{
    "ok": true,
    "source": "scotnet-dnsbl-public-history",
    "generated_at": 1782319685,
    "generated_at_iso": "2026-06-24T16:48:05Z",
    "requested_limit": 10,
    "history": {
        "code": "127.0.0.4",
        "confidence_band": "high",
        "confidence_score": 85,
        "event_count": 5,
        "events": [
            {
                "category": "Web Application Attack",
                "kind": "attack",
                "severity": "high",
                "source": "threatmail",
                "summary": "ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt",
                "time": 1781654523,
                "time_iso": "2026-06-17T00:02:03Z"
            },
            {
                "category": "observed",
                "code": "127.0.0.4",
                "kind": "observed",
                "severity": "high",
                "source": "threatmail",
                "summary": "Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt",
                "time": 1781651104,
                "time_iso": "2026-06-16T23:05:04Z"
            },
            {
                "category": "add",
                "code": "127.0.0.4",
                "kind": "add",
                "severity": "high",
                "source": "apache-security",
                "summary": "Apache security: path_traversal; 2 evidence item(s); 1 attack session(s)/7d, 1/30d",
                "time": 1781480411,
                "time_iso": "2026-06-14T23:40:11Z"
            },
            {
                "category": "command_injection_probe",
                "kind": "attack",
                "method": "POST",
                "severity": "high",
                "source": "apache-security",
                "status": 400,
                "summary": "Command-injection probe • POST • HTTP 400",
                "target": "/bin/sh",
                "time": 1781480113,
                "time_iso": "2026-06-14T23:35:13Z"
            },
            {
                "category": "path_traversal",
                "kind": "attack",
                "method": "POST",
                "severity": "high",
                "source": "apache-security",
                "status": 400,
                "summary": "Path Traversal • POST • HTTP 400",
                "target": "/cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh",
                "time": 1781480113,
                "time_iso": "2026-06-14T23:35:13Z"
            }
        ],
        "events_returned": 5,
        "expires_at": 1784246523,
        "first_event_at": 1781480113,
        "ip": "212.127.90.201",
        "last_delisted_at": null,
        "last_event_at": 1781654523,
        "last_expired_at": null,
        "listed": true,
        "primary_source": "threatmail",
        "reason": "Apache security: path_traversal; 2 evidence item(s); 1 attack session(s)/7d, 1/30d",
        "repeat_offender": false,
        "sources": [
            "apache-security",
            "threatmail"
        ],
        "status": "listed",
        "suppression_until": null
    }
}