IPS Events (IP=25,US)
64.62.197.27	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:45	SIPVicious Security Scanner - IPS Events (IP=27,US)
64.62.197.32	32	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=32,US)
64.62.197.34	32	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=34,US)
64.62.197.36	32	TH	None	2022-03-04 00:00:00	2022-10-31 00:00:00	2022-08-03 13:59:29	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=36,US) | updated by RS Block was inactive. Reactivated on 20220802 with reason SIPVicious Security Scanner - IPS Events (IP=36,US)
64.62.197.50	32	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=50,US)
64.62.197.51	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:57	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=51,US)
64.62.197.52	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:52	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=52,US)
64.62.197.54	32	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=54,US)
64.62.197.55	32	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=55,US)
64.62.197.59	32	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=59,US)
64.62.197.6	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:47	SIPVicious Security Scanner - IPS Events (IP=6,US)
64.62.197.61	32	SW	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=61,US)
64.62.197.62	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=62,US)
64.62.197.63	32	SW	None	2022-01-14 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:06	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=63,US) | updated by RS Block was inactive. Reactivated on 20220601 with reason SSLv2 Client Hello Request Detected - IPS Events (IP=63,US)
64.62.197.64	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=64,US)
64.62.197.65	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=65,US)
64.62.197.66	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=66,US)
64.62.197.70	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=70,US)
64.62.197.72	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:04	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=72,US)
64.62.197.73	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:03	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=73,US)
64.62.197.74	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:04	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=74,US)
64.62.197.75	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:02	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=75,US)
64.62.197.77	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:54	SIPVicious Security Scanner - IPS Events (IP=77,US)
64.62.197.78	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:56	SIPVicious Security Scanner - IPS Events (IP=78,US)
64.62.197.79	32	TH	None	2022-03-10 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:44	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=79,US) | updated by RS Block was inactive. Reactivated on 20220703 with reason SIPVicious Security Scanner - IPS Events (IP=79,US)
64.62.197.80	32	SW	None	2022-01-14 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:55	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=80,US) | updated by RS Block was inactive. Reactivated on 20220703 with reason SIPVicious Security Scanner - IPS Events (IP=80,US)
64.62.197.81	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:06	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=81,US)
64.62.197.82	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:19	Nuclei Vulnerability Scanner - FE IPS Events (IP=82,US)
64.62.197.83	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:38	Possible Cross-site Scripting Attack - IPS Events (IP=83,US)
64.62.197.86	32	SW	None	2022-01-14 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:53	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=86,US) | updated by RS Block was inactive. Reactivated on 20220703 with reason SIPVicious Security Scanner - IPS Events (IP=86,US)
64.62.197.87	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:20	Nuclei Vulnerability Scanner - FE IPS Events (IP=87,US)
64.62.197.88	32	SW	None	2022-01-14 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:44	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=88,US) | updated by RS Block was inactive. Reactivated on 20220703 with reason SIPVicious Security Scanner - IPS Events (IP=88,US)
64.62.197.89	32	TH	None	2022-03-10 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:39	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=89,US) | updated by RS Block was inactive. Reactivated on 20220703 with reason Possible Cross-site Scripting Attack - IPS Events (IP=89,US)
64.62.197.9	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:48	SIPVicious Security Scanner - IPS Events (IP=9,US)
64.62.197.90	32	SW	None	2022-01-14 00:00:00	2022-04-14 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events(IP=90,US)
64.62.197.92	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=92,US)
64.62.197.93	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=93,US)
64.62.197.94	32	TH	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=94,US)
64.62.197.95	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=95,US)
64.62.197.96	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=96,US)
64.62.197.98	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=98,US)
64.62.197.99	32	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS (IP=99,US)
64.64.228.239	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:55	HIVE Case #7728 TO-S-2022-0192 (IP=239,US)
64.69.57.211	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=211,US)
64.71.72.79	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.72.107.122	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=122,US)
64.74.181.2	32	RR	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 13:49:56	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch - SourceFire (IP=2,US)
64.75.3.70	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=70,US)
64.78.222.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
64.90.124.13	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 22:54:55	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (1:8068:17) - SourceFire (IP=13,US)
64.90.41.109	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
64.94.196.70	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.94.196.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
64.94.214.19	32	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:08	SIPVicious Security Scanner - FE IPS (IP=19,US)
65.0.150.0	32	RS	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 22:49:31	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01346 (IP=0,IN)
65.1.100.170	32	AR	None	2021-12-01 00:00:00	2022-03-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00438 (IP=170,US)
65.1.141.164	32	WR	None	2022-04-25 00:00:00	2022-07-23 00:00:00	2022-04-25 14:47:23	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR #22C01224 (IP=164,US)
65.1.154.222	32	SW	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-22 13:52:28	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01718(IP=222,IN)
65.1.166.98	32	RR	None	2022-06-18 00:00:00	2022-09-16 00:00:00	2022-06-19 13:55:52	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01417 (IP=98,US)
65.1.20.241	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=241,IN)
65.1.227.157	24	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:57	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=157,IN)
65.1.84.215	24	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:48	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=215,IN)
65.100.174.110	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:00	HIVE Case #7199 CTO 22-074 (IP=110,US)
65.108.0.71	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=71,FI)
65.108.100.146	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:41	HIVE Case #7779 CTO 22-162 (IP=146,FI)
65.108.110.26	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 14:40:43	HIVE Case #7190 CTO 22-070 (IP=26,FI)
65.108.125.120	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:37:00	HIVE Case #7449 CTO 22-112 (IP=120,FI)
65.108.128.54	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:48	HIVE Case #7282 CTO 22-085 (IP=54,FI)
65.108.134.143	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:37	HIVE Case #7258 CTO 22-082 (IP=143,FI)
65.108.136.169	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:48	HIVE Case #7282 CTO 22-085 (IP=169,FI)
65.108.142.48	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:24	HIVE Case #7705 CTO 22-153 (IP=48,FI)
65.108.142.49	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:11	HIVE Case #7668 CTO 22-146 (IP=49,FI)
65.108.142.54	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:41	HIVE Case #7662 CTO 22-145 (IP=54,FI)
65.108.143.154	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:11	HIVE Case #7627 CTO 22-140 (IP=154,FI)
65.108.194.72	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:49	HIVE Case #7662 CTO 22-145 (IP=72,FI)
65.108.195.214	32	TLM	None	2022-04-27 00:00:00	2022-10-25 00:00:00	2022-04-27 20:54:06	HIVE Case #7480 CTO 22-117 (IP=214,FI)
65.108.2.171	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:10	HIVE Case #7668 CTO 22-146 (IP=171,FI)
65.108.208.13	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:42	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt - SourceFire (IP=13,FI)
65.108.244.12	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=12,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=12,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=12,US)
65.108.244.12	32	RR	None	2022-09-25 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=12,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=12,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=12,US)
65.108.3.252	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:14	HIVE Case #7399 CTO 22-104 (IP=252,FI)
65.108.41.34	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:03	HIVE Case #7458 CTO 22-113 (IP=34,FI)
65.108.46.72	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=72,FI)
65.108.48.63	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=63,FI)
65.108.50.49	24	KD	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-19 13:46:40	SQL Injection - Web Attacks (IP=49,FI)
65.108.57.163	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=163,FI)
65.108.57.164	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=164,FI)
65.108.64.210	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6925 CTO 22-034 (IP=210,FI)
65.108.67.131	32	AS	None	2022-03-10 00:00:00	2022-09-10 00:00:00	2022-03-11 00:50:55	HIVE Case #7187 CTO 22-069 (IP=131,FI)
65.108.78.33	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:19	HIVE Case #7705 CTO 22-153 (IP=33,FI)
65.114.133.18	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=18,US) | UNBLOCKED per CTO 22-305
65.140.46.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
65.153.18.81	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
65.175.104.31	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=31,US)
65.175.86.27	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=27,US)
65.2.11.144	32	JP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:11	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01787 (IP=144,US)
65.20.113.143	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:21	HIVE Case #7881 CTO 22-182 (IP=143,US)
65.20.72.70	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:21	HIVE Case #7881 CTO 22-182 (IP=70,IN)
65.202.157.235	32	RR	None	2022-02-12 00:00:00	2022-05-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=235,US)
65.21.105.85	32	AS	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 15:15:27	HIVE Case #7160 TO-S-2022-0144 (IP=85,FI)
65.21.122.241	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:40	HIVE Case #7110 CTO 22-057 (IP=241,FI)
65.21.126.160	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:09	HIVE Case #7237 CTO 22-077 (IP=160,FI)
65.21.126.174	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=174,FI
65.21.151.192	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-05 13:56:22	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=192,FI)
65.21.184.24	24	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=24,FI)
65.21.195.97	24	BMP	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:49	OSINT - Redline Stealer (IP=97,FI)
65.21.201.217	32	TLM	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-22 18:36:59	HIVE Case #7449 CTO 22-112 (IP=217,FI)
65.21.203.10	32	TLM	None	2022-04-27 00:00:00	2022-10-25 00:00:00	2022-04-27 20:54:06	HIVE Case #7480 CTO 22-117 (IP=10,FI)
65.21.204.44	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:18	HIVE Case #7696 CTO 22-152 (IP=44,FI)
65.21.205.120	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:02:57	HIVE Case #7441 CTO 22-111 (IP=120,FI)
65.21.231.30	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:41	HIVE Case #7110 CTO 22-057 (IP=30,FI)
65.21.232.254	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:34	HIVE Case #7088 CTO 22-056 (IP=254,FI)
65.21.233.213	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:35	HIVE Case #7676 CTO 22-147 (IP=213,FI)
65.21.234.184	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:32	HIVE Case #7432 CTO 22-110 (IP=184,FI)
65.21.240.32	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=32,FI)
65.21.241.104	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=104,FI)
65.21.241.82	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=82,FI)
65.21.241.92	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=92,FI)
65.21.251.115	24	KH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:22	SIPVicious Security Scanner - FE IPS (IP=115,FI)
65.21.252.128	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=128,FI)
65.21.7.224	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	DE TO-S-2021-1143 Malicious Email Activity
65.21.78.116	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=116,FI)
65.21.96.97	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=97,FI)
65.22.163.17	32	AR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-28 13:41:33	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=17,US)
65.22.199.1	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:16	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=1,US)
65.22.23.35	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:16	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=35,US)
65.22.23.37	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:17	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=37,US)
65.22.23.38	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:17	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=38,US)
65.22.23.7	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:20	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=7,US)
65.22.27.46	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:18	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=46,US)
65.22.27.6	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:18	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) SourceFire (IP=6,US)
65.22.27.65	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:19	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=65,US)
65.22.31.23	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:20	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) SourceFire (IP=23,US)
65.22.31.6	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:20	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=6,US)
65.22.35.36	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:21	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=36,US)
65.22.35.38	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:20	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=38,US)
65.22.35.39	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:21	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=39,US)
65.22.35.51	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:22	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire(IP=51,US)
65.22.83.1	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:21	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=1,US)
65.23.79.244	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=244,US)
65.254.248.183	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=183,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=183,US)
65.254.248.199	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=199,US)
65.38.161.20	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
65.38.163.197	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
65.49.20.100	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=100,US)
65.49.20.104	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=104,US)
65.49.20.108	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=108,US)
65.49.20.109	32	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:47	SIPVicious Security Scanner - IPS Events (IP=109,US)
65.49.20.112	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=112,US)
65.49.20.116	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=116,US)
65.49.20.120	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=120,US)
65.49.20.121	32	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:47	SIPVicious Security Scanner - IPS Events (IP=121,US)
65.49.20.124	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=124,US)
65.49.20.125	32	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:48	SIPVicious Security Scanner - IPS Events (IP=125,US)
65.49.20.68	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=68,US)
65.49.20.72	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=72,US)
65.49.20.76	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=76,US)
65.49.20.77	32	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:48	SIPVicious Security Scanner - IPS Events (IP=77,US)
65.49.20.80	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=80,US)
65.49.20.84	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=84,US)
65.49.20.85	32	RS	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:49	WSO2 CVE-2022-29464 RCE - IPS Events (IP=85,US)
65.49.20.88	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=88,US)
65.49.20.92	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=92,US)
65.49.20.96	32	TH	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=96,US)
65.49.220.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
65.49.222.229	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=229,US)
65.60.61.194	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
65.60.61.246	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=246,US)
65.74.9.61	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
65.8.228.27	32	SW	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:05	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=27,US)
65.92.187.153	24	WR	None	2022-04-15 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:19	SQL injection - 6HR WebAttacks (IP=153,CA)
65.92.86.209	24	SW	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	SQL injection - WebAttacks (IP=209,CA)
65.94.149.103	24	KH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=103,CA)
65.94.43.223	24	NAB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:50	HIVE Case #6651 Exploit.Log4Shell.CVE-2021-44228 (IP=223,CA)
65.99.225.252	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
6503894208.dealbazaar.com.bd	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:16	HIVE Case #5940 TO-S-2021-1447
66.11.116.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,US)
66.11.116.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,US)
66.11.116.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,US)
66.11.116.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,US)
66.11.116.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,US)
66.11.116.155	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=155,US)
66.115.182.102	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:53	HIVE Case #7728 TO-S-2022-0192 (IP=102,US)
66.115.182.111	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:54	HIVE Case #7728 TO-S-2022-0192 (IP=111,US)
66.117.14.108	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=108,US)
66.117.212.250	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6173 CTO 21-251 (IP=250,US)
66.135.0.211	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:05	HIVE Case #7696 CTO 22-152 (IP=211,US)
66.143.208.190	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	FTP Login Failed - 6 hr Failed Logon (IP=190,US)
66.143.208.190	32	TH	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	FTP Login Failed - 6 hr Failed Logon (IP=190,US)
66.146.193.33	32	DT	None	2020-07-14 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=33,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=33,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=33,US)
66.146.193.33	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=33,US) | updated by srm Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=33,US) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=33,US)
66.147.242.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
66.147.242.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
66.147.242.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
66.147.242.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
66.147.242.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
66.147.242.194	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=194,US)
66.150.130.188	32	WR	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=15,US)
66.154.102.91	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:47	HIVE Case #7676 CTO 22-147 (IP=91,US)
66.154.104.4	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:02	HIVE Case #7894 CTO 22-187 (IP=4,US)
66.154.112.206	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=206,US)
66.154.112.206	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=206,US)
66.154.112.206	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=206,US)
66.154.122.114	32	TH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-18 13:50:35	SIPVicious Security Scanner - FE CMS IPS Events (IP=114,US)
66.154.123.102	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:55	SIPVicious Security Scanner - IPS Events (IP=102,US)
66.154.14.53	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=53,US)
66.154.14.53	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=53,US)
66.154.14.53	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=53,US)
66.154.14.53	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=53,US)
66.154.14.53	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=53,US)
66.154.14.53	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=53,US)
66.160.128.177	32	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:26	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=177,US)
66.161.207.101	32	ZH	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 22:41:49	FILE-OTHER ZIP file name overflow attempt (1:21484:19) - SourceFire (IP=101,US)
66.162.42.50	32	ZH	None	2021-11-01 00:00:00	2022-01-30 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW (125:6:2) - Sourcefire (IP=50,US)
66.165.246.82	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=82,US)
66.171.110.105	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
66.172.10.132	32	AR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 13:50:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=132,US)
66.175.213.117	32	NAB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=117,US)
66.175.219.231	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:48:00	HIVE Case #7356 CTO 22-096 (IP=231,US)
66.175.233.25	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:47	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=25,US)
66.178.116.8	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=8,US)
66.18.160.27	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.181.160.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,MN)
66.181.160.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,MN)
66.181.160.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,MN)
66.181.41.19	32	ZH	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:13	FILE-OTHER libxml2 file processing long entity overflow attempt (1:15866:17) - SourceFire (IP=19,US)
66.191.236.161	32	KD	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:48	FTP Login Failed - 6 hr Failed Logons (IP=161,US)
66.196.207.97	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.198.242.151	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=151,US)
66.203.112.166	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=166,AU)
66.203.112.229	24	TH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-02 13:50:45	SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (1:45318:2) - SourceFire Report (IP=229,AU)
66.212.20.4	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:03	HIVE Case #7894 CTO 22-187 (IP=4,US)
66.220.242.222	32	srm	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=222,US)
66.223.197.174	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.228.34.0	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:12	DT / SQLi attempts IR#: 22C01610 (IP=0,US)
66.228.34.109	32	TH	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:28	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (1:57907:4) - SourceFire Report (IP=109,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=109,US) SQL injection - Web Attacks (IP=109,US)
66.228.34.109	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:28	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt (1:57907:4) - SourceFire Report (IP=109,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=109,US) SQL injection - Web Attacks (IP=109,US)
66.228.34.111	32	AR	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:29	SQL injection - Web Attacks (IP=111,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=111,US) SQL injection - Web Attacks (IP=111,US)
66.228.34.111	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:29	SQL injection - Web Attacks (IP=111,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=111,US) SQL injection - Web Attacks (IP=111,US)
66.228.34.143	32	KH	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:29	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=143,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=143,US) SQL injection - Web Attacks (IP=143,US)
66.228.34.143	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:29	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=143,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=143,US) SQL injection - Web Attacks (IP=143,US)
66.228.34.228	32	TH	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:30	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire Report (IP=228,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=228,US) SQL injection - Web Attacks (IP=228,US)
66.228.34.228	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:30	SERVER-WEBAPP Cisco HyperFlex HX Data Platform command injection attempt (3:57528:2) - SourceFire Report (IP=228,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=228,US) SQL injection - Web Attacks (IP=228,US)
66.228.34.72	32	KH	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:31	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=72,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=72,US) SQL injection - Web Attacks (IP=72,US)
66.228.34.72	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:31	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=72,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=72,US) SQL injection - Web Attacks (IP=72,US)
66.228.34.80	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:31	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - SourceFire Report (IP=80,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=80,US) SQL injection - Web Attacks (IP=80,US)
66.228.34.80	32	TH	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:31	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - SourceFire Report (IP=80,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=80,US) SQL injection - Web Attacks (IP=80,US)
66.228.34.97	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:32	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=97,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=97,US) SQL injection - Web Attacks (IP=97,US)
66.228.34.97	32	KH	None	2022-07-07 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:32	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=97,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=97,US) SQL injection - Web Attacks (IP=97,US)
66.228.36.76	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=76,US)
66.228.36.90	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=90,US)
66.228.47.31	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:41	HIVE Case #7361 CTO 22-098 (IP=31,US)
66.23.225.248	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=248,US)
66.23.225.254	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=254,US)
66.23.231.187	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=187,US)
66.23.231.187	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=187,US)
66.23.231.187	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=187,US)
66.23.231.187	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=187,US)
66.23.231.187	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=187,US)
66.23.231.187	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=187,US)
66.23.237.249	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.231.94.105	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=105,US)
66.232.73.229	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.234.16.14	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
66.240.192.82	32	RB	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:27	SRTO-2022-323 / SpringShell - IR# 22C01149 (IP=82,US)
66.241.75.209	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.248.206.253	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:28	HIVE Case #7277 CTO 22-084 (IP=253,NL)
66.249.74.44	32	AR	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	Phish.URL.Emotet (IP=44,US)
66.25.69.251	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=251,US)
66.252.213.44	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.28.0.14	32	SA	None	2022-06-02 00:00:00	2022-06-22 00:00:00	2022-06-29 15:32:19	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=14,US) | UNBLOCKED - This IP block is blocking https://secure.workcare.com/ and https://www.graduateschool.edu/
66.28.0.30	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:23	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=30,US)
66.29.132.80	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=80,US)
66.29.132.82	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=82,US)
66.29.134.122	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=122,US)
66.29.142.13	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=13,US)
66.37.141.195	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=195,US)
66.37.141.195	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=195,US)
66.37.141.195	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=195,US)
66.37.141.195	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=195,US)
66.37.141.195	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=195,US)
66.37.141.195	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=195,US)
66.39.133.79	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
66.42.117.116	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=116,US)
66.42.34.27	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:52	HIVE Case #7731 CTO 22-158 (IP=27,JP)
66.42.39.158	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:26	HIVE Case #7894 CTO 22-187 (IP=158,JP)
66.42.39.29	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=29,JP)
66.42.51.152	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=152,SG)
66.42.51.152	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=152,SG)
66.42.55.5	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=5,SG)
66.42.57.149	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:42	HIVE Case #7535 TO-S-2022-0176 (IP=149,SG)
66.42.57.174	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:27	HIVE Case #7894 CTO 22-187 (IP=174,SG)
66.42.61.239	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=239,SG)
66.42.62.108	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=108,SG)
66.42.62.132	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=132,SG)
66.45.234.4	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=4,US)
66.45.255.165	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=165,US)
66.51.238.180	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.57.17.22	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5734 CTO-21-173 (IP=22,US)
66.63.177.14	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:47:59	SIPVicious Security Scanner - IPS Events (IP=14,US)
66.63.188.166	32	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:05	SIPVicious Security Scanner - FE IPS (IP=166,US)
66.64.80.25	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=25,US)
66.67.123.17	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:31	SQL Drupal 7 pre auth SQL injection attempt (1:32353:5) - SourceFire (IP=17,US)
66.7.212.193	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=193,US)
66.70.146.110	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=110,CA)
66.70.146.193	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=193,CA)
66.70.146.39	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=39,CA)
66.70.146.39	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=39,CA)
66.70.146.39	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=39,CA)
66.70.146.39	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=39,CA)
66.70.146.39	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=39,CA)
66.70.146.83	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=83,CA)
66.70.159.219	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=219,CA)
66.70.159.239	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=239,CA)
66.70.159.245	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=245,CA)
66.70.159.245	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=245,CA)
66.70.159.245	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=245,CA)
66.70.159.245	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=245,CA)
66.70.159.245	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=245,CA)
66.70.159.247	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=247,CA)
66.70.181.31	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
66.70.204.222	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
66.70.204.222	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
66.70.218.40	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	CA TO-S-2021-1102 Malware Activity
66.70.235.8	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
66.70.240.214	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
66.70.240.214	32	RW	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent HTTP: MASSCAN Tool Usage - TT# 20C00898 (IP=214,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason CA TO-S-2021-1037 Hive Case 4785 Malware Activity
66.70.247.215	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
66.71.240.58	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=58,US)
66.79.188.139	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:06	HIVE Case #7104 TO-S-2022-0138 (IP=139,US)
66.79.232.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
66.85.148.170	32	ZH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:46	Phish.LIVE.DTI.URL Case #7749 (IP=170,US)
66.85.157.67	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
66.85.157.68	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
66.85.157.69	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
66.85.185.114	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
66.94.103.148	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=148,US)
66.94.118.47	32	TH	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-14 13:47:59	SIPVicious Security Scanner - FE CMS IPS Events (IP=47,US)
66.94.119.78	32	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:53	SIPVicious Security Scanner - IPS Events(IP=78,US)
66.94.120.161	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:04	HIVE Case #7881 CTO 22-182 (IP=161,US)
66.94.125.193	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=193,US)
66.94.126.14	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:36	HIVE Case #7676 CTO 22-147 (IP=14,US)
66.94.126.33	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:42	SIPVicious Security Scanner - IPS Events (IP=33,US)
66.96.14.231	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
66.96.147.101	32	NAB	None	2021-01-07 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:57	HIVE Case #NA FP Security (IP=101,US) | updated by AS Block was inactive. Reactivated on 20220412 with reason HIVE Case #7380 CTO 22-099 (IP=101,US) HIVE Case #7380 CTO 22-099 (IP=101,US)
66.96.147.101	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:57	HIVE Case #NA FP Security (IP=101,US) | updated by AS Block was inactive. Reactivated on 20220412 with reason HIVE Case #7380 CTO 22-099 (IP=101,US) HIVE Case #7380 CTO 22-099 (IP=101,US)
66.96.147.101	32	dbc	None	2021-01-20 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:57	HIVE Case #NA FP Security (IP=101,US) | updated by AS Block was inactive. Reactivated on 20220412 with reason HIVE Case #7380 CTO 22-099 (IP=101,US) HIVE Case #7380 CTO 22-099 (IP=101,US)
66.96.149.22	32	DT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	Exploit.Generic - Hive Case # 6957 (IP=22,US)
66.96.160.148	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=148,US)
66.96.160.148	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=148,US)
66.96.160.148	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=148,US)
66.96.160.148	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=148,US)
66.96.160.148	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=148,US)
66.96.160.148	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=148,US)
66.96.240.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
66.96.240.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
66.96.240.0	20	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,ID)
66.97.41.90	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
6649525465.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
6694807109.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:19	HIVE Case #5985 TO-S-2021-1459
67.11.230.32	32	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	SQL injection - Web Attacks (IP=32,US)
67.149.61.16	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:54	HIVE Case #7728 TO-S-2022-0192 (IP=16,US)
67.165.206.193	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:01	HIVE Case #7199 CTO 22-074 (IP=193,US)
67.180.221.212	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
67.197.233.126	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=126,US)
67.199.146.194	32	DT	None	2021-10-11 00:00:00	2022-01-09 00:00:00	None	Case # 6341 - Web: Riskware (IP=194,US)
67.20.114.211	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
67.20.16.7	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
67.20.61.70	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=70,US)
67.20.76.169	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 19:11:24	HIVE Case #7259 COLS-NA TIP 22-0099 (IP=169,US)
67.205.12.206	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=206,US)
67.205.128.129	32	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:46	HTTP: SQL Injection - Exploit II - Web Attacks (IP=129,US)
67.205.128.173	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:42	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability (1:58555:1) - SourceFire (IP=173,US)
67.205.129.180	32	JP	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-22 13:55:03	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Sourcefire (IP=180,US)
67.205.129.56	32	RS	None	2022-09-28 00:00:00	2022-12-27 00:00:00	2022-09-29 13:58:50	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=56,US)
67.205.129.68	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:44:43	SQL injection - WebAttacks (IP=68,US)
67.205.130.36	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 13:52:15	SQL injection - 6Hr Web Attacks (IP=36,US)
67.205.130.54	32	TC	None	2022-09-03 00:00:00	2022-12-02 00:00:00	2022-09-04 00:19:33	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=54,US)
67.205.131.177	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:16:52	SQL injection - Web Attacks (IP=177,US)
67.205.132.162	32	EE	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 21:25:37	HIVE Case #7197 IOC_ APT41 Targeting U.S. State Governments (IP=162,US)
67.205.134.91	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:26	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (1:52603:1) - SourceFire Report (IP=91,US)
67.205.135.218	32	RS	None	2022-05-02 00:00:00	2022-07-31 00:00:00	2022-05-02 22:41:53	SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (1:47690:2) - SourceFire (IP=218,US)
67.205.135.8	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:21	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=8,US)
67.205.136.127	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:27	SQL injection - 6 Hr Web Report (IP=127,US)
67.205.141.37	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=37,US)
67.205.142.154	32	WR	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:25	SQL injection - 6Hr Web Attacks (IP=154,US)
67.205.142.7	32	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:56	SQL injection - 6 Hr Web Report (IP=7,US)
67.205.144.15	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:23:40	SQL union select - possible sql injection attempt - GET parameter (1:13990:27) - Source Fire (IP=15,US)
67.205.144.215	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:48	SQL injection - 6Hr Web Attacks (IP=215,US)
67.205.145.227	32	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:12	SERVER-WEBAPP Facade Ignition remote code execution attempt - SourceFire (IP=227,US)
67.205.145.68	32	DT	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:22	SQL injection - Web Attacks (IP=68,US)
67.205.146.102	32	KH	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-09 14:21:55	SQL injection - Web Attacks (IP=102,US)
67.205.148.235	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:06	SQL injection - 6 hr Web Attacks (IP=235,US)
67.205.148.48	32	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:53:01	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=48,US)
67.205.149.124	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:39	SQL injection - WebAttacks (IP=124,US)
67.205.149.206	32	TH	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:55:02	SQL injection - 6 Hr Web Report (IP=206,US)
67.205.149.7	32	KH	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-14 22:45:10	SQL injection - Web Attacks (IP=7,US)
67.205.151.121	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:22	SQL injection - WebAttacks (IP=121,US)
67.205.151.121	32	RB	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 13:55:23	SQL injection - WebAttacks (IP=121,US)
67.205.151.200	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:02	SQL injection - Web Attacks (IP=200,US)
67.205.151.85	32	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:07	SQL injection- Web Attacks(IP=85,US)
67.205.153.12	32	AR	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:46:45	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=12,US)
67.205.154.139	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:54	SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt - SourceFire (IP=139,US)
67.205.154.251	32	RB	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-08 22:52:32	SQL injection - WebAttacks (IP=251,US)
67.205.154.74	32	RR	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 13:54:43	SQL injection - Web Attacks (IP=74,US)
67.205.154.80	32	TC	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-18 13:33:55	SQL injection - WebAttacks (IP=80,US)
67.205.155.167	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:20	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=167,US)
67.205.157.111	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:11	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire Rpt (IP=111,US)
67.205.159.164	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:42	HIVE Case #7380 CTO 22-099 (IP=164,US)
67.205.161.252	32	ZH	None	2022-07-17 00:00:00	2022-10-15 00:00:00	2022-07-17 22:30:48	SQL injection - 6hr Web Attacks (IP=252,US)
67.205.163.198	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6860 TO-S-2022-0117 (IP=198,US)
67.205.163.2	32	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:15	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01593 (IP=2,US)
67.205.163.211	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:43	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt - SourceFire (IP=211,US)
67.205.163.227	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:32	SQL injection- 6hr Web Attacks (IP=227,US)
67.205.163.45	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:39	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - SourceFire (IP=45, US)
67.205.165.221	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:44	HIVE Case #7894 CTO 22-187 (IP=221,US)
67.205.166.167	32	ZH	None	2022-05-10 00:00:00	2022-08-08 00:00:00	2022-05-10 13:48:36	SQL injection - 6hr Web Attacks (IP=167,US)
67.205.167.130	32	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 13:38:47	SQL injection - 6Hr Web Attacks (IP=130,US)
67.205.167.208	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=208,US)
67.205.168.64	32	RR	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:14	SQL injection - Web Attacks (IP=64,US)
67.205.168.73	32	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:53	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:4) - SourceFire (IP=73,US)
67.205.171.237	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:35	HTTP: SQL Injection - Exploit - 6Hr Web Attacks (IP=237,US)
67.205.172.173	32	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:49	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - WebAttacks (IP=173,US)
67.205.172.36	32	TH	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-22 13:55:06	SQL injection - 6 Hr Web Report (IP=36,US)
67.205.172.80	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:38	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51465:1) - Sourcefire Rpt (IP=80,US)
67.205.175.160	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:38	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - Sourcefire Rpt (IP=160,US)
67.205.177.103	32	ZH	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:48	SQL injection - 6hr Web Attacks (IP=103,US)
67.205.177.206	32	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:31	SQL injection - WebAttacks (IP=206,US)
67.205.182.105	32	SW	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-13 13:56:04	SQL injection - WebAttacks (IP=105,US)
67.205.182.254	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:20	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire (IP=254,US)
67.205.182.90	32	SQL	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:39	injection - WebAttacks (IP=90,US)
67.205.184.215	32	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:08	SQL injection - 6Hr Web Attacks (IP=215,US)
67.205.186.98	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:53	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire Report (IP=98,US)
67.205.187.194	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:09	SQL injection - Web Attacks (IP=194,US)
67.205.187.79	32	RB	None	2022-09-17 00:00:00	2022-12-16 00:00:00	2022-09-17 22:35:01	SQL injection - WebAttacks (IP=79,US)
67.205.188.140	32	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-19 14:00:37	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=140,US)
67.205.189.99	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 13:55:07	SQL injection - 6 hr Web Attacks (IP=99,US)
67.205.191.177	32	AR	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 13:48:33	SQL injection - WebAttacks (IP=177,US)
67.205.191.77	32	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:06	SQL injection - 6 Hr Web Report (IP=77,US)
67.205.3.117	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Web Application Activity
67.205.96.133	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=133,CA)
67.206.163.230	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
67.207.157.232	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=232,US)
67.207.80.113	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:13	File /etc/passwd Access Attempt Detect - FE IPS Events (IP=113,US)
67.207.82.247	32	RB	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:10	SQL injection - WebAttacks (IP=247,US)
67.207.82.74	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:09	SQL Injection - 6hr Web Attacks (IP=74,SG)
67.207.87.28	32	AR	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-02 13:32:51	Exploit.Log4Shell.CVE-2021-44228 - FE CMS (IP=28,US)
67.207.88.199	32	WR	None	2022-04-24 00:00:00	2022-07-22 00:00:00	2022-04-24 13:26:34	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=199,US)
67.207.88.43	32	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:08	SQL injection - Web Attacks (IP=43,US)
67.207.89.41	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:12	SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (1:17156:9) - Sourcefire Rpt (IP=41,US)
67.207.90.172	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:15	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=172,US)
67.207.90.216	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-31 13:51:03	SQL injection - Web Attacks (IP=216,US)
67.207.91.171	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:44	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=171,US)
67.207.91.58	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 13:47:08	SQL injection - WebAttacks (IP=58,US)
67.207.92.243	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:13	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=243,US)
67.207.93.161	32	RR	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 22:57:20	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=161,US)
67.207.94.111	32	RR	None	2022-07-30 00:00:00	2022-10-28 00:00:00	2022-07-30 13:52:55	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - SourceFire (IP=111,US)
67.207.95.170	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:55	SERVER-WEBAPP Apache Log4j logging remote code execution attempt - SourceFire (IP=170,US)
67.208.109.213	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
67.209.121.189	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
67.211.208.5	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
67.212.191.135	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
67.213.221.3	32	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:13	Infection Match (blocked)- FIREEYE Web(IP=3,US)
67.215.232.10	32	TH	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 13:52:58	SIPVicious Security Scanner - FE CMS IPS Events (IP=10,US)
67.217.164.35	32	MLJ	None	2016-11-15 06:00:00	2022-03-05 00:00:00	None	PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (IP=35,US) | updated by dbc Block was inactive. Reactivated on 20210305 with reason US TO-S-2021-1117 DOS-DDOS Activity
67.219.116.234	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
67.222.106.100	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=100,US)
67.222.134.106	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=106,US)
67.222.16.11	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=11,US)
67.222.59.200	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=200,US)
67.225.139.208	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=208,US)
67.225.160.166	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malware Activity
67.225.172.138	32	AS	None	2021-11-12 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6528 TO-S-2022-0082 (IP=138,US)
67.225.176.99	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=99,US)
67.225.177.94	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=94,US)
67.225.220.254	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=254,US)
67.225.236.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
67.225.240.199	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=199,US)
67.225.255.228	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
67.226.185.153	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
67.227.152.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
67.227.157.225	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
67.227.167.51	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=51,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=51,US)
67.227.172.217	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
67.227.186.107	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
67.227.192.193	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6412 TO-S-2022-1635 (IP=193,US)
67.227.193.239	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=239,US)
67.227.206.130	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
67.227.213.113	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
67.227.216.247	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=247,US)
67.227.236.216	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
67.228.7.10	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=10,US)
67.23.226.139	32	wmp	None	2020-08-24 00:00:00	2022-01-09 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=139,US) | updated by TLM Block was inactive. Reactivated on 20210709 with reason HIVE Case #5775 TO-S-2021-1390 (IP=139,US)
67.23.226.46	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=46,US)
67.23.234.183	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
67.23.254.45	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=45,US)
67.231.245.82	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=82,US)
67.24.169.254	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:37	SERVER-APACHE Apache Struts remote code execution attempt (1:39191:3) - SourceFire (IP=254,US)
67.24.179.254	32	AR	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - SourceFire (IP=254,US)
67.26.201.254	32	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:23	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) SourceFire (IP=254,US)
67.26.203.254	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:14	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=254,CA)
67.26.207.254	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=254,US)
67.26.211.254	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:15	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire (IP=254,US)
67.26.215.254	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:11	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=254,US)
67.27.129.254	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:09	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=254,US)
67.27.130.126	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:09	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=126,US)
67.27.131.126	32	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:13	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=126,US)
67.27.131.254	32	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:10	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=254,US)
67.27.133.126	32	DT	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt - Source Fire (IP=126,US)
67.27.133.254	32	RT	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=254,US)
67.43.1.166	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=166,US)
67.43.10.214	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=214,US)
67.43.10.48	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
67.43.224.0	20	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6198 TO-S-2021-1556 (IP=0,CA)
67.43.234.14	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:32	HIVE Case #7226 CTO 22-075 (IP=14,CA)
67.43.234.37	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:33	HIVE Case #7226 CTO 22-075 (IP=37,CA)
67.43.234.47	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:57	HIVE Case #7271 CTO 22-083 (IP=47,CA)
67.43.9.228	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
67.49.91.157	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
67.61.72.250	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
67.63.35.140	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
67.71.74.163	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:45	SQL injection - Web Attacks (IP=163,CA)
67.73.240.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PE TO-S-2021-1117 DOS-DDOS Activity
68.117.248.11	32	RS	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-31 17:20:48	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=11,US)
68.134.16.153	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=153,US)
68.134.16.153	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=153,US)
68.142.176.104	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=104,US)
68.142.178.97	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
68.142.67.14	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
68.150.65.53	24	RR	None	2022-06-10 00:00:00	2022-09-08 00:00:00	2022-06-10 13:46:13	SQL injection - Web Attacks (IP=53,CA)
68.168.213.22	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=22,US)
68.170.92.165	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
68.183.0.67	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:28	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59299:1) - SourceFire Report (IP=67,NL)
68.183.0.92	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:35	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=92,NL)
68.183.0.92	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:35	SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=92,NL) SERVER-WEBAPP Spring Security OAuth remote code execution attempt (1:46823:1) - SourceFire (IP=92,NL)
68.183.1.20	24	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:42	SQL injection - WebAttacks (IP=20,NL)
68.183.10.141	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:12	SQL use of concat function with select - likely SQL injection (1:24172:2) - Sourcefire Rpt (IP=141,NL)
68.183.10.141	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:38	SQL use of concat function with select - likely SQL injection (1:24172:2) - Sourcefire Rpt (IP=141,NL)
68.183.100.192	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:51	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - Source Fire (IP=192,US)
68.183.100.87	32	RR	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 13:44:02	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt - SourceFire (IP=87,US)
68.183.101.85	32	WR	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=85,US)
68.183.101.85	32	WR	None	2021-11-25 00:00:00	2022-02-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=118,US)
68.183.102.74	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=74,US)
68.183.102.75	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:45	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - SourceFire (IP=75,US)
68.183.105.224	32	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:50:18	HTTP: PHP File InclusionVulnerability - Web Attacks (IP=224,US)
68.183.106.123	32	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:46	SQL injection - Web Attacks (IP=123,US)
68.183.107.105	32	ZH	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-19 14:00:45	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=105,US)
68.183.107.190	32	RR	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:03	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=190,US)
68.183.107.250	32	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - Source Fire (IP=250,US)
68.183.109.21	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 22:46:07	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=21,US)
68.183.11.97	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:04	SQL injection - 6Hr Web Attacks (IP=97,NL)
68.183.110.130	32	WR	None	2021-10-28 00:00:00	2022-01-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00248 (IP=130,US)
68.183.111.42	32	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:46:54	rConfig SQL Injection Vulnerability - Web Attacks (IP=42,US)
68.183.112.124	32	IJ	None	2022-09-30 00:00:00	2022-12-30 00:00:00	2022-09-30 22:47:34	SQL injection- 6 Hr Web Attacks Report (IP=124,US)
68.183.112.140	32	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:51	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=140,US)
68.183.113.182	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:42	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability (1:58555:1) - SourceFire (IP=182,US)
68.183.113.39	32	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 22:59:55	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=39,US)
68.183.114.147	32	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:26	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=147,US)
68.183.115.146	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:53	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=146,US)
68.183.116.135	32	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:59	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - SourceFire (IP=135,US)
68.183.116.203	32	KH	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:43	SQL injection - Web Attacks (IP=203,US)
68.183.119.179	32	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 22:40:05	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=179,US)
68.183.12.180	24	RB	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:36	Exploit.Log4Shell.CVE-2021-44228 (IP=180,NL)
68.183.12.180	24	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:52	SQL injection - 6 Hr Web Report (IP=180,NL)
68.183.123.156	32	RS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-01 13:38:02	SQL injection - Web Attacks (IP=156,US)
68.183.123.32	32	KD	None	2022-04-22 00:00:00	2022-07-21 00:00:00	2022-04-23 13:50:18	SQL Injection - Web Attacks (IP=32,US)
68.183.125.176	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:18	SQL injection - 6 Hr Web Report (IP=176,US)
68.183.127.27	32	RB	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 22:46:07	Webshell.Binary.php.FEC2 - FireEye NX (IP=27,US)
68.183.13.253	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:12	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=253,NL)
68.183.130.158	32	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:38	OS-OTHER Bash CGI environment variable injection attempt - 6HR Web Attacks (IP=158,US)
68.183.130.160	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:40	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=160,US)
68.183.132.157	32	RB	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 13:52:04	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=157,US)
68.183.134.110	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:49	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (1:50015:1) - SourceFire (IP=110,US)
68.183.134.25	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 13:57:14	SQL injection - Web Attacks (IP=25,US)
68.183.134.66	32	SW	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 13:47:55	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=66,US)
68.183.135.66	32	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:46	SQL injection - Web Attacks (IP=66,US)
68.183.138.177	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:07:59	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=177,US)
68.183.138.177	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:19	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=177,US)
68.183.139.184	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:56	SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=184,US)
68.183.14.212	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:39	HTTP: PHP File Upload Vulnerability Detected - WebAttacks (IP=212,NL)
68.183.141.71	32	RR	None	2021-02-20 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:55	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - Web Attacks (IP=71,US) | updated by SW Block was inactive. Reactivated on 20220524 with reason SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=71,US) SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=71,US)
68.183.141.71	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:55	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - Web Attacks (IP=71,US) | updated by SW Block was inactive. Reactivated on 20220524 with reason SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=71,US) SERVER-WEBAPP Sophos SG UTM WebAdmin command injection attempt (1:58450:2) - SourceFire (IP=71,US)
68.183.142.144	32	KH	None	2022-10-01 00:00:00	2022-12-30 00:00:00	2022-10-01 23:56:19	SQL injection - Web Attacks (IP=144,US)
68.183.142.218	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:48	HTTP: PHP File Inclusion Vulnerability- 6hr Web Attacks (IP=218,US)
68.183.143.140	32	RR	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 14:18:43	SQL injection - Web Attacks (IP=140,US)
68.183.144.33	32	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:37	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=33,US)
68.183.145.140	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 13:46:48	SQL injection - 6Hr Web Attacks (IP=140,US)
68.183.146.122	32	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:23	SQL injection - 6 Hr Web Report (IP=122,US)
68.183.146.219	32	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:52	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=219,US)
68.183.147.195	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-19 13:56:02	SQL injection - Web Attacks (IP=195,US)
68.183.147.91	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 13:54:56	SQL injection - Web Attacks (IP=91,US)
68.183.15.163	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:43	HIVE Case #7380 CTO 22-099 (IP=163,NL)
68.183.15.207	24	KH	None	2022-07-21 00:00:00	2022-10-19 00:00:00	2022-07-21 22:56:06	SQL injection - Web Attacks (IP=207,NL)
68.183.150.176	32	ZH	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-03 13:44:43	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=176,US)
68.183.150.225	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:01	SQL injection - Web Attacks (IP=225,US)
68.183.151.0	32	TH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:43:40	HTTP SQL Injection Attempt - Web Attacks (IP=0,US)
68.183.151.0	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:05	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=0,US)
68.183.153.138	32	RR	None	2022-06-19 00:00:00	2022-09-17 00:00:00	2022-06-20 13:54:29	SQL injection - Web Attacks (IP=138,US)
68.183.153.93	32	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:50	SQL injection- 6hr Web Attacks (IP=93,US)
68.183.154.100	32	ZH	None	2022-06-22 00:00:00	2022-09-20 00:00:00	2022-06-22 22:43:04	SQL injection - 6hr Web Attacks (IP=100,US)
68.183.154.125	32	SW	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 13:49:00	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59299:1) - SourceFire (IP=125,US)
68.183.155.19	32	RR	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 13:48:13	SQL injection - Web Attacks (IP=19,US)
68.183.157.116	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-07 13:17:21	SERVER-WEBAPP Apache Struts remote code execution attempt - SourceFire (IP=116,US)
68.183.157.139	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:55	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt - SourceFire (IP=139,US)
68.183.157.184	32	RB	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-11 22:55:28	FIREEYE Web: Infection Match - FE CMS (IP=184,US)
68.183.157.203	32	RR	None	2022-05-20 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:28	SQL injection - Web Attacks (IP=203,US)
68.183.157.57	32	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:19	Adobe ColdFusion Administrator Access Restriction - 6Hr Web Attacks (IP=57,US)
68.183.159.35	32	DT	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-31 13:48:43	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - Source Fire (IP=35,US)
68.183.176.38	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:09	SQL Injection - 6hr Web Attacks (IP=38,SG)
68.183.177.46	24	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:24	SQL injection - Web Attacks (IP=46,SG)
68.183.179.10	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:37	SQL injection - Web Attacks (IP=10,SG)
68.183.180.196	24	SW	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:35	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=196,SG)
68.183.181.238	24	TH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-10 13:46:06	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire Report (IP=238,SG)
68.183.182.34	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:41	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3)- Sourcefire Rpt (IP=34,SG)
68.183.183.108	24	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:06	SERVER-WEBAPP System Information Library for node.js command injection attempt - SourceFire (IP=108,SG)
68.183.186.126	24	DT	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-27 13:14:25	CERT/CC VU#257161:CVE-2020-CVE-2020-11910 anomalous ICMPv4 type 3,code 4 Path MTU Discovery - Source Fire (IP=126,SG)
68.183.187.219	24	KD	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-07 13:16:24	SQL injection- Web Attacks (IP=219,SG)
68.183.188.82	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:02	SQL injection - Web Attacks (IP=178,SG)
68.183.189.173	24	TH	None	2022-03-24 00:00:00	2022-06-23 00:00:00	2022-03-25 13:46:19	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - SourceFire Report (IP=173,SG) | updated by RR Block expiration extended with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=173,SG) SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=173,SG)
68.183.189.173	24	RR	None	2022-03-25 00:00:00	2022-06-23 00:00:00	2022-03-25 13:46:19	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - SourceFire Report (IP=173,SG) | updated by RR Block expiration extended with reason SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=173,SG) SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=173,SG)
68.183.19.3	32	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:48	HTTP SQL Injection Attempt- Web Attacks (IP=3,US)
68.183.190.65	24	AR	None	2022-04-06 00:00:00	2022-07-06 00:00:00	2022-04-06 13:47:13	SERVER-WEBAPP Multiple PACS Server directory traversal attempt (1:49642:2) - SourceFire (IP=65,SG)
68.183.191.4	24	RR	None	2021-10-06 00:00:00	2022-01-08 00:00:00	None	MALICIOUS - Active Scanning (IP=4,SG)
68.183.193.234	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:56	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt - SourceFire (IP=234,CA)
68.183.194.118	24	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-30 13:42:32	SERVER-WEBAPP Spring Cloud Gateway Spring Expression Language injection attempt (1:59298:1) - SourceFire Report (IP=118,CA)
68.183.195.188	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:46	SERVER-OTHER PHP webshell upload attempt - SourceFire (IP=188,CA)
68.183.196.145	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:49	SQL injection- 6hr Web Attacks (IP=145,CA)
68.183.197.31	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:51	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability - SourceFire (IP=31,CA)
68.183.197.31	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-09 14:21:51	SERVER-WEBAPP Hikvision webLanguage command injection vulnerability - SourceFire (IP=31,CA) SERVER-WEBAPP Hikvision webLanguage command injection vulnerability - SourceFire (IP=31,CA)
68.183.197.8	24	RR	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:59	SQL injection - 6 Hr Web Report (IP=8,CA) | updated by RR Block expiration extended with reason POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt - SourceFire (IP=8,CA) POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt - SourceFire (IP=8,CA)
68.183.197.8	24	TH	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:46:59	SQL injection - 6 Hr Web Report (IP=8,CA) | updated by RR Block expiration extended with reason POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt - SourceFire (IP=8,CA) POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt - SourceFire (IP=8,CA)
68.183.198.247	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=247,CA)
68.183.199.110	24	RR	None	2022-03-27 00:00:00	2022-06-25 00:00:00	2022-03-27 13:46:45	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt - SourceFire (IP=110,CA)
68.183.2.23	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:36	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - SourceFire (IP=23,NL)
68.183.200.154	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 22:35:47	SQL injection - Web Attacks (IP=154,CA)
68.183.201.251	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:08	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=251,CA)
68.183.202.203	24	KH	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:08	SQL injection - Web Attacks (IP=203,CA)
68.183.203.67	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:56	SQL injection - 6hr Web Attacks (IP=67,CA)
68.183.203.67	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:31	SQL injection - 6hr Web Attacks (IP=67,CA)
68.183.204.9	24	ZH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 13:53:02	SQL injection - 6hr Web Attacks (IP=9,CA)
68.183.205.161	24	KH	None	2022-04-12 00:00:00	2022-07-11 00:00:00	2022-04-12 13:52:21	HTTP: PHP File Inclusion Vulnerability HTTP: PHP File Inclusion Vulnerability (IP=161,CA)
68.183.206.60	24	KD	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-21 13:53:52	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=60,CA)
68.183.209.26	24	KD	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-12 13:51:49	SQL injection - Web Attacks (IP=26,DE)
68.183.21.193	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:07:58	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=193,US)
68.183.21.193	32	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:18	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=193,US)
68.183.21.94	32	JP	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:20	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=94,US)
68.183.210.103	24	RR	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 13:56:16	SQL injection - Web Attacks (IP=103,DE)
68.183.210.152	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:45	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (1:57492:1) - SourceFire (IP=152,DE)
68.183.219.111	24	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:24	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=111, DE)
68.183.220.10	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=10,DE)
68.183.223.10	24	RB	None	2022-04-16 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:04	HTTP SQL Injection Attempt (IP=10,DE)
68.183.226.158	24	SW	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 13:54:25	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=158,SG)
68.183.227.172	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:54:57	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=172,SG)
68.183.229.145	24	SW	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-26 13:48:31	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire (IP=145,SG)
68.183.23.112	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:06	HIVE Case #7668 CTO 22-146 (IP=112,US)
68.183.230.33	24	RS	None	2022-05-03 00:00:00	2022-08-01 00:00:00	2022-05-03 13:47:08	SQL injection - 6Hr Web Attacks (IP=33,SG)
68.183.231.177	24	RB	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 22:39:11	SQL injection - 6hr web attacks (IP=177,SG)
68.183.232.164	24	DT	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-20 13:47:33	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - Source Fire (IP=164,SG)
68.183.233.217	24	KH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 22:28:49	SERVER-WEBAPP Aviatrix Controller directory traversal attempt (1:58961:1) - Sourcefire (IP=217,SG)
68.183.234.199	24	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-23 22:54:40	SQL injection - WebAttacks (IP=199,SG)
68.183.235.65	24	RR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-02 14:02:19	SQL injection - Web Attacks (IP=65,SG)
68.183.236.220	24	ZH	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:19	SQL injection - 6hr Web Attacks (IP=220,SG)
68.183.237.182	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:31	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SourceFire (IP=182, SG)
68.183.238.111	24	KH	None	2022-05-01 00:00:00	2022-07-30 00:00:00	2022-05-01 13:52:48	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=111,SG)
68.183.24.44	32	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 22:54:46	SQL injection - 6Hr Web Attacks (IP=44,US)
68.183.245.101	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=101,IN)
68.183.245.101	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=101,IN)
68.183.25.215	32	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:02	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=215,US)
68.183.27.149	32	DT	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-18 13:43:51	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Source Fire (IP=149,US)
68.183.28.180	32	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:48	HTTP: PHP File Inclusion Vulnerability - 6 HR WebAttack (IP=180,US)
68.183.29.11	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 22:34:23	SQL injection - 6Hr Web Attacks (IP=11,US)
68.183.3.200	24	NAB	None	2022-04-20 00:00:00	2022-07-19 00:00:00	2022-04-20 15:45:09	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=200,NL)
68.183.33.92	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:03	SQL injection - WebAttacks (IP=92,GB)
68.183.35.102	24	KD	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-16 15:21:12	SQL injection - Web Attacks (IP=102,GB)
68.183.37.139	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:21	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=139,GB)
68.183.38.100	24	ZH	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:38	SQL injection - WebAttacks (IP=100,GB)
68.183.38.233	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=233,GB)
68.183.38.233	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=233,GB)
68.183.39.136	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:10	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt (1:57438:1) - SourceFire Report (IP=136,GB)
68.183.40.191	24	RR	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 13:45:02	SERVER-APACHE Apache Struts remote code execution attempt - SourceFire (IP=191,GB)
68.183.40.236	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=236,GB)
68.183.41.157	24	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:21	HTTP: PHP File Inclusion Vulnerability - 6 Hr Web Report (IP=157,GB
68.183.42.252	24	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 22:58:33	SERVER-WEBAPP SonicWall SMA100 SQL injection attempt (1:58225:1) - SourceFire (IP=252,GB)
68.183.43.61	24	DT	None	2022-05-12 00:00:00	2022-08-10 00:00:00	2022-05-13 13:52:21	SQL injection - Web Attacks (IP=61,GB)
68.183.44.143	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=143,GB)
68.183.47.174	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:04	SQL injection- Web Attacks (IP=174,GB)
68.183.48.200	32	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:02	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=200,US)
68.183.48.71	32	KH	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:56:00	SQL injection - Web Attacks (IP=71,US)
68.183.49.32	32	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-05 13:42:52	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=32,US)
68.183.50.12	32	SW	None	2022-05-24 00:00:00	2022-08-22 00:00:00	2022-05-24 14:15:54	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=12,US)
68.183.50.171	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:13	SQL injection - WebAttacks (IP=171,US)
68.183.50.171	32	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 22:52:17	SQL injection - WebAttacks (IP=171,US)
68.183.50.39	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:13	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=39,US)
68.183.50.39	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:38	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire Rpt (IP=39,US)
68.183.52.200	32	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 13:46:49	SQL injection- 6hr Web Attacks (IP=200,US)
68.183.54.138	32	JP	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-13 22:48:24	SQL injection - 6 HR Web Attacks (IP=138,US)
68.183.54.224	32	DT	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 23:22:10	SQL injection - Web Attacks (IP=224,US)
68.183.54.32	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:38	SQL injection - Web Attacks (IP=32,US)
68.183.55.184	32	RR	None	2022-05-27 00:00:00	2022-08-25 00:00:00	2022-05-27 13:15:06	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=184,US)
68.183.55.185	32	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:15	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=185,US)
68.183.56.118	32	DT	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-29 13:53:02	SQL injection - Web Attacks (IP=118,US)
68.183.56.19	32	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:48	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=19,US)
68.183.57.18	32	ZH	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:04	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=18,US)
68.183.59.246	32	TH	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:22	SQL injection - 6 Hr Web Report (IP=246,US)
68.183.6.144	24	WR	None	2022-04-23 00:00:00	2022-07-21 00:00:00	2022-04-23 13:47:04	SQL injection - Web Attacks (IP=144,NL)
68.183.60.173	32	SW	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-15 13:53:31	SQL injection - WebAttacks (IP=173,US)
68.183.61.56	32	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:39	SQL injection - Web Attacks (IP=56,US)
68.183.62.134	32	SW	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 13:54:11	SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (1:58562:1) - SourceFire (IP=134,US)
68.183.62.167	32	RR	None	2022-06-16 00:00:00	2022-09-14 00:00:00	2022-06-16 13:52:02	SQL injection - Web Attacks (IP=167,US)
68.183.63.179	32	SW	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:28	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=179, US)
68.183.64.191	24	KD	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-19 13:46:41	HTTP: PHP File InclusionVulnerability - Web Attacks (IP=191,DE)
68.183.7.125	24	WR	None	2022-04-29 00:00:00	2022-07-27 00:00:00	2022-04-29 13:53:03	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=125,NL)
68.183.71.30	24	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:22	SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (1:45236:2) - SourceFire (IP=30,DE)
68.183.73.240	24	DT	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 23:03:08	SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (1:45421:2) - Source Fire (IP=240,DE)
68.183.78.128	24	KH	None	2022-04-30 00:00:00	2022-07-29 00:00:00	2022-04-30 22:54:05	SQL injection - Web Attacks (IP=128,DE)
68.183.8.192	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:10	SQL injection - 6HR web Attacks (IP=192,NL)
68.183.80.109	24	RR	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-07 13:54:19	SQL injection - Web Attacks (IP=109,IN)
68.183.81.13	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:27	HIVE Case #7894 CTO 22-187 (IP=13,IN)
68.183.86.16	24	ZH	None	2022-05-30 00:00:00	2022-08-28 00:00:00	2022-05-30 22:44:36	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=16,IN)
68.183.9.62	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:57	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=62,NL)
68.183.9.62	24	ZH	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:32	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=62,NL)
68.183.91.142	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:07:59	SQL injection - Web Attacks (IP=142,IN)
68.183.91.142	24	KH	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 23:08:19	SQL injection - Web Attacks (IP=142,IN)
68.183.92.60	24	SW	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:24	SERVER-WEBAPP Oracle Weblogic default credentials login attempt (1:40904:3) - SourceFire (IP=60, IN)
68.183.97.210	32	RS	None	2022-05-19 00:00:00	2022-08-17 00:00:00	2022-05-19 22:48:58	SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt (1:59480:1) - SourceFire (IP=210,US)
68.186.192.69	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:01	HIVE Case #7199 CTO 22-074 (IP=69,US)
68.192.131.233	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
68.196.43.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
68.204.7.158	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:02	HIVE Case #7199 CTO 22-074 (IP=158,US)
68.233.238.126	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:35	HIVE Case #7669 TO-S-2022-0187 (IP=126,US)
68.34.133.16	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:14	HIVE Case #8100 CTO 22-211 (IP=16,US)
68.43.176.25	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
68.5.142.41	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:09	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01581 (IP=41,US)
68.65.120.126	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
68.65.120.182	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=182,US)
68.65.120.207	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=207,US)
68.65.120.207	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=207,US)
68.65.120.207	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=207,US)
68.65.120.207	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=207,US)
68.65.120.207	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=207,US)
68.65.120.207	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=207,US)
68.65.120.208	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=208,US)
68.65.120.208	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=208,US)
68.65.120.208	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=208,US)
68.65.120.208	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=208,US)
68.65.120.208	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=208,US)
68.65.120.208	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=208,US)
68.65.120.228	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
68.65.121.116	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=116,US)
68.65.121.127	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=127,US)
68.65.122.158	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=158,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=158,US) HIVE Case #5969 TO-S-2021-1289 (IP=158,US)
68.65.122.158	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=158,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=158,US) HIVE Case #5969 TO-S-2021-1289 (IP=158,US)
68.65.122.159	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=159,US)
68.65.122.207	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
68.65.122.211	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
68.65.122.38	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
68.65.122.38	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
68.65.122.76	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=76,US)
68.65.122.76	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=76,US)
68.65.122.76	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=76,US)
68.65.122.76	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=76,US)
68.65.122.76	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=76,US)
68.65.122.77	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
68.66.197.247	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
68.66.200.208	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
68.66.224.3	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
68.66.224.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
68.66.224.52	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=52,US)
68.66.224.8	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-14 11:18:30	HIVE Case #8297 TO-S-2022-0229 (IP=8,US)
68.66.226.81	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
68.69.26.182	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=182,CA)
68.69.26.182	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=182,CA)
68.69.26.182	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=182,CA)
68.71.252.26	32	SW	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:22	PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt (3:40638:1) - SourceFire (IP=26,US)
68.79.10.226	24	SW	None	2021-11-12 00:00:00	2022-02-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=226, CN)
68.83.73.113	32	WR	None	2021-12-14 00:00:00	2022-03-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=113,US)
68.90.69.217	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
68.98.8.198	32	ZH	None	2022-05-23 00:00:00	2022-08-21 00:00:00	2022-05-24 00:05:39	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - Sourcefire Rpt (IP=198,US)
69.10.35.52	32	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:44	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=52, US)
69.12.82.195	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
69.14.115.40	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.14.181.150	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.147.86.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 unknown activity
69.156.202.127	24	BB	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SQL injection - Web Attacks (IP=127,CN)
69.16.196.67	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=67,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=67,US)
69.16.243.33	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:41	HIVE Case #7557 CTO 22-130 (IP=33,US)
69.16.249.166	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=166,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=166,US)
69.160.38.2	32	RR	None	2017-07-29 05:00:00	2022-12-05 00:00:00	2022-06-07 12:01:40	SQL 1 = 1 - possible sql injection attempt (IP=2,US) | updated by NAB Block was inactive. Reactivated on 20210107 with reason HIVE Case #NA FP Security (IP=2,US) | updated by dbc Block expiration extended with reason US TO-S-2021-1156 Malicious Email | updated by TLM Block was inactive. Reactivated on 20220606 with reason HIVE Case #7724 COLS-NA-TIP 22-0198 (IP=2,US)
69.162.180.136	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=136,US)
69.162.98.124	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malware Activity
69.163.155.19	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=19,US)
69.163.215.18	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=18,US)
69.163.228.46	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
69.163.236.59	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
69.163.28.3	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.164.195.215	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=215,US)
69.164.198.70	32	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:49:54	SQL injection - 6Hr Web Attacks (IP=70,US)
69.164.198.9	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=9,US)
69.164.207.182	32	ZH	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-14 22:58:22	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=182,US)
69.164.207.192	32	SW	None	2022-05-14 00:00:00	2022-08-12 00:00:00	2022-05-15 13:54:25	SQL injection - WebAttacks (IP=192,US)
69.164.211.181	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:27	HIVE Case #7769 CTO 22-165 (IP=181,US)
69.164.214.56	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
69.164.216.127	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:41	HTTP: PHP File Inclusion Vulnerability - IR# 22C01523(IP=127,US)
69.164.74.87	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=87,US)
69.165.173.49	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
69.165.220.91	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=91,CA)
69.165.224.111	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
69.167.138.189	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=189,US)
69.167.150.242	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=242,US)
69.167.157.73	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
69.167.167.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
69.167.168.221	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=221,US)
69.167.175.211	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
69.167.236.198	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.168.106.51	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malware Activity
69.174.92.11	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=11,US)
69.176.89.39	32	DT	None	2022-01-16 00:00:00	2022-04-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=39,US)
69.195.110.47	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
69.197.186.76	32	JP	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:54	SIPVicious Security Scanner - IPS Events (IP=76,US)
69.197.186.84	32	JP	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:53	SIPVicious Security Scanner - IPS Events (IP=84,US)
69.20.59.81	32	KH	None	2021-10-05 00:00:00	2022-01-03 00:00:00	None	TO-S-2022-1595/Botnet Malware Communication - TT# 22C00045 (IP=81,US)
69.22.68.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
69.25.116.239	32	DT	None	2022-04-01 00:00:00	2022-06-30 00:00:00	2022-04-02 14:08:05	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=239,US)
69.27.96.200	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=200,CA)
69.28.165.0	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6)- Sourcefire Rpt (IP=0,US)
69.28.165.128	32	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Rpt (IP=128,US)
69.3.131.53	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.30.218.42	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6181 CTO 21-257 (IP=42,US)
69.36.170.201	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=201,US)
69.39.239.26	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=26,US)
69.4.234.102	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=102,US)
69.4.90.161	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
69.4.90.162	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
69.4.90.180	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
69.4.90.183	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
69.4.90.187	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
69.4.90.189	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
69.42.134.218	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.42.220.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.46.15.151	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=151,US)
69.46.240.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.47.193.62	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.47.52.122	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.47.52.138	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.47.52.150	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.47.52.210	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.47.52.74	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.47.52.82	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
69.49.227.212	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=212,US)
69.49.227.86	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=86,US)
69.49.228.121	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=121,US)
69.49.228.167	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=167,US)
69.49.228.180	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
69.49.228.185	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=185,US)
69.49.228.191	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
69.49.228.250	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=250,US)
69.49.228.45	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
69.49.228.78	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
69.49.228.92	32	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=92,US)
69.49.229.105	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=105,US)
69.49.229.124	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=124,US)
69.49.229.142	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
69.49.229.170	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=170,US)
69.49.229.173	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=173,US)
69.49.229.19	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=19,US)
69.49.229.190	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=190,US)
69.49.229.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
69.49.229.43	32	TH	None	2022-05-18 00:00:00	2022-08-16 00:00:00	2022-05-18 22:35:14	Phish.LIVE.DTI.URL - FE CMS (IP=43,US)
69.49.229.85	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=85,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=85,US)
69.49.230.107	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=107,US)
69.49.230.149	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=149,US)
69.49.230.171	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=171,US)
69.49.230.172	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=172,US)
69.49.230.184	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=184,US)
69.49.230.197	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=197,US)
69.49.230.203	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=203,US)
69.49.230.217	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=217,US)
69.49.230.40	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=40,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=40,US)
69.49.230.46	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=46,US)
69.49.230.63	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=63,US)
69.49.230.76	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=76,US)
69.49.230.92	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=92,US)
69.49.231.0	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=0,US)
69.49.231.12	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=12,US)
69.49.231.197	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=197,US)
69.49.231.218	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=218,US)
69.49.231.251	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=251,US)
69.49.231.68	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=68,US)
69.49.231.76	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=76,US)
69.49.234.122	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=122,US)
69.49.234.124	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=124,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=124,US)
69.49.234.129	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:22	HIVE Case #7714 CTO 22-154 (IP=129,US)
69.49.234.161	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=161,US)
69.49.234.188	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=188,US)
69.49.234.197	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=197,US)
69.49.234.221	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=221,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=221,US)
69.49.234.230	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=230,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=230,US)
69.49.234.234	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=234,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=234,US)
69.49.234.235	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=235,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=235,US)
69.49.234.239	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=239,US)
69.49.234.240	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=240,US)
69.49.234.34	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=34,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=34,US)
69.49.234.48	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=48,US)
69.49.234.71	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=71,US)
69.49.234.94	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=94,US)
69.49.235.137	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=137,US)
69.49.235.140	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=140,US)
69.49.235.147	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=147,US)
69.49.235.154	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=154,US)
69.49.235.16	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=16,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=16,US)
69.49.235.177	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=177,US)
69.49.235.227	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=227,US)
69.49.235.229	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=229,US)
69.49.235.232	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=232,US)
69.49.235.237	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=237,US)
69.49.235.3	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=3,US)
69.49.235.47	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=47,US)
69.49.235.63	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=63,US)
69.49.235.78	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=78,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=78,US)
69.49.235.93	32	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=93,US)
69.49.242.98	32	TH	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:47	SIPVicious Security Scanner - FE CMS IPS Events (IP=98,US)
69.49.244.173	32	TLM	None	2022-03-16 00:00:00	2022-09-16 00:00:00	2022-03-16 20:55:46	HIVE Case #7216 COLS-NA-TIP 22-0085 (IP=173,US)
69.49.245.175	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:23	HIVE Case #7714 CTO 22-154 (IP=175,US)
69.54.25.34	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:14	HIVE Case #7199 CTO 22-074 (IP=34,US)
69.55.55.155	32	SW	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:51:19	Masscan TCP Port Scanner - IPS Events (IP=155,US)
69.55.61.108	32	RR	None	2022-06-04 00:00:00	2022-09-02 00:00:00	2022-06-04 13:39:06	SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt - SourceFire (IP=108,US)
69.61.26.122	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
69.61.38.251	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=251,US)
69.64.49.212	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=212,US)
69.65.3.245	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=245,US)
69.65.40.75	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=75,US)
69.67.150.36	32	RR	None	2022-08-20 00:00:00	2022-11-18 00:00:00	2022-08-20 13:23:16	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=36,US)
69.67.208.38	32	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:17	SIPVicious Security Scanner - IPS Events (IP=38,US)
69.73.162.32	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=32,US)
69.73.170.122	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=122,US)
69.87.217.8	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=8,US) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=8,US)
69.90.184.125	32	TLM	None	2022-05-11 00:00:00	2022-11-10 00:00:00	2022-05-11 15:28:16	HIVE Case #7564 TO-S-2022-0180 (IP=125,US)
69.94.151.188	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=188,US)
6956114655.medpharmasd.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:29	HIVE Case #5940 TO-S-2021-1447
6c42x.r..bh.d.sendibt3.com	---	TLM	None	2021-08-10 00:00:00	2022-08-10 00:00:00	2023-01-19 22:59:54	HIVE Case #5969 TO-S-2021-1289
6c42x.r.bh.d.sendibt3.com	---	jkc	None	2021-05-07 00:00:00	2022-06-14 00:00:00	2023-01-19 22:56:31	Case # 5405 IOC_ TO-S-2021-1269 Malicious domain | updated by TLM Block expiration extended with reason HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
6fz.one	---	TLM	None	2021-12-02 00:00:00	2022-12-02 00:00:00	2023-01-19 23:05:30	HIVE Case #6600 TO-S-2022-0090
6ulcj3.trz-mc.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:18	HIVE Case #5940 TO-S-2021-1447
70.121.73.33	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
70.151.32.247	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:16	HIVE Case #8100 CTO 22-211 (IP=247,US)
70.183.120.111	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:58	SIPVicious Security Scanner - IPS Events (IP=111,US)
70.23.42.187	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:18	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=187,US)
70.23.89.23	32	KH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:17	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (1:46736:2) - Sourcefire (IP=23,US)
70.27.253.164	24	SW	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-05-31 13:48:44	SQL injection - WebAttacks (IP=164,CA)
70.32.1.162	32	JP	None	2022-09-11 00:00:00	2022-12-10 00:00:00	2022-09-11 13:56:15	SERVER-WEBAPP LG N1A1 NAS command injection attempt - 6HR Web Attacks (IP=162,US)
70.32.20.67	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=67,US)
70.32.23.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
70.32.23.58	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
70.32.23.71	32	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6984 (IP=71,US)
70.32.23.73	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=73,US)
70.32.89.4	32	ZH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:49	EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (1:21492:23) - SourceFire (IP=4,US)
70.34.194.123	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=123,SE)
70.34.195.75	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=75,SE)
70.34.197.185	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=185,SE)
70.34.197.199	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=199,SE)
70.34.198.226	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=226,SE)
70.34.199.214	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=214,SE)
70.34.201.16	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=16,SE)
70.34.202.55	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=55,SE)
70.34.203.152	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=152,SE)
70.34.203.73	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:36	HIVE Case #7769 CTO 22-165 (IP=73,SE)
70.34.204.141	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=141,SE)
70.34.206.103	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=103,SE)
70.34.208.32	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=32,SE)
70.34.209.127	32	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:42:59	SQL injection - Web Attacks (IP=127,US)
70.34.211.229	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:25	HIVE Case #7653 CTO 22-144 (IP=229,SE)
70.34.212.96	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:28	HIVE Case #7894 CTO 22-187 (IP=96,SE)
70.34.215.22	24	TH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:06	SQL injection - 6 Hr Web Report (IP=22,SE)
70.34.216.81	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=81,SE)
70.34.218.189	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:11	HIVE Case #7904 CTO 22-189 (IP=189,SE)
70.34.221.170	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:43	HIVE Case #7894 CTO 22-187 (IP=170,SE)
70.34.246.59	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:35	HIVE Case #7458 CTO 22-113 (IP=59,US)
70.35.19.15	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=15,US)
70.35.199.66	32	ZH	None	2022-04-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:16	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Rpt (IP=66,US) | updated by RS Block was inactive. Reactivated on 20220813 with reason SERVER-WEBAPP WordPress Snap Creek Duplicator and Duplicator Pro plugins directory traversal attempt (1:58487:1) - SourceFire (IP=66,US)
70.39.126.0	32	AS	None	2022-03-21 00:00:00	2022-09-21 00:00:00	2022-03-21 17:08:11	HIVE Case #7245 TO-S-2022-0151 (IP=0,US)
70.39.147.127	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=127,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=127,US)
70.39.151.199	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=199,US)
70.39.234.117	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
70.42.131.106	32	GM	None	2020-01-16 00:00:00	2022-08-05 00:00:00	None	17128: HTTP: Microsoft Outlook Web Application Delivery Report Redirection - 20C01466 (IP=106,US) | updated by RW Block was inactive. Reactivated on 20200523 with reason 17128 HTTP Microsoft Outlook Web Application Delivery Report Redirection - TT# 20C | updated by TLM Block was inactive. Reactivated on 20220204 with reason HIVE Case #6925 CTO 22-034 (IP=106,US)
70.42.174.210	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=210,US)
70.45.207.5	24	KH	None	2022-01-30 00:00:00	2022-04-30 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=5,PR)
70.62.153.174	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=174,US)
70.66.67.2	32	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:25:59	Attempted Access - Inbound Brute Force - IR#22C01817 (IP=2,CA)
70.70.35.72	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
70.87.22.25	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=25,US)
70.89.246.33	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:14	HIVE Case #7199 CTO 22-074 (IP=33,US)
70.89.246.34	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:15	HIVE Case #7199 CTO 22-074 (IP=34,US)
70.89.246.35	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:15	HIVE Case #7199 CTO 22-074 (IP=35,US)
70.89.246.36	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:16	HIVE Case #7199 CTO 22-074 (IP=36,US)
70.89.246.37	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:16	HIVE Case #7199 CTO 22-074 (IP=37,US)
70.91.93.133	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:17	HIVE Case #7199 CTO 22-074 (IP=133,US)
70.92.246.89	32	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:20	Threat Team Request / Ukraine IOCs - TT# 22C00989 (IP=89 ,US)
7090487632.biomaxx.ind.br	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:43	HIVE Case #5940 TO-S-2021-1447
71.1.188.122	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:36	HIVE Case #7669 TO-S-2022-0187 (IP=122,US)
71.10.123.67	32	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:03	SIPVicious Security Scanner - IPS Events (IP=67,US)
71.129.99.48	32	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:45:59	SQL injection - WebAttacks (IP=48,US)
71.163.139.77	32	SW	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-04 13:45:54	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=77,US)
71.163.155.77	32	DT	None	2022-02-24 00:00:00	2022-05-25 00:00:00	2022-02-25 14:56:22	SQL injection - Web Attacks (IP=77,US)
71.172.81.20	32	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:51	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - Sourcefire (IP=20,US)
71.217.182.142	32	SW	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-27 13:49:47	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=142,US)
71.217.51.72	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=72,US)
71.40.108.8	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=8,US)
71.42.96.222	32	WR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00715 (IP=222,US)
71.59.74.155	32	BB	None	2021-12-19 00:00:00	2022-03-19 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=155,US)
71.6.146.130	32	BLP	None	2016-09-30 05:00:00	2022-03-03 00:00:00	None	PROTOCOL-DNS named version attempt | updated by BLP with reason PROTOCOL-DNS named version attempt (IP=130,CN) | updated b | updated by RT Block was inactive. Reactivated on 20211203 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 22C00466 (IP=130,US)
71.6.165.200	32	djs	None	2015-02-25 06:00:00	2022-10-19 00:00:00	2022-07-21 22:56:04	multiple SQL port scans (ip=200,US) | updated by wmp with reason Suspicious inbound to mySQL (IP=200,US) | updated by wmp wi | updated by RW with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by RB Block was inactive. React | updated by ZH Block was inactive. Reactivated on 20220310 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution IR#22C01027 (IP=200,US) | updated by KH Block was inactive. Reactivated on 20220721 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - IR# 22C01714 (IP=200,US)
71.63.134.16	32	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-05-18 16:38:42	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) (1:2034674:1) - Sourcefire Rpt (IP=16,US) | Unblock per INC0230693. USACE home user attempting to connect via VPN by ZH
71.74.12.34	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:02	HIVE Case #7199 CTO 22-074 (IP=34,US)
71.77.133.44	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:03	HIVE Case #7894 CTO 22-187 (IP=44,US)
72.0.47.59	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
72.123.65.11	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:36	HIVE Case #7669 TO-S-2022-0187 (IP=11,US)
72.14.182.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
72.14.185.147	32	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	Malicious IPS - HIVE Case 6711 (IP=147,US)
72.167.241.46	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=46,US)
72.167.42.75	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=75,US)
72.167.47.69	32	AR	None	2022-03-05 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:46	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=69,US) | updated by AS Block was inactive. Reactivated on 20220706 with reason HIVE Case #7894 CTO 22-187 (IP=69,US)
72.167.64.87	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 12:01:39	HIVE Case #7724 COLS-NA-TIP 22-0198 (IP=87,US)
72.167.66.121	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=121,US)
72.167.84.11	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=11,US)
72.167.84.163	32	srm	None	2022-03-09 00:00:00	2022-06-07 00:00:00	2022-03-09 14:45:05	HIVE Case #NA FP Security (IP=163,US)
72.167.87.128	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=128,US)
72.18.134.34	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
72.191.236.117	32	AR	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Alerts (IP=117,US)
72.202.235.201	32	KD	None	2022-01-05 00:00:00	2022-04-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- SSH (IP=201,US)
72.21.80.0	23	TLM	None	2022-06-24 00:00:00	2022-12-23 00:00:00	2022-06-24 19:38:45	HIVE Case #7840 CTO 22-175 (IP=0,US)
72.21.81.240	32	SW	None	2021-12-12 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:44	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - SourceFire (IP=240,US) | updated by TLM Block was inactive. Reactivated on 20220622 with reason HIVE Case #7813 CTO 22-173 (IP=240,US)
72.22.121.241	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:01	SQL injection - WebAttacks (IP=241,US)
72.221.164.34	32	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=34,US)
72.223.168.73	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=73,US)
72.251.249.13	32	srm	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HIVE Case #NA Forcepoint FP Bot Networks (IP=13,NL)
72.252.201.34	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:03	HIVE Case #7199 CTO 22-074 (IP=34,JM)
72.252.224.93	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	JM TO-S-2021-1050 Hive Case 4821 Malware Activity
72.255.231.230	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:04	HIVE Case #7894 CTO 22-187 (IP=230,HK)
72.27.160.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	JM TO-S-2021-1037 Hive Case 4785 Malware Activity
72.29.71.167	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
72.29.90.201	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=201,US)
72.3.173.166	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=166,US)
72.4.44.133	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
72.44.45.112	32	ZH	None	2021-11-05 00:00:00	2022-02-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=112,US)
72.44.64.37	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=37,US)
72.47.239.94	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=94,US)
72.49.24.74	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:57	SQL injection - 6Hr Web Attacks (IP=74,US)
72.5.161.12	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=12,SG)
72.5.34.114	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:52	Malicious PHP Script Embedded in GIF File - FE IPS Events (IP=114,US)
72.51.45.108	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CA TO-S-2021-1117 DOS-DDOS Activity
72.52.144.230	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-09-30 17:07:36	HIVE Case #8395 TO-S-2022-0233 (IP=230,US)
72.52.169.181	32	AS	None	2021-11-12 00:00:00	2022-05-12 00:00:00	None	HIVE Case #6528 TO-S-2022-0082 (IP=181,US)
72.52.169.251	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=251,US)
72.52.175.33	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=33,US)
72.52.179.174	32	wmp	Kristen Pope	2020-09-16 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=174,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20221019 with reason HIVE Case #8482 CTO 22-288 (IP=174,US) | UNBLOCKED per CTO 22-305
72.52.230.82	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=82,US)
72.53.186.12	24	DT	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=12,FI)
72.53.190.92	32	SA	None	2022-06-09 00:00:00	2022-06-09 00:00:00	2022-06-09 15:30:52	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=92,US) | Region VII Education Service Center Block was placed in error and is deemed as benign. by TH
72.55.190.139	24	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	Phishing.PDF.PhishingX.FEC3 Hive Case #6613 (IP=139,CA)
72.68.69.63	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:17	HIVE Case #7199 CTO 22-074 (IP=63,US)
72.79.9.139	32	KH	None	2021-10-08 00:00:00	2022-01-27 00:00:00	None	FE_Webshell_PHP_Generic_1 - FE CMS (IP=139,US) | updated by WR Block expiration extended with reason HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - WebAttacks (IP=139, US)
72j4i.codesandbox.io	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:08	HIVE Case #5985 TO-S-2021-1459
73.106.139.138	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:06	HIVE Case #7807 CTO 22-169 (IP=138,US)
73.151.236.31	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:03	HIVE Case #7199 CTO 22-074 (IP=31,US)
73.243.67.246	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:06	HIVE Case #7807 CTO 22-169 (IP=246,US)
73.35.210.3	32	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:51:22	ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228) - SourceFire (IP=3,US)
73.5.119.219	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:04	HIVE Case #7199 CTO 22-074 (IP=219,US)
7330514178.ocpos.nl	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:10	HIVE Case #5985 TO-S-2021-1459
74.113.42.89	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
74.115.50.106	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=106,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.118	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=118,US)
74.118.138.123	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=123,US)
74.118.138.125	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=125,US)
74.118.138.134	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=134,US)
74.118.138.139	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=139,US)
74.118.138.159	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=159,US)
74.118.138.162	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=162,US)
74.118.138.180	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=180,US)
74.118.138.207	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=207,US)
74.118.138.209	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=209,US)
74.118.138.211	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=211,US)
74.118.138.23	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=23,US)
74.118.138.237	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=237,US)
74.118.138.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,US)
74.118.138.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,US)
74.118.138.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,US)
74.118.138.246	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=246,US)
74.118.138.249	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=249,US)
74.118.138.25	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=25,US)
74.118.138.253	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=253,US)
74.118.138.254	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=254,US)
74.119.193.57	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:52	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=57,HK)
74.119.195.47	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=47,NL)
74.119.195.47	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=47,NL)
74.119.195.47	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=47,NL)
74.119.239.234	32	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:45:22	HIVE Case #7928 CTO 22-194 (IP=234,US)
74.120.220.58	24	RS	None	2022-07-22 00:00:00	2022-10-20 00:00:00	2022-07-23 13:44:13	SIPVicious Security Scanner - IPS Events (IP=58,CA)
74.120.8.104	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=104,US)
74.120.9.66	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=66,US)
74.120.9.66	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=66,US)
74.120.9.66	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=66,US)
74.121.150.201	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=201,US)
74.122.192.125	32	NAB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=125,US)
74.124.214.202	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 Malicious Email Activity
74.15.25.74	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CA TO-S-2021-1037 Hive Case 4785 Malware Activity
74.194.4.181	32	jkc	None	2021-08-23 00:00:00	2022-08-23 00:00:00	None	HIVE Case #NA FP Security (IP=42,US) | updated by jkc Block expiration extended with reason HIVE Case #NA Compromised IP (IP=181, US) HIVE Case #NA Compromised IP (IP=181, US)
74.194.4.181	32	srm	None	2021-07-13 00:00:00	2022-08-23 00:00:00	None	HIVE Case #NA FP Security (IP=42,US) | updated by jkc Block expiration extended with reason HIVE Case #NA Compromised IP (IP=181, US) HIVE Case #NA Compromised IP (IP=181, US)
74.194.4.181	32	jkc	None	2021-08-23 00:00:00	2022-08-23 00:00:00	None	HIVE Case #NA Compromised IP (IP=181, US)
74.201.28.133	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=133,US)
74.207.240.241	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=241,US)
74.207.246.41	32	KD	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	T1190 - Command Injection,SQLInjection - ABC Report (IP=41,US)
74.208.115.5	32	RR	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-21 14:34:30	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=5,US)
74.208.115.84	32	ZH	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 23:01:47	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=84,US)
74.208.135.157	32	AR	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:48	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=157,US)
74.208.135.157	32	AR	None	2022-09-02 00:00:00	2022-12-31 00:00:00	2022-09-02 14:05:54	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=157,US)
74.208.135.158	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:18	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=158,US)
74.208.136.162	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=162,US)
74.208.141.74	32	RR	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-01 13:56:01	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire (IP=74, US) | updated by RR Block was inactive. Reactivated on 20220801 with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=74,US) SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=74,US)
74.208.141.74	32	SW	None	2022-03-30 00:00:00	2022-10-30 00:00:00	2022-08-01 13:56:01	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - SourceFire (IP=74, US) | updated by RR Block was inactive. Reactivated on 20220801 with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=74,US) SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=74,US)
74.208.165.71	32	ZH	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-20 23:01:48	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire (IP=71,US)
74.208.175.146	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:19	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - SourceFire (IP=146,US)
74.208.18.66	32	KH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 22:28:50	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=66,US)
74.208.181.185	32	AR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - SourceFire (IP=185,US)
74.208.181.186	32	RB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=186,US)
74.208.182.71	32	RR	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:40	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=71,US)
74.208.182.71	32	RR	None	2022-09-24 00:00:00	2022-12-23 00:00:00	2022-09-25 13:55:43	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=71,US)
74.208.208.195	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=195,US)
74.208.214.202	32	RR	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:46	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=202,US)
74.208.216.189	32	AR	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 13:48:33	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=189,US)
74.208.233.197	32	RR	None	2022-09-01 00:00:00	2022-11-30 00:00:00	2022-09-01 13:52:46	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=197,US)
74.208.236.109	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
74.208.236.111	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
74.208.236.129	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
74.208.236.60	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-03 18:23:24	HIVE Case #8399 COLS-NA TIP 22-0339 (IP=60,US)
74.208.25.216	32	RR	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:33	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=216,US)
74.208.32.16	32	RR	None	2022-03-20 00:00:00	2022-06-18 00:00:00	2022-03-21 14:34:31	SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=16,US)
74.208.32.166	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:20	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=166,US)
74.208.37.54	32	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:53	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=54,US)
74.208.49.38	32	KH	None	2022-08-23 00:00:00	2022-11-21 00:00:00	2022-08-23 22:28:50	SERVER-APACHE Apache HTTP server SSRF attempt (1:58820:1) - Sourcefire (IP=38,US)
74.208.49.73	32	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:51	SERVER-WEBAPP JBoss JMX console access attempt- Sourcefire(IP=73,US)
74.208.55.82	32	ZH	None	2022-08-28 00:00:00	2022-11-26 00:00:00	2022-08-28 22:58:21	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54462:3) - SourceFire (IP=82,US)
74.208.81.115	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:09	SIPVicious Security Scanner - IPS Events (IP=115,US)
74.208.87.123	32	RT	None	2021-10-27 00:00:00	2022-01-25 00:00:00	None	SQL injection - Web Attacks (IP=123,US) | updated by RT Block was inactive. Reactivated on 20211027 with reason SQL injection - 6HR Web Attacks (IP=123,US) SQL injection - 6HR Web Attacks (IP=123,US)
74.208.87.123	32	KH	None	2021-06-29 00:00:00	2022-01-25 00:00:00	None	SQL injection - Web Attacks (IP=123,US) | updated by RT Block was inactive. Reactivated on 20211027 with reason SQL injection - 6HR Web Attacks (IP=123,US) SQL injection - 6HR Web Attacks (IP=123,US)
74.208.90.166	32	RR	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:34	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=166,US)
74.208.90.167	32	RR	None	2022-08-25 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:35	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=167,US)
74.211.111.34	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:04	HIVE Case #7894 CTO 22-187 (IP=34,US)
74.220.194.185	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=185,US)
74.220.215.103	32	YM	None	2017-12-01 06:00:00	2022-04-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=103,US) | updated by TLM Block was inactive. Reactivated on 20211006 with reason HIVE Case #6314 TO-S-2021-1589 (IP=103,US) HIVE Case #6314 TO-S-2021-1589 (IP=103,US)
74.220.215.103	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=103,US) | updated by TLM Block was inactive. Reactivated on 20211006 with reason HIVE Case #6314 TO-S-2021-1589 (IP=103,US) HIVE Case #6314 TO-S-2021-1589 (IP=103,US)
74.220.219.180	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=180,US)
74.220.219.180	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=180,US)
74.220.219.180	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=180,US)
74.220.219.243	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
74.220.219.51	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=51,US)
74.50.13.96	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=96,US)
74.63.196.178	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=178,US)
74.63.196.178	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=178,US)
74.63.196.178	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=178,US)
74.63.249.58	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=58,US)
74.82.47.13	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:56	SIPVicious Security Scanner - IPS Events (IP=13,US)
74.82.47.17	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:56	SIPVicious Security Scanner - IPS Events (IP=17,US)
74.82.47.194	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:41	HIVE Case #7342 CTO 22-092 FRAGO (IP=194,US)
74.82.47.21	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:57	SIPVicious Security Scanner - IPS Events (IP=21,US)
74.82.47.25	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:59	SIPVicious Security Scanner - IPS Events (IP=25,US)
74.82.47.27	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=27,US)
74.82.47.3	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=3,US)
74.82.47.31	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=31,US)
74.82.47.43	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=43,US)
74.82.47.43	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=43,US)
74.82.47.47	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=47,US)
74.82.47.47	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=47,US)
74.82.47.9	32	RS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-30 13:52:57	SIPVicious Security Scanner - IPS Events (IP=9,US)
74.83.59.73	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=73,US)
74.84.89.10	32	DT	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=10,US)
74.85.157.139	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=139,PR)
74.89.238.156	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:05	HIVE Case #7894 CTO 22-187 (IP=156,US)
74.99.85.61	32	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:10	SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=61,US)
742427239.ujsd.jumperctin.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:37	HIVE Case #6042 TO-S-2021-1484
7443392204.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
7489118710.zingerrolstoel-nederland.nl	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:57:58	HIVE Case #5644 TO-S-2021-1352
75.101.209.167	32	RT	None	2021-11-13 00:00:00	2022-02-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=167,US)
75.103.116.13	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
75.103.81.81	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
75.119.132.157	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=157,DE)
75.119.133.61	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=61,DE)
75.119.134.83	32	ZH	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 23:00:14	Known Attack Tool - IR# 22C01621 (IP=83,DE)
75.119.151.141	24	TH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-09 13:27:13	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire Report (IP=141,DE)
75.119.156.216	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=216,DE)
75.119.158.122	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:55	HIVE Case #7913 CTO 22-190 (IP=122,DE)
75.119.200.225	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
75.119.204.107	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	US TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
75.119.222.129	32	TH	None	2022-07-20 00:00:00	2022-10-18 00:00:00	2022-07-20 22:52:50	26332 HTTP JavaScript createImageBitmap Method Usage - IR# 22C01710 (IP=129,US)
75.126.41.202	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=202,US)
75.169.58.229	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:04	HIVE Case #7199 CTO 22-074 (IP=229,US)
75.188.35.168	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:05	HIVE Case #7199 CTO 22-074 (IP=168,US)
75.46.164.143	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:11	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01584 (IP=143,US)
75.67.32.138	32	SW	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-20 13:22:38	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=138,US)
75.84.208.145	32	TLM	None	2022-06-08 00:00:00	2022-12-07 00:00:00	2022-06-09 13:12:48	HIVE Case #7739 CTO 22-159 (IP=145,US)
75.9.124.77	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:04	HIVE Case #7807 CTO 22-169 (IP=77,US)
75.98.46.58	32	TH	None	2022-08-01 00:00:00	2022-10-30 00:00:00	2022-08-02 13:50:46	SIPVicious Security Scanner - FE CMS IPS Events (IP=58,US)
75.98.46.90	32	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:33	SIPVicious Security Scanner - IPS Events (IP=90,US)
753549699.ujsd.conncorrd.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:35	HIVE Case #6042 TO-S-2021-1484
7587683251.bieropdinsdag.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
76.103.128.152	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:29	HIVE Case #7894 CTO 22-187 (IP=152,US)
76.12.219.239	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	US TO-S-2021-1102 Malicious Email Activity
76.120.37.160	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
76.174.166.119	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
76.187.73.134	32	SW	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:20	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01911(IP=134,US)
76.223.26.96	32	AR	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:57	Exploit.Kit.SocialEng.Malverisement - Hive Case # 7884 (IP=96,US)
76.25.142.196	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:05	HIVE Case #7199 CTO 22-074 (IP=196,US)
76.72.96.219	32	KD	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-05 19:41:37	excessive "Custon Violation" attacks - FIREEYE IPS(219,US)
76.76.21.123	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-16 11:17:53	HIVE Case #8133 COLS-NA TIP 22-0278 (IP=123,US)
76.8.244.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	US TO-S-2021-1117 DOS-DDOS Activity
76.8.32.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BM TO-S-2021-1037 Hive Case 4785 Malware Activity
76.95.193.238	32	KH	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 22:51:37	SIPVicious Security Scanner - FE IPS (IP=238,US)
77.0.14.225	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:23	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=225,DE)
77.0.54.234	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:23	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=234,DE)
77.0.76.210	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:24	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=210,DE)
77.10.57.142	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:25	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=142,DE)
77.102.161.76	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:25	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=76,GB)
77.104.162.182	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=182,US)
77.105.188.0	22	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,RU)
77.105.32.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RS TO-S-2021-1037 Hive Case 4785 Malware Activity
77.109.79.154	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
77.111.216.124	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
77.111.240.151	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DK TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
77.111.240.187	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DK TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
77.114.99.12	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:10	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01583 (IP=12,PL)
77.125.101.198	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:08	SQL Injection - 6hr Web Attacks (IP=198,IL)
77.132.88.57	24	BB	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter (1:16431:6) - Sourcefire (IP=57,FR)
77.134.1.180	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:26	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=180,FR)
77.138.8.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IL TO-S-2021-1117 DOS-DDOS Activity
77.139.17.171	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IL TO-S-2021-1050 Hive Case 4821 Malware Activity
77.157.56.171	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
77.159.74.121	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
77.159.80.81	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
77.161.202.33	24	RR	None	2022-02-13 00:00:00	2022-05-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=33,NL)
77.162.19.47	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:26	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=47,NL)
77.163.246.172	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:27	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=172,NL)
77.171.196.155	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
77.182.89.159	24	RR	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 14:43:00	SQL injection - Web Attacks (IP=159,DE)
77.190.85.32	24	KD	None	2022-01-10 00:00:00	2022-04-10 00:00:00	2022-03-06 00:57:08	SQL injection- Web Attacks (IP=32,DE)
77.203.127.188	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
77.209.58.190	24	DT	None	2021-12-29 00:00:00	2022-03-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - Source Fire (IP=190,ES)
77.216.159.171	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HR TO-S-2021-1037 Hive Case 4785 Malware Activity
77.220.64.146	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	IT TO-S-2021-1156 Malware Activity
77.222.134.186	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:47	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=186,UA)
77.222.169.40	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:27	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=40,NO)
77.222.63.195	32	TLM	None	2021-12-23 00:00:00	2022-06-23 00:00:00	None	HIVE Case #6695 CTO 21-357 (IP=195,RU)
77.223.96.0	19	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
77.227.156.97	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:28	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=97,ES)
77.232.117.40	24	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SERVER-WEBAPP generic SQL select statement possible sql injection - ABC report (IP=40,SA)
77.234.224.60	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SK TO-S-2021-1050 Hive Case 4821 Malware Activity
77.235.201.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.235.42.124	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
77.236.175.6	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
77.237.15.69	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
77.237.29.198	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:28	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=198,PL)
77.238.132.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
77.239.224.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.239.64.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BA TO-S-2021-1050 Hive Case 4821 Malware Activity
77.240.99.219	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
77.241.100.177	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=177,NO)
77.241.85.29	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=29,BE)
77.242.134.41	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
77.243.112.122	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:15	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=122,RU)
77.243.191.21	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BE TO-S-2021-1117 unknown activity
77.243.219.38	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.245.0.0	20	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	JO TO-S-2021-1102 Malware Activity
77.245.149.38	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=38,TR)
77.246.75.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
77.247.108.77	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=77,BZ)
77.247.108.77	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=77,BZ) HIVE Case #5 TO-S-2021-1447 (IP=77,BZ)
77.247.109.38	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EE TO-S-2021-1037 Hive Case 4785 Malware Activity
77.247.109.52	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EE TO-S-2021-1037 Hive Case 4785 Malware Activity
77.247.109.64	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EE TO-S-2021-1037 Hive Case 4785 Malware Activity
77.247.109.70	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EE TO-S-2021-1037 Hive Case 4785 Malware Activity
77.247.109.73	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	EE TO-S-2021-1037 Hive Case 4785 Malware Activity
77.247.126.152	32	ZH	None	2022-08-11 00:00:00	2022-08-19 00:00:00	2022-10-11 19:15:41	Malicious URL Hosting - Hive Case #8115 (IP=152,US) | Unblocked - Case #8115 The domain ( woodworkersolution[.]com ) was blocked in Forcepoint, recommend not blocking IP as it hosts many commercial sites on a US commercial ASN and may prevent access to items hosted on this IP.
77.247.127.112	24	NAB	None	2022-03-18 00:00:00	2022-06-16 00:00:00	2022-03-18 13:57:00	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=112,AE)
77.247.127.213	24	KH	None	2021-10-07 00:00:00	2022-01-05 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=213,GB)
77.247.181.163	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=163,NL) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=163,NL) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=163,NL)
77.247.181.163	24	CR	None	2020-07-14 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=163,NL) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=163,NL) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=163,NL)
77.247.181.165	32	RR	None	2021-03-09 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00582 (IP=165,DE) | updated by wmp Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 Mandiant Intel Report (IP=165,NL) HIVE Case #6985 Mandiant Intel Report (IP=165,NL)
77.247.181.165	32	wmp	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00582 (IP=165,DE) | updated by wmp Block was inactive. Reactivated on 20220217 with reason HIVE Case #6985 Mandiant Intel Report (IP=165,NL) HIVE Case #6985 Mandiant Intel Report (IP=165,NL)
77.252.26.5	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:26	HIVE Case #7904 CTO 22-189 (IP=5,PL)
77.253.40.31	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:29	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=31,PL)
77.26.173.140	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.28.19.243	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:30	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=243,MK)
77.28.20.241	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:30	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=241,MK)
77.28.21.107	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:31	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=107,MK)
77.28.22.149	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:31	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=149,MK)
77.28.24.132	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:32	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=132,MK)
77.28.25.25	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:32	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=25,MK)
77.28.26.122	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:33	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=122,MK)
77.28.30.58	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:33	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=58,MK)
77.28.30.92	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:34	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=92,MK)
77.3.29.5	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:35	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=5,DE)
77.33.92.10	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:35	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=10,DK)
77.35.28.175	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
77.37.134.80	24	DT	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44229 (IP=80,RU)
77.40.243.46	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NO TO-S-2021-1037 Hive Case 4785 Malware Activity
77.42.121.203	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.42.240.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
77.43.57.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
77.45.222.172	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:07	Suspicious Scan Activity (IP=172,RU)
77.45.72.210	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
77.48.19.108	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.49.34.67	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:36	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=67,GR)
77.53.13.187	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.56.224.7	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:36	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=7,CH)
77.6.65.115	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:37	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=115,DE)
77.68.118.61	24	KD	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-24 13:50:50	SERVER-OTHER Apache Log4j logging remote code execution attempt- Sourcefire(IP=61,GB)
77.68.34.27	24	ZH	None	2021-09-21 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:58	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - Sourcefire Rpt (IP=27,GB) | updated by DT Block was inactive. Reactivated on 20211230 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:4) - Source Fire (IP=27,GB) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=27,GB) | updated by KD Block expiration extended with reason HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - TT# 22C00970(IP=27,GB) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=27,GB)
77.68.64.3	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
77.69.235.60	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:08	SERVER-WEBAPP Zimbra remote code execution attempt (1:29027:6) - SourceFire (IP=60,BH)
77.71.0.138	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=138,BG)
77.72.0.138	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=138,GB)
77.72.3.199	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=199,GB) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=199,GB)
77.73.134.2	24	RB	None	2022-08-24 00:00:00	2022-11-23 00:00:00	2022-08-25 13:54:35	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=2,KZ) | updated by RR Block expiration extended with reason SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - SourceFire (IP=2,KZ )
77.79.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
77.8.158.118	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:37	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=118,DE)
77.8.173.243	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:38	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=243,DE)
77.81.139.82	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:22	Infection Match (blocked)- FIREEYE Web(IP=82,IE)
77.82.160.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
77.83.199.13	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=13,US)
77.83.199.20	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=20,US)
77.83.26.209	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=209,EG)
77.83.85.30	24	NAB	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=30,RU)
77.87.217.225	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
77.87.6.7	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
77.89.211.34	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MD TO-S-2021-1117 DOS-DDOS Activity
77.89.228.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
77.91.102.115	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:52	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=115,PL)
77.91.103.31	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:53	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=31,FI)
77.91.126.37	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 18:56:25	HIVE Case #8121 CTO 22-223 (IP=37,US)
77.91.126.47	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 18:56:26	HIVE Case #8121 CTO 22-223 (IP=47,US)
77.91.126.48	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 18:56:25	HIVE Case #8121 CTO 22-223 (IP=48,US)
77.91.126.61	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 18:56:27	HIVE Case #8121 CTO 22-223 (IP=61,US)
77.91.126.62	32	AS	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 18:56:27	HIVE Case #8121 CTO 22-223 (IP=62,US)
77.91.69.14	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:42	HIVE Case #7557 CTO 22-130 (IP=14,RU)
77.91.74.67	24	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:54	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=67,IL)
77.92.188.66	24	RS	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-04 13:53:59	SIPVicious Security Scanner - IPS Events (IP=66,BH)
77.92.212.109	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:39	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=109,CZ)
77.92.224.0	19	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=0,GE)
77.92.79.1	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
77.95.200.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
77.99.129.181	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:39	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=181,GB)
7714338058.khybercci.com.pk	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
7723826524.zingerrolstoel-nederland.nl	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:57:58	HIVE Case #5644 TO-S-2021-1352
7746541920.80er.nl	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:13	HIVE Case #5985 TO-S-2021-1459
78.10.163.208	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:40	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=208,PL)
78.104.145.227	24	SA	None	2022-06-02 00:00:00	2022-08-30 00:00:00	2022-06-03 00:40:25	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3)SourceFire (IP=227,AT)
78.107.161.23	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:10	HIVE Case #7894 CTO 22-187 (IP=23,RU)
78.11.1.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.11.1.225	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
78.12.151.48	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.120.231.242	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:40	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=242,FR)
78.127.108.253	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:41	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=253,FR)
78.128.112.114	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
78.128.113.38	24	TH	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-24 13:55:54	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - SourceFire Report (IP=38,FR)
78.128.113.58	24	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:53	SQL parameter ending in comment characters - possible sql injection attempt - POST - SourceFire (IP=58,AE)
78.128.113.58	24	RR	None	2022-08-24 00:00:00	2022-11-22 00:00:00	2022-08-24 13:52:53	SQL parameter ending in comment characters - possible sql injection attempt - POST - SourceFire (IP=58,AE) SQL parameter ending in comment characters - possible sql injection attempt - POST - SourceFire (IP=58,AE)
78.128.114.115	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:50	HIVE Case #7325 CTO 22-091 (IP=115,BG)
78.128.127.151	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:53	HIVE Case #7308 CTO 22-090 (IP=151,BG)
78.128.211.180	24	DT	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Source Fire (IP=180,CZ)
78.128.8.129	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
78.129.132.73	24	RS	None	2022-06-03 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:21	SIPVicious Security Scanner - IPS Events (IP=73,GB) | updated by JP Block was inactive. Reactivated on 20220909 with reason SIPVicious Security Scanner - IPS Events (IP=73,GB) SIPVicious Security Scanner - IPS Events (IP=73,GB)
78.129.132.73	24	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:21	SIPVicious Security Scanner - IPS Events (IP=73,GB) | updated by JP Block was inactive. Reactivated on 20220909 with reason SIPVicious Security Scanner - IPS Events (IP=73,GB) SIPVicious Security Scanner - IPS Events (IP=73,GB)
78.129.146.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.134.89.167	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=167,IT)
78.135.85.143	24	RR	None	2022-08-06 00:00:00	2022-11-04 00:00:00	2022-08-06 13:52:17	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=143,TR)
78.135.85.70	24	SW	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:32	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=70,TR)
78.137.126.220	32	RB	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00379 (IP=220,GB)
78.138.127.110	24	DT	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-08 13:46:29	PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt (3:40638:1) - Source Fire (IP=240,FR)
78.138.128.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.138.25.29	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=29,UA)
78.141.193.51	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=51,GB)
78.141.207.123	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=123,GB)
78.141.208.159	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:06	HIVE Case #7774 CTO 22-166 (IP=159,US)
78.141.222.143	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6310 CTO 21-273 (IP=143,NL)
78.141.222.44	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=44,NL)
78.141.223.119	24	SW	None	2022-01-23 00:00:00	2022-04-23 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=119,NL)
78.142.18.56	24	SW	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 14:03:01	SQL injection - WebAttacks (IP=56,BG)
78.142.208.212	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=212,TR)
78.142.208.231	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=231,TR)
78.142.208.53	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=53,TR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=53,TR)
78.142.209.94	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
78.142.210.31	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
78.142.244.17	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=17,TH)
78.142.29.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,BG)
78.153.214.22	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
78.153.48.4	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SI TO-S-2021-1037 Hive Case 4785 Malware Activity
78.158.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LT TO-S-2021-1050 Hive Case 4821 Malware Activity
78.162.144.127	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:08	FE_Webshell_PHP_Generic_1 (IP=127,TR)
78.162.145.221	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:33	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58737:4) - SourceFire (IP=221,TR)
78.162.44.76	24	SW	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 13:46:09	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1325 attack attempt (3:57769:1) - SourceFire (IP=76,TR)
78.163.97.164	24	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:43	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6 HR WebAttack (IP=164,TR)
78.165.115.129	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.165.122.55	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.165.224.25	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.165.230.141	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.165.92.121	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.165.92.91	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.167.165.204	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.167.74.175	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:40	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=175,TR)
78.169.141.106	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.171.100.159	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.175.188.9	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.176.104.148	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=148,TR)
78.177.124.220	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.180.165.95	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.180.183.40	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.182.152.46	24	WR	None	2022-04-22 00:00:00	2022-07-20 00:00:00	2022-04-22 13:39:42	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 HR WebAttack (IP=46,TR)
78.182.156.192	24	AR	None	2022-04-08 00:00:00	2022-07-07 00:00:00	2022-04-08 13:46:37	SQL injection - 6hr Web Attack (IP=192,TR)
78.183.125.48	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.186.127.228	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.186.147.79	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.186.185.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.186.22.219	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	TR TO-S-2021-1102 Malware Activity
78.186.240.53	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.187.168.8	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.187.196.193	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.187.228.11	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	TR TO-S-2021-1143 Malicious Connections Activity
78.187.77.29	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.187.81.65	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.188.180.88	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.188.184.101	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.188.24.71	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.188.61.252	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.189.162.241	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=241,TR)
78.189.195.159	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.189.227.74	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.189.51.220	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.190.78.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
78.191.12.29	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:06	HIVE Case #7199 CTO 22-074 (IP=29,TR)
78.220.160.61	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:31	Custom Violation - ArcSight (IP=61,FR)
78.224.49.200	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.235.132.211	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.239.161.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.24.100.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.24.184.133	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=133,HU)
78.252.167.5	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.29.93.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.31.71.113	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
78.31.71.18	24	KH	None	2022-03-29 00:00:00	2022-06-27 00:00:00	2022-03-29 22:55:29	SIPVicious Security Scanner - FE CMS (IP=18,DE)
78.31.71.248	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=248,DE)
78.33.27.218	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
78.36.123.146	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:07	Suspicious Scan Activity (IP=146,RU)
78.46.10.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
78.46.114.178	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
78.46.149.254	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=254,DE)
78.46.253.192	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=192,DE)
78.46.43.194	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Web Application Activity
78.46.61.245	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=245,DE)
78.46.63.108	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7039 CTO 22-050 (IP=108,DE)
78.46.71.90	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=90,DE)
78.46.73.125	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:43	HIVE Case #7535 TO-S-2022-0176 (IP=125,DE)
78.46.83.56	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6599 CTO 21-335 (IP=56,DE)
78.46.86.155	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=155,DE)
78.47.152.66	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=66,DE)
78.47.166.55	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.47.228.196	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.47.243.181	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=181,DE)
78.47.48.71	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
78.47.76.108	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.56.163.191	24	TH	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-29 22:53:53	SQL Injection - 6 Hr Web Report (IP=191,LT)
78.61.208.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LT TO-S-2021-1050 Hive Case 4821 Malware Activity
78.70.22.87	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
78.81.144.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.81.151.5	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:10	HIVE Case #7894 CTO 22-187 (IP=5,RU)
78.85.249.208	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-02 22:56:33	SIPVicious Security Scanner - IPS Events (IP=208,RU)
78.90.192.25	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
78.92.68.134	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.92.99.159	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
78.94.79.125	24	RS	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-16 13:49:45	SQL injection - 6Hr Web Attacks (IP=125,DE)
7820147029.bieropdinsdag.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
7839702403.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
79.100.211.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
79.103.104.92	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.103.203.52	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.104.209.141	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:10	HIVE Case #7696 CTO 22-152 (IP=141,RU)
79.107.122.185	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.107.137.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.107.143.196	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.107.153.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.107.194.89	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.107.208.201	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.107.208.40	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.107.219.111	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.107.220.213	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.107.229.90	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.107.233.94	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.107.241.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.107.243.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.107.248.100	24	RT	None	2022-01-04 00:00:00	2022-04-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attacks (IP=100,GR)
79.11.28.126	24	DT	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=126,IT)
79.11.46.30	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:18	HIVE Case #7199 CTO 22-074 (IP=30,IT)
79.110.193.67	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:47	HIVE Case #7227 CTO 22-076 (IP=67,PL)
79.110.31.56	24	RB	None	2022-01-08 00:00:00	2022-04-08 00:00:00	None	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - Sourcefire (IP=56,UA)
79.110.52.0	24	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:00	HIVE Case #7669 TO-S-2022-0187 (IP=0,NL)
79.110.52.138	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:37	HIVE Case #7296 CTO 22-088 (IP=138,NL)
79.110.52.139	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:37	HIVE Case #7296 CTO 22-088 (IP=139,NL)
79.110.52.140	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:38	HIVE Case #7296 CTO 22-088 (IP=140,NL)
79.110.52.43	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=43,NL)
79.111.186.160	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:08:54	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=160,RU)
79.120.104.106	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:11	HIVE Case #7894 CTO 22-187 (IP=106,RU)
79.124.7.236	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:44:52	HIVE Case #7874 CTO 22-181 (IP=236,BG)
79.124.8.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
79.125.7.88	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-02 12:29:09	HIVE Case #7494 CTO 22-119 (IP=88,IE)
79.126.175.235	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.129.109.107	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	GR TO-S-2021-1156 Malware Activity
79.129.248.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.129.99.22	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.131.201.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
79.132.17.124	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
79.133.124.88	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:19	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=88,US)
79.133.41.250	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6599 CTO 21-335 (IP=250,DE)
79.134.79.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.136.1.46	24	RR	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=46,SE)
79.136.11.189	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
79.136.248.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.137.116.12	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	FR TO-S-2021-1156 Malicious Email Activity
79.137.225.2	24	RS	None	2022-06-20 00:00:00	2022-09-18 00:00:00	2022-06-20 22:22:10	SIPVicious Security Scanner - IPS Events (IP=2,RU)
79.137.35.220	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
79.141.160.43	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:43	HIVE Case #7189 CTO 22-068.1 (IP=43,US)
79.141.161.22	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6594 CTO 21-324 (IP=22,US)
79.141.163.33	32	AS	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6215 CTO 21-261 (IP=33,US)
79.141.165.219	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:14	HIVE Case #7237 CTO 22-077 (IP=219,NL)
79.141.210.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:16	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
79.141.68.138	24	AR	None	2022-03-27 00:00:00	2022-06-26 00:00:00	2022-03-28 13:41:36	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - SourceFire (IP=138,RU) | updated by NAB Block expiration extended with reason HIVE Case #6651 Exploit.CVE-2021-44228 (IP=138,RU)
79.143.122.21	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
79.143.177.84	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
79.143.181.172	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
79.143.186.150	32	AS	None	2021-12-16 00:00:00	2022-06-16 00:00:00	None	HIVE Case #6671 CTO 21-350 (IP=150,DE)
79.143.187.243	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
79.143.188.161	32	KF	None	2019-11-21 00:00:00	2022-01-20 00:00:00	None	Immediate Inbound Network Block - TT# 20C01021 (IP=161,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason DE TO-S-2021-1037 Hive Case 4785 Malware Activity
79.143.190.57	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
79.143.191.19	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=19,DE)
79.143.87.137	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	GB TO-S-2021-1156 Malicious Email Activity
79.143.88.248	24	KH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=248,ES)
79.147.139.194	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
79.147.68.128	24	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 22:28:23	HTTP: SQL Injection - Exploit - 6HR Web Attacks (IP=128,ES)
79.152.46.149	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
79.155.42.216	24	SW	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-16 13:49:31	SERVER-WEBAPP Drupal 8 remote code execution attempt - WebAttacks (IP=216,ES)
79.159.98.105	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
79.170.43.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
79.172.242.28	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6912 CTO 22-032 (IP=28,HU)
79.174.184.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
79.175.125.174	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=174,RS)
79.179.131.70	24	JP	None	2022-09-29 00:00:00	2022-12-28 00:00:00	2022-09-30 13:47:39	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=70,IL)
79.182.149.201	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:52	HIVE Case #7282 CTO 22-085 (IP=201,IL)
79.183.218.28	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:18	SIPVicious Security Scanner - IPS Events (IP=28,IL)
79.186.65.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
79.186.70.184	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
79.188.135.189	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=189,PL)
79.188.135.191	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=191,PL)
79.195.103.178	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
79.221.105.120	24	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=120,DE)
79.222.111.30	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
79.44.167.23	32	JEB	None	2022-06-06 00:00:00	2022-09-06 00:00:00	2022-06-08 16:56:07	REV Malicious Bumblebee Hardcoded C2 (IP=23,IT)
79.50.49.40	24	JP	None	2022-08-09 00:00:00	2022-11-07 00:00:00	2022-08-09 21:39:12	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=40,IT)
79.69.100.75	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
79.72.254.76	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
79.78.165.154	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
79.96.187.186	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
79.96.228.242	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=242,PL)
79.98.134.98	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
79.98.8.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
79.99.104.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
79advertising.com	---	jkc	None	2021-03-22 00:00:00	2022-03-22 00:00:00	2023-01-19 22:53:57	Case # 5090 TO-S-2021-1185 Malicious Domain
7ap1ysnyshdgu.resourcesfurnitures.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:36	HIVE Case #5775 TO-S-2021-1390
7fe8rxbshdgu.resourcesfurnitures.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:13	HIVE Case #5985 TO-S-2021-1459
7fny1.codesandbox.io	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:44	HIVE Case #6042 TO-S-2021-1484
7jyewu.cn	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:40	HIVE Case #6042 TO-S-2021-1484
7r5xf.codesandbox.io	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:35	HIVE Case #6042 TO-S-2021-1484
7rqv8.kinosfera.org	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:37	HIVE Case #5629 TO-S-2021-1303
7uvwydaw.ahsapdifuzor.com	---	TLM	None	2021-06-14 00:00:00	2022-06-14 00:00:00	2023-01-19 22:57:12	HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
7uvwydaw.ashapdifuzor.com	---	TLM	None	2021-08-10 00:00:00	2022-08-10 00:00:00	2023-01-19 22:59:48	HIVE Case #5968 TO-S-2021-1276
8.130.16.206	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=206,CN)
8.130.166.205	32	BB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) -TT# 22C00729 (IP=205,SG)
8.131.78.11	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=11,CN)
8.140.144.145	24	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2)- SourceFire Rpt (IP=145,CN)
8.142.121.215	32	RR	None	2021-12-11 00:00:00	2022-03-11 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00577 (IP=215,CN)
8.142.131.209	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=209,CN)
8.142.20.110	32	RR	None	2021-10-09 00:00:00	2022-01-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00109 (IP=110,CN)
8.150.197.184	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:57	HIVE Case #7271 CTO 22-083 (IP=184,SG)
8.18.144.11	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=11,US)
8.18.144.12	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=12,US)
8.18.144.130	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=130,US)
8.18.144.135	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=135,US)
8.18.144.136	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=136,US)
8.18.144.149	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=149,US)
8.18.144.156	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=156,US)
8.18.144.158	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=158,US)
8.18.144.165	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=165,US)
8.18.144.170	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=170,US)
8.18.144.180	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=180,US)
8.18.144.188	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=188,US)
8.18.144.20	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=20,US)
8.18.144.40	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=40,US)
8.18.144.44	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=44,US)
8.18.144.62	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=62,US)
8.18.144.9	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=9,US)
8.18.145.131	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=131,US)
8.18.145.134	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=134,US)
8.18.145.136	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=136,US)
8.18.145.139	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=139,US)
8.18.145.150	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 IOC dark halo sunburst (IP=150,US)
8.18.145.157	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case 4583 IOC dark halo sunburst (IP=157,US)
8.18.145.181	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=181,US)
8.18.145.21	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=21,US)
8.18.145.3	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=3,US)
8.18.145.33	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case # 4583 - IOC_ dark_halo_sunburst - (IP=33,US)
8.18.145.36	32	NHL	None	2020-12-17 00:00:00	2022-12-17 00:00:00	None	Case 4583 IOC dark halo sunburst (IP=36,US)
8.18.196.96	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:49	Confluence Widget Unauthorized CVE-2019-3396 Remote Code Execution - IPS Events (IP=96,TR)
8.185.12.16	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-14 11:18:29	HIVE Case #8297 TO-S-2022-0229 (IP=16,SG)
8.208.101.136	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:44	HIVE Case #7258 CTO 22-082 (IP=136,GB)
8.208.102.114	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:44	HIVE Case #7258 CTO 22-082 (IP=114,GB)
8.208.81.128	24	RB	None	2022-07-19 00:00:00	2022-10-17 00:00:00	2022-07-19 22:51:06	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128, GB)
8.208.87.225	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:43	HIVE Case #7258 CTO 22-082 (IP=225,GB)
8.209.113.170	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:43	HIVE Case #7258 CTO 22-082 (IP=170,DE)
8.209.65.137	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:42	HIVE Case #7258 CTO 22-082 (IP=137,DE)
8.209.81.217	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:46	HIVE Case #7258 CTO 22-082 (IP=217,DE)
8.210.107.120	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:12	HIVE Case #7341 CTO 22-092 (IP=120,HK)
8.210.119.33	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=33,HK)
8.210.131.36	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:41	HIVE Case #7258 CTO 22-082 (IP=36,HK)
8.210.230.162	32	AS	None	2022-02-01 00:00:00	2022-08-01 00:00:00	None	HIVE Case #6889 CTO 22-033.3 (IP=162,HK)
8.210.69.194	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:41	HIVE Case #7258 CTO 22-082 (IP=194,HK)
8.212.177.238	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:15	HIVE Case #7653 CTO 22-144 (IP=238,PH)
8.214.17.36	24	RR	None	2022-02-09 00:00:00	2022-05-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=36,SG)
8.214.72.112	24	AR	None	2021-12-09 00:00:00	2022-03-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=112,SG)
8.217.95.109	32	ZH	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- TT# 22C00433 (IP=109,HK)
8.218.63.170	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:40	HIVE Case #7258 CTO 22-082 (IP=170,HK)
8.218.9.236	32	SW	None	2021-11-21 00:00:00	2022-02-19 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00394 (IP=236, HK)
8.219.103.2	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:40	HIVE Case #7258 CTO 22-082 (IP=2,SG)
8.219.212.16	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:39	HIVE Case #7258 CTO 22-082 (IP=16,SG)
8.247.48.126	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:15	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=126,US)
8.25.249.61	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:41	SQL injection - 6Hr Web Attacks (IP=61,TR)
8.25.96.7	24	DT	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	SQL injection - Failed Logons (IP=7,SG)
8.252.117.126	32	AR	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire (IP=231,US)
8.252.119.254	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:16	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=254,US)
8.252.120.250	32	ZH	None	2022-05-31 00:00:00	2022-08-29 00:00:00	2022-06-01 13:54:00	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - SourceFire (IP=250, US)
8.252.131.254	32	ZH	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Rpt (IP=254,US)
8.252.132.126	32	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14)- Sourcefire Rpt (IP=126,US)
8.252.133.126	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=126,US)
8.253.135.112	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:18	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=112,US)
8.253.135.120	32	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:23	FILE-OSAER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - SourceFire Report (IP=120,US)
8.253.146.120	32	RT	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report (IP=120,US)
8.253.146.121	32	RS	None	2022-06-03 00:00:00	2022-09-01 00:00:00	2022-06-03 22:21:20	CVE 2021-44228 (1:40140200:1) - SourceFire (IP=121,US)
8.253.146.249	32	RT	None	2022-03-02 00:00:00	2022-05-31 00:00:00	2022-03-03 14:49:53	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (1:20842:14) - Sourcefire Report(IP=249,US)
8.253.183.248	32	RT	None	2022-02-11 00:00:00	2022-05-12 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (1:21420:6) - Sourcefire Report (IP=248,US)
8.253.209.120	32	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt - SourceFire (IP=120,US)
8.27.26.14	32	RB	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 22C00179 (IP=14,US)
8.29.105.191	32	SA	None	2022-05-17 00:00:00	2022-08-15 00:00:00	2022-05-17 22:37:48	SQL injection - 6Hr Web Attacks (IP=191,US)
8.29.105.3	32	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	Sitecore XP CVE-2021-42237 Pre-Auth Remote Code Execution - FE IPS (IP=3,US)
8.30.234.215	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:39	SQL injection - WebAttacks (IP=215,US)
8.30.234.27	24	AR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (1:51976:3) - SourceFire (IP=27,SG)
8.34.202.121	24	AR	None	2022-05-19 00:00:00	2022-08-18 00:00:00	2022-05-20 13:47:43	FE_Webshell_PHP_Generic_1 - FE CMS (IP=121,SG) | updated by ZH Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=121,SG)
8.34.202.135	24	JP	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-11 22:52:18	SQL injection - 6HR Web Attacks (IP=135,SG)
8.36.139.135	32	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=135, US)
8.38.147.32	24	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:43	SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (1:47644:1) - SourceFire (IP=32,SG)
8.38.148.63	24	AR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - SourceFire (IP=63,SG)
8.45.42.128	32	UA	None	2021-10-13 00:00:00	2022-01-11 00:00:00	None	SQL injection - 6 hr web attacks (IP=128,US)
8.45.45.26	32	SW	None	2022-04-11 00:00:00	2022-07-10 00:00:00	2022-04-11 13:47:07	SQL injection - WebAttacks (IP=26,US)
80.0.169.199	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
80.100.92.194	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=194,NL)
80.102.108.115	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
80.106.242.98	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
80.108.163.21	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AT TO-S-2021-1037 Hive Case 4785 Malware Activity
80.11.45.119	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:30	Custom Violation - ArcSight (IP=119,FR)
80.110.43.103	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AT TO-S-2021-1050 Hive Case 4821 Malware Activity
80.115.113.188	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=188,NL)
80.128.155.77	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
80.128.159.75	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
80.131.184.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
80.142.27.36	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
80.15.113.188	24	EE	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 23:39:54	HIVE Case #7096 IOC_New Sandworm (IP=188,FR)
80.15.125.140	24	WR	None	2022-02-12 00:00:00	2022-05-12 00:00:00	None	HTTP: APP-DETECT SSH server detected on non-standard port (1:13586:5) - Sourcefire (IP=140,FR)
80.15.2.105	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=105,FR)
80.15.74.9	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
80.151.56.85	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
80.152.217.151	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
80.152.223.171	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=171,DE)
80.153.75.103	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=103,DE)
80.155.38.210	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=210,DE)
80.155.38.211	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:18	HIVE Case #7199 CTO 22-074 (IP=211,DE)
80.155.38.212	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:19	HIVE Case #7199 CTO 22-074 (IP=212,DE)
80.155.38.213	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:19	HIVE Case #7199 CTO 22-074 (IP=213,DE)
80.155.38.214	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:20	HIVE Case #7199 CTO 22-074 (IP=214,DE)
80.174.244.147	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:41	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=147,ES)
80.179.192.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IL TO-S-2021-1117 DOS-DDOS Activity
80.187.100.45	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=45,DE)
80.188.143.180	32	AS	None	2022-09-30 00:00:00	2022-12-29 00:00:00	2022-10-03 18:23:25	HIVE Case #8399 COLS-NA TIP 22-0339 (IP=180,CZ)
80.189.238.22	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
80.191.192.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
80.208.231.119	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:55	HIVE Case #7820 CTO 22-174 (IP=119,LT)
80.209.242.12	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=12,US)
80.209.242.82	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=82,US)
80.211.159.230	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
80.211.163.54	32	RW	None	2019-11-07 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent HTTP: MASSCAN Tool Usage - TT# 20C00893 (IP=54,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason IT TO-S-2021-1037 Hive Case 4785 Malware Activity
80.211.196.15	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
80.211.85.67	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
80.211.9.230	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
80.216.146.96	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
80.227.149.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AE TO-S-2021-1050 Hive Case 4821 Malware Activity
80.228.235.2	24	NAB	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:47:24	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=2,DE)
80.229.32.13	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
80.232.223.106	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LV TO-S-2021-1050 Hive Case 4821 Malware Activity
80.232.232.83	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LV TO-S-2021-1037 Hive Case 4785 Malware Activity
80.232.254.89	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LV TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
80.233.134.23	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=23,LV)
80.233.200.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LV TO-S-2021-1117 DOS-DDOS Activity
80.234.33.107	24	RR	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 14:56:22	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability Web Attacks (IP=107,RU)
80.237.130.117	24	RT	None	2022-05-16 00:00:00	2022-08-14 00:00:00	2022-05-17 13:52:13	FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (1:44940:2) - Sourcefire Report (IP=117,DE)
80.238.125.235	24	JP	None	2022-08-03 00:00:00	2022-11-01 00:00:00	2022-08-03 13:59:35	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attacks (IP=235,PL)
80.238.134.15	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CH TO-S-2021-1117 DOS-DDOS Activity
80.241.220.101	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
80.241.221.67	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
80.242.44.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
80.244.175.0	24	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=0,IL)
80.244.198.5	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SE TO-S-2021-1117 DOS-DDOS Activity
80.244.45.30	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:08	Suspicious Scan Activity (IP=30,RU)
80.246.64.0	19	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RU)
80.247.96.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
80.248.48.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
80.249.147.144	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:42	HIVE Case #7258 CTO 22-082 (IP=144,RU)
80.249.147.241	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:48	HIVE Case #7258 CTO 22-082 (IP=241,RU)
80.249.240.209	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IE TO-S-2021-1050 Hive Case 4821 Malware Activity
80.252.151.70	24	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=70,RU)
80.252.24.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
80.253.246.133	24	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:46	SERVER-OTHER RealTek UDPServer command injection attempt - SourceFire (IP=133,TR)
80.253.246.41	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=41,TR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=41,TR)
80.254.0.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
80.254.126.75	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:16	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=75,RU)
80.255.10.205	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:55	HIVE Case #7913 CTO 22-190 (IP=205,DE)
80.255.16.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
80.255.176.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
80.255.7.103	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=103,DE)
80.255.7.105	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=105,DE)
80.255.7.117	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=117,DE)
80.255.7.122	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=122,DE)
80.255.7.73	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:57	HIVE Case #7913 CTO 22-190 (IP=73,CH)
80.27.225.51	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
80.28.153.32	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=32,ES)
80.28.251.135	24	GM	None	2019-01-11 06:00:00	2022-02-13 00:00:00	None	Generic ArcSight scan attempt (IP=135,ES) | updated by KF with reason Immediate Inbound Network Block - TT# 20C00504 (IP=135,US) | updated by RR Block was inactive. Reactivated on 20211115 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=135,ES)
80.31.88.225	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
80.32.119.205	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
80.44.18.195	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:39	HIVE Case #7110 CTO 22-057 (IP=195,GB)
80.44.18.39	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:14	HIVE Case #7126 CTO 22-061 (IP=39,GB)
80.44.211.115	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
80.44.238.227	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
80.55.128.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
80.64.47.3	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
80.66.76.187	32	AS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 17:31:11	HIVE Case #8052 TO-S-2022-0216 (IP=187,RU)
80.66.83.0	24	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
80.66.83.166	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:24	HIVE Case #7432 CTO 22-110 (IP=166,IN)
80.66.88.65	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:08	Suspicious Scan Activity (IP=65,RU)
80.67.167.81	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:25	Custom Violation - ArcSight (IP=81,FR)
80.67.172.162	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=162,FR)
80.69.206.40	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=40,DE)
80.71.158.0	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,UA)
80.71.158.12	32	AS	None	2021-12-16 00:00:00	2022-06-16 00:00:00	None	HIVE Case #6671 CTO 21-350 (IP=12,UA)
80.72.229.54	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:11	HIVE Case #7894 CTO 22-187 (IP=54,RU)
80.74.150.110	24	DT	None	2021-12-24 00:00:00	2022-03-24 00:00:00	None	CMS Notified Report Case #6689 (IP=110,CH)
80.76.160.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	QA TO-S-2021-1117 unknown activity
80.76.224.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
80.76.42.144	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:39	HIVE Case #7557 CTO 22-130 (IP=144,RU)
80.76.42.241	32	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 17:00:27	HIVE Case #7404 CTO 22-105 (IP=241,RU)
80.78.22.138	24	KH	None	2021-11-18 00:00:00	2022-02-16 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=138,SE)
80.78.240.210	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=210,RU)
80.78.240.210	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=210,RU)
80.78.241.253	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=253,RU)
80.78.244.12	32	TLM	None	2021-10-29 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6447 CTO 21-287 (IP=12,RU)
80.78.244.124	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=124,RU)
80.78.245.223	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=223,RU)
80.78.246.24	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=24,RU)
80.78.247.199	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=199,RU)
80.78.248.167	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=167,RU)
80.78.251.191	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=191,RU)
80.78.251.191	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=191,RU)
80.78.253.196	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=196,RU)
80.78.253.91	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6181 CTO 21-257 (IP=91,RU)
80.78.254.238	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=238,RU)
80.78.27.133	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:14	HIVE Case #7653 CTO 22-144 (IP=133,SE)
80.78.65.99	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AL TO-S-2021-1117 DOS-DDOS Activity
80.81.144.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LB TO-S-2021-1117 DOS-DDOS Activity
80.82.114.96	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=96,GB)
80.82.215.213	24	RW	None	2020-12-27 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:35	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=213,DE) | updated by RS Block was inactive. Reactivated on 20220513 with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=213,DE) SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=213,DE)
80.82.215.213	24	RW	None	2020-12-27 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:35	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=213,DE) | updated by RS Block was inactive. Reactivated on 20220513 with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=213,DE) SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=213,DE)
80.82.215.213	24	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:35	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=213,DE) | updated by RS Block was inactive. Reactivated on 20220513 with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=213,DE) SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=213,DE)
80.82.68.116	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
80.82.68.121	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:15	HIVE Case #7495 CTO 22-120 (IP=121,GB)
80.82.68.59	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
80.82.68.60	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
80.82.78.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
80.83.172.132	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=132,IT)
80.84.176.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
80.85.158.49	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:22	HIVE Case #7088 CTO 22-056 (IP=49,RU)
80.85.85.235	24	AR	None	2022-08-15 00:00:00	2022-11-14 00:00:00	2022-08-16 22:53:11	SERVER-WEBAPP Multiple products invalid HTTP request attempt - SourceFire (IP=235,GB) | updated by KH Block expiration extended with reason SERVER-WEBAPP Multiple products invalid HTTP request attempt (1:40880:8) - Sourcefire (IP=235,GB)
80.86.157.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
80.87.45.100	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
80.88.87.181	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IT TO-S-2021-1102 Malicious Email Activity
80.88.87.37	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 Malicious Email Activity
80.90.39.24	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LU TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
80.90.81.255	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
80.91.16.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
80.91.91.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
80.92.205.102	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:31	HIVE Case #7387 CTO 22-103(IP=102,US)
80.92.205.81	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1158 Malware Activity
80.92.206.0	24	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,NL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,NL)
80.92.48.116	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
80.92.65.215	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=215,LU)
80.93.254.178	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=178,RS)
80.94.92.38	24	EE	None	2022-05-25 00:00:00	2022-08-23 00:00:00	2022-05-25 22:48:19	HIVE Case #7659 IOC_VMware_Vuln-CVE-2022-22954_CVE-2022-22960 (IP=38,RO)
80.94.93.116	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=116,RO)
80.94.93.125	24	TH	None	2022-06-09 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:09	SIPVicious Security Scanner - FE CMS IPS Events (IP=125,GB) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=125,RO) SIPVicious Security Scanner - FE IPS (IP=125,RO)
80.94.93.125	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:09	SIPVicious Security Scanner - FE CMS IPS Events (IP=125,GB) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=125,RO) SIPVicious Security Scanner - FE IPS (IP=125,RO)
80.94.93.174	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=174,RO)
80.94.93.6	24	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:51	SIPVicious Security Scanner - FE CMS IPS Events (IP=6,GB)
80.94.96.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ID TO-S-2021-1117 DOS-DDOS Activity
80.98.61.126	24	BB	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - Sourcefire (IP=126,HU)
8001798529.medpharmasd.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:30	HIVE Case #5940 TO-S-2021-1447
802-verzendingen.ga	---	jkc	None	2021-03-24 00:00:00	2022-03-24 00:00:00	2023-01-19 22:54:18	Case # 5125 IOC_ TO-S-2021-1114 malicious domain
805a57f956fd430ec9909eb9a87062c.zip	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:11	HIVE Case #6025 TO-S-2021-1472
8063335776.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
8096482077.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
81.129.170.29	24	KH	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=29,GB)
81.161.229.46	32	RS	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:25	Exploit.IoT.Generic - FE NX (IP=46,US)
81.163.32.42	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:17	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=42,RU)
81.164.76.38	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:20	HIVE Case #7199 CTO 22-074 (IP=38,BE)
81.164.76.38	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:55:21	HIVE Case #7199 CTO 22-074 (IP=38,BE)
81.168.94.171	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
81.169.145.149	32	wmp	None	2020-08-31 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:23	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=149,DE) | updated by AS Block was inactive. Reactivated on 20220712 with reason HIVE Case #7905 COLS-NA TIP 22-0239 (IP=149,DE) HIVE Case #7905 COLS-NA TIP 22-0239 (IP=149,DE)
81.169.145.149	32	AS	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:23	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=149,DE) | updated by AS Block was inactive. Reactivated on 20220712 with reason HIVE Case #7905 COLS-NA TIP 22-0239 (IP=149,DE) HIVE Case #7905 COLS-NA TIP 22-0239 (IP=149,DE)
81.169.145.150	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:31	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20220519 with reason HIVE Case #7623 CTO 22-139 (IP=150,DE) HIVE Case #7623 CTO 22-139 (IP=150,DE)
81.169.145.150	32	dbc	None	2020-10-21 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:31	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20220519 with reason HIVE Case #7623 CTO 22-139 (IP=150,DE) HIVE Case #7623 CTO 22-139 (IP=150,DE)
81.169.145.163	32	TLM	None	2022-02-28 00:00:00	2022-08-29 00:00:00	2022-02-28 14:37:59	HIVE Case #7099 COLS-NA-TIP 22-0067 (IP=163,DE)
81.169.145.163	32	TLM	None	2022-02-28 00:00:00	2022-08-29 00:00:00	2022-03-01 18:22:07	HIVE Case #7099 COLS-NA-TIP 22-0067 (IP=163,DE)
81.169.145.94	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:10	HIVE Case #7237 CTO 22-077 (IP=94,DE)
81.169.157.154	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
81.169.167.164	32	AR	None	2022-09-07 00:00:00	2022-12-06 00:00:00	2022-09-07 13:39:18	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# IR#22C01922 (IP=164,DE)
81.169.168.118	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	DE TO-S-2021-1102 Malicious Email Activity
81.169.177.171	24	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=171,DE)
81.169.209.183	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
81.169.226.180	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
81.17.18.58	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:46	HIVE Case #7894 CTO 22-187 (IP=58,CH)
81.17.18.60	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=60,CH)
81.17.18.62	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:47	HIVE Case #7894 CTO 22-187 (IP=62,CH)
81.17.20.98	24	ZH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:41	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3)- Sourcefire Rpt (IP=98,CH)
81.17.24.154	24	ZH	None	2022-02-22 00:00:00	2022-05-23 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (1:34300:3) - Sourcefire Rpt (IP=154,PA)
81.17.25.194	24	RB	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 22:27:56	SERVER-OTHER RealTek UDPServer command injection attempt (1:58853:1) - SourceFire (IP=194, CH)
81.17.26.149	32	TLM	None	2022-05-13 00:00:00	2022-11-12 00:00:00	2022-05-13 16:15:05	HIVE Case #7586 CTO 22-133 (IP=149,CH)
81.171.28.215	24	DBC	None	2022-03-20 00:00:00	2022-06-20 00:00:00	2022-03-20 23:01:44	Corelight ET Scan (IP=215,NL)
81.171.8.143	24	ZH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:17	CoinMiner Callback - Hive Case 8334 (IP=143,NL)
81.174.45.77	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
81.177.135.201	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:27	HIVE Case #7341 CTO 22-092 (IP=201,RU)
81.177.165.145	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-24 12:08:53	HIVE Case #7271 CTO 22-083 (IP=145,RU)
81.182.162.160	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:54	File /etc/passwd Access Attempt Detect - IPS Events (IP=160,HU)
81.184.23.2	24	ZH	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=2,ES)
81.19.135.84	24	TC	None	2022-09-04 00:00:00	2022-12-03 00:00:00	2022-09-05 12:31:09	SQL injection - 6hr Web Attacks (IP=84,RB)
81.19.186.160	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	GB TO-S-2021-1102 Malicious Email Activity
81.19.74.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:17	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
81.199.160.11	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=11,IL)
81.199.161.149	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=149,IL)
81.199.161.155	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=155,IL)
81.199.34.150	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=150,IL)
81.199.35.252	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=252,IL)
81.200.144.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
81.201.63.33	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
81.201.63.97	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
81.203.85.140	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
81.21.231.2	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
81.213.124.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
81.213.145.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
81.213.148.84	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
81.213.166.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
81.213.174.153	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
81.214.106.43	32	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 22:56:12	ColdFusion Error Reporting IR#: 22C01609 (IP=43,TR)
81.214.15.86	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
81.214.186.78	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:41	SIPVicious Security Scanner - IPS Events (IP=78,TR)
81.214.248.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
81.214.57.131	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
81.214.73.96	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
81.214.74.242	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
81.215.171.164	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
81.215.210.137	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:01	Possible Cross-site Scripting Attack - IPS Events (IP=137,TR)
81.22.36.159	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:06	HIVE Case #7546 CTO 22-127 (IP=159,IT)
81.223.19.126	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=126,AT)
81.225.76.14	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
81.227.21.154	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
81.23.144.0	20	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,RU) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=0,RU)
81.23.6.173	32	TLM	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-14 11:18:28	HIVE Case #8297 TO-S-2022-0229 (IP=173,RU)
81.244.97.201	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BE TO-S-2021-1050 Hive Case 4821 Malware Activity
81.28.13.21	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=21,LU)
81.28.13.48	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:20	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=48,RU)
81.30.144.91	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=91,DE)
81.30.144.91	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=91,DE)
81.30.144.91	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=91,DE)
81.30.144.94	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=94,DE)
81.30.144.94	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=94,DE)
81.30.144.94	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=94,DE)
81.31.147.164	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=164,IT)
81.34.17.171	32	RT	None	2021-12-03 00:00:00	2022-03-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 22C00472 (IP=171,ES)
81.36.199.174	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
81.4.177.114	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:21	HIVE Case #7199 CTO 22-074 (IP=114,CY)
81.4.177.115	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:22	HIVE Case #7199 CTO 22-074 (IP=115,CY)
81.4.177.116	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:22	HIVE Case #7199 CTO 22-074 (IP=116,CY)
81.4.177.117	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:23	HIVE Case #7199 CTO 22-074 (IP=117,CY)
81.4.177.118	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=118,CY)
81.4.86.202	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=202,NL) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=202,NL)
81.41.150.5	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
81.43.64.133	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
81.43.78.26	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
81.46.213.208	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ES TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
81.47.176.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
81.52.224.0	31	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,JO)
81.64.205.171	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
81.68.136.117	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:53	HIVE Case #7779 CTO 22-162 (IP=117,CN)
81.68.161.15	32	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:00	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01661 (IP=15,CN)
81.68.194.106	24	RT	None	2022-02-17 00:00:00	2022-05-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attack (IP=106,CN)
81.68.237.45	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=45,CN)
81.68.252.57	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:14	HIVE Case #7807 CTO 22-169 (IP=57,CN)
81.68.76.46	24	EE	None	2022-02-22 00:00:00	2022-05-23 00:00:00	2022-02-25 23:37:20	HIVE Case #7087 IOC_ Vul MS-SQL Servers - Cobalt Strike (IP=46,CN)
81.68.84.168	24	RR	None	2022-04-28 00:00:00	2022-07-27 00:00:00	2022-04-28 14:35:41	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=168,CH)
81.69.36.46	24	WR	None	2022-04-04 00:00:00	2022-07-02 00:00:00	2022-04-04 13:48:47	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6HR Web Attacks (IP=46,PH)
81.7.13.151	24	KH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:12	SIPVicious Security Scanner - FE CMS (IP=151,DE)
81.7.7.153	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=153,DE)
81.70.142.4	24	NAB	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 15:00:06	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=4,CN)
81.70.253.24	32	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:08:52	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01845 (IP=24,CN)
81.70.92.55	24	RR	None	2022-03-15 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:54	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=55,CN)
81.82.236.197	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:21	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=197,BL)
81.88.52.210	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=210,IT)
81.89.235.10	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:18	HIVE Case #7341 CTO 22-092 (IP=10,DE)
81.91.173.130	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=130,DE)
81.92.61.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
81.92.63.232	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
81.95.5.36	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=36,DE)
81.95.5.36	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=36,DE)
81.95.5.36	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=36,DE)
81.95.5.36	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=36,DE)
81.95.5.36	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=36,DE)
81.95.96.148	24	WR	None	2022-04-12 00:00:00	2022-07-10 00:00:00	2022-04-12 13:52:03	Malicoius IPs - Hive Case 7370 (IP=148,CZ)
81.99.102.74	24	KH	None	2021-11-26 00:00:00	2022-02-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=74,GB)
8151345090.partyfest.cl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:21	HIVE Case #5940 TO-S-2021-1447
816264503.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:20	HIVE Case #5940 TO-S-2021-1447
82.102.23.186	24	TH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:47	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=186,BG)
82.103.92.188	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
82.112.184.223	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6585 CTO 21-323 (IP=223,RU)
82.114.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
82.114.68.242	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
82.114.85.110	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
82.116.32.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
82.117.153.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
82.118.21.1	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:29	HIVE Case #7198 CTO 22-071 (IP=1,PL)
82.118.22.126	32	TLM	None	2021-12-23 00:00:00	2022-06-23 00:00:00	None	HIVE Case #6695 CTO 21-357 (IP=126,PL)
82.118.29.169	24	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:54:57	SQL injection - 6HR Web Attacks (IP=169,SE)
82.119.86.186	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
82.121.38.70	24	WR	None	2022-03-24 00:00:00	2022-06-22 00:00:00	2022-03-24 13:50:54	SQL injection- Web Attacks (IP=70,FR)
82.127.186.231	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
82.129.6.254	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
82.130.196.246	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
82.130.251.94	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
82.140.46.193	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
82.142.97.142	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
82.144.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
82.146.174.240	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=240,LB)
82.146.174.40	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=40,LB)
82.146.175.48	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=48,LB)
82.146.175.52	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=52,LB)
82.146.175.69	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=69,LB)
82.146.55.139	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=139,RU)
82.146.55.139	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=139,RU)
82.148.12.0	22	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=0,RU)
82.148.16.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
82.148.225.245	32	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:22	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) SourceFire (IP=245,US)
82.148.5.19	24	RS	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:00	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=19,UZ)
82.148.6.126	24	RB	None	2022-03-01 00:00:00	2022-05-30 00:00:00	2022-03-01 23:32:00	ET EXPLOIT Apache Obfuscated log4j RCE Attempt - Sourcefire (IP=126,RU)
82.148.68.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IS TO-S-2021-1037 Hive Case 4785 Malware Activity
82.153.166.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
82.156.17.171	24	BB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=171,CN)
82.156.205.40	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=40,CN)
82.156.29.83	32	TLM	None	2022-06-21 00:00:00	2022-12-20 00:00:00	2022-06-22 18:26:14	HIVE Case #7807 CTO 22-169 (IP=83,CN)
82.156.57.187	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=187,CN)
82.157.163.129	32	WR	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00492 (IP=129,CN)
82.157.2.237	24	KD	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=237,CN)
82.157.66.115	24	BB	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=115,CN)
82.157.96.204	24	AR	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=204,CN)
82.157.97.185	24	RT	None	2022-03-22 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:30	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attack (IP=185,CN) | updated by WR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=185,ES)
82.159.149.52	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=52,ES)
82.163.176.120	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=120,GB)
82.165.121.57	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
82.165.152.127	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:43	HIVE Case #7535 TO-S-2022-0176 (IP=127,DE)
82.165.168.242	24	ZH	None	2021-10-28 00:00:00	2022-06-13 00:00:00	2022-03-15 13:43:59	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - Sourcefire Rpt (IP=242,DE) | updated by KD Block was inactive. Reactivated on 20220125 with reason SERVER-APACHE Apache HTTP server SSRF attempt - Sourcefire (IP=242,DE) | updated by RR Block expiration extended with reason SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=242,DE) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=242,DE)
82.165.172.207	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
82.165.182.87	24	RT	None	2022-03-22 00:00:00	2022-06-20 00:00:00	2022-03-23 13:46:23	SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Sourcefire Report (IP=87,DE)
82.165.76.185	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
82.166.199.193	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IL TO-S-2021-1117 DOS-DDOS Activity
82.166.228.142	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=142,IL)
82.167.214.190	24	RS	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-24 13:55:47	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=190,SA)
82.167.242.191	24	NAB	None	2022-01-20 00:00:00	2022-04-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=191,SA)
82.193.96.0	19	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,UA)
82.196.14.19	24	SW	None	2022-04-23 00:00:00	2022-07-22 00:00:00	2022-04-23 22:51:48	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=19,NL)
82.199.130.36	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:34	HIVE Case #7088 CTO 22-056 (IP=36,DE)
82.199.130.44	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=44,DE)
82.209.204.227	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
82.209.218.127	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
82.209.222.203	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
82.209.231.127	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
82.209.241.74	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
82.209.251.35	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BY TO-S-2021-1117 DOS-DDOS Activity
82.211.129.185	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GE TO-S-2021-1117 DOS-DDOS Activity
82.213.199.196	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
82.218.173.156	32	KH	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00487 (IP=156,AT)
82.22.170.19	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
82.221.105.6	24	WR	None	2021-07-12 00:00:00	2022-02-09 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C01374 (IP=6,IS) | updated by KD Block was inactive. Reactivated on 20211111 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635)- TT# 22C00332 (IP=6,BZ) HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635)- TT# 22C00332 (IP=6,BZ)
82.221.105.6	24	KD	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C01374 (IP=6,IS) | updated by KD Block was inactive. Reactivated on 20211111 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635)- TT# 22C00332 (IP=6,BZ) HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635)- TT# 22C00332 (IP=6,BZ)
82.221.131.71	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=71,IS)
82.221.139.107	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:51	HIVE Case #7820 CTO 22-174 (IP=107,IS)
82.221.141.17	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=17,IS)
82.221.141.5	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=5,IS)
82.223.128.155	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:47:33	HIVE Case #8037 COLS-NA TIP 21-0402 (IP=155,ES)
82.223.14.245	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=245,ES)
82.223.25.206	24	KD	None	2022-03-23 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:32	SERVER-OTHER Apache Log4j logging remote code execution attempt- Sourcefire(IP=206,ES) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=206,ES) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=206,ES)
82.223.25.206	24	RR	None	2022-03-26 00:00:00	2022-06-24 00:00:00	2022-03-26 13:38:32	SERVER-OTHER Apache Log4j logging remote code execution attempt- Sourcefire(IP=206,ES) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=206,ES) SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=206,ES)
82.223.39.107	24	ZH	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 14:01:12	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - 6hr Web Attacks (IP=107,ES)
82.223.39.107	24	RR	None	2022-09-23 00:00:00	2022-12-22 00:00:00	2022-09-23 13:58:41	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=107,ES)
82.223.39.107	24	RR	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-25 13:55:47	SERVER-APACHE Apache HTTP server SSRF attempt - SourceFire (IP=107,ES)
82.223.46.138	24	KH	None	2021-09-27 00:00:00	2022-06-14 00:00:00	2022-03-16 13:45:43	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - 6 hr Web Attacks (IP=138,ES) | updated by ZH Block expiration extended with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - Sourcefire (IP=138,ES) | updated by DT Block was inactive. Reactivated on 20220116 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Source Fire (IP=138,ES) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=138,ES)
82.223.69.192	24	KD	None	2021-09-16 00:00:00	2022-05-27 00:00:00	2022-02-26 14:44:16	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt- Sourcefire (IP=192,ES) | updated by DT Block was inactive. Reactivated on 20220115 with reason SERVER-OTHER Apache Log4j logging remote code execution attempt (1:58744:6) - Source Fire (IP=192,ES) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - SourceFire (IP=192,ES) | updated by DT Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - Source Fire (IP=192,ES) | updated by RR Block expiration extended with reason SERVER-OTHER Apache Log4j logging remote code execution attempt - Sourcefire (IP=192,ES)
82.25.198.226	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
82.251.104.61	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
82.32.142.103	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-27 20:42:34	Infection Match- FIREEYE IPS(103,GB)
82.48.110.92	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.49.242.124	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.50.166.88	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.57.130.51	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.57.15.231	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.58.139.104	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IT TO-S-2021-1092 Hive Case 4875 Malware Activity
82.60.246.77	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.61.128.184	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.61.40.20	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
82.62.123.5	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
82.62.143.41	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:23	HIVE Case #7199 CTO 22-074 (IP=41,IT)
82.64.122.134	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
82.64.132.21	24	RR	None	2021-05-24 00:00:00	2022-01-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=21,FR) | updated by UA Block was inactive. Reactivated on 20211007 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00092 (IP=21,FR) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00092 (IP=21,FR)
82.64.132.21	24	UA	None	2021-10-07 00:00:00	2022-01-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=21,FR) | updated by UA Block was inactive. Reactivated on 20211007 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00092 (IP=21,FR) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00092 (IP=21,FR)
82.64.27.67	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=67,FR)
82.65.145.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
82.66.143.28	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:41	Exploit Attempt Detected by IDS - ArcSight (IP=28,FR)
82.67.198.17	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
82.75.5.31	24	RR	None	2021-12-06 00:00:00	2022-03-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=31,NL)
82.81.85.233	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=233,IL)
82.81.85.234	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=234,IL)
82.81.85.239	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6625 CTO 21-342 (IP=239,IL)
82.81.85.240	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6654 CTO 21-345 (IP=240,IL)
82.98.151.9	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=9,ES)
82.98.170.173	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=173,ES)
8220859186.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
8293105383.smartwife.in	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:02	HIVE Case #5985 TO-S-2021-1459
83.1.160.59	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
83.100.116.58	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FI TO-S-2021-1050 Hive Case 4821 Malware Activity
83.103.137.77	32	RR	None	2021-11-29 00:00:00	2022-02-27 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00434 (IP=77,RO)
83.110.154.156	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:57	HIVE Case #7356 CTO 22-096 (IP=156,AE)
83.110.23.181	32	RB	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 22C00180 (IP=181,AE)
83.12.69.226	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
83.137.158.7	24	SW	None	2022-06-02 00:00:00	2022-08-31 00:00:00	2022-06-02 13:31:18	Adobe ColdFusion Administrator Access Restriction - WebAttacks (IP=7,HU)
83.14.240.58	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
83.14.247.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
83.14.40.165	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
83.142.105.55	24	ZH	None	2022-08-18 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:27	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability (IP=55,UA)
83.142.151.254	32	RB	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:30:36	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C1600 (IP=254,FR)
83.142.221.106	24	JP	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:57	ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034649:1) - SourceFire (IP=106,PL)
83.143.8.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NE TO-S-2021-1117 DOS-DDOS Activity
83.149.110.185	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=185,NL)
83.149.84.168	32	TLM	None	2022-05-05 00:00:00	2022-11-04 00:00:00	2022-05-06 18:32:49	HIVE Case #7525 TO-S-2022-0175 (IP=168,NL)
83.149.93.137	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=137,NL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=137,NL)
83.150.213.64	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=64,TR)
83.150.213.73	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=73,TR)
83.166.2.198	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
83.166.242.108	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=108,RU)
83.166.242.108	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=108,RU)
83.166.247.110	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=110,RU)
83.166.247.110	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=110,RU)
83.166.250.21	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=21,RU)
83.166.250.21	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=21,RU)
83.167.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
83.167.224.146	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=146,CZ)
83.167.224.189	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=189,CZ)
83.170.242.46	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
83.170.246.66	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
83.211.28.199	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
83.212.86.243	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
83.218.160.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AT TO-S-2021-1117 DOS-DDOS Activity
83.218.162.96	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AT TO-S-2021-1037 Hive Case 4785 Malware Activity
83.218.189.21	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AT TO-S-2021-1037 Hive Case 4785 Malware Activity
83.219.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
83.221.105.156	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=156,IT)
83.221.105.156	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=156,IT)
83.221.105.156	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=156,IT)
83.222.40.232	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LU TO-S-2021-1117 DOS-DDOS Activity
83.222.42.170	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LU TO-S-2021-1117 DOS-DDOS Activity
83.224.169.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
83.229.62.210	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=210,NG)
83.229.62.212	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=212,NG)
83.229.83.41	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:53	HIVE Case #7904 CTO 22-189 (IP=41,NL)
83.229.87.11	32	AS	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6244 CTO 21-267 (IP=11,DE)
83.233.138.94	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
83.235.180.28	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
83.238.71.88	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=88,PL)
83.242.68.223	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
83.32.162.147	24	TH	None	2021-12-13 00:00:00	2022-03-15 00:00:00	None	Hive Case 6651 - Exploit.CVE-2021-44228 (IP= 147 ,ES) | updated by BMP Block expiration extended with reason HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=147,ES)
83.64.110.50	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:55	HIVE Case #7282 CTO 22-085 (IP=50,AT)
83.66.154.169	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
83.69.128.0	19	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,UZ)
83.82.17.176	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
83.83.57.23	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
83.84.74.155	32	wmp	None	2022-05-05 00:00:00	2022-08-05 00:00:00	2022-05-05 22:44:31	HIVE Case #7509 IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=155,NL)
83.85.170.37	24	BB	None	2022-01-06 00:00:00	2022-04-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=37,NL)
83.86.61.104	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
83.87.46.130	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
83.96.176.80	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=80,NL)
83219.file0fficeshare.info	---	TLM	None	2021-10-06 00:00:00	2022-10-06 00:00:00	2023-01-19 23:03:19	HIVE Case #6314 TO-S-2021-1589
8363.2407.gr	---	TLM	None	2021-07-29 00:00:00	2022-07-29 00:00:00	2023-01-19 22:59:00	HIVE Case #5884 TO-S-2021-1435
8381032890.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:20	HIVE Case #5985 TO-S-2021-1459
84.1.241.71	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.1.251.130	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.1.251.221	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.1.251.253	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.107.22.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
84.11.155.152	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=152,DE)
84.119.83.244	24	KD	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-14 13:54:54	SQL injection- Web Attacks (IP=244,DE)
84.120.169.118	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
84.127.34.42	24	RT	None	2022-04-03 00:00:00	2022-07-01 00:00:00	2022-04-03 22:59:50	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attacks (IP=42,ES)
84.134.244.29	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
84.14.175.148	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
84.16.198.62	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NO TO-S-2021-1117 DOS-DDOS Activity
84.16.46.47	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
84.17.0.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
84.193.201.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BE TO-S-2021-1050 Hive Case 4821 Malware Activity
84.197.2.254	24	RR	None	2022-04-17 00:00:00	2022-07-16 00:00:00	2022-04-17 13:48:40	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=254,BE)
84.2.110.16	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
84.2.151.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
84.2.195.239	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
84.2.63.244	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
84.20.68.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
84.201.158.13	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
84.201.171.217	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
84.201.175.164	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
84.201.196.168	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
84.217.187.235	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
84.22.27.96	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.22.3.32	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.22.36.185	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DZ TO-S-2021-1117 DOS-DDOS Activity
84.22.53.110	24	SW	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	SQL injection - WebAttacks (IP=110,XK)
84.22.96.164	24	DT	None	2022-01-23 00:00:00	2022-04-23 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=164,NL)
84.221.210.56	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:49:42	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=56,IT)
84.238.106.91	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DK TO-S-2021-1117 DOS-DDOS Activity
84.238.124.238	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DK TO-S-2021-1117 DOS-DDOS Activity
84.241.42.190	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=190,IR)
84.243.8.222	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
84.244.66.255	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
84.245.12.205	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
84.247.9.199	32	jkc	None	2021-04-13 00:00:00	2022-04-13 00:00:00	None	Case # 5240 IOC_ TO-S-2021-1218 Malicious IP
84.252.122.133	32	TLM	None	2022-03-08 00:00:00	2022-09-08 00:00:00	2022-03-08 16:54:49	HIVE Case #7164 CTO 22-067.1 (IP=133,DE)
84.252.95.225	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:37	HIVE Case #7387 CTO 22-103(IP=225,GB)
84.254.40.147	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
84.254.53.155	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
84.254.95.40	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 - Exploit.CVE-2021-44228 (IP=40,CN)
84.26.203.224	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
84.3.2.184	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
84.32.188.130	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:39	HIVE Case #7227 CTO 22-076 (IP=130,LT)
84.32.188.184	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:58	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=184,LT)
84.32.188.189	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:59	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=189,LT)
84.32.188.208	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:00:55	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=208,LT)
84.32.188.209	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:10	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=209,LT)
84.32.188.223	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:55	HIVE Case #7282 CTO 22-085 (IP=223,LT)
84.32.188.228	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:01	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=228,LT)
84.32.188.230	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:09	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=230,LT)
84.32.188.234	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:05	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=234,LT)
84.32.188.237	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:16	HIVE Case #7881 CTO 22-182 (IP=237,LT)
84.32.188.250	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:41	HIVE Case #7380 CTO 22-099 (IP=250,LT)
84.32.188.43	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=43,LT)
84.32.188.74	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:38	HIVE Case #7227 CTO 22-076 (IP=74,LT)
84.32.188.96	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 12:32:12	HIVE Case #7143 CTO 22-063 (IP=96,LT)
84.32.190.37	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:07	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=37,LT)
84.32.190.53	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:07	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=53,LT)
84.32.190.6	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:08	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=6,LT)
84.32.190.60	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:00	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=60,LT)
84.32.190.64	32	DRW	None	2022-09-21 00:00:00	2022-12-20 00:00:00	2022-09-21 22:01:10	HIVE Case #1337 IOC_ CISA Threat Intel 19Sep2022 Criminal Cobalt Strike Servers (IP=64,LT)
84.38.133.149	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:33	HIVE Case #7653 CTO 22-144 (IP=149,NL)
84.40.106.218	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.40.112.150	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.40.115.176	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
84.40.71.9	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.40.98.192	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.42.47.124	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:12	HIVE Case #7894 CTO 22-187 (IP=124,RU)
84.43.151.82	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
84.47.151.67	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:18	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=67,RU)
84.54.134.60	24	SW	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:20	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=60,BG)
84.54.153.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
84.54.169.116	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
84.54.183.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
84.54.189.234	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
84.6.251.253	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
84.83.133.149	32	wmp	None	2022-05-05 00:00:00	2022-08-05 00:00:00	2022-05-05 22:44:33	HIVE Case #7509 IR 22 0 01171 PEO-EIS EITaaS IOCs (IP=149,NL)
84.84.193.68	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
84.94.208.153	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IL TO-S-2021-1050 Hive Case 4821 Malware Activity
84.96.26.153	24	RT	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire Report(IP=153,FR)
84.96.26.153	32	TH	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00915
8431463291.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
8432219540.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
8451356003.zingerrolstoel-nederland.nl	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:57:58	HIVE Case #5644 TO-S-2021-1352
85.10.129.74	24	SW	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-24 13:56:10	SIPVicious Security Scanner - IPS Events (IP=74,NL)
85.10.193.10	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=10,DE)
85.10.199.185	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:33	HIVE Case #7432 CTO 22-110 (IP=185,DE)
85.10.207.195	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6971 CTO 22-042 (IP=195,DE)
85.10.33.116	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SI TO-S-2021-1117 DOS-DDOS Activity
85.105.165.227	24	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-11 13:57:08	SQL injection - Web Attacks (IP=227,TR)
85.11.20.28	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
85.110.52.248	24	RS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:48:50	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=248,TR)
85.114.132.123	24	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:07	SIPVicious Security Scanner - FE CMS IPS Events (IP=123,DE)
85.114.132.91	24	KH	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 22:53:30	SIPVicious Security Scanner - FE CMS (IP=91,DE)
85.128.159.195	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=195,PL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=195,PL)
85.13.138.234	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=234,DE)
85.13.140.227	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:51	HIVE Case #7913 CTO 22-190 (IP=227,DE)
85.132.101.135	32	TLM	None	2022-01-10 00:00:00	2022-07-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=135,AZ)
85.132.106.99	24	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:52	SIPVicious Security Scanner - IPS Events (IP=99,AZ)
85.132.32.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AZ TO-S-2021-1117 DOS-DDOS Activity
85.14.243.3	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:51	HIVE Case #7898 CTO 22-188 (IP=3,DE)
85.14.243.31	32	AS	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 22:07:50	HIVE Case #7898 CTO 22-188 (IP=31,DE)
85.14.245.118	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:10	SIPVicious Security Scanner - FE IPS (IP=118,DE)
85.14.245.118	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:10	SIPVicious Security Scanner - FE IPS (IP=118,DE) SIPVicious Security Scanner - FE IPS (IP=118,DE)
85.14.245.149	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
85.14.245.156	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
85.14.245.202	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:28	SIPVicious Security Scanner - FE CMS IPS alert (IP=202,DE)
85.14.245.202	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-08 16:56:08	File /etc/passwd Access Attempt Detect - IPS Events (IP=202,DE)
85.14.248.169	24	ZH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=169,DE)
85.14.34.237	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
85.14.35.216	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
85.142.153.1	24	KH	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Sourcefire (IP=1,RU)
85.143.175.74	24	AR	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 13:55:47	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=74,RU)
85.147.234.46	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
85.149.107.193	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
85.149.154.101	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	NL TO-S-2021-1050 Hive Case 4821 Malware Activity
85.158.32.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BA TO-S-2021-1117 DOS-DDOS Activity
85.158.72.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LV TO-S-2021-1037 Hive Case 4785 Malware Activity
85.159.66.62	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
85.163.87.21	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
85.174.193.215	24	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=215,RU)
85.184.165.85	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DK TO-S-2021-1037 Hive Case 4785 Malware Activity
85.186.106.137	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	OM TO-S-2021-1050 Hive Case 4821 Malware Activity
85.186.125.12	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	OM TO-S-2021-1050 Hive Case 4821 Malware Activity
85.187.128.40	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
85.187.139.80	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	US TO-S-2021-1143 Malicious Email Activity
85.187.140.146	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=146,US)
85.187.151.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
85.187.156.52	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=52,US)
85.187.18.17	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
85.187.241.2	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
85.187.247.139	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
85.187.252.141	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=141,BG)
85.187.253.219	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
85.187.254.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
85.19.210.249	24	SW	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-16 13:51:52	SERVER-OTHER Sentinel license manager buffer overflow attempt - Sourcefire (IP=249,NO)
85.190.69.46	24	NAB	None	2022-01-13 00:00:00	2022-04-13 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=46,FR)
85.190.73.177	24	RT	None	2022-01-11 00:00:00	2022-04-11 00:00:00	None	ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228) (1:2034755:1) - Sourcefire Report (IP=177,FR)
85.190.76.115	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:31	Custom Violation - ArcSight (IP=115,FR)
85.191.185.98	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:03	HIVE Case #7862 CTO 22-176 (IP=98,DK)
85.192.147.108	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	RU TO-S-2021-1102 Malware Activity
85.192.156.76	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
85.192.63.46	24	BMP	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 22:51:01	Raccoon InfoStealer - Case # 8209 (IP=46,RU)
85.195.206.134	24	AR	None	2022-07-07 00:00:00	2022-10-05 00:00:00	2022-07-07 13:50:36	SQL injection - Web Attacks (IP=134,CH)
85.195.206.139	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:42	HIVE Case #7342 CTO 22-092 FRAGO (IP=139,CH)
85.195.208.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CH TO-S-2021-1117 DOS-DDOS Activity
85.195.79.190	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=190,DE)
85.195.89.84	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=84,DE)
85.196.136.56	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
85.198.135.66	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.198.144.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.198.146.154	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=154,UA)
85.198.146.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.198.147.126	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.202.169.116	24	DT	None	2021-12-16 00:00:00	2022-03-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=116,NL)
85.202.224.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
85.203.15.18	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=18,DE)
85.203.15.24	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=24,DE)
85.203.15.24	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=24,DE)
85.203.15.24	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=24,DE)
85.203.15.24	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=24,DE)
85.203.15.24	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=24,DE)
85.203.15.5	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=5,DE)
85.203.22.61	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=61,AM)
85.203.23.73	32	TLM	None	2022-05-16 00:00:00	2022-11-15 00:00:00	2022-05-18 13:23:52	HIVE Case #7595 CTO 22-134 (IP=73,SG)
85.204.116.203	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:11	HIVE Case #7668 CTO 22-146 (IP=203,RO)
85.206.175.194	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:40	HIVE Case #7793 CTO 22-168 (IP=194,LT)
85.206.175.196	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:39	HIVE Case #7793 CTO 22-168 (IP=196,LT)
85.206.175.199	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:16	HIVE Case #7894 CTO 22-187 (IP=199,LT)
85.206.175.201	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:39	HIVE Case #7793 CTO 22-168 (IP=201,LT)
85.206.175.202	32	AS	None	2022-06-21 00:00:00	2022-09-20 00:00:00	2022-06-21 16:23:40	HIVE Case #7793 CTO 22-168 (IP=202,LT)
85.208.185.41	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	NL TO-S-2021-1117 DOS-DDOS Activity
85.208.209.195	32	NAB	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=195,US)
85.209.157.157	32	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:16	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=157,US)
85.214.108.111	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
85.214.155.17	32	KH	None	2021-10-04 00:00:00	2022-01-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00035 (IP=17,DE)
85.214.156.58	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
85.214.43.227	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
85.214.67.203	32	AS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-09 13:57:24	HIVE Case #7535 TO-S-2022-0176 (IP=203,DE)
85.214.80.236	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
85.215.223.202	24	WR	None	2021-11-03 00:00:00	2022-02-01 00:00:00	None	Self-Report / ColdFusion Error Reporting - TT# 22C00283 (IP=202,DE)
85.215.232.27	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=27,DE)
85.222.187.174	24	KD	None	2021-11-07 00:00:00	2022-02-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- SourceFire (IP=174,RS)
85.232.232.214	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
85.236.152.253	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6412 TO-S-2022-1635 (IP=253,FR)
85.237.217.108	32	RT	None	2021-10-09 00:00:00	2022-01-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 22C00104
85.238.96.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
85.239.34.235	32	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:54	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=235,US)
85.244.162.85	24	ZH	None	2022-09-15 00:00:00	2022-12-14 00:00:00	2022-09-15 14:40:55	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=85,PT)
85.248.128.194	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
85.248.18.242	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SK TO-S-2021-1117 DOS-DDOS Activity
85.254.92.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LV TO-S-2021-1117 DOS-DDOS Activity
85.27.148.75	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:05	HIVE Case #7894 CTO 22-187 (IP=75,DK)
85.30.129.39	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=39,SE)
85.31.54.10	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=10,US)
85.62.33.201	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	ES TO-S-2021-1092 Hive Case 4875 Malware Activity
85.69.219.227	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
85.71.123.128	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
85.74.214.43	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GR TO-S-2021-1117 DOS-DDOS Activity
85.75.235.63	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
85.8.183.31	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=31,HK)
85.88.32.11	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
85.88.55.111	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
85.89.163.22	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
85.89.165.174	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
85.89.181.4	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
85.90.192.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.90.204.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.90.208.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.90.216.0	21	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
85.91.192.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
85.91.96.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
85.92.36.215	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
85.93.170.162	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
85.93.187.6	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
85.93.2.116	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LB TO-S-2021-1050 Hive Case 4821 Malware Activity
85.93.218.204	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=204,LU)
85.93.88.165	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:28	HIVE Case #7198 CTO 22-071 (IP=165,FR)
85.93.91.80	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
85.95.241.109	24	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:56	SIPVicious Security Scanner - FE CMS IPS Events (IP=109,TR)
85.97.109.9	24	RS	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:35	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 22C01509 (IP=9,TR)
85.99.16.29	24	RB	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=29,TR)
8507215242.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
8562904258.dripcosmetic.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:18	HIVE Case #5985 TO-S-2021-1459
857.virtualofficevm.com	---	TLM	None	2021-10-29 00:00:00	2022-10-30 00:00:00	2023-01-19 23:04:18	HIVE Case #6448 TO-S-2022-0058 | updated by TLM Block expiration extended with reason HIVE Case #6448 TO-S-2022-0058
86.101.119.150	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
86.101.144.217	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
86.101.227.249	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
86.104.10.77	24	DT	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	MALWARE-CNC Win.Backdoor.Chopper web shell connection (1:37245:4) - Source Fire (IP=77,RO)
86.104.71.87	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
86.105.35.125	24	KH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=125,RO)
86.105.40.0	21	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	IR TO-S-2021-1081 Hive Case 4872 Malware Activity
86.106.121.18	32	KH	None	2022-04-04 00:00:00	2022-07-03 00:00:00	2022-04-04 22:35:31	ColdFusion Error reporting - TT# 22C01137 (IP=18,US)
86.106.142.54	32	AS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-25 12:50:43	HIVE Case #7934 COLS-NA TIP 22-0244 (IP=54,IR)
86.106.93.230	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 Malicious Email Activity
86.107.79.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,RO)
86.108.14.44	24	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-28 13:53:40	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=44,JO)
86.109.208.194	24	KH	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	Apache Log4j CVE-2021-44228 Remote Code Execution - FE IPS (IP=194,RU)
86.110.118.63	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=63,RU)
86.12.76.29	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
86.133.233.66	24	SW	None	2022-04-24 00:00:00	2022-07-23 00:00:00	2022-04-24 22:43:43	ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) (1:2034700:1) - SourceFire (IP=66, GB)
86.170.91.83	24	RT	None	2021-10-15 00:00:00	2022-01-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 HR WebAttack (IP=83,GB)
86.201.146.61	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:43	Abnormally Long Request - ArcSight (IP=61,FR)
86.206.61.124	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
86.21.68.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
86.23.111.86	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
86.51.165.162	24	ZH	None	2021-11-22 00:00:00	2022-02-20 00:00:00	None	Web Attacks Case 6565 (IP=210,SA)
86.55.28.100	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IR TO-S-2021-1050 Hive Case 4821 Malware Activity
86.57.246.76	24	KH	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=76,BY)
86.61.66.44	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SI TO-S-2021-1037 Hive Case 4785 Malware Activity
86.70.69.226	24	ZH	None	2021-12-04 00:00:00	2022-03-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=226,FR)
86.9.130.223	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
86.9.193.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
86.98.27.174	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:57	HIVE Case #7356 CTO 22-096 (IP=174,AE)
86.98.36.211	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:06	HIVE Case #7199 CTO 22-074 (IP=211,AE)
86.98.40.65	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:58	HIVE Case #7356 CTO 22-096 (IP=65,AE)
86.98.42.105	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:59	HIVE Case #7356 CTO 22-096 (IP=105,AE)
86.98.42.232	32	AS	None	2022-04-07 00:00:00	2022-10-07 00:00:00	2022-04-07 19:47:59	HIVE Case #7356 CTO 22-096 (IP=232,AE)
86.98.93.220	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:42	HIVE Case #7904 CTO 22-189 (IP=220,AE)
86.99.54.166	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:30	HIVE Case #7623 CTO 22-139 (IP=166,AE)
8613217498.medpharmasd.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:30	HIVE Case #5940 TO-S-2021-1447
87.106.168.212	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
87.106.169.158	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=158,DE)
87.106.18.141	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=141,DE)
87.116.162.151	24	WP	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	Suspicious Scan Activity - FE IPS Events (IP=151,RS)
87.118.110.27	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=27,DE)
87.118.116.103	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=103,DE)
87.118.116.12	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=12,DE)
87.118.116.90	24	RR	None	2017-09-27 05:00:00	2022-05-17 00:00:00	None	SERVER-WEBAPP Phpcms user registration remote file include attempt (IP=90,DE) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=90,DE)
87.118.122.51	24	DT	None	2022-04-10 00:00:00	2022-07-09 00:00:00	2022-04-10 22:54:25	SERVER-WEBAPP Apache Log4j logging remote code execution attempt (1:59246:1) - Source Fire (IP=51,DE)
87.118.96.154	24	SQL	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:03	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logon (IP=154,DE) | updated by SQL Block was inactive. Reactivated on 20220703 with reason RS injection - 6Hr Web Attacks (IP=154,DE) RS injection - 6Hr Web Attacks (IP=154,DE)
87.118.96.154	24	RB	None	2020-07-16 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:03	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logon (IP=154,DE) | updated by SQL Block was inactive. Reactivated on 20220703 with reason RS injection - 6Hr Web Attacks (IP=154,DE) RS injection - 6Hr Web Attacks (IP=154,DE)
87.119.226.116	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:09	Suspicious Scan Activity (IP=116,RU)
87.120.179.194	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
87.120.228.1	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
87.120.254.189	32	AS	None	2021-12-29 00:00:00	2022-06-29 00:00:00	None	HIVE Case #6705 CTO 21-363 (IP=189,BG)
87.120.254.75	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=75,BG)
87.120.37.123	32	AS	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 17:05:46	HIVE Case #7873 CTO 22-180 (IP=123,BG)
87.120.37.183	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:24	HIVE Case #7341 CTO 22-092 (IP=183,BG)
87.120.37.46	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:08	HIVE Case #7458 CTO 22-113 (IP=46,BG)
87.120.8.109	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=109,BG)
87.120.8.151	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=151,BG)
87.120.8.206	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=206,BG)
87.120.8.216	32	TLM	None	2022-02-09 00:00:00	2022-08-10 00:00:00	None	HIVE Case #6952 CTO 22-040 (IP=216,BG)
87.121.44.19	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
87.121.52.253	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:19	HIVE Case #7714 CTO 22-154 (IP=253,BG)
87.121.98.0	19	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,BG)
87.139.126.154	32	KH	None	2022-07-25 00:00:00	2022-10-23 00:00:00	2022-07-25 23:41:39	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - IR# 22C01753 (IP=154,DE)
87.14.210.115	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
87.149.254.74	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=74,DE)
87.18.80.61	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
87.193.135.122	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:24	HIVE Case #7199 CTO 22-074 (IP=122,DE)
87.193.135.123	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:24	HIVE Case #7199 CTO 22-074 (IP=123,DE)
87.193.135.124	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:25	HIVE Case #7199 CTO 22-074 (IP=124,DE)
87.193.135.125	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:25	HIVE Case #7199 CTO 22-074 (IP=125,DE)
87.205.127.92	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
87.205.254.211	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
87.229.73.20	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=20,HU) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=20,HU)
87.230.22.218	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
87.230.23.112	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
87.233.176.5	24	TC	None	2022-09-04 00:00:00	2022-12-03 00:00:00	2022-09-05 12:31:08	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - SourceFire (IP=5,NL)
87.236.212.22	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:23	HIVE Case #7088 CTO 22-056 (IP=22,GB)
87.236.98.21	32	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=21,NL)
87.237.54.14	24	TH	None	2022-08-17 00:00:00	2022-11-16 00:00:00	2022-08-18 13:49:19	SQL injection - 6 Hr Web Report (IP=14,DE) | updated by AR Block expiration extended with reason SQL injection - 6 Hr Web Report (IP=14,DE)
87.238.147.136	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.239.120.11	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=11,FI)
87.239.127.198	24	bob	None	2016-10-11 05:00:00	2022-03-21 00:00:00	None	FL TO-S-2017-0021 Finland IP associated with malicious emails and downloads | updated by KD Block was inactive. Reactivated on 20211221 with reason PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=198,FI)
87.239.16.151	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 20:13:38	HIVE Case #7327 COLS-NA TIP 22-0114 (IP=151,GB)
87.240.101.134	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.101.218	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.103.130	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.103.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.104.118	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.104.206	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.105.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.64.77	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.64.88	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.68.90	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.71.190	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.71.86	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.77.37	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.80.241	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.84.6	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.87.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.87.97	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.240.90.229	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
87.241.204.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
87.244.176.221	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
87.244.194.91	24	RW	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (1:54577:4) - Sourcefire (IP=91,SK)
87.246.36.35	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
87.246.36.36	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
87.247.242.215	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=215,GB)
87.247.245.133	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=133,GB)
87.248.59.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
87.249.135.167	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:24	HIVE Case #7767 TO-S-2022-0197 (IP=167,CZ)
87.249.139.161	32	AS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 17:31:12	HIVE Case #8052 TO-S-2022-0216 (IP=161,TR)
87.249.44.0	24	TLM	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 22:29:40	HIVE Case #7139 TO-S-2022-0140 (IP=0,RU)
87.249.49.103	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=103,RU)
87.249.53.0	24	TLM	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 22:29:41	HIVE Case #7139 TO-S-2022-0140 (IP=0,RU)
87.249.53.193	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=193,RU)
87.249.54.0	24	TLM	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 22:29:41	HIVE Case #7139 TO-S-2022-0140 (IP=0,RU)
87.249.54.216	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=216,RU)
87.249.54.251	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=251,RU)
87.249.54.45	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6037 CTO 21-226 (IP=45,RU)
87.250.96.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BA TO-S-2021-1050 Hive Case 4821 Malware Activity
87.251.128.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
87.251.20.12	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=12,TR)
87.251.20.20	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=20,TR)
87.251.229.24	24	RS	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-23 18:09:02	SIPVicious Security Scanner - IPS Events (IP=24,PL)
87.251.64.35	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:12	HIVE Case #7894 CTO 22-187 (IP=35,RU)
87.255.204.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KZ TO-S-2021-1037 Hive Case 4785 Malware Activity
87.255.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MD TO-S-2021-1117 DOS-DDOS Activity
87.27.253.213	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
87.27.59.135	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=135,IT)
87.4.103.182	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
87.4.177.28	24	KH	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=28,IT)
87.8.16.155	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
87.98.138.252	24	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:03	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=252,FR)
87.98.241.184	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=184,FR)
87.98.255.18	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:39	HIVE Case #7296 CTO 22-088 (IP=18,FR)
8734343.mfs.gg	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:09	HIVE Case #5985 TO-S-2021-1459
874197937.ujsd.conncorrd.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:35	HIVE Case #6042 TO-S-2021-1484
87d0c.codesandbox.io	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:42	HIVE Case #6042 TO-S-2021-1484
87ui.com	---	TLM	None	2021-08-10 00:00:00	2022-08-10 00:00:00	2023-01-19 22:59:55	HIVE Case #5969 TO-S-2021-1289
88.102.142.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
88.107.184.215	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=215,GB)
88.119.161.83	32	KH	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-29 22:51:30	Trojan.RedLineStealer - Case # 8209 (IP=83,US)
88.119.169.11	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:37	HIVE Case #7227 CTO 22-076 (IP=11,LT)
88.119.170.124	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:23	HIVE Case #7088 CTO 22-056 (IP=124,NL)
88.119.170.241	24	BMP	None	2022-08-30 00:00:00	2022-11-28 00:00:00	2022-08-30 22:51:02	Raccoon InfoStealer - Case # 8209 (IP=241,NL)
88.119.171.213	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:24	HIVE Case #7088 CTO 22-056 (IP=213,NL)
88.119.171.78	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=78,NL)
88.119.174.85	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:34	HIVE Case #7226 CTO 22-075 (IP=85,LT)
88.12.54.150	24	ZH	None	2022-05-15 00:00:00	2022-08-13 00:00:00	2022-05-15 22:46:00	Generic URI Injection wget Attempt - CMS IPS Events (IP=150,ES)
88.12.57.72	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=72,ES)
88.121.169.128	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:36	Custom Violation - ArcSight (IP=128,FR)
88.130.169.13	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
88.132.188.113	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
88.132.92.162	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
88.135.128.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LV TO-S-2021-1050 Hive Case 4821 Malware Activity
88.139.39.28	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:38	Exploit Attempt Detected by IDS - ArcSight (IP=28,FR)
88.141.193.140	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:04	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=140,FR)
88.148.41.243	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
88.149.155.196	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
88.149.215.129	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
88.150.180.23	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:10	HIVE Case #7705 CTO 22-153 (IP=23,GB)
88.150.197.184	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 14:40:42	HIVE Case #7190 CTO 22-070 (IP=184,GB)
88.157.129.74	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PT TO-S-2021-1117 DOS-DDOS Activity
88.159.50.178	24	RR	None	2022-05-08 00:00:00	2022-08-06 00:00:00	2022-05-08 12:51:39	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=178,NL)
88.161.10.74	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
88.162.34.132	24	BB	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - SourceFire (IP=132,FR)
88.198.10.91	32	TLM	None	2022-05-12 00:00:00	2022-11-11 00:00:00	2022-05-12 15:45:26	HIVE Case #7545 COLS-NA-TIP 22-0162 (IP=91,DE)
88.198.101.58	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:44	HIVE Case #7361 CTO 22-098 (IP=58,DE)
88.198.12.89	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=89,DE)
88.198.132.179	24	SW	None	2022-07-02 00:00:00	2022-09-30 00:00:00	2022-07-03 13:57:36	SQL injection - WebAttacks (IP=179,DE)
88.198.33.145	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:26	HIVE Case #7198 CTO 22-071 (IP=145,DE)
88.198.49.212	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
88.198.61.240	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=240,DE)
88.198.71.170	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
88.2.191.225	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
88.200.117.119	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SI TO-S-2021-1037 Hive Case 4785 Malware Activity
88.203.145.253	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
88.208.228.45	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 Malicious Email Activity
88.208.7.29	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=29,NL)
88.210.32.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
88.212.201.243	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:32	HIVE Case #7623 CTO 22-139 (IP=243,RU)
88.212.31.19	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SK TO-S-2021-1050 Hive Case 4821 Malware Activity
88.212.7.209	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SK TO-S-2021-1037 Hive Case 4785 Malware Activity
88.214.193.163	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=163,GB)
88.214.25.11	24	TH	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:21	SQL injection - 6 Hr Web Report (IP=11,DE)
88.214.25.6	24	RR	None	2022-07-31 00:00:00	2022-10-29 00:00:00	2022-07-31 13:51:06	SQL injection - Web Attacks (IP=6,DE)
88.214.25.8	32	SW	None	2022-07-23 00:00:00	2022-10-21 00:00:00	2022-07-24 22:47:12	Known Attack Tool - IR# 22C01751(IP=8,DE)
88.214.26.38	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:46	HIVE Case #7779 CTO 22-162 (IP=38,DE)
88.214.46.191	24	ZH	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 23:23:11	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vuln - 6hr Web Attacks (IP=191,IT)
88.214.46.6	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
88.214.57.222	24	RT	None	2021-11-11 00:00:00	2022-02-09 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - 6HR Web Attacks (IP=222,DE)
88.215.130.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
88.216.82.0	23	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LT TO-S-2021-1050 Hive Case 4821 Malware Activity
88.217.248.196	32	BB	None	2021-10-17 00:00:00	2022-01-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00173 (IP=196,DE)
88.218.67.220	24	NAB	None	2022-01-03 00:00:00	2022-04-03 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=220,RU)
88.223.27.99	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	LT TO-S-2021-1117 DOS-DDOS Activity
88.224.184.78	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:31	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=78,TR)
88.229.159.212	24	RR	None	2022-07-16 00:00:00	2022-10-14 00:00:00	2022-07-16 13:51:52	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=212,TR)
88.230.32.82	24	TH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	SQL injection - 6 Hr Web Report (IP=82,TR)
88.230.38.217	24	WR	None	2022-03-11 00:00:00	2022-06-09 00:00:00	2022-03-11 14:39:49	SQL injection - Web Attacks (IP=217,TR)
88.236.174.104	24	TH	None	2022-08-21 00:00:00	2022-11-19 00:00:00	2022-08-21 13:56:07	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Report (IP=104,TR)
88.245.199.249	24	TH	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 22:41:20	SQL injection - 6 Hr Web Report (IP=249,TR)
88.5.204.138	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:25	SIPVicious Security Scanner - IPS Events (IP=138,ES)
88.80.144.0	22	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=0,BG)
88.80.186.144	24	KH	None	2022-04-21 00:00:00	2022-07-20 00:00:00	2022-04-21 22:41:24	Exploit.Spring4Shell.CVE-2022-22965 - FireEye NX (IP=144,GB)
88.80.20.86	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=86,SE)
88.81.54.205	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:09	Suspicious Scan Activity (IP=205,RU)
88.81.82.163	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
88.81.82.80	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
88.81.82.88	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
88.83.25.122	32	jky	None	2017-09-28 05:00:00	2022-03-24 00:00:00	None	GL TO-S-2017-1551 Intrusion Set CNE | updated by AS Block was inactive. Reactivated on 20210924 with reason HIVE Case #6244 CTO 21-267 (IP=122,GL)
88.84.0.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CH TO-S-2021-1117 DOS-DDOS Activity
88.85.82.180	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	NL TO-S-2021-1092 Hive Case 4875 Malware Activity
88.86.120.23	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=23,CZ)
88.87.166.18	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IE TO-S-2021-1037 Hive Case 4785 Malware Activity
88.9.196.36	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
88.98.106.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
88.99.10.237	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
88.99.10.237	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
88.99.10.237	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
88.99.10.237	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
88.99.102.229	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
88.99.182.158	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6345 CTO 21-280 (IP=158,DE)
88.99.3.131	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=131,DE)
88.99.59.141	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=141,DE)
88.99.69.42	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=42,DE)
88.99.73.179	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=179,DE)
88.99.95.199	32	AS	None	2022-03-18 00:00:00	2022-09-18 00:00:00	2022-03-18 15:24:15	HIVE Case #7237 CTO 22-077 (IP=199,DE)
8832355727.marsstream.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:20	HIVE Case #5985 TO-S-2021-1459
8880482554.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
89.100.107.65	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:09	HIVE Case #7904 CTO 22-189 (IP=65,IE)
89.101.97.139	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:07	HIVE Case #7199 CTO 22-074 (IP=139,IE)
89.103.155.86	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:04	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=86,CZ)
89.106.110.215	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
89.106.235.150	24	WR	None	2021-01-02 00:00:00	2022-04-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=150,KZ)
89.108.102.37	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=37,RU)
89.108.114.11	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=11,RU)
89.108.115.206	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=206,RU)
89.108.115.214	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=214,RU)
89.108.115.235	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=235,RU)
89.108.65.157	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=157,RU)
89.108.70.22	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=22,RU)
89.108.70.22	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=22,RU)
89.108.71.205	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=205,RU)
89.108.71.205	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=205,RU)
89.108.76.135	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=135,RU)
89.108.77.133	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=133,RU)
89.108.77.45	32	TLM	None	2021-10-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6387 CTO 21-289 (IP=45,RU)
89.108.78.126	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=126,RU)
89.108.78.126	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=126,RU)
89.108.78.128	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=128,RU)
89.108.78.35	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=35,RU)
89.108.79.10	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=10,RU)
89.108.79.13	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=13,RU)
89.108.79.146	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=146,RU)
89.108.79.29	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=29,RU)
89.108.79.8	32	TLM	None	2021-11-15 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6534 CTO 21-314 (IP=8,RU)
89.108.81.106	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=106,RU)
89.108.81.106	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=106,RU)
89.108.81.163	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=163,RU)
89.108.81.181	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=181,RU)
89.108.81.95	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=95,RU)
89.108.83.23	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=23,RU)
89.108.83.23	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=23,RU)
89.108.88.15	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=15,RU)
89.108.88.15	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=15,RU)
89.108.88.167	32	TLM	None	2022-01-20 00:00:00	2022-07-20 00:00:00	None	HIVE Case #6811 CTO 22-020 (IP=167,RU)
89.108.98.101	32	TLM	None	2022-02-08 00:00:00	2022-08-09 00:00:00	None	HIVE Case #6947 CTO 22-039 (IP=101,RU)
89.108.98.42	24	AR	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 14:49:55	HTTP: ThinkPHP CMS Getshell Vulnerability - 6Hr Web Attacks (IP=42,RU)
89.109.5.85	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:58	Directory Traversal Attempt - IPS Events (IP=85,RU)
89.134.116.73	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
89.134.148.73	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
89.134.228.127	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:56	HIVE Case #7282 CTO 22-085 (IP=127,HU)
89.135.171.208	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
89.135.186.145	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
89.137.52.44	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:07	HIVE Case #7199 CTO 22-074 (IP=44,RO)
89.141.45.240	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
89.143.76.116	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SI TO-S-2021-1037 Hive Case 4785 Malware Activity
89.144.12.17	24	RB	None	2021-05-15 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=17,CN) | updated by RB Block was inactive. Reactivated on 20210515 with reason SQL injection - 6hr web attacks (IP=17,DE) SQL injection - 6hr web attacks (IP=17,DE) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=17,DE) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=17,DE)
89.144.12.17	24	RR	None	2020-07-21 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=17,CN) | updated by RB Block was inactive. Reactivated on 20210515 with reason SQL injection - 6hr web attacks (IP=17,DE) SQL injection - 6hr web attacks (IP=17,DE) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=17,DE) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=17,DE)
89.144.12.17	24	srm	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=17,CN) | updated by RB Block was inactive. Reactivated on 20210515 with reason SQL injection - 6hr web attacks (IP=17,DE) SQL injection - 6hr web attacks (IP=17,DE) | updated by srm Block was inactive. Reactivated on 20220215 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=17,DE) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=17,DE)
89.147.108.166	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:53	HIVE Case #7820 CTO 22-174 (IP=166,IS)
89.149.153.157	24	BMP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-31 17:30:57	FireEye High Attacker (IP=157,IE)
89.154.92.102	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PT TO-S-2021-1117 DOS-DDOS Activity
89.163.132.133	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=133,DE)
89.163.132.133	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=133,DE) HIVE Case #5 TO-S-2021-1447 (IP=133,DE)
89.163.133.106	24	KD	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=106,DE)
89.163.134.159	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=159,DE)
89.163.138.116	24	TH	None	2022-03-04 00:00:00	2022-06-02 00:00:00	2022-03-04 23:11:52	SIPVicious Security Scanner - FE CMS IPS Events (IP=116,DE)
89.163.140.55	24	RS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 22:46:19	SIPVicious Security Scanner - IPS Events (IP=55,DE)
89.163.143.8	24	BMP	None	2020-07-15 00:00:00	2022-05-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=8,DE) | updated by KH Block was inactive. Reactivated on 20210707 with reason SQL injection - 6 hr web attacks (IP=8,DE) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=8,DE)
89.163.144.156	32	TLM	None	2021-12-17 00:00:00	2022-06-17 00:00:00	None	HIVE Case #6673 CTO 21-351 (IP=156,DE)
89.163.145.54	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=54,DE)
89.163.145.54	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=54,DE)
89.163.145.54	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=54,DE)
89.163.148.224	24	KH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:13	SIPVicious Security Scanner - FE CMS (IP=224,DE)
89.163.148.96	24	RS	None	2022-09-12 00:00:00	2022-12-11 00:00:00	2022-09-13 13:47:52	SIPVicious Security Scanner - IPS Events (IP=96,DE)
89.163.151.110	24	TH	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 22:43:43	SIPVicious Security Scanner - FE CMS IPS Events (IP=110,DE)
89.163.153.20	24	TH	None	2022-03-12 00:00:00	2022-06-10 00:00:00	2022-03-12 23:35:50	SIPVicious Security Scanner - FE CMS IPS Events (IP=20,DE)
89.163.153.7	32	IJ	None	2022-09-30 00:00:00	2022-12-30 00:00:00	2022-09-30 22:47:35	SQL injection- 6 Hr Web Attacks Report (IP=7,US)
89.163.210.85	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=85,DE)
89.163.211.6	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:22	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - IPS Events (IP=6,DE)
89.163.212.107	24	TH	None	2022-03-10 00:00:00	2022-06-08 00:00:00	2022-03-10 23:37:08	SIPVicious Security Scanner - FE CMS IPS Events (IP=107,DE)
89.163.219.56	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:27	HIVE Case #7769 CTO 22-165 (IP=56,DE)
89.163.249.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
89.163.251.5	24	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:10	SIPVicious Security Scanner - FE IPS Events (IP=5,DE) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=5,DE) SIPVicious Security Scanner - FE IPS (IP=5,DE)
89.163.251.5	24	RS	None	2022-05-04 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:10	SIPVicious Security Scanner - FE IPS Events (IP=5,DE) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=5,DE) SIPVicious Security Scanner - FE IPS (IP=5,DE)
89.163.251.5	24	RS	None	2022-05-04 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:10	SIPVicious Security Scanner - FE IPS Events (IP=5,DE) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=5,DE) SIPVicious Security Scanner - FE IPS (IP=5,DE)
89.163.252.230	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:06	HIVE Case #7441 CTO 22-111 (IP=230,DE)
89.163.252.232	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:24	HIVE Case #7088 CTO 22-056 (IP=232,DE)
89.165.160.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
89.166.156.182	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
89.169.55.38	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:10	Suspicious Scan Activity (IP=38,RU)
89.17.61.65	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:20:10	HIVE Case #7104 TO-S-2022-0138 (IP=65,RU)
89.172.136.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HR TO-S-2021-1037 Hive Case 4785 Malware Activity
89.176.93.156	24	DT	None	2022-02-10 00:00:00	2022-05-11 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=156,CZ)
89.184.107.2	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
89.186.8.250	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=250,PL)
89.187.163.149	24	TH	None	2022-08-04 00:00:00	2022-11-02 00:00:00	2022-08-05 13:55:24	SIPVicious Security Scanner - FE CMS IPS Events (IP=149,SG)
89.187.168.58	32	AS	None	2022-06-29 00:00:00	2022-09-27 00:00:00	2022-06-29 18:17:05	HIVE Case #7862 CTO 22-176 (IP=58,AT)
89.187.170.129	32	TLM	None	2022-06-13 00:00:00	2022-12-12 00:00:00	2022-06-14 12:55:22	HIVE Case #7767 TO-S-2022-0197 (IP=129,US)
89.187.171.111	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=111,US)
89.187.179.113	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:51	Possible Cross-site Scripting Attack - FE IPS Events (IP=113,US)
89.188.167.130	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:19	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=130,RU)
89.190.75.71	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
89.20.48.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	KZ TO-S-2021-1117 DOS-DDOS Activity
89.201.175.23	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=23,HR)
89.201.193.39	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HR TO-S-2021-1037 Hive Case 4785 Malware Activity
89.201.194.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HR TO-S-2021-1037 Hive Case 4785 Malware Activity
89.208.29.172	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=172,RU)
89.208.29.186	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:42	HIVE Case #7110 CTO 22-057 (IP=186,RU)
89.208.29.39	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:49:44	HIVE Case #7652 CTO 22-141 (IP=39,RU)
89.208.29.42	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:49	HIVE Case #7662 CTO 22-145 (IP=42,RU)
89.208.29.44	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-27 16:40:12	HIVE Case #7668 CTO 22-146 (IP=44,RU)
89.208.29.61	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:43	HIVE Case #7779 CTO 22-162 (IP=61,RU)
89.208.30.34	24	KH	None	2022-01-27 00:00:00	2022-04-27 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=34,RU)
89.21.60.66	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
89.22.103.79	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
89.22.113.170	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
89.22.180.140	24	AR	None	2021-12-18 00:00:00	2022-03-18 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=140,RU)
89.22.52.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
89.221.207.174	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:10	Suspicious Scan Activity (IP=174,RU)
89.222.216.0	21	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:01	HIVE Case #7669 TO-S-2022-0187 (IP=0,RU)
89.223.120.0	24	TLM	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 22:29:42	HIVE Case #7139 TO-S-2022-0140 (IP=0,RU)
89.223.123.121	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=121,RU)
89.223.126.208	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=208,RU)
89.223.127.188	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=188,RU)
89.223.32.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
89.223.4.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:19	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,KZ)
89.223.64.0	19	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=0,RU)
89.223.64.19	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=19,RU)
89.223.67.207	32	TLM	None	2022-05-18 00:00:00	2022-11-17 00:00:00	2022-05-19 13:24:08	HIVE Case #7616 CTO 22-138 (IP=207,RU) | Please remove from active block. Incorrect CTO was attached in **CIRT T1** - Block Request - Hive Case #7595 CTO 22-134 at 9:02 AM EST 5/18/22 From Tauren Miller: Sorry I sent the wrong list. CND hasn't approved CTO 22-138 Block list yet. Attached is the correct blocklist by RS | updated by TLM Block was inactive. Reactivated on 20220518 with reason HIVE Case #7616 CTO 22-138 (IP=207,RU) HIVE Case #7616 CTO 22-138 (IP=207,RU)
89.223.67.207	32	TLM	None	2022-05-18 00:00:00	2022-11-17 00:00:00	2022-05-19 13:24:08	HIVE Case #7616 CTO 22-138 (IP=207,RU) | Please remove from active block. Incorrect CTO was attached in **CIRT T1** - Block Request - Hive Case #7595 CTO 22-134 at 9:02 AM EST 5/18/22 From Tauren Miller: Sorry I sent the wrong list. CND hasn't approved CTO 22-138 Block list yet. Attached is the correct blocklist by RS | updated by TLM Block was inactive. Reactivated on 20220518 with reason HIVE Case #7616 CTO 22-138 (IP=207,RU) HIVE Case #7616 CTO 22-138 (IP=207,RU)
89.223.70.161	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=161,RU)
89.223.70.200	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=200,RU)
89.223.70.66	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=66,RU)
89.225.135.22	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=22,FR) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=22,FR)
89.23.96.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=0,RU)
89.231.102.236	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
89.231.141.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
89.231.152.183	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	PL TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
89.231.239.47	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
89.233.108.114	24	TH	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-09 22:49:30	SIPVicious Security Scanner - FE CMS IPS Events (IP=114,DE)
89.233.218.137	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	HU TO-S-2021-1117 DOS-DDOS Activity
89.234.157.254	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=254,FR)
89.234.181.79	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
89.234.182.139	32	TLM	None	2021-12-13 00:00:00	2022-06-13 00:00:00	None	HIVE Case #6652 CTO 21-345 F1 (IP=139,FR)
89.236.112.100	24	GM	None	2020-07-15 00:00:00	2022-05-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=100,FI) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=100,FI)
89.238.176.102	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	GB TO-S-2021-1092 Hive Case 4875 Malware Activity
89.238.178.212	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=212,ES)
89.238.178.212	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6665 CTO 21-349 (IP=212,ES)
89.238.185.13	32	JP	None	2022-08-10 00:00:00	2022-11-08 00:00:00	2022-08-10 22:56:11	GootKit Attempts - IR #22C01788 - (IP=13,NL)
89.238.75.74	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
89.239.252.124	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DK TO-S-2021-1037 Hive Case 4785 Malware Activity
89.239.5.65	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
89.24.113.196	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
89.244.135.239	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
89.245.246.18	24	RR	None	2021-12-05 00:00:00	2022-03-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - SourceFire (IP=18,DE)
89.247.40.15	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
89.248.163.140	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:20	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=140,GB)
89.248.163.218	24	KH	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:08	SIPVicious Security Scanner - FE IPS (IP=218,GB)
89.248.165.249	24	JKC	None	2021-09-16 00:00:00	2022-09-15 00:00:00	None	HIVE Case #NA CISCO DMZ DH NIC attacks (IP=249,GB)
89.248.165.52	24	RB	None	2022-06-24 00:00:00	2022-09-22 00:00:00	2022-06-25 14:09:26	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=52,GB) | updated by RB Block was inactive. Reactivated on 20220624 with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL) FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL)
89.248.165.52	24	WR	None	2021-12-21 00:00:00	2022-09-22 00:00:00	2022-06-25 14:09:26	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=52,GB) | updated by RB Block was inactive. Reactivated on 20220624 with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL) FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL)
89.248.165.52	24	RB	None	2021-05-16 00:00:00	2022-09-22 00:00:00	2022-06-25 14:09:26	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=52,GB) | updated by RB Block was inactive. Reactivated on 20220624 with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL) FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL)
89.248.165.52	24	RW	None	2021-11-12 00:00:00	2022-09-22 00:00:00	2022-06-25 14:09:26	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=52,GB) | updated by RB Block was inactive. Reactivated on 20220624 with reason FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL) FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - SourceFire (IP=52, NL)
89.248.169.17	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
89.248.169.6	24	KH	None	2022-04-15 00:00:00	2022-07-14 00:00:00	2022-04-15 23:00:14	SIPVicious Security Scanner - FE CMS (IP=6,GB)
89.248.173.139	24	NAB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=139,NL)
89.248.173.140	24	NAB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=140,NL)
89.249.49.143	24	ZH	None	2022-03-19 00:00:00	2022-06-17 00:00:00	2022-03-19 23:23:10	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=143,SC)
89.249.73.130	24	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:34	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=130,BE)
89.249.73.130	24	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:50:11	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=130,BE)
89.25.252.212	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
89.252.131.213	24	BB	None	2021-10-18 00:00:00	2022-01-16 00:00:00	None	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) - Sourcefire (IP=213,TR)
89.252.135.21	24	ZH	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-08 13:52:37	SQL injection - 6hr Web Attacks (IP=21,TR)
89.252.183.162	32	TLM	None	2022-09-01 00:00:00	2022-12-01 00:00:00	2022-09-02 21:05:04	HIVE Case #8225 COLS-NA-TIP 22-0305 (IP=162,TR)
89.252.191.243	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=243,TR)
89.252.246.124	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	BG TO-S-2021-1117 DOS-DDOS Activity
89.254.132.161	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LV TO-S-2021-1037 Hive Case 4785 Malware Activity
89.254.155.13	24	RS	None	2022-08-13 00:00:00	2022-11-11 00:00:00	2022-08-13 22:59:29	SIPVicious Security Scanner - IPS Events (IP=13,LV)
89.27.142.166	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
89.31.110.92	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:13	HIVE Case #7894 CTO 22-187 (IP=92,RU)
89.31.79.93	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=93,IT)
89.34.100.0	24	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,RO)
89.34.18.83	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=83,US)
89.35.204.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,RO)
89.38.131.141	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:28	HIVE Case #7495 CTO 22-120 (IP=141,NL)
89.38.131.151	24	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:54	HIVE Case #7531 New NetDooka Malware (IP=151,NL)
89.38.135.52	32	TLM	None	2021-12-09 00:00:00	2022-06-09 00:00:00	None	HIVE Case #6633 CTO 21-334 (IP=52,DE)
89.38.225.166	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:31:05	HIVE Case #7820 CTO 22-174 (IP=166,SG)
89.39.149.10	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:01	HIVE Case #7774 CTO 22-166 (IP=10,RO)
89.39.149.11	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:03	HIVE Case #7774 CTO 22-166 (IP=11,RO)
89.39.149.12	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:01	HIVE Case #7774 CTO 22-166 (IP=12,RO)
89.39.149.9	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:02	HIVE Case #7774 CTO 22-166 (IP=9,RO)
89.40.10.25	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:42	HIVE Case #7189 CTO 22-068.1 (IP=25,LT)
89.40.159.183	32	AR	None	2022-06-11 00:00:00	2022-09-09 00:00:00	2022-06-12 13:47:42	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR#22C01364 (IP=183,IR)
89.40.7.61	24	AR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=61,RU)
89.40.73.14	24	AR	None	2021-11-14 00:00:00	2022-02-10 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=14,RO)
89.41.182.38	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:40	HIVE Case #7227 CTO 22-076 (IP=38,RO)
89.43.107.190	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:21	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=190,DE)
89.44.197.46	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=46,BG)
89.44.9.108	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:37	HIVE Case #7387 CTO 22-103(IP=108,FR)
89.44.9.243	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:02:59	HIVE Case #7441 CTO 22-111 (IP=243,FR)
89.45.224.75	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:07	HIVE Case #7546 CTO 22-127 (IP=75,US)
89.45.6.210	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:22	Infection Match (blocked)- FIREEYE Web(IP=210,HK)
89.45.67.144	32	wmp	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 Mandiant Intel Report (IP=144,BG)
89.45.90.61	32	KH	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-05 22:53:09	Masscan TCP Port Scanner - FE IPS (IP=61,US)
89.46.103.2	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:06	Infection Match (blocked)- FIREEYE Web(IP=2,RO)
89.46.252.170	32	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:13	RTO-2022-1080/Pulse Report 148906-22 Mass Scanning/Scan Traffic - IR# 22C01588 (IP=170,GR)
89.58.16.22	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 13:58:04	SQL injection - 6Hr Web Attacks (IP=22,AT)
89.58.16.25	24	RR	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:25	SQL injection - Web Attacks (IP=25,DE)
89.58.27.84	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 18:28:42	HIVE Case #7342 CTO 22-092 FRAGO (IP=84,DE)
89.58.38.0	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:59:02	SQL Injection - 6hr Web Attacks (IP=0,DE)
89.58.41.0	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:54	SQL injection - Web Attacks (IP=0,DE)
89.58.42.239	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:35	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=239,DE)
89.79.248.126	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
89.83.114.14	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
89.87.164.102	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
8961035253.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
8993969056.80er.nl	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:13	HIVE Case #5985 TO-S-2021-1459
8xezepfcshdgu.jhvbuh.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:36	HIVE Case #5775 TO-S-2021-1390
8zuruxizshdgu.jhvbuh.com	---	TLM	None	2021-07-09 00:00:00	2022-07-09 00:00:00	2023-01-19 22:58:36	HIVE Case #5775 TO-S-2021-1390
90.142.39.41	24	JP	None	2022-09-10 00:00:00	2022-12-09 00:00:00	2022-09-10 22:55:25	Shenzhen TVT DVR Remote Code Execution Vulnerability - IPS Events (IP=41,SE)
90.154.71.187	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:11	Suspicious Scan Activity (IP=187,RU)
90.157.135.31	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SI TO-S-2021-1117 DOS-DDOS Activity
90.157.214.144	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	SI TO-S-2021-1117 DOS-DDOS Activity
90.179.114.27	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
90.187.238.157	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=157,DE)
90.189.213.136	24	ZH	None	2022-03-07 00:00:00	2022-06-05 00:00:00	2022-03-07 23:52:20	SSH2 Failed Login Attempt - Failed Logons (IP=136,RU)
90.191.225.242	24	DT	None	2022-01-25 00:00:00	2022-04-25 00:00:00	None	SERVER-OTHER Sentinel license manager buffer overflow attempt (1:11265:5) - Source Fire (IP=242,EE)
90.22.159.76	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 DOS-DDOS Activity
90.247.194.185	24	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:48:01	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=185,GB)
90.255.226.117	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
90.63.236.43	24	RS	None	2022-06-23 00:00:00	2022-09-21 00:00:00	2022-06-23 22:21:55	ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (Outbound) (CVE-2021-44228) (1:2034799:2) - SourceFire (IP=43,FR)
90.63.245.175	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=175,FR)
90.77.78.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
90.84.178.188	24	NAB	None	2021-12-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=188,FR)
90.85.224.121	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:26	HIVE Case #7199 CTO 22-074 (IP=121,FR)
90.85.224.122	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:26	HIVE Case #7199 CTO 22-074 (IP=122,FR)
90.85.224.123	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:27	HIVE Case #7199 CTO 22-074 (IP=123,FR)
90.85.224.124	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:27	HIVE Case #7199 CTO 22-074 (IP=124,FR)
90.85.224.125	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:28	HIVE Case #7199 CTO 22-074 (IP=125,FR)
90.89.194.9	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:33	Abnormally Long Request - ArcSight (IP=9,FR)
90.90.18.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
91.100.102.72	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DK TO-S-2021-1037 Hive Case 4785 Malware Activity
91.101.207.150	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=150,DK)
91.109.194.177	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
91.109.195.224	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
91.109.195.233	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
91.109.3.158	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	FR TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
91.121.92.17	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:27	Abnormally Long Request - ArcSight (IP=17,FR)
91.123.204.139	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SE TO-S-2021-1050 Hive Case 4821 Malware Activity
91.124.12.66	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
91.124.50.247	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
91.126.197.59	24	KH	None	2022-02-06 00:00:00	2022-05-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=59,ES)
91.127.228.131	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SK TO-S-2021-1050 Hive Case 4821 Malware Activity
91.132.147.168	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:47	HIVE Case #7894 CTO 22-187 (IP=168,DE)
91.132.147.168	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:35	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=168,DE)
91.132.197.186	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:21	Infection Match (blocked)- FIREEYE Web(IP=186,FI)
91.132.3.74	32	SW	None	2022-09-08 00:00:00	2022-12-07 00:00:00	2022-09-09 13:48:24	SIPVicious Security Scanner - IPS Events(IP=74,US)
91.134.231.157	32	TLM	None	2021-11-10 00:00:00	2022-05-11 00:00:00	None	HIVE Case #6511 CTO 21-307 (IP=157,FR)
91.135.208.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
91.140.20.216	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
91.140.56.112	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
91.142.160.0	20	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.143.160.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
91.148.119.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RS TO-S-2021-1037 Hive Case 4785 Malware Activity
91.148.177.207	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
91.149.225.172	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:30	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=172,PL)
91.150.175.122	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
91.151.90.22	24	AR	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=22,TR)
91.151.93.130	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=130,TR)
91.16.63.89	24	RS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-11 13:57:25	SQL Injection - 6Hr Web Attacks (IP=89,DE)
91.166.158.83	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
91.168.48.86	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
91.177.150.191	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BE TO-S-2021-1037 Hive Case 4785 Malware Activity
91.178.126.51	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:08	HIVE Case #7199 CTO 22-074 (IP=51,BE)
91.184.0.63	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
91.185.185.211	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=211,PL)
91.187.103.55	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
91.187.215.42	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
91.187.220.10	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	IT TO-S-2021-1117 DOS-DDOS Activity
91.187.59.254	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
91.189.4.134	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PT TO-S-2021-1117 DOS-DDOS Activity
91.189.91.42	32	AS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 17:31:12	HIVE Case #8052 TO-S-2022-0216 (IP=42,US)
91.189.91.43	32	AS	None	2022-07-29 00:00:00	2022-10-27 00:00:00	2022-07-29 17:31:13	HIVE Case #8052 TO-S-2022-0216 (IP=43,US)
91.191.209.190	24	WR	None	2021-12-07 00:00:00	2022-03-07 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=190,BG)
91.191.209.2	32	AR	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-03 14:03:21	Known Attack Tool / HTTP: SqlMap SQL Injection - Scanning I - IR# 22C01913 (IP=2,EU)
91.191.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
91.191.55.135	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:10	HIVE Case #7627 CTO 22-140 (IP=135,BA)
91.192.128.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.193.16.181	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:29	HIVE Case #7227 CTO 22-076 (IP=181,GB)
91.193.18.100	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:45	HIVE Case #7894 CTO 22-187 (IP=100,PL)
91.193.192.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
91.194.90.159	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
91.194.91.202	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6314 TO-S-2021-1589 (IP=202,DE)
91.195.92.62	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.196.68.34	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:09	HIVE Case #7458 CTO 22-113 (IP=34,DE)
91.197.220.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.198.77.208	24	RT	None	2021-11-14 00:00:00	2022-02-12 00:00:00	None	SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (3:49987:3) - Sourcefire Report (IP=208,NL)
91.199.149.122	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=122,RU)
91.199.212.52	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-11 16:51:32	Unblock Request - Hive Case #7546 CTO 22-127 SNOW : INC0304946 by TH
91.199.250.11	24	KD	None	2021-12-28 00:00:00	2022-03-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt- Sourcefire (IP=11,PL)
91.200.103.211	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6446 CTO 21-272 (IP=211,DE)
91.200.116.22	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	ES TO-S-2021-1117 DOS-DDOS Activity
91.200.43.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.201.16.82	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.201.17.92	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.201.19.212	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.201.19.86	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.202.220.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
91.202.76.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
91.203.110.245	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=245,DE)
91.203.145.116	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=116,UA)
91.204.227.130	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=130,KR)
91.204.46.244	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=244,DE)
91.206.252.22	32	TLM	None	2022-05-06 00:00:00	2022-11-05 00:00:00	2022-05-06 18:07:09	HIVE Case #7533 CTO 22-126 (IP=22,UA)
91.207.244.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.208.52.0	24	AS	None	2022-07-13 00:00:00	2022-10-11 00:00:00	2022-07-14 17:08:18	HIVE Case #7929 TO-S-2022-0208 (IP=0,NL)
91.208.52.58	32	TLM	None	2021-11-30 00:00:00	2022-05-30 00:00:00	None	HIVE Case #6595 CTO 21-327 (IP=58,NL)
91.209.55.0	24	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=0,UA)
91.210.107.38	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:04	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 22C01013 (IP=217,VN)
91.210.107.38	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:40:36	DISA-G-TIP22-3705-TT# 22C01013 (IP=38,RU)
91.210.107.38	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 15:25:55	DISA-G-TIP22-3705-TT# 22C01013 (IP=38,RU)
91.210.116.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.210.176.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
91.211.105.198	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:11	Suspicious Scan Activity (IP=198,RU)
91.211.244.0	22	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,LT)
91.211.89.43	24	WR	None	2022-03-14 00:00:00	2022-06-12 00:00:00	2022-03-14 13:48:02	SSH2 Failed Login Attempt - Failed Logons (IP=43,UA)
91.212.191.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	OM TO-S-2021-1117 DOS-DDOS Activity
91.213.229.141	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=141,FR)
91.213.50.11	32	RW	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	Known Attack Tool User Agent V2 - TT# 22C00221 (IP=11,RU)
91.213.50.128	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:26	HIVE Case #7399 CTO 22-104 (IP=128,RU)
91.213.50.159	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:24	HIVE Case #7399 CTO 22-104 (IP=159,RU)
91.213.50.208	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:27	HIVE Case #7399 CTO 22-104 (IP=208,RU)
91.213.50.47	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:25	HIVE Case #7399 CTO 22-104 (IP=47,RU)
91.213.50.75	24	BB	None	2021-11-19 00:00:00	2022-02-17 00:00:00	None	Known Attack Tool - TT# 22C00381 (IP=75,RU)
91.213.50.92	32	AS	None	2022-04-14 00:00:00	2022-10-14 00:00:00	2022-04-14 17:59:26	HIVE Case #7399 CTO 22-104 (IP=92,RU)
91.214.124.133	32	TLM	None	2022-01-26 00:00:00	2022-07-26 00:00:00	None	HIVE Case #6836 CTO 22-022 (IP=133,UA)
91.214.124.134	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:05	HIVE Case #7774 CTO 22-166 (IP=134,UA)
91.214.124.143	32	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6996 CTO 22-043 (IP=143,UA)
91.214.64.2	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
91.214.80.0	22	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,UA)
91.215.24.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
91.216.107.211	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	FR TO-S-2021-1117 Malicious Email Activity
91.216.163.90	32	NAB	None	2021-11-09 00:00:00	2022-02-07 00:00:00	None	HIVE Case #NA FP Security (IP=90,LT)
91.217.12.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.217.189.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	SE TO-S-2021-1037 Hive Case 4785 Malware Activity
91.217.254.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.217.77.222	32	TLM	None	2022-09-26 00:00:00	2022-12-25 00:00:00	2022-09-26 15:23:19	HIVE Case #8366 COLS-NA-TIP 22-0335 (IP=222,FI)
91.218.104.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.218.115.231	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:13	HIVE Case #7894 CTO 22-187 (IP=231,RU)
91.218.64.34	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
91.218.88.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
91.219.100.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
91.219.113.112	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
91.219.212.242	32	TH	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-02-28 23:39:56	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=242,US)
91.219.215.103	32	TLM	None	2022-04-28 00:00:00	2022-10-27 00:00:00	2022-04-28 16:06:24	HIVE Case #7482 CTO 22-118 (IP=103,NO)
91.219.220.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.219.236.127	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
91.219.236.192	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 12:14:09	HIVE Case #7305 TO-S-2022-0156 (IP=192,HU)
91.219.236.202	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 12:14:10	HIVE Case #7305 TO-S-2022-0156 (IP=202,HU)
91.219.236.28	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=28,HU)
91.219.238.161	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=161,HU)
91.219.239.237	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=237,HU)
91.219.52.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
91.219.60.108	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6348 CTO 21-279 (IP=108,UA)
91.219.62.0	23	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=0,UA)
91.221.218.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.224.206.27	24	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:50	Kramer VIAware CVE-2019-17124 Remote Code Execution - IPS Events (IP=27,RU)
91.224.22.245	32	TLM	None	2022-02-04 00:00:00	2022-08-05 00:00:00	None	HIVE Case #6926 CTO 22-035 (IP=245,RU)
91.224.222.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.225.164.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.225.166.61	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:43	HIVE Case #7361 CTO 22-098 (IP=61,UA)
91.226.187.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.226.4.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.227.180.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.227.217.149	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
91.227.217.230	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.228.166.13	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Intel Active Management Technology Remote Privilege Escalation - FE IPS (IP=13,SK)
91.228.167.133	24	KH	None	2021-10-22 00:00:00	2022-01-20 00:00:00	None	Intel Active Management Technology Remote Privilege Escalation - FE IPS (IP=133,SK)
91.228.54.110	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=110,RU)
91.228.58.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.229.3.134	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.142	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.143	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.147	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.148	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.151	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.153	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.157	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.161	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.168	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.169	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.171	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.173	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.3.176	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	DE TO-S-2021-1117 DOS-DDOS Activity
91.229.76.189	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=189,UA)
91.229.78.180	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=180,UA)
91.229.79.226	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=226,UA)
91.230.225.95	32	RT	None	2022-04-19 00:00:00	2022-07-18 00:00:00	2022-04-19 22:41:21	HTTP: Oracle GlassFish Server ThemeServlet Directory Traversal - IR#: 22C01205 (IP=95,US)
91.231.236.41	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:21	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=41,RU)
91.231.237.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:22	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
91.231.239.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:22	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
91.231.44.10	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.232.214.146	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	CZ TO-S-2021-1117 DOS-DDOS Activity
91.232.238.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.232.241.58	32	TLM	None	2022-03-17 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:15	HIVE Case #7227 CTO 22-076 (IP=58,UA) | updated by TLM Block expiration extended with reason HIVE Case #7627 CTO 22-140 (IP=58,UA)
91.234.12.174	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	PL TO-S-2021-1117 DOS-DDOS Activity
91.234.126.200	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
91.234.192.85	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:29	HIVE Case #7894 CTO 22-187 (IP=85,JP)
91.234.226.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.234.254.139	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	NL TO-S-2021-1143 Malware Activity
91.234.33.51	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=51,UA)
91.234.99.149	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-05 15:14:27	HIVE Case #7498 COLS-NA-TIP 22-0155 (IP=149,NL)
91.235.12.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
91.235.128.90	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=90,UA)
91.235.68.0	22	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.236.138.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
91.237.161.246	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
91.237.161.4	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
91.237.182.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
91.238.104.167	24	RS	None	2022-06-21 00:00:00	2022-09-19 00:00:00	2022-06-21 22:50:19	SIPVicious Security Scanner - IPS Events (IP=167,UA)
91.238.110.2	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:23	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=2,RU)
91.238.111.8	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:24	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=8,RU)
91.238.50.114	32	AS	None	2022-02-21 00:00:00	2022-08-22 00:00:00	None	HIVE Case #7038 CTO 22-049 (IP=114,RO)
91.238.72.69	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
91.238.94.0	23	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	MD TO-S-2021-1117 DOS-DDOS Activity
91.239.233.0	24	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	UA TO-S-2021-1117 DOS-DDOS Activity
91.240.208.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
91.240.31.121	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
91.241.19.110	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:58	HIVE Case #7361 CTO 22-098 (IP=110,RU)
91.241.19.245	24	RS	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-06 13:58:03	SQL injection - 6Hr Web Attacks (IP=245,RU)
91.242.229.35	32	AS	None	2022-03-22 00:00:00	2022-09-22 00:00:00	2022-03-22 14:48:48	HIVE Case #7254 CTO 22-078 (IP=35,NL)
91.242.88.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MD TO-S-2021-1037 Hive Case 4785 Malware Activity
91.243.32.0	24	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=0,GB)
91.243.44.0	22	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	RU TO-S-2021-1143 Malicious Email Activity
91.244.181.85	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=85,GB)
91.245.253.110	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:20	HIVE Case #7714 CTO 22-154 (IP=110,SG)
91.245.255.243	24	EE	None	2022-04-13 00:00:00	2022-07-12 00:00:00	2022-04-13 22:35:14	HIVE Case #7389 IOC_Sandworm_Group_(UAC-0082) (IP=243,HK)
91.250.242.12	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6 hr failed logons (IP=12,RO) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=12,RO) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=12,RO)
91.250.242.12	24	RW	None	2019-08-21 00:00:00	2022-05-17 00:00:00	None	Authentication Failed - 6 hr failed logons (IP=12,RO) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=12,RO) HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=12,RO)
91.250.99.209	32	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:40	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01553 (IP=209,DE)
91.66.153.102	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
91.68.196.201	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
91.74.64.0	19	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	AE TO-S-2021-1117 DOS-DDOS Activity
91.83.165.179	24	RW	None	2019-08-24 00:00:00	2022-02-22 00:00:00	None	HTTP: SQL Injection Attempt Detected - 12 hr web attacks (IP=179,HU) | updated by KH Block was inactive. Reactivated on 20211124 with reason INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=179,HU)
91.83.165.179	32	AR	None	2022-02-01 00:00:00	2022-05-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 22C00881 (IP=179,HU)
91.85.35.63	32	dbc	None	2021-03-05 00:00:00	2022-03-05 00:00:00	None	GB TO-S-2021-1117 DOS-DDOS Activity
91.90.121.73	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:37	HIVE Case #7669 TO-S-2022-0187 (IP=73,GB)
91.92.108.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,CY)
91.92.136.9	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:04	HIVE Case #7774 CTO 22-166 (IP=9,BG)
91ysl.corsoesq.com	---	TLM	None	2021-06-16 00:00:00	2022-06-16 00:00:00	2023-01-19 22:57:37	HIVE Case #5629 TO-S-2021-1303
92.110.109.158	24	RS	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 22:44:34	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=158,NL)
92.118.160.61	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:33	LT TO-S-2020-0298 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20220413 with reason HIVE Case #7387 CTO 22-103(IP=61,AE) HIVE Case #7387 CTO 22-103(IP=61,AE)
92.118.160.61	32	dbc	None	2020-02-14 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:33	LT TO-S-2020-0298 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20220413 with reason HIVE Case #7387 CTO 22-103(IP=61,AE) HIVE Case #7387 CTO 22-103(IP=61,AE)
92.118.160.9	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:33	HIVE Case #7387 CTO 22-103(IP=9,AE)
92.118.161.1	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:34	HIVE Case #7387 CTO 22-103(IP=1,AE)
92.118.161.49	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:34	HIVE Case #7387 CTO 22-103(IP=49,AE)
92.118.161.61	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:35	Firepower Suspicious Scan Activity (IP=61,LT) | updated by TLM Block was inactive. Reactivated on 20220413 with reason HIVE Case #7387 CTO 22-103(IP=61,AE) HIVE Case #7387 CTO 22-103(IP=61,AE)
92.118.161.61	32	srm	None	2021-05-11 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:35	Firepower Suspicious Scan Activity (IP=61,LT) | updated by TLM Block was inactive. Reactivated on 20220413 with reason HIVE Case #7387 CTO 22-103(IP=61,AE) HIVE Case #7387 CTO 22-103(IP=61,AE)
92.118.161.9	32	TLM	None	2022-04-13 00:00:00	2022-10-13 00:00:00	2022-04-13 13:12:36	HIVE Case #7387 CTO 22-103(IP=9,AE)
92.118.188.78	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:23:15	HIVE Case #7282 CTO 22-085 (IP=78,DE)
92.118.189.140	32	AS	None	2022-01-11 00:00:00	2022-07-11 00:00:00	None	HIVE Case #6760 CTO 22-011 (IP=140,DE)
92.118.189.254	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=254,DE)
92.118.190.118	32	TLM	None	2021-11-04 00:00:00	2022-05-04 00:00:00	None	HIVE Case #6494 CTO 21-303 (IP=118,DE)
92.118.190.122	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6517 CTO 21-313 (IP=122,DE)
92.118.190.165	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:42	HIVE Case #7361 CTO 22-098 (IP=165,DE)
92.118.191.22	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=22,DE)
92.118.234.202	32	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:11	SIPVicious Security Scanner - IPS Events (IP=202,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner -FE IPS (IP=202,US) SIPVicious Security Scanner -FE IPS (IP=202,US)
92.118.234.202	32	SW	None	2022-06-05 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:11	SIPVicious Security Scanner - IPS Events (IP=202,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner -FE IPS (IP=202,US) SIPVicious Security Scanner -FE IPS (IP=202,US)
92.118.234.242	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=242,US)
92.118.234.242	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=242,US)
92.118.234.242	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=242,US)
92.118.39.124	32	TH	None	2022-05-29 00:00:00	2022-08-27 00:00:00	2022-05-29 15:24:08	SIPVicious Security Scanner - FE CMS IPS Events (IP=124,US)
92.118.39.135	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:33	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (1:50646:1) - SourceFire (IP=135,US)
92.118.39.254	32	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:12	SIPVicious Security Scanner - IPS Events(IP=254,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=254,US) SIPVicious Security Scanner - FE IPS (IP=254,US)
92.118.39.254	32	SW	None	2022-05-31 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:12	SIPVicious Security Scanner - IPS Events(IP=254,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=254,US) SIPVicious Security Scanner - FE IPS (IP=254,US)
92.118.39.254	24	SA	None	2022-05-31 00:00:00	2022-08-28 00:00:00	2022-05-31 22:56:22	SIPVicious Security Scanner FE CMS IPS alert (IP=254,RO)
92.118.39.26	32	RS	None	2022-05-13 00:00:00	2022-08-11 00:00:00	2022-05-13 22:36:44	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE IPS Events (IP=26,US)
92.118.39.44	32	JP	None	2022-09-09 00:00:00	2022-12-08 00:00:00	2022-09-09 22:50:19	SIPVicious Security Scanner - IPS Events (IP=44,US)
92.118.39.84	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:14	SIPVicious Security Scanner - FE IPS Events (IP=82,US)
92.118.39.84	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:50	SIPVicious Security Scanner - FE IPS Events (IP=82,US)
92.118.39.95	32	TH	None	2022-04-29 00:00:00	2022-07-28 00:00:00	2022-04-29 22:48:58	SIPVicious Security Scanner - FE CMS IPS Events (IP=95,US)
92.119.177.20	32	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 14:08:36	SQL injection - 6Hr Web Attacks (IP=20,US)
92.119.220.0	22	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	UA TO-S-2021-1156 Malware Activity
92.119.90.42	32	TLM	None	2022-05-10 00:00:00	2022-11-09 00:00:00	2022-05-10 15:21:37	HIVE Case #7557 CTO 22-130 (IP=42,DE)
92.119.90.45	32	TLM	None	2022-06-08 00:00:00	2022-12-07 00:00:00	2022-06-09 13:12:44	HIVE Case #7739 CTO 22-159 (IP=45,DE)
92.124.140.196	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:24	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=196,RU)
92.126.197.132	24	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=132,RU)
92.138.109.160	24	KD	None	2022-03-17 00:00:00	2022-06-15 00:00:00	2022-03-18 13:57:00	SQL injection- Web Attacks (IP=160,FR)
92.154.0.121	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:28	Abnormally Long Request - ArcSight (IP=121,FR)
92.178.228.88	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:30	Abnormally Long Request - ArcSight (IP=88,FR)
92.180.141.10	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=10,FR)
92.187.194.215	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	ES TO-S-2021-1050 Hive Case 4821 Malware Activity
92.189.124.185	24	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=185,ES)
92.204.128.66	32	JP	None	2022-08-19 00:00:00	2022-11-17 00:00:00	2022-08-19 22:51:14	SIPVicious Security Scanner - IPS Events (IP=66,US)
92.204.128.76	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:27	SIPVicious Security Scanner - IPS Events (IP=76,US)
92.204.128.78	32	SW	None	2022-08-16 00:00:00	2022-11-14 00:00:00	2022-08-17 13:52:28	SIPVicious Security Scanner - IPS Events (IP=78,US)
92.204.128.86	32	KH	None	2022-08-17 00:00:00	2022-11-15 00:00:00	2022-08-17 22:26:06	SIPVicious Security Scanner - FE IPS (IP=86,US)
92.204.132.63	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:13	SIPVicious Security Scanner - FE IPS (IP=63,US)
92.204.133.156	32	JP	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-26 22:41:09	SIPVicious Security Scanner - IPS Events (IP=156,US)
92.204.133.4	32	JP	None	2022-09-02 00:00:00	2022-12-01 00:00:00	2022-09-02 22:46:32	SIPVicious Security Scanner - IPS Events (IP=4,US)
92.204.134.205	32	JP	None	2022-08-15 00:00:00	2022-11-13 00:00:00	2022-08-15 22:29:33	SIPVicious Security Scanner - IPS Events (IP=205,US)
92.204.135.163	32	TH	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:21	SIPVicious Security Scanner - FE CMS IPS Events (IP=163,US)
92.204.136.13	32	wmp	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	HIVE Case #6642 JFHQ-DODIN Wave Browser Malware IOCs (IP=13,US)
92.204.136.57	32	JP	None	2022-08-12 00:00:00	2022-11-10 00:00:00	2022-08-12 22:51:17	SIPVicious Security Scanner - IPS Event (IP=57,US)
92.204.136.77	32	JP	None	2022-08-22 00:00:00	2022-11-20 00:00:00	2022-08-22 22:53:07	SIPVicious Security Scanner - IPS Events (IP=77,US)
92.204.138.158	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-28 19:11:25	HIVE Case #7259 COLS-NA TIP 22-0099 (IP=158,US)
92.204.138.16	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:13	SIPVicious Security Scanner - FE IPS (IP=16,US)
92.204.144.118	32	KH	None	2022-09-20 00:00:00	2022-12-19 00:00:00	2022-09-20 22:50:14	SIPVicious Security Scanner - FE IPS (IP=118,US)
92.204.145.11	32	TH	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:22	SIPVicious Security Scanner - FE CMS IPS Events (IP=11,US)
92.204.145.232	32	JP	None	2022-09-19 00:00:00	2022-12-18 00:00:00	2022-09-20 13:55:04	SIPVicious Security Scanner - IPS Events (IP=232,US)
92.204.145.61	32	TH	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:53:22	SIPVicious Security Scanner - FE CMS IPS Events (IP=61,US)
92.204.145.8	32	RS	None	2022-07-27 00:00:00	2022-10-25 00:00:00	2022-07-28 13:49:47	SIPVicious Security Scanner - IPS Events (IP=8,US)
92.204.145.9	32	KH	None	2022-07-26 00:00:00	2022-10-24 00:00:00	2022-07-26 22:50:17	SIPVicious Security Scanner - FE IPS (IP=9,US)
92.204.160.101	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:59	HIVE Case #7361 CTO 22-098 (IP=101,DE)
92.204.160.110	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=110,DE)
92.204.160.114	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:59	HIVE Case #7361 CTO 22-098 (IP=114,DE)
92.204.160.233	32	TLM	None	2022-02-11 00:00:00	2022-08-12 00:00:00	None	HIVE Case #6973 TO-S-2022-0128 (IP=233,DE)
92.204.160.240	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:51	HIVE Case #7458 CTO 22-113 (IP=240,DE)
92.204.160.44	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:17:00	HIVE Case #7361 CTO 22-098 (IP=44,DE)
92.204.160.88	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:17:00	HIVE Case #7361 CTO 22-098 (IP=88,DE)
92.204.160.89	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:17:01	HIVE Case #7361 CTO 22-098 (IP=89,DE)
92.204.163.189	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:28	HIVE Case #7277 CTO 22-084 (IP=189,undefined)
92.204.217.201	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
92.204.218.48	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
92.204.218.69	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	DE TO-S-2021-1156 Malicious Email Activity
92.204.218.69	24	TH	None	2022-02-15 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6984 (IP=69,FR)
92.204.220.49	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:11	HIVE Case #7199 CTO 22-074 (IP=49,FR)
92.204.220.58	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
92.204.222.171	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	DE TO-S-2021-1156 Malicious Email Activity
92.204.223.135	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	DE TO-S-2021-1156 Malicious Email Activity
92.204.241.220	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=220,FR)
92.204.248.74	24	SW	None	2022-04-07 00:00:00	2022-07-06 00:00:00	2022-04-07 23:06:50	SIPVicious Security Scanner - IPS Events (IP=74,FR)
92.205.12.148	32	TLM	None	2022-09-01 00:00:00	2022-12-01 00:00:00	2022-09-02 21:05:05	HIVE Case #8225 COLS-NA-TIP 22-0305 (IP=148,FR)
92.205.15.23	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	DE TO-S-2021-1143 Malicious Email Activity
92.205.17.23	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=23,FR)
92.205.18.239	32	TLM	None	2021-11-10 00:00:00	2022-05-10 00:00:00	None	HIVE Case #6514 TO-S-2022-0075 (IP=239,FR)
92.205.23.6	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=6,FR)
92.205.3.54	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=54,FR)
92.205.4.171	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=171,FR)
92.21.165.65	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malware Activity
92.222.10.19	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:55:41	HIVE Case #7894 CTO 22-187 (IP=19,FR)
92.222.117.110	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=110,FR)
92.222.178.129	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
92.222.212.16	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=16,FR)
92.222.226.13	24	RT	None	2021-10-19 00:00:00	2022-01-17 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attacks (IP=13,FR)
92.222.241.76	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:48	HIVE Case #7779 CTO 22-162 (IP=76,FR)
92.222.85.128	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
92.223.105.173	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:06	HIVE Case #7894 CTO 22-187 (IP=173,LU)
92.223.30.181	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 15:16:54	HIVE Case #7768 CTO 22-161 (IP=181,US)
92.223.30.232	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:21	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=232,US)
92.223.30.52	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:22	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=52,US)
92.223.59.84	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:22	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=84,GB)
92.223.79.71	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=71,IT)
92.223.90.174	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:23	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=174,HK)
92.223.93.148	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:24	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=148,IT)
92.23.90.235	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
92.240.33.133	24	RR	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-05 14:02:50	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=133,BA)
92.241.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GE TO-S-2021-1037 Hive Case 4785 Malware Activity
92.241.84.122	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:10	HIVE Case #7774 CTO 22-166 (IP=122,GE)
92.242.40.0	24	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=0,UA)
92.242.62.131	32	TLM	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 22:29:43	HIVE Case #7139 TO-S-2022-0140 (IP=131,US)
92.242.62.254	32	TLM	None	2022-02-08 00:00:00	2022-08-09 00:00:00	None	HIVE Case #6947 CTO 22-039 (IP=254,US)
92.244.36.67	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
92.244.36.74	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
92.246.160.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
92.252.144.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
92.252.99.99	32	ZH	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-07-01 00:10:34	Suspicious Telerik UI Request - CMS IPS Events (IP=99,US)
92.255.57.115	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:37	NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU)
92.255.57.115	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:37	NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU)
92.255.57.115	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:37	NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU)
92.255.57.115	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:37	NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU)
92.255.57.115	32	RB	None	2022-10-06 00:00:00	2022-11-06 00:00:00	2022-12-08 16:01:37	NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU) | updated by RB Block was inactive. Reactivated on 20221006 with reason NullMixer Malware - IR# 23C02034 (IP=115,RU) NullMixer Malware - IR# 23C02034 (IP=115,RU)
92.255.76.169	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=169,RU)
92.255.76.169	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=169,RU)
92.255.85.135	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:33	HIVE Case #7894 CTO 22-187 (IP=135,HK)
92.255.85.150	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SQL injection - Web Attacks (IP=150,RU)
92.255.85.173	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:10	HIVE Case #7904 CTO 22-189 (IP=173,HK)
92.255.85.237	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:33	HIVE Case #7894 CTO 22-187 (IP=237,HK)
92.255.85.44	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:10	HIVE Case #7904 CTO 22-189 (IP=44,HK)
92.27.2.77	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
92.31.2.185	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
92.38.128.83	32	AS	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 18:26:09	HIVE Case #7881 CTO 22-182 (IP=83,RU)
92.38.135.60	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 15:03:31	HIVE Case #7226 CTO 22-075 (IP=60,KR)
92.38.135.62	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:24	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=62,KR)
92.38.136.69	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6133 CTO 21-243 (IP=69,RU)
92.38.139.170	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:25	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=170,RU)
92.38.149.101	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:25	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=101,US)
92.38.149.241	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:26	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=241,US)
92.38.149.88	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:27	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=88,US)
92.38.152.251	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=251,RU)
92.38.160.101	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=101,KR)
92.38.160.165	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:47	HIVE Case #7380 CTO 22-099 (IP=165,KR)
92.38.160.206	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:07	HIVE Case #7894 CTO 22-187 (IP=206,KR)
92.38.160.58	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:07	HIVE Case #7894 CTO 22-187 (IP=58,KR)
92.38.160.73	32	TLM	None	2022-06-22 00:00:00	2022-12-21 00:00:00	2022-06-23 16:49:32	HIVE Case #7813 CTO 22-173 (IP=73,KR)
92.38.164.34	32	TLM	None	2021-11-04 00:00:00	2022-05-02 00:00:00	None	HIVE Case #6503 CTO 21-306 (IP=34,KR)
92.38.169.136	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:12	HIVE Case #7133 CTO 22-062 (IP=136,US)
92.38.169.241	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:44	HIVE Case #7189 CTO 22-068.1 (IP=241,US)
92.38.171.127	24	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:27	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=127,ES)
92.38.176.47	32	EE	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:19:28	HIVE Case #7776 IOC_Gallium-Trojan-PingPull (IP=47,US)
92.38.178.152	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:16	HIVE Case #7894 CTO 22-187 (IP=152,JP)
92.38.178.214	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=214,JP)
92.38.178.246	24	EE	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #6867 IOC_ MoonBounce (IP=246,JP)
92.38.184.135	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 16:26:43	HIVE Case #7110 CTO 22-057 (IP=135,NL)
92.38.241.146	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=146,NL)
92.39.136.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
92.39.218.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
92.40.169.54	32	TLM	None	2022-03-14 00:00:00	2022-09-14 00:00:00	2022-03-14 19:14:25	HIVE Case #7198 CTO 22-071 (IP=54,GB)
92.40.41.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GB TO-S-2021-1050 Hive Case 4821 Malware Activity
92.42.108.27	24	KH	None	2022-06-17 00:00:00	2022-09-15 00:00:00	2022-06-17 22:28:17	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=27,FR)
92.42.44.138	24	DT	None	2021-10-16 00:00:00	2022-01-14 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=138,DE)
92.49.151.190	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1092 Hive Case 4875 Malware Activity
92.50.248.124	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
92.51.112.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GE TO-S-2021-1050 Hive Case 4821 Malware Activity
92.51.80.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GE TO-S-2021-1050 Hive Case 4821 Malware Activity
92.53.104.106	32	SW	None	2022-06-28 00:00:00	2022-09-26 00:00:00	2022-06-29 13:54:49	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01472 (IP=106,RU)
92.53.119.55	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=55,RU)
92.53.120.64	32	TLM	None	2021-09-21 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6216 CTO 21-264 (IP=64,RU)
92.53.96.150	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6181 CTO 21-257 (IP=150,RU)
92.53.97.145	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=145,RU)
92.53.97.145	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=145,RU)
92.55.1.111	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
92.58.62.49	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
92.62.64.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KG TO-S-2021-1037 Hive Case 4785 Malware Activity
92.63.197.107	24	SW	None	2021-12-12 00:00:00	2022-03-12 00:00:00	None	SQL injection - WebAttacks (IP=107,RU)
92.87.6.204	24	DT	None	2021-12-21 00:00:00	2022-03-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan (IP=215,RO) | updated by TH Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt (1:19559:14) - SourceFire (IP=204,RO)
92.89.173.184	32	KH	None	2022-06-09 00:00:00	2022-09-07 00:00:00	2022-06-09 22:37:41	HTTP: PHP File Inclusion Vulnerability - IR# 22C01337 (IP=184,FR)
92972577.ujsd.kanesatakss.com	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:20	HIVE Case #5940 TO-S-2021-1447
93.104.208.238	32	AS	None	2022-07-01 00:00:00	2022-09-29 00:00:00	2022-07-01 21:45:01	HIVE Case #7874 CTO 22-181 (IP=238,DE)
93.104.211.173	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
93.104.211.50	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malware Activity
93.11.78.239	24	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:44	Abnormally Long Request - ArcSight (IP=239,FR)
93.112.142.122	24	BMP	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	FIREEYE Web: Malware Object Download (IP=122,SA)
93.112.144.53	24	DT	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	Exploit.Log4Shell.CVE-2021-44228 (IP=53,SA)
93.112.161.131	24	WR	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=131,SA)
93.112.193.173	24	WR	None	2022-02-28 00:00:00	2022-05-28 00:00:00	2022-02-28 14:50:37	Adobe ColdFusion Administrator Access Restriction - 6 hr Failed Logons (IP=173,SA)
93.112.196.222	24	KD	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	HIVE Case #6841 Exploit.CVE-2021-44228 (IP=222,SA)
93.112.208.159	24	RB	None	2021-11-08 00:00:00	2022-02-06 00:00:00	None	SQL injection - 6hr web attacks (IP=159,SA)
93.112.238.91	24	NAB	None	2021-12-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=91,SA)
93.112.241.200	24	ZH	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=200,SA)
93.113.206.134	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
93.114.234.123	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GB TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
93.115.10.25	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=25,TR)
93.115.10.25	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=25,TR)
93.115.10.25	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=25,TR)
93.115.18.251	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=251,NL)
93.115.18.254	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=254,NL)
93.115.20.181	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=181,NL) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=181,NL)
93.115.20.75	24	DT	None	2022-01-23 00:00:00	2022-04-22 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=75,NL)
93.115.203.0	24	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=0,ES)
93.115.21.45	24	EE	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:43:53	HIVE Case #7531 New NetDooka Malware (IP=45,NL)
93.115.22.17	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=17,NL)
93.115.22.233	32	BB	None	2022-01-12 00:00:00	2022-04-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00817 (IP=233,CY)
93.115.241.194	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=194,RO)
93.115.26.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,LT)
93.115.27.10	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=10,LT)
93.115.27.10	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=10,LT)
93.115.27.10	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=10,LT)
93.115.27.132	24	SA	None	2022-06-06 00:00:00	2022-09-04 00:00:00	2022-06-07 13:41:25	SIPVicious Security Scanner - FE CMS IPS alert (IP=132,LT)
93.115.28.155	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=155,LT)
93.115.28.155	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=155,LT)
93.115.28.155	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=155,LT)
93.115.29.0	24	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=0,LT)
93.115.35.114	24	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:46:35	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=114,AU)
93.115.35.114	24	DT	None	2022-02-28 00:00:00	2022-05-29 00:00:00	2022-03-01 14:50:12	Exploit.Log4Shell.CVE-2021-44228 - FireEye NX (IP=114,AU)
93.115.76.119	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=119,TR)
93.115.79.244	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=244,TR)
93.118.184.0	22	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IR TO-S-2021-1037 Hive Case 4785 Malware Activity
93.123.12.103	32	TLM	None	2022-06-14 00:00:00	2022-12-13 00:00:00	2022-06-14 20:43:44	HIVE Case #7769 CTO 22-165 (IP=103,BG)
93.124.126.237	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
93.13.93.122	24	BB	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=122,FR)
93.138.124.105	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HR TO-S-2021-1037 Hive Case 4785 Malware Activity
93.139.14.195	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HR TO-S-2021-1037 Hive Case 4785 Malware Activity
93.140.5.81	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HR TO-S-2021-1037 Hive Case 4785 Malware Activity
93.142.252.11	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HR TO-S-2021-1050 Hive Case 4821 Malware Activity
93.146.85.158	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.148.143.228	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.151.121.251	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.155.196.214	24	RR	None	2022-02-25 00:00:00	2022-05-26 00:00:00	2022-02-25 14:56:23	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=214,BG)
93.157.120.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
93.159.136.101	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
93.168.33.45	24	ZH	None	2022-01-19 00:00:00	2022-04-19 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54598:2)- Sourcefire Rpt (IP=45,SA)
93.176.215.166	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
93.177.73.90	24	EE	None	2021-02-15 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:10	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=90,DE) | updated by KD Block was inactive. Reactivated on 20220227 with reason Infection Match (blocked)- FIREEYE Web(IP=90,DE)
93.177.75.2	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:07	Infection Match (blocked)- FIREEYE Web(IP=2,FR)
93.177.75.2	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:10	Infection Match (blocked)- FIREEYE Web(IP=2,FR)
93.177.75.82	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:01	SERVER-WEBAPP Apache Log4j logging remote code execution attempt- Web Attacks(IP=82,FR)
93.178.254.69	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:16:43	HIVE Case #7361 CTO 22-098 (IP=69,UA)
93.178.29.65	24	DT	None	2022-04-09 00:00:00	2022-07-08 00:00:00	2022-04-10 13:58:56	SQL injection - 6Hr Web Attack (IP=65,SA)
93.178.42.181	24	KD	None	2022-04-15 00:00:00	2022-07-15 00:00:00	2022-04-16 14:47:00	SQL injection- Web Attacks(IP=181,SA) | updated by RR Block expiration extended with reason SERVER-WEBAPP Apache APISIX default admin API backdoor usage attempt - SourceFire (IP=181,SA)
93.178.48.229	24	RR	None	2022-05-05 00:00:00	2022-08-03 00:00:00	2022-05-05 13:48:46	SQL injection - Web Attacks (IP=229,SA)
93.183.176.21	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
93.183.201.156	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:50	HIVE Case #7458 CTO 22-113 (IP=156,UA)
93.184.215.201	32	RT	None	2021-12-22 00:00:00	2022-07-18 00:00:00	2022-08-09 17:32:37	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (1:16295:13) - Sourcefire Report (IP=201,US) | Legitimate IP which results in domain (download.visualstudio.microsoft.com) by RT | updated by SA Block was inactive. Reactivated on 20220524 with reason FILE-OSAER Kaspersky antivirus library heap buffer overflow - wiSAout optional fields (1:16295:13) - SourceFire Report (IP=201,US) | UNBLOCKED - INC0379318: Unblock IP for https://download.visualstudio.microsoft.com
93.185.96.0	24	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5968 TO-S-2021-1276 (IP=0,CZ)
93.186.253.67	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.187.206.206	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=206,TR)
93.187.38.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IQ TO-S-2021-1050 Hive Case 4821 Malware Activity
93.188.0.20	24	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt- Sourcefire (IP=20,SE)
93.188.164.203	32	RR	None	2022-07-10 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:32	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - SourceFire (IP=203, US) | updated by RR Block expiration extended with reason SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=203,US) SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=203,US)
93.188.164.203	32	RR	None	2022-07-09 00:00:00	2022-10-07 00:00:00	2022-07-10 14:32:45	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=203,US)
93.188.164.203	32	ZH	None	2022-07-08 00:00:00	2022-10-08 00:00:00	2022-07-10 14:32:32	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - SourceFire (IP=203, US) | updated by RR Block expiration extended with reason SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=203,US) SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=203,US)
93.188.165.171	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
93.188.167.97	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=97,CY)
93.189.156.151	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:08	HIVE Case #7894 CTO 22-187 (IP=151,DE)
93.190.139.223	24	EE	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=223,NL) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=223,NL) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=223,NL)
93.190.139.223	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=223,NL) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=223,NL) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=223,NL)
93.190.139.223	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=223,NL) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=223,NL) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=223,NL)
93.190.143.101	24	EE	None	2022-02-14 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=101,NL) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=101,NL) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=101,NL)
93.190.143.101	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=101,NL) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=101,NL) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=101,NL)
93.190.143.101	24	EE	None	2021-09-27 00:00:00	2022-05-15 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=101,NL) | updated by EE Block was inactive. Reactivated on 20220214 with reason HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=101,NL) HIVE Case #6935 IOC_LockBit 2.0 Ransomware-FBI_Advisory (IP=101,NL)
93.203.44.199	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=199,DE)
93.203.46.35	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=35,DE)
93.38.57.77	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.40.224.144	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.41.200.201	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	IT TO-S-2021-1102 Malware Activity
93.41.206.233	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.42.110.44	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.42.154.227	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.42.255.250	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.43.29.130	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.46.52.84	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.46.96.174	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.48.41.176	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=176,IT)
93.48.80.198	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:09	HIVE Case #7199 CTO 22-074 (IP=198,IT)
93.49.105.126	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.49.247.80	24	RR	None	2021-11-28 00:00:00	2022-02-26 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=80,IT)
93.51.177.66	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=66,IT)
93.51.177.67	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:28	HIVE Case #7199 CTO 22-074 (IP=67,IT)
93.51.177.68	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:29	HIVE Case #7199 CTO 22-074 (IP=68,IT)
93.51.177.69	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:30	HIVE Case #7199 CTO 22-074 (IP=69,IT)
93.51.177.70	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:30	HIVE Case #7199 CTO 22-074 (IP=70,IT)
93.54.88.248	32	RW	None	2019-10-03 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent/BOT: Potential Muieblackcat Scanner Double-URI Traffic - TT# 20C00062 (IP=248,US) | updated by dbc Block was inactive. Reactivated on 20210120 with reason IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.62.63.170	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=170,IT)
93.63.170.101	24	KH	None	2022-07-11 00:00:00	2022-11-11 00:00:00	2022-08-14 13:58:09	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:3) - Sourcefire (IP=101,IT) | updated by RR Block expiration extended with reason POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=101,IT)
93.64.39.53	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.67.134.47	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.67.153.238	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.67.74.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.70.225.249	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
93.70.253.174	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.81.222.107	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:12	Suspicious Scan Activity (IP=107,RU)
93.88.44.108	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
93.89.226.17	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
93.90.146.103	24	WR	None	2022-01-21 00:00:00	2022-04-21 00:00:00	None	Malicious IPs - Hive Case 6813
93.90.32.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
93.91.150.159	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
93.91.152.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
93.92.134.211	24	BB	None	2021-10-17 00:00:00	2022-01-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=211,DE)
93.92.69.34	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:25	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=34,RU)
93.95.184.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
93.95.224.223	32	TLM	None	2022-03-28 00:00:00	2022-09-28 00:00:00	2022-03-28 12:22:51	HIVE Case #7282 CTO 22-085 (IP=223,IS)
93.95.225.136	32	AS	None	2022-04-06 00:00:00	2022-10-05 00:00:00	2022-04-06 18:02:14	HIVE Case #7345 CTO 22-095 (IP=136,IS)
93.95.225.238	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=238,IS)
93.95.225.246	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=246,IS)
93.95.226.51	24	DT	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=51,IS)
93.95.227.169	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:52	HIVE Case #7820 CTO 22-174 (IP=169,IS)
93.95.227.5	32	TLM	None	2021-12-06 00:00:00	2022-06-06 00:00:00	None	HIVE Case #6612 CTO 21-336 (IP=5,IS)
93.95.227.64	24	TH	None	2022-02-21 00:00:00	2022-05-22 00:00:00	None	Directory Traversal Attempt- IPS Events (IP=64,IS)
93.95.228.230	32	AS	None	2022-04-06 00:00:00	2022-10-05 00:00:00	2022-04-06 18:02:14	HIVE Case #7345 CTO 22-095 (IP=230,IS)
93.95.228.74	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:33	HIVE Case #7199 CTO 22-074 (IP=74,IS)
93.95.229.160	32	TLM	None	2022-05-26 00:00:00	2022-11-25 00:00:00	2022-05-26 18:27:38	HIVE Case #7669 TO-S-2022-0187 (IP=160,IS)
93.95.229.219	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:14	HIVE Case #7495 CTO 22-120 (IP=219,IS)
93.95.230.162	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:34	HIVE Case #7199 CTO 22-074 (IP=162,IS)
93.95.230.232	32	AS	None	2022-03-03 00:00:00	2022-09-03 00:00:00	2022-03-03 17:36:13	HIVE Case #7133 CTO 22-062 (IP=232,IS)
9353163105.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:20	HIVE Case #5985 TO-S-2021-1459
937937-282634282634.funlineinc.com	---	TLM	None	2021-06-14 00:00:00	2022-06-14 00:00:00	2023-01-19 22:57:21	HIVE Case #5590 TO-S-2021-1276 Malicious Emails Activity
9399777560.somalihealthcareprofessionals.com	---	TLM	None	2021-06-17 00:00:00	2022-06-17 00:00:00	2023-01-19 22:58:02	HIVE Case #5644 TO-S-2021-1352
94.100.180.197	32	TLM	None	2022-03-07 00:00:00	2022-09-07 00:00:00	2022-03-07 16:55:40	HIVE Case #7152 CTO 22-064 F1 (IP=197,RU)
94.101.179.63	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:18	HIVE Case #7894 CTO 22-187 (IP=63,IR)
94.101.21.129	32	TLM	None	2022-01-04 00:00:00	2022-07-04 00:00:00	None	HIVE Case #6729 CTO 22-004 (IP=129,PL)
94.101.224.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LV TO-S-2021-1050 Hive Case 4821 Malware Activity
94.102.12.47	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=47,TR)
94.102.4.27	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=27,TR)
94.102.56.10	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:10	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=10,NL)
94.102.56.10	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:40:42	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=10,NL)
94.102.56.10	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 15:26:00	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=10,NL)
94.102.56.11	32	AR	None	2022-06-26 00:00:00	2022-09-24 00:00:00	2022-06-27 13:55:33	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 22C01460 (IP=11,NL)
94.102.56.9	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:24:11	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=9,NL)
94.102.56.9	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 14:40:43	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=9,NL)
94.102.56.9	24	AR	None	2022-03-05 00:00:00	2022-06-03 00:00:00	2022-03-06 15:26:01	SSH2 Failed Login Attempt - 6Hr Failed Logons (IP=9,NL)
94.102.6.25	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=25,TR)
94.103.80.188	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=188,NL)
94.103.81.171	32	TLM	None	2021-10-12 00:00:00	2022-04-12 00:00:00	None	HIVE Case #6349 CTO 21-275 (IP=171,NL)
94.103.85.7	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6445 CTO 21-260 (IP=7,RU)
94.103.93.36	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=36,RU)
94.103.96.0	20	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	CH TO-S-2021-1156 Malicious Email Activity
94.111.43.1	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BE TO-S-2021-1050 Hive Case 4821 Malware Activity
94.112.121.104	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CZ TO-S-2021-1050 Hive Case 4821 Malware Activity
94.112.17.9	24	KH	None	2022-07-04 00:00:00	2022-10-02 00:00:00	2022-07-04 22:55:50	SERVER-OTHER Apache Log4j logging remote code execution attempt - Sourcefire (IP=9,CZ)
94.120.202.52	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
94.121.139.228	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
94.122.213.157	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.122.4.88	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.123.129.26	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.127.212.110	24	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:10	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=110,JO)
94.128.20.0	22	TLM	None	2021-07-01 00:00:00	2022-01-01 00:00:00	None	HIVE Case #5735 TO-S-2021-1379 (IP=0,KW)
94.130.109.30	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1092 Hive Case 4875 Malicious Email Activity
94.130.130.43	32	AS	None	2022-07-08 00:00:00	2022-10-06 00:00:00	2022-07-11 13:15:11	HIVE Case #7904 CTO 22-189 (IP=43,DE)
94.130.136.49	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	DE TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
94.130.209.20	32	TLM	None	2022-05-27 00:00:00	2022-11-26 00:00:00	2022-05-27 14:16:38	HIVE Case #7676 CTO 22-147 (IP=20,DE)
94.130.226.7	24	RR	None	2022-04-26 00:00:00	2022-07-25 00:00:00	2022-04-26 13:48:48	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt - SourceFire (IP=7,DE)
94.137.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
94.137.78.4	24	RS	None	2022-05-04 00:00:00	2022-08-02 00:00:00	2022-05-04 22:52:15	SIPVicious Security Scanner - FE IPS Events (IP=4,RU)
94.140.112.178	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=178,LV)
94.140.113.64	32	AS	None	2022-01-28 00:00:00	2022-07-28 00:00:00	None	HIVE Case #6856 CTO 22-027 (IP=64,LV)
94.140.115.135	32	AS	None	2022-03-31 00:00:00	2022-09-30 00:00:00	2022-03-31 14:47:49	HIVE Case #7308 CTO 22-090 (IP=135,LV)
94.140.115.156	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:28	HIVE Case #7705 CTO 22-153 (IP=156,LV)
94.140.115.160	32	TLM	None	2022-03-17 00:00:00	2022-09-17 00:00:00	2022-03-17 16:17:36	HIVE Case #7227 CTO 22-076 (IP=160,LV)
94.140.115.34	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:27	HIVE Case #7705 CTO 22-153 (IP=34,LV)
94.140.120.88	32	TLM	None	2022-03-23 00:00:00	2022-09-23 00:00:00	2022-03-23 12:28:39	HIVE Case #7258 CTO 22-082 (IP=88,LV)
94.140.8.206	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:08	HIVE Case #7894 CTO 22-187 (IP=206,US)
94.140.8.50	32	SW	None	2022-04-06 00:00:00	2022-07-05 00:00:00	2022-04-06 22:49:32	SQL generic convert injection attempt - GET parameter (1:26925:2) - SourceFire (IP=50,US)
94.143.192.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KG TO-S-2021-1037 Hive Case 4785 Malware Activity
94.153.200.158	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:51	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=158,UA)
94.154.31.208	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
94.156.174.29	24	KH	None	2022-07-04 00:00:00	2022-10-04 00:00:00	2022-07-07 13:50:25	ET EXPLOIT Apache log4j RCE Attempt (tcp rmi) (CVE-2021-44228) - Sourcefire (IP=29,BG) | updated by RR Block expiration extended with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=29,BG)
94.158.244.213	32	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:15	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=213,US)
94.158.245.163	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6582 CTO 21-320 (IP=163,MD)
94.158.245.204	32	TLM	None	2022-01-10 00:00:00	2022-07-10 00:00:00	None	HIVE Case #6755 CTO 22-006 (IP=204,MD)
94.158.245.32	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6443 CTO 21-300 (IP=32,MD)
94.158.245.67	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=67,MD)
94.158.247.104	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=104,US)
94.158.247.24	32	EE	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-07 22:31:55	HIVE Case #7882 IOC_Recordbreaker_Stealer (IP=24,US)
94.158.247.28	32	TLM	None	2022-02-10 00:00:00	2022-08-11 00:00:00	None	HIVE Case #6963 CTO 22-041 (IP=28,US)
94.158.59.118	24	KD	None	2022-04-18 00:00:00	2022-07-17 00:00:00	2022-04-18 22:44:15	FTP Login Failed - 6hr Failed Logons (IP=118,UZ)
94.158.80.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
94.16.121.91	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=91,AT)
94.16.149.101	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-07 00:43:54	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability- Web Attacks(IP=101,CH)
94.177.118.79	32	KD	None	2022-05-09 00:00:00	2022-08-07 00:00:00	2022-05-10 13:48:17	Scanner or Short-Description: HTTP: PHP File Inclusion Vulnerability - IR# 22C01247(IP=79,US)
94.177.199.246	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
94.177.248.64	32	TLM	None	2021-11-29 00:00:00	2022-05-29 00:00:00	None	HIVE Case #6584 CTO 21-322 (IP=64,GB)
94.177.251.146	24	NHL	None	2020-11-17 00:00:00	2022-11-17 00:00:00	None	Case # 4289 - IOC_ SilverHawk_Android_Spyware (IP=146,GB)
94.180.25.152	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:12	Suspicious Scan Activity (IP=152,RU)
94.191.112.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
94.191.16.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
94.191.32.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
94.191.48.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CN TO-S-2021-1050 Hive Case 4821 Malware Activity
94.191.96.0	20	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CN TO-S-2021-1037 Hive Case 4785 Malware Activity
94.198.213.3	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
94.198.43.102	24	AR	None	2022-03-08 00:00:00	2022-06-06 00:00:00	2022-03-08 18:08:51	SQL injection - 6Hr Web Attack (IP=102,SG)
94.199.180.93	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=93,HU)
94.199.200.245	32	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	TR TO-S-2021-1081 Hive Case 4872 Malicious Email Activity
94.20.57.107	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AZ TO-S-2021-1050 Hive Case 4821 Malware Activity
94.20.59.29	32	BB	None	2021-11-24 00:00:00	2022-02-22 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 22C00414 (IP=29,AZ)
94.207.37.219	24	KD	None	2021-10-12 00:00:00	2022-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- 6hr Web Attacks (IP=219,AE)
94.21.0.251	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
94.21.207.183	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
94.21.235.176	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
94.21.91.138	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HU TO-S-2021-1050 Hive Case 4821 Malware Activity
94.214.186.23	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	NL TO-S-2021-1037 Hive Case 4785 Malware Activity
94.225.227.224	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BE TO-S-2021-1037 Hive Case 4785 Malware Activity
94.228.112.0	20	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=0,RU)
94.228.117.103	24	AR	None	2022-05-11 00:00:00	2022-08-09 00:00:00	2022-05-11 13:43:37	HIVE CASE 7561 - CMS Notified Report (IP=103,RU)
94.228.178.137	32	SW	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00750(IP=137,FR)
94.228.195.67	24	RR	None	2021-10-21 00:00:00	2022-01-19 00:00:00	None	SQL injection - Web Attacks (IP=67,RU)
94.23.145.133	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=133,NL)
94.23.147.124	32	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6198 TO-S-2021-1556 (IP=124,NL)
94.23.147.35	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.23.150.105	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=105,NL)
94.23.150.105	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=105,NL)
94.23.150.105	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=105,NL)
94.23.154.222	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
94.23.154.222	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
94.23.154.222	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
94.23.154.222	32	jkc	None	2021-03-19 00:00:00	2022-03-19 00:00:00	None	Case # 5090 TO-S-2021-1185 Malicious Callback
94.23.160.57	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=57,DE)
94.23.18.138	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
94.23.194.138	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
94.23.20.219	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=219,FR)
94.23.20.219	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=219,FR)
94.23.20.219	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=219,FR)
94.23.207.160	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.23.208.18	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	FR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.23.216.43	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	FR TO-S-2021-1102 Malicious Email Activity
94.23.24.37	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
94.23.254.208	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
94.23.76.54	32	TLM	None	2021-10-21 00:00:00	2022-04-21 00:00:00	None	HIVE Case #6386 CTO 21-288 (IP=54,PT)
94.23.76.95	32	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6196 CTO 21-258 (IP=95,PT)
94.23.77.238	24	KH	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-06 23:38:23	SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt - Sourcefire (IP=238,PT)
94.230.152.192	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	CZ TO-S-2021-1037 Hive Case 4785 Malware Activity
94.230.20.71	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=71,PL)
94.231.217.17	32	NAB	None	2021-12-27 00:00:00	2022-03-27 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=17,US)
94.232.152.86	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
94.232.41.155	32	TLM	None	2022-04-21 00:00:00	2022-10-21 00:00:00	2022-04-21 19:03:11	HIVE Case #7441 CTO 22-111 (IP=155,RU)
94.234.8.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
94.236.133.15	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
94.236.163.220	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
94.237.100.32	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6442 CTO 21-299 (IP=32,FI)
94.237.111.12	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=12,NL)
94.237.112.0	21	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=0,FI)
94.237.3.128	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=128,FI)
94.237.77.176	24	ZH	None	2022-02-08 00:00:00	2022-05-09 00:00:00	None	Phishing SIP HIVE Case # 6942 (IP=176,FI)
94.237.80.0	20	TLM	None	2021-09-17 00:00:00	2022-03-17 00:00:00	None	HIVE Case #6198 TO-S-2021-1556 (IP=0,FI)
94.240.35.18	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PL TO-S-2021-1050 Hive Case 4821 Malware Activity
94.248.238.194	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
94.250.201.221	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:47	HIVE Case #7662 CTO 22-145 (IP=221,DE)
94.250.251.39	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=39,RU)
94.250.251.39	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=39,RU)
94.27.197.81	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	HU TO-S-2021-1037 Hive Case 4785 Malware Activity
94.29.124.148	32	dbc	None	2021-03-04 00:00:00	2022-03-04 00:00:00	None	RU TO-S-2021-1143 Malicious Connections Activity
94.30.133.110	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	LV TO-S-2021-1050 Hive Case 4821 Malware Activity
94.31.29.64	32	TLM	None	2022-05-03 00:00:00	2022-11-02 00:00:00	2022-05-04 20:59:43	HIVE Case #7506 TO-S-2022-0174 (IP=64,GB)
94.36.191.174	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
94.43.10.243	24	RS	None	2022-07-14 00:00:00	2022-10-12 00:00:00	2022-07-14 22:47:09	SIPVicious Security Scanner - IPS Events (IP=243,GE)
94.43.175.170	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GE TO-S-2021-1037 Hive Case 4785 Malware Activity
94.45.158.144	24	RR	None	2021-12-10 00:00:00	2022-03-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=144,UK)
94.45.192.0	19	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
94.46.14.80	32	TLM	None	2021-06-14 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=80,PT) | updated by TLM Block expiration extended with reason HIVE Case #5968 TO-S-2021-1276 (IP=80,PT)
94.46.170.101	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=101,PT)
94.46.179.80	24	KD	None	2022-02-27 00:00:00	2022-05-28 00:00:00	2022-02-27 23:09:18	Infection Match (blocked)- FIREEYE Web(IP=80,PT)
94.46.181.14	32	TLM	None	2021-08-05 00:00:00	2022-02-05 00:00:00	None	HIVE Case #5 TO-S-2021-1447 (IP=14,PT)
94.46.22.60	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=60,PT)
94.46.25.126	32	TLM	None	2021-08-20 00:00:00	2022-02-20 00:00:00	None	HIVE Case #6025 TO-S-2021-1472 (IP=126,PT)
94.53.67.110	24	KH	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 22:20:30	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=110,RO)
94.54.25.225	24	AR	None	2022-02-17 00:00:00	2022-05-17 00:00:00	None	SQL injection - 6 Hr Web Attacks (IP=225,TR)
94.59.224.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AE TO-S-2021-1037 Hive Case 4785 Malware Activity
94.59.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AE TO-S-2021-1037 Hive Case 4785 Malware Activity
94.60.15.3	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PT TO-S-2021-1050 Hive Case 4821 Malware Activity
94.60.231.90	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PT TO-S-2021-1050 Hive Case 4821 Malware Activity
94.60.254.81	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:09	HIVE Case #7199 CTO 22-074 (IP=81,PT)
94.60.52.218	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PT TO-S-2021-1050 Hive Case 4821 Malware Activity
94.63.222.224	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	PT TO-S-2021-1050 Hive Case 4821 Malware Activity
94.63.226.226	24	RS	None	2022-07-18 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:01	22622 HTTP ThinkPHP Framework Code Injection Vulnerability - IR# 22C01694 (IP=226,PT) | updated by RR Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=226,PT)
94.64.104.91	24	SW	None	2022-08-08 00:00:00	2022-11-06 00:00:00	2022-08-09 13:57:39	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=91,GR)
94.67.44.102	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.69.100.183	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.69.128.234	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	GR TO-S-2021-1037 Hive Case 4785 Malware Activity
94.69.244.186	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	GR TO-S-2021-1050 Hive Case 4821 Malware Activity
94.73.155.12	32	TLM	None	2021-10-25 00:00:00	2022-04-25 00:00:00	None	HIVE Case #6412 TO-S-2022-1635 (IP=12,TR)
94.74.123.228	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:41	HIVE Case #7704 TO-S-2022-0190 (IP=228,HK)
94.74.69.100	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
94.76.25.234	24	RT	None	2022-02-03 00:00:00	2022-05-04 00:00:00	None	Log4J Scanning - (IP=234,BH)
94.78.236.254	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
94.93.93.109	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=109,IT) | UNBLOCKED per CTO 22-305
94.93.93.17	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=17,IT) | UNBLOCKED per CTO 22-305
94.93.93.51	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=51,IT) | UNBLOCKED per CTO 22-305
94.99.224.0	19	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	SA TO-S-2021-1102 Malware Activity
9408181075.smartwife.in	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:16	HIVE Case #5940 TO-S-2021-1447
9425443986.nielsvandervlist.nl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:41	HIVE Case #5940 TO-S-2021-1447
95.0.184.115	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.0.184.148	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.0.66.24	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.0.9.72	32	KH	None	2022-03-03 00:00:00	2022-06-01 00:00:00	2022-03-03 23:49:20	Threat Team Request / Ukraine IOCs - TT# 22C00990 (IP=72,TR)
95.107.161.172	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	AL TO-S-2021-1037 Hive Case 4785 Malware Activity
95.107.172.179	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
95.107.252.217	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	AL TO-S-2021-1050 Hive Case 4821 Malware Activity
95.110.201.243	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.110.201.99	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.110.216.39	32	TLM	None	2021-09-23 00:00:00	2022-03-23 00:00:00	None	HIVE Case #6235 TO-S-2021-1568 (IP=39,IT)
95.110.227.41	32	RB	None	2019-10-04 00:00:00	2022-01-20 00:00:00	None	Known Attack Tool User Agent / BOT: Muieblackcat Traffic Detected - TT# 20C00143 (IP=41,IT) | updated by dbc Block was inactive. Reactivated on 20210120 with reason IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.111.199.196	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:09	HIVE Case #7894 CTO 22-187 (IP=196,SG)
95.111.236.212	24	RS	None	2022-08-05 00:00:00	2022-11-03 00:00:00	2022-08-06 13:52:16	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=212,UA)
95.111.247.252	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:29	HIVE Case #7623 CTO 22-139 (IP=252,DE)
95.112.118.167	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:05	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=167,DE)
95.112.128.167	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:05	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=167,DE)
95.112.26.67	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:06	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=67,DE)
95.112.99.68	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:06	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=68,DE)
95.116.202.95	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:07	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=95,DE)
95.116.84.233	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:08	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=233,DE)
95.12.114.132	24	RS	None	2022-09-14 00:00:00	2022-12-13 00:00:00	2022-09-15 14:40:46	SQL injection - Web Attacks (IP=132,TR)
95.12.114.248	24	TH	None	2022-05-26 00:00:00	2022-08-24 00:00:00	2022-05-26 22:51:17	SQL injection - 6 Hr Web Report (IP=248,TR)
95.12.115.247	24	DT	None	2022-02-10 00:00:00	2022-05-12 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=247,TR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=247,TR)
95.12.118.224	24	AR	None	2022-08-14 00:00:00	2022-11-12 00:00:00	2022-08-15 13:56:56	Apache Log4j CVE-2021-44228 Remote Code Execution - FE NX (IP=224,TR)
95.12.120.106	24	RS	None	2022-07-15 00:00:00	2022-10-13 00:00:00	2022-07-15 22:50:52	Exploit.CVE-2021-44228 - Apache Log4j2 - Case 6651 (IP=106,TR)
95.128.43.164	24	srm	None	2022-02-16 00:00:00	2022-05-17 00:00:00	None	HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=164,FR)
95.129.168.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
95.13.228.57	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.130.173.50	32	dbc	None	2021-02-22 00:00:00	2022-02-22 00:00:00	None	TR TO-S-2021-1102 Malicious Email Activity
95.131.112.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	LV TO-S-2021-1037 Hive Case 4785 Malware Activity
95.138.128.160	32	srm	None	2021-10-26 00:00:00	2022-01-24 00:00:00	None	HIVE Case #NA Forcepoint FP Bot Networks (IP=160,GB)
95.14.193.183	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.140.7.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	FR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.141.176.0	20	dbc	None	2021-02-05 00:00:00	2022-02-05 00:00:00	None	RU TO-S-2021-1081 Hive Case 4872 Malware Activity
95.142.161.63	24	MLJ	None	2018-01-31 06:00:00	2022-05-17 00:00:00	None	Illegal user (IP=63,FR) | updated by srm Block was inactive. Reactivated on 20220216 with reason HIVE Case #6985 IOC_ APT 28 APT 29 and TURLA Mandiant Intel (IP=63,FR)
95.142.179.91	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.142.37.45	24	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - Web Attacks (IP=45,RU)
95.142.37.45	24	AR	None	2022-02-02 00:00:00	2022-05-02 00:00:00	None	SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt - SourceFire (IP=45,RU)
95.143.176.0	20	TLM	None	2022-02-15 00:00:00	2022-08-16 00:00:00	None	HIVE Case #6994 TO-S-2022-0130 (IP=0,RU)
95.152.3.99	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
95.152.37.230	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
95.153.171.109	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:13	Suspicious Scan Activity (IP=109,RU)
95.154.64.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	RU TO-S-2021-1037 Hive Case 4785 Malware Activity
95.154.80.0	21	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
95.156.144.0	20	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BA TO-S-2021-1050 Hive Case 4821 Malware Activity
95.158.0.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	UA TO-S-2021-1037 Hive Case 4785 Malware Activity
95.158.3.162	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:43	HIVE Case #7325 CTO 22-091 (IP=162,UA)
95.160.63.13	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	PL TO-S-2021-1037 Hive Case 4785 Malware Activity
95.161.76.100	32	srm	None	2022-01-31 00:00:00	2022-05-01 00:00:00	None	HIVE Case #NA FP Security (IP=100,AG)
95.163.148.86	24	KD	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 22:36:16	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805)-TT# 22C01016(IP=86,US)
95.168.166.216	24	RS	None	2022-05-22 00:00:00	2022-08-20 00:00:00	2022-05-22 22:24:45	SIPVicious Security Scanner - FE IPS Events (IP=216,RU)
95.173.231.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.174.29.10	32	TLM	None	2022-09-22 00:00:00	2022-12-21 00:00:00	2022-09-23 18:14:32	HIVE Case #8346 TO-S-2022-0231 (IP=10,IT)
95.174.65.239	32	AS	None	2022-04-08 00:00:00	2022-10-08 00:00:00	2022-04-08 17:17:01	HIVE Case #7361 CTO 22-098 (IP=239,DK)
95.175.109.133	32	DT	None	2021-11-26 00:00:00	2022-11-26 00:00:00	None	- TOLL Mitigation Request #INC0124872 SNOW (IP=133,FI)
95.177.192.170	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	SA TO-S-2021-1050 Hive Case 4821 Malware Activity
95.178.159.193	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	HR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.179.130.249	24	KD	None	2022-04-27 00:00:00	2022-07-26 00:00:00	2022-04-28 14:34:04	SQL injection- Web Attacks (IP=249,NL)
95.179.136.13	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 17:56:11	HIVE Case #7705 CTO 22-153 (IP=13,NL)
95.179.145.120	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=120,NL)
95.179.150.237	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:24	HIVE Case #7495 CTO 22-120 (IP=237,NL)
95.179.158.21	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 12:19:58	HIVE Case #7104 TO-S-2022-0138 (IP=21,NL)
95.179.167.115	32	TLM	None	2021-10-06 00:00:00	2022-04-06 00:00:00	None	HIVE Case #6310 CTO 21-273 (IP=115,DE)
95.179.186.104	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=104,NL)
95.179.186.181	24	RR	None	2022-04-05 00:00:00	2022-07-04 00:00:00	2022-04-05 14:32:05	SQL injection - Web Attcks (IP=181,NL)
95.179.202.82	32	TLM	None	2021-12-21 00:00:00	2022-06-21 00:00:00	None	HIVE Case #6682 CTO 21-352 (IP=82,GB)
95.179.208.205	32	TLM	None	2021-10-29 00:00:00	2022-04-27 00:00:00	None	HIVE Case #6447 CTO 21-287 (IP=205,FR)
95.179.216.72	32	TLM	None	2022-05-02 00:00:00	2022-11-01 00:00:00	2022-05-04 17:56:24	HIVE Case #7495 CTO 22-120 (IP=72,FR)
95.179.216.77	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:58	HIVE Case #7745 CTO 22-160 (IP=77,FR)
95.179.221.114	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=114,FR)
95.179.222.95	32	TLM	None	2021-12-02 00:00:00	2022-06-02 00:00:00	None	HIVE Case #6600 TO-S-2022-0090 (IP=95,FR)
95.179.223.56	24	EE	None	2022-02-07 00:00:00	2022-05-08 00:00:00	None	HIVE Case #6932 IOC_Gamaredon (IP=56,FR)
95.179.235.204	32	AS	None	2022-03-29 00:00:00	2022-09-27 00:00:00	2022-03-29 17:57:34	HIVE Case #7296 CTO 22-088 (IP=204,GB)
95.179.242.115	32	TLM	None	2021-12-10 00:00:00	2022-06-10 00:00:00	None	HIVE Case #6644 CTO 21-344 (IP=115,DE)
95.179.252.77	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:10	HIVE Case #7894 CTO 22-187 (IP=77,DE)
95.181.161.49	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:25	HIVE Case #7088 CTO 22-056 (IP=49,NL)
95.181.161.50	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:25	HIVE Case #7088 CTO 22-056 (IP=50,NL)
95.181.232.8	24	ZH	None	2022-09-16 00:00:00	2022-12-15 00:00:00	2022-09-16 22:50:11	Exploit.Log4Shell.CVE-2021-44228 - FE NX (IP=8,MA)
95.182.105.135	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:26	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=135,KZ)
95.182.106.43	32	JKC	None	2022-03-23 00:00:00	2022-06-23 00:00:00	2022-03-23 18:46:26	HIVE Case #7264 FBI Russian Energy Sector Scans (IP=43,KZ)
95.182.122.93	24	AR	None	2022-08-02 00:00:00	2022-10-31 00:00:00	2022-08-02 13:50:49	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=93,RU)
95.182.123.142	32	TLM	None	2021-09-24 00:00:00	2022-03-24 00:00:00	None	HIVE Case #6252 CTO 21-265 (IP=142,RU)
95.182.77.0	24	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
95.183.127.66	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
95.210.2.89	32	TLM	None	2021-07-09 00:00:00	2022-01-09 00:00:00	None	HIVE Case #5775 TO-S-2021-1390 (IP=89,GB)
95.211.199.145	32	TLM	None	2022-02-25 00:00:00	2022-08-26 00:00:00	2022-02-25 13:04:35	HIVE Case #7088 CTO 22-056 (IP=145,NL)
95.211.223.25	24	DT	None	2021-12-30 00:00:00	2022-03-30 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (1:32959:3) - Source Fire (IP=25,NL)
95.211.253.6	24	SW	None	2022-03-21 00:00:00	2022-06-19 00:00:00	2022-03-21 23:00:54	SIPVicious Security Scanner - IPS Events(IP=6,NL)
95.213.145.101	32	TLM	None	2022-05-24 00:00:00	2022-11-23 00:00:00	2022-05-24 14:24:21	HIVE Case #7653 CTO 22-144 (IP=101,RU)
95.213.145.99	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=99,RU)
95.213.165.20	24	RW	None	2021-11-04 00:00:00	2022-02-02 00:00:00	None	Associated with malicious domain - Hive Case 6498 (IP=20,RU)
95.214.52.241	24	DT	None	2021-10-17 00:00:00	2022-01-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=241,PL)
95.215.0.211	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:27	HIVE Case #7432 CTO 22-110 (IP=211,RU)
95.215.156.0	22	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	UA TO-S-2021-1050 Hive Case 4821 Malware Activity
95.215.19.5	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=5,FI)
95.215.19.5	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=5,FI)
95.215.19.5	24	KD	None	2021-12-13 00:00:00	2022-03-13 00:00:00	None	PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt - Sourcefire Rpt (IP=5,FI)
95.215.204.0	22	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=0,NL)
95.215.85.210	24	AR	None	2022-01-10 00:00:00	2022-04-10 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=210,RU)
95.216.124.73	32	TLM	None	2022-02-17 00:00:00	2022-08-18 00:00:00	None	HIVE Case #7014 CTO 22-048 (IP=73,FI)
95.216.138.82	24	EE	None	2021-10-20 00:00:00	2022-01-18 00:00:00	None	HIVE Case #6380 IOC_FlawedGrace_Variant (IP=82,FI)
95.216.14.10	32	AS	None	2021-11-16 00:00:00	2022-05-16 00:00:00	None	HIVE Case #6539 CTO 21-315 (IP=10,FI)
95.216.166.90	24	SW	None	2022-09-25 00:00:00	2022-12-24 00:00:00	2022-09-26 00:00:31	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=90,FI)
95.216.191.214	24	TC	None	2022-09-17 00:00:00	2022-12-17 00:00:00	2022-09-18 13:33:57	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - WebAttacks (IP=214,FI) | updated by TC Block expiration extended with reason SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=214,FI) SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=214,FI)
95.216.191.214	24	TC	None	2022-09-18 00:00:00	2022-12-17 00:00:00	2022-09-18 13:33:57	SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt - WebAttacks (IP=214,FI) | updated by TC Block expiration extended with reason SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=214,FI) SERVER-WEBAPP Apache HTTP Server httpd directory traversal attempt (1:58276:3) - SourceFire (IP=214,FI)
95.216.192.139	24	TC	None	2022-09-05 00:00:00	2022-12-04 00:00:00	2022-09-06 00:35:02	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=139,FI)
95.216.196.181	32	TLM	None	2022-03-11 00:00:00	2022-09-11 00:00:00	2022-03-11 13:21:33	HIVE Case #7189 CTO 22-068.1 (IP=181,FI)
95.216.229.89	32	AS	None	2022-07-28 00:00:00	2022-10-26 00:00:00	2022-07-29 13:41:29	HIVE Case #8032 COLS-NA TIP 21-0401 (IP=89,FI)
95.216.243.168	24	RT	None	2022-04-14 00:00:00	2022-07-13 00:00:00	2022-04-15 14:09:11	SERVER-WEBAPP RevSlider information disclosure attempt (1:34194:4) - Sourcefire (IP=168,FI)
95.216.25.34	24	SW	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:46:49	MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (1:25925:3) - SourceFire (IP=34,FI)
95.216.38.186	32	AS	None	2022-07-11 00:00:00	2022-10-09 00:00:00	2022-07-12 13:04:54	HIVE Case #7913 CTO 22-190 (IP=186,FI)
95.216.65.102	32	AS	None	2022-03-07 00:00:00	2022-09-03 00:00:00	2022-03-07 16:19:35	HIVE Case #7151 TO-S-2022-0142 (IP=102,FI)
95.217.1.81	32	TLM	None	2022-05-09 00:00:00	2022-11-08 00:00:00	2022-05-10 15:16:00	HIVE Case #7546 CTO 22-127 (IP=81,FI)
95.217.109.26	32	AS	None	2022-03-02 00:00:00	2022-09-02 00:00:00	2022-03-02 18:24:15	HIVE Case #7126 CTO 22-061 (IP=26,FI)
95.217.123.33	24	AR	None	2021-12-08 00:00:00	2022-03-08 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=33,FI)
95.217.193.86	32	TLM	None	2022-03-01 00:00:00	2022-09-01 00:00:00	2022-03-01 17:52:14	HIVE Case #7115 CTO 22-060 (IP=86,FI)
95.217.195.123	32	TLM	None	2022-05-19 00:00:00	2022-11-18 00:00:00	2022-05-20 14:45:28	HIVE Case #7623 CTO 22-139 (IP=123,FI)
95.217.226.248	32	TLM	None	2022-04-27 00:00:00	2022-10-25 00:00:00	2022-04-27 20:54:04	HIVE Case #7480 CTO 22-117 (IP=248,FI)
95.217.47.59	24	TH	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-06 13:49:54	HP Intelligent Management Center TFTP Server MODE Remote Code Execution - FE CMS IPS Events (IP=59,FI)
95.217.51.27	32	TLM	None	2022-04-20 00:00:00	2022-10-20 00:00:00	2022-04-20 13:01:30	HIVE Case #7432 CTO 22-110 (IP=27,FI)
95.222.29.243	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	DE TO-S-2021-1050 Hive Case 4821 Malware Activity
95.223.196.129	24	RR	None	2022-05-07 00:00:00	2022-08-05 00:00:00	2022-05-08 12:50:48	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=129,DE)
95.224.123.143	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.224.169.60	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.225.72.207	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.231.116.118	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.232.210.199	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.234.152.72	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.236.192.230	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.236.255.157	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.238.67.111	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.24.43.186	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:14	Suspicious Scan Activity (IP=186,RU)
95.244.254.45	24	RW	None	2021-10-08 00:00:00	2022-01-06 00:00:00	None	SQL injection - Web Attacks (IP=45,IT)
95.244.67.10	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.247.165.152	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.247.96.122	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.248.76.229	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.25.71.50	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 18:56:17	HIVE Case #7733 CTO 22-155 (IP=50,RU)
95.25.71.94	32	TLM	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-02 10:46:10	HIVE Case #7696 CTO 22-152 (IP=94,RU)
95.250.242.178	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.251.146.98	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	IT TO-S-2021-1037 Hive Case 4785 Malware Activity
95.252.152.116	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	IT TO-S-2021-1050 Hive Case 4821 Malware Activity
95.29.163.57	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:14	Suspicious Scan Activity (IP=57,RU)
95.29.240.129	24	SW	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 13:47:28	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=129,RU)
95.29.44.175	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:15	Suspicious Scan Activity (IP=175,RU)
95.38.45.85	24	AR	None	2021-12-26 00:00:00	2022-03-26 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C00713 (IP=85,IR)
95.38.45.85	32	BB	None	2021-10-10 00:00:00	2022-01-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 22C00117 (IP=85,US)
95.5.163.109	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.5.166.90	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.5.198.244	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.59.24.238	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KZ TO-S-2021-1050 Hive Case 4821 Malware Activity
95.59.56.186	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	KZ TO-S-2021-1050 Hive Case 4821 Malware Activity
95.59.8.0	21	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KZ TO-S-2021-1037 Hive Case 4785 Malware Activity
95.6.40.163	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.6.64.78	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.6.9.150	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.63.139.185	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	ES TO-S-2021-1037 Hive Case 4785 Malware Activity
95.65.120.165	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	MD TO-S-2021-1050 Hive Case 4821 Malware Activity
95.65.129.69	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.67.126.62	32	TLM	None	2022-03-25 00:00:00	2022-09-25 00:00:00	2022-03-25 12:16:27	HIVE Case #7277 CTO 22-084 (IP=62,UA)
95.70.134.12	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.70.165.187	24	SW	None	2022-06-05 00:00:00	2022-09-03 00:00:00	2022-06-06 13:57:55	SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=187,TR)
95.70.201.32	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.70.209.34	24	KH	None	2022-07-12 00:00:00	2022-10-10 00:00:00	2022-07-12 22:32:51	Exploit.Log4Shell.CVE-2021-44228 (IP=34,TR)
95.70.215.213	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.70.251.170	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.76.249.5	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=5,RO)
95.78.58.146	32	wmp	None	2022-03-24 00:00:00	2022-06-24 00:00:00	2022-03-24 22:59:15	Suspicious Scan Activity (IP=146,RU)
95.8.218.156	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.80.151.56	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:48	HIVE Case #7325 CTO 22-091 (IP=56,IR)
95.84.61.168	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	RU TO-S-2021-1050 Hive Case 4821 Malware Activity
95.85.125.24	32	TLM	None	2022-06-07 00:00:00	2022-12-06 00:00:00	2022-06-07 17:08:55	HIVE Case #7731 CTO 22-158 (IP=24,TM)
95.85.67.44	32	TLM	None	2022-01-25 00:00:00	2022-07-25 00:00:00	None	HIVE Case #6828 CTO 22-021 (IP=44,JP)
95.85.67.45	32	AS	None	2022-04-05 00:00:00	2022-10-05 00:00:00	2022-04-05 17:40:23	HIVE Case #7341 CTO 22-092 (IP=45,JP)
95.85.67.47	32	TLM	None	2022-01-18 00:00:00	2022-07-18 00:00:00	None	HIVE Case #6796 CTO 22-014 (IP=47,JP)
95.85.67.48	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:57:30	HIVE Case #7894 CTO 22-187 (IP=48,JP)
95.85.71.20	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:32	HIVE Case #7853 CTO 22-179 (IP=20,IN)
95.85.71.23	32	TLM	None	2022-06-28 00:00:00	2022-12-27 00:00:00	2022-06-28 14:35:33	HIVE Case #7853 CTO 22-179 (IP=23,IN)
95.85.73.155	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:10	HIVE Case #7894 CTO 22-187 (IP=155,HK)
95.85.78.166	24	TLM	None	2022-04-18 00:00:00	2022-10-18 00:00:00	2022-04-18 13:41:44	HIVE Case #7416 CTO 22-106 (IP=166,SG)
95.85.78.18	32	AS	None	2022-02-04 00:00:00	2022-08-04 00:00:00	None	HIVE Case #6927 CTO 22-036 (IP=18,SG)
95.85.78.27	32	TLM	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 14:46:23	HIVE Case #7458 CTO 22-113 (IP=27,SG)
95.85.78.7	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=7,SG)
95.85.78.7	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=7,SG)
95.85.78.7	32	TLM	None	2022-02-01 00:00:00	2022-08-02 00:00:00	None	HIVE Case #6896 CTO 22-029 (IP=7,SG)
95.85.91.147	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 13:41:07	HIVE Case #7774 CTO 22-166 (IP=147,JP)
95.86.32.0	24	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	MK TO-S-2021-1037 Hive Case 4785 Malware Activity
95.87.226.197	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	BG TO-S-2021-1050 Hive Case 4821 Malware Activity
95.87.47.229	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	BG TO-S-2021-1037 Hive Case 4785 Malware Activity
95.88.112.237	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:08	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=237,DE)
95.88.31.182	32	srm	None	2022-07-05 00:00:00	2022-10-03 00:00:00	2022-07-05 21:50:09	HIVE Case #7883 IOC_ Raspberry Robin Worm (IP=182,DE)
95.9.151.221	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.9.157.230	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.9.158.206	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TR TO-S-2021-1037 Hive Case 4785 Malware Activity
95.9.172.14	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.9.186.108	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=108,TR) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=108,TR)
95.9.249.62	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	TR TO-S-2021-1050 Hive Case 4821 Malware Activity
95.90.177.192	24	JP	None	2022-07-18 00:00:00	2022-10-17 00:00:00	2022-07-19 13:48:06	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=192,DE) | updated by RB Block expiration extended with reason SQL injection - WebAttacks (IP=192,DE)
95.91.15.132	32	TLM	None	2022-06-03 00:00:00	2022-12-02 00:00:00	2022-06-06 14:31:28	HIVE Case #7714 CTO 22-154 (IP=132,DE)
95.91.15.184	32	TLM	None	2022-05-20 00:00:00	2022-11-19 00:00:00	2022-05-20 14:32:12	HIVE Case #7627 CTO 22-140 (IP=184,DE)
95.91.16.44	32	TLM	None	2022-05-25 00:00:00	2022-11-24 00:00:00	2022-05-25 18:14:42	HIVE Case #7662 CTO 22-145 (IP=44,DE)
95.91.59.98	32	TLM	None	2022-06-23 00:00:00	2022-12-22 00:00:00	2022-06-24 11:30:54	HIVE Case #7820 CTO 22-174 (IP=98,DE)
95lh6mf1.shop	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:34	HIVE Case #5991 TO-S-2021-1421
96.125.162.79	32	dbc	None	2021-03-09 00:00:00	2022-03-09 00:00:00	None	US TO-S-2021-1156 Malicious Email Activity
96.126.101.159	32	WR	None	2021-12-16 00:00:00	2022-03-16 00:00:00	None	Signature: Self-Report - TT# 22C00602 (IP=159,US)
96.126.103.196	32	TLM	None	2021-12-15 00:00:00	2022-06-15 00:00:00	None	HIVE Case #6667 TO-S-2022-0091 (IP=196,US)
96.126.106.120	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 14:39:43	HIVE Case #7380 CTO 22-099 (IP=120,US)
96.126.118.208	32	WR	None	2022-03-13 00:00:00	2022-06-11 00:00:00	2022-03-13 13:58:42	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44327:3) - SourceFire (IP=109,US)
96.126.118.65	32	AS	None	2021-12-28 00:00:00	2022-06-28 00:00:00	None	HIVE Case #6702 CTO 21-362 (IP=65,US)
96.127.183.234	32	TLM	None	2021-07-29 00:00:00	2022-10-10 00:00:00	2022-07-13 17:47:25	HIVE Case #5884 TO-S-2021-1435 (IP=234,US) | updated by AS Block was inactive. Reactivated on 20220712 with reason HIVE Case #7905 COLS-NA TIP 22-0239 (IP=234,US)
96.127.32.50	32	TLM	Kristen Pope	2022-10-19 00:00:00	2022-12-27 00:00:00	2022-12-27 19:16:58	HIVE Case #8482 CTO 22-288 (IP=50,US) | UNBLOCKED per CTO 22-305
96.127.63.4	32	SW	None	2022-08-26 00:00:00	2022-11-24 00:00:00	2022-08-27 13:55:27	FIREEYE Web: Malware Callback Detected - FE NX(IP=4,US)
96.127.98.180	32	TLM	None	2022-08-09 00:00:00	2022-11-09 00:00:00	2022-08-09 17:32:24	HIVE Case #8100 CTO 22-211 (IP=180,US)
96.16.52.133	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:05	HIVE Case #7381 CTO 22-102 v2 (IP=133,SE)
96.16.52.169	32	AS	None	2022-04-12 00:00:00	2022-10-12 00:00:00	2022-04-12 15:43:04	HIVE Case #7381 CTO 22-102 v2 (IP=169,SE)
96.17.176.153	32	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields - Sourcefire Report (1:16295:13) (IP=153,US)
96.17.176.162	32	RT	None	2021-12-15 00:00:00	2022-03-15 00:00:00	None	FILE-OTHER Interactive Data eSignal stack buffer overflow attempt - Sourcefire Report (1:20842:14) (IP=162,US)
96.243.27.61	32	TLM	None	2022-06-02 00:00:00	2022-12-01 00:00:00	2022-06-02 15:30:42	HIVE Case #7704 TO-S-2022-0190 (IP=61,US)
96.253.18.147	32	ZH	None	2022-04-25 00:00:00	2022-07-24 00:00:00	2022-04-25 22:47:13	Phish.LIVE.DTI.URL Case 7461
96.255.77.78	32	RS	None	2022-05-21 00:00:00	2022-08-19 00:00:00	2022-05-21 13:45:30	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=78,US)
96.28.64.114	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6132 CTO 21-240 (IP=114,US)
96.30.193.254	32	TLM	None	2022-06-09 00:00:00	2022-12-08 00:00:00	2022-06-09 16:59:59	HIVE Case #7745 CTO 22-160 (IP=254,US)
96.30.197.218	32	TLM	None	2022-06-15 00:00:00	2022-12-14 00:00:00	2022-06-16 19:40:47	HIVE Case #7779 CTO 22-162 (IP=218,US)
96.30.72.0	23	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	TH TO-S-2021-1037 Hive Case 4785 Malware Activity
96.37.113.36	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:56:10	HIVE Case #7199 CTO 22-074 (IP=36,US)
96.43.136.84	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5991 TO-S-2021-1421 (IP=84,US)
96.43.82.103	32	TLM	None	2021-08-10 00:00:00	2022-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=103,US) | updated by TLM Block was inactive. Reactivated on 20210810 with reason HIVE Case #5969 TO-S-2021-1289 (IP=103,US)
96.43.92.230	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity
96.44.142.242	32	TH	None	2022-06-14 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:12	SIPVicious Security Scanner - FE CMS IPS Events (IP=242,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=242,US) SIPVicious Security Scanner - FE IPS (IP=242,US)
96.44.142.242	32	KH	None	2022-06-15 00:00:00	2022-09-13 00:00:00	2022-06-15 22:18:12	SIPVicious Security Scanner - FE CMS IPS Events (IP=242,US) | updated by KH Block expiration extended with reason SIPVicious Security Scanner - FE IPS (IP=242,US) SIPVicious Security Scanner - FE IPS (IP=242,US)
96.44.142.254	32	RS	None	2022-06-13 00:00:00	2022-09-11 00:00:00	2022-06-14 13:48:40	SIPVicious Security Scanner - IPS Events (IP=254,US)
96.44.142.82	32	RS	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-19 13:48:00	SIPVicious Security Scanner - IPS Events (IP=82,US)
96.44.143.70	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:05	SSLv2 Client Hello Request Detected - IPS Events (IP=70,US)
96.44.143.82	32	RS	None	2022-07-03 00:00:00	2022-10-01 00:00:00	2022-07-03 22:58:42	2RCC Immediate Inbound Network Block - TT# 19C00008 (ip=82,us) | updated by RS Block was inactive. Reactivated on 20220703 with reason SIPVicious Security Scanner - IPS Events (IP=82,US) SIPVicious Security Scanner - IPS Events (IP=82,US)
96.44.143.82	32	ALJ	None	2018-10-01 05:00:00	2022-10-01 00:00:00	2022-07-03 22:58:42	2RCC Immediate Inbound Network Block - TT# 19C00008 (ip=82,us) | updated by RS Block was inactive. Reactivated on 20220703 with reason SIPVicious Security Scanner - IPS Events (IP=82,US) SIPVicious Security Scanner - IPS Events (IP=82,US)
96.45.80.1	32	JP	None	2022-07-18 00:00:00	2022-10-16 00:00:00	2022-07-18 22:55:57	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (1:39406:3) - SourceFire (IP=1,US)
96.45.81.1	32	SW	None	2022-08-11 00:00:00	2022-11-09 00:00:00	2022-08-12 13:55:45	SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (1:39406:3) - SourceFire (IP=1,US)
96.67.145.115	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:31	HIVE Case #7199 CTO 22-074 (IP=115,US)
96.76.101.225	32	TLM	None	2021-09-14 00:00:00	2022-03-14 00:00:00	None	HIVE Case #6173 CTO 21-251 (IP=225,US)
96.80.68.193	32	TLM	None	2022-02-24 00:00:00	2022-08-25 00:00:00	None	HIVE Case #7077 CTO 22-055 (IP=193,US)
96.80.68.194	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:31	HIVE Case #7199 CTO 22-074 (IP=194,US)
96.80.68.195	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:32	HIVE Case #7199 CTO 22-074 (IP=195,US)
96.80.68.196	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:32	HIVE Case #7199 CTO 22-074 (IP=196,US)
96.80.68.197	32	AS	None	2022-03-15 00:00:00	2022-09-15 00:00:00	2022-03-15 12:52:33	HIVE Case #7199 CTO 22-074 (IP=197,US)
96.89.54.189	32	AS	None	2022-07-06 00:00:00	2022-10-04 00:00:00	2022-07-08 14:56:11	HIVE Case #7894 CTO 22-187 (IP=189,US)
96.9.255.247	32	AS	None	2022-04-04 00:00:00	2022-10-04 00:00:00	2022-04-04 15:15:45	HIVE Case #7325 CTO 22-091 (IP=247,US)
96.9.64.0	19	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	KH TO-S-2021-1037 Hive Case 4785 Malware Activity
96.9.77.142	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=142,KH)
96.9.77.142	32	AS	None	2022-01-27 00:00:00	2022-07-27 00:00:00	None	HIVE Case #6852 CTO 22-026 (IP=142,KH)
9600211938.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:20	HIVE Case #5985 TO-S-2021-1459
9639492055.partyfest.cl	---	TLM	None	2021-08-05 00:00:00	2022-08-05 00:00:00	2023-01-19 22:59:21	HIVE Case #5940 TO-S-2021-1447
97.107.133.175	32	KD	None	2021-12-21 00:00:00	2022-03-21 00:00:00	None	SERVER-WEBAPP Apache Log4j loggingremote code execution attempt- Web Attacks (IP=175,US)
97.107.135.111	32	AR	None	2022-03-06 00:00:00	2022-06-04 00:00:00	2022-03-06 14:24:13	SQL injection - 6Hr Web Attacks (IP=111,US)
97.107.141.206	32	TLM	None	2021-08-12 00:00:00	2022-02-12 00:00:00	None	HIVE Case #5986 TO-S-2021-1404 (IP=206,US)
97.74.228.35	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
97.74.82.17	24	WR	None	2022-03-23 00:00:00	2022-06-21 00:00:00	2022-03-23 13:46:24	SSH User Authentication Brute Force Attempt - Failed Logons (IP=17,SG)
97.74.90.221	32	SW	None	2022-06-30 00:00:00	2022-09-28 00:00:00	2022-06-30 13:57:05	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 22C01485 (IP=221,US)
97.87.30.18	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=18,US)
97.90.154.74	32	RS	None	2022-05-06 00:00:00	2022-08-04 00:00:00	2022-05-06 22:44:14	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attacks (IP=74,US)
97.93.69.35	32	SW	None	2022-08-29 00:00:00	2022-11-27 00:00:00	2022-08-30 14:04:45	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt - SourceFire (IP=35,US)
97xin.com	---	TLM	None	2021-08-23 00:00:00	2022-08-23 00:00:00	2023-01-19 23:01:44	HIVE Case #6042 TO-S-2021-1484
98.0.242.10	32	RB	None	2022-01-26 00:00:00	2022-04-26 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44228 (IP=10,US)
98.103.103.171	32	AS	None	2022-01-31 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6877 CTO 22-028 (IP=171,US)
98.117.103.32	32	TLM	None	2021-09-08 00:00:00	2022-03-08 00:00:00	None	HIVE Case #6129 CTO 21-237 (IP=32,US)
98.129.229.85	32	kmw	None	2018-11-26 06:00:00	2022-05-04 00:00:00	None	US TO-S-2019-0160 Malicious Email Activity | updated by TLM Block was inactive. Reactivated on 20211104 with reason HIVE Case #6494 CTO 21-303 (IP=85,US)
98.137.244.37	32	dbc	None	2021-01-20 00:00:00	2022-01-20 00:00:00	None	US TO-S-2021-1037 Hive Case 4785 Malicious Email Activity
98.142.97.178	32	TLM	None	2021-08-23 00:00:00	2022-02-23 00:00:00	None	HIVE Case #6042 TO-S-2021-1484 (IP=178,US)
98.143.145.165	32	TLM	None	2021-10-29 00:00:00	2022-04-29 00:00:00	None	HIVE Case #6448 TO-S-2022-0058 (IP=165,US)
98.175.31.195	32	JKC	None	2022-01-07 00:00:00	2022-04-07 00:00:00	None	Saui TELCO scanning - Hive CASE# 6571(IP=195,US)
98.32.230.38	32	TLM	None	2022-06-06 00:00:00	2022-12-05 00:00:00	2022-06-07 14:34:56	HIVE Case #7728 TO-S-2022-0192 (IP=38,US)
98.6.124.130	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=130,US)
98.6.124.133	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=133,US)
98.6.124.140	32	KH	None	2021-12-20 00:00:00	2022-03-20 00:00:00	None	HIVE Case #6651 Exploit.CVE-2021-44232 (IP=140,US)
981490807.ujsd.slobhurtiy.com	---	TLM	None	2021-08-20 00:00:00	2022-08-20 00:00:00	2023-01-19 23:01:12	HIVE Case #6025 TO-S-2021-1472
9822541564.katiemcallister.com	---	TLM	None	2021-08-12 00:00:00	2022-08-12 00:00:00	2023-01-19 23:00:20	HIVE Case #5985 TO-S-2021-1459
99.104.189.105	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=105,US)
99.104.189.105	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=105,US)
99.104.189.105	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=105,US)
99.104.189.105	32	KH	None	2022-01-18 00:00:00	2022-04-18 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=105,US)
99.159.96.254	32	TLM	None	2021-09-15 00:00:00	2022-03-15 00:00:00	None	HIVE Case #6181 CTO 21-257 (IP=254,US)
99.229.184.26	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
99.231.247.68	24	KH	None	2021-12-02 00:00:00	2022-03-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=68,CA)
99.240.5.64	24	KD	None	2022-01-28 00:00:00	2022-04-28 00:00:00	None	SSH: SSH Login Bruteforce Detected - 6hr Failed Logons (IP=64,CA)
99.250.173.9	32	dbc	None	2021-01-28 00:00:00	2022-01-28 00:00:00	None	CA TO-S-2021-1050 Hive Case 4821 Malware Activity
99.69.109.155	32	RS	None	2022-06-01 00:00:00	2022-08-30 00:00:00	2022-06-01 22:27:01	SIPVicious Security Scanner - IPS Events (IP=155,US)
99.81.95.247	32	TLM	None	2022-02-02 00:00:00	2022-08-03 00:00:00	None	HIVE Case #6911 CTO 22-033 (IP=247,IE)
99.99.99.134	32	SA	None	2022-06-09 00:00:00	2022-06-09 00:00:00	2022-06-09 13:29:03	ATT Global Anycast Prefix This IP was blocked by mistake. Owned by ISP by TH