ScotNet DNSBL • Transparency

Transparency snapshot

Back to DNSBL

Active listings

2,649

Live from BIND zone (A + AAAA)

Threat activity (7 days)

Unique suspicious public IPs • 706 matched events • 1,698 requests evaluated

Repeat offenders

120

Threatmail: 71 • Apache security: 49

Lifecycle

Active

Pending review: 0 • Expiring ≤7d: 31 • Expired last run: 2

Delisted records

1 in the last 7 days • unique IPs with a recorded delist

Mail feeds

Active

Threatmail: active
User reports: not enabled • last 2026-06-25 06:35 BST

History coverage

70.1%

1,858 of 2,649 live listings have metadata

Last zone update

2026-06-25 06:17 BST

Authoritative BIND zone last modified

Live status, return code and TXT reason are reconciled directly against the BIND zone. An address is marked DELISTED only when a real delist timestamp, counter or audit event exists; otherwise a non-live historical address is OBSERVED. Repeat-offender totals are grouped by the latest sanitised attack source; complete event history is available only through the per-IP JSON feed and delist information. Apache activity cache updated 2026-06-25 06:35 BST.
BIND records: IPv4 A = 2,649 • IPv6 AAAA = 0 • TXT = 2,649 • SOA serial 2026062508.

Listings history

Live BIND entries plus observation and delisting history. Times use UK local GMT/BST.

Search Source Code Rows Clear

Showing 1,701–1,800 of 2,649 matching records.

IP	Status	Code	Reason	Last activity	Sources	Lists / Delists
64.227.82.174	LISTED	127.0.0.4	Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT Cisco ASA/Firepower Unauthenticated File Read (CVE-2020-3452) M2	5 Jun 15:11 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT Cisco ASA/Firepower Unauthenticated File Read (CVE-2020-3452) M2 First observed 2026-06-04 15:46:28 BST Last observed 2026-06-05 15:11:50 BST First listed 2026-06-04 15:46:28 BST Last listed 2026-06-05 15:11:50 BST Last delisted — Last expired — Evidence expiry 2026-07-05 15:11:50 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
172.64.244.69	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 15:11 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 15:11:46 BST Last observed 2026-06-05 15:11:48 BST First listed 2026-06-05 15:11:46 BST Last listed 2026-06-05 15:11:48 BST Last delisted — Last expired — Evidence expiry 2026-07-05 15:11:48 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
118.148.168.74	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 15:10 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:46:16 BST Last observed 2026-06-05 15:10:04 BST First listed 2026-06-04 15:46:16 BST Last listed 2026-06-05 15:10:04 BST Last delisted — Last expired — Evidence expiry 2026-07-05 15:10:04 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
160.119.76.24	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 213	5 Jun 15:07 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 213 First observed 2026-06-05 15:06:13 BST Last observed 2026-06-05 15:07:13 BST First listed 2026-06-05 15:06:13 BST Last listed 2026-06-05 15:07:13 BST Last delisted — Last expired — Evidence expiry 2026-07-05 15:07:13 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
89.42.218.114	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 15:00 BST	threatmail	10 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 15:00:19 BST Last observed 2026-06-05 15:00:28 BST First listed 2026-06-05 15:00:19 BST Last listed 2026-06-05 15:00:28 BST Last delisted — Last expired — Evidence expiry 2026-07-05 15:00:28 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 10 / 0 Sanitised history JSON feed
31.11.36.5	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:57 BST	threatmail	8 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:57:18 BST Last observed 2026-06-05 14:57:32 BST First listed 2026-06-05 14:57:18 BST Last listed 2026-06-05 14:57:32 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:57:32 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 8 / 0 Sanitised history JSON feed
183.90.187.210	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:56 BST	threatmail	221 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 13:22:00 BST Last observed 2026-06-05 14:56:44 BST First listed 2026-06-05 13:22:00 BST Last listed 2026-06-05 14:56:44 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:56:44 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 221 / 0 Sanitised history JSON feed
66.132.186.177	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:53 BST	web:post	3 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-06-05 14:53:20 BST Last observed 2026-06-05 14:53:24 BST First listed — Last listed — Last delisted — Last expired — Evidence expiry 2026-07-05 14:53:24 BST Confidence 85/100 high Sources web:post Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
217.21.90.112	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:52 BST	threatmail	19 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:51:39 BST Last observed 2026-06-05 14:52:26 BST First listed 2026-06-05 14:51:39 BST Last listed 2026-06-05 14:52:26 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:52:26 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 19 / 0 Sanitised history JSON feed
70.153.161.0	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:48 BST	threatmail	42 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:46:57 BST Last observed 2026-06-05 14:48:28 BST First listed 2026-06-05 14:46:57 BST Last listed 2026-06-05 14:48:28 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:48:28 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 42 / 0 Sanitised history JSON feed
176.67.58.47	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:47 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:47:42 BST Last observed 2026-06-05 14:47:51 BST First listed 2026-06-05 14:47:42 BST Last listed 2026-06-05 14:47:51 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:47:51 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
46.43.65.3	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:47 BST	threatmail	9 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:47:24 BST Last observed 2026-06-05 14:47:48 BST First listed 2026-06-05 14:47:24 BST Last listed 2026-06-05 14:47:48 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:47:48 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 9 / 0 Sanitised history JSON feed
84.242.53.32	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:47 BST	threatmail	1 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:47:30 BST Last observed 2026-06-05 14:47:30 BST First listed 2026-06-05 14:47:30 BST Last listed 2026-06-05 14:47:30 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:47:30 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 1 / 0 Sanitised history JSON feed
176.119.251.25	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:46 BST	threatmail	1 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:46:55 BST Last observed 2026-06-05 14:46:55 BST First listed 2026-06-05 14:46:55 BST Last listed 2026-06-05 14:46:55 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:46:55 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 1 / 0 Sanitised history JSON feed
20.113.29.118	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:44 BST	threatmail	574 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 13:21:52 BST Last observed 2026-06-05 14:44:00 BST First listed 2026-06-05 13:21:52 BST Last listed 2026-06-05 14:44:00 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:44:00 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 574 / 0 Sanitised history JSON feed
24.22.88.55	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:43 BST	threatmail	4 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:30:38 BST Last observed 2026-06-05 14:43:59 BST First listed 2026-06-05 14:30:38 BST Last listed 2026-06-05 14:43:59 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:43:59 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 4 / 0 Sanitised history JSON feed
38.6.37.154	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:43 BST	threatmail	69 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 13:21:46 BST Last observed 2026-06-05 14:43:24 BST First listed 2026-06-05 13:21:46 BST Last listed 2026-06-05 14:43:24 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:43:24 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 69 / 0 Sanitised history JSON feed
150.228.187.129	LISTED	127.0.0.4	Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection	5 Jun 14:42 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection First observed 2026-06-05 12:28:22 BST Last observed 2026-06-05 14:42:49 BST First listed 2026-06-05 12:28:22 BST Last listed 2026-06-05 14:42:49 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:42:49 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
117.55.228.142	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:42 BST	threatmail	1 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:42:12 BST Last observed 2026-06-05 14:42:12 BST First listed 2026-06-05 14:42:12 BST Last listed 2026-06-05 14:42:12 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:42:12 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 1 / 0 Sanitised history JSON feed
110.137.34.157	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:11 BST Last observed 2026-06-05 14:41:48 BST First listed 2026-06-04 15:27:11 BST Last listed 2026-06-05 14:41:48 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:48 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
114.10.41.136	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:35:54 BST Last observed 2026-06-05 14:41:48 BST First listed 2026-06-04 15:35:54 BST Last listed 2026-06-05 14:41:48 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:48 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
157.85.209.118	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:11 BST Last observed 2026-06-05 14:41:46 BST First listed 2026-06-04 15:27:11 BST Last listed 2026-06-05 14:41:46 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:46 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
153.117.33.35	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:10 BST Last observed 2026-06-05 14:41:45 BST First listed 2026-06-04 15:27:10 BST Last listed 2026-06-05 14:41:45 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:45 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
180.190.241.9	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:09 BST Last observed 2026-06-05 14:41:45 BST First listed 2026-06-04 15:27:09 BST Last listed 2026-06-05 14:41:45 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:45 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
103.188.169.147	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:09 BST Last observed 2026-06-05 14:41:44 BST First listed 2026-06-04 15:27:09 BST Last listed 2026-06-05 14:41:44 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:44 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
181.228.242.123	LISTED	127.0.0.4	Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection First observed 2026-06-04 15:27:08 BST Last observed 2026-06-05 14:41:44 BST First listed 2026-06-04 15:27:08 BST Last listed 2026-06-05 14:41:44 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:44 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
138.84.114.53	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:05 BST Last observed 2026-06-05 14:41:42 BST First listed 2026-06-04 15:27:05 BST Last listed 2026-06-05 14:41:42 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:42 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
202.51.197.33	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:04 BST Last observed 2026-06-05 14:41:42 BST First listed 2026-06-04 15:27:04 BST Last listed 2026-06-05 14:41:42 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:42 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
74.244.85.38	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:04 BST Last observed 2026-06-05 14:41:41 BST First listed 2026-06-04 15:27:04 BST Last listed 2026-06-05 14:41:41 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:41 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
180.180.114.125	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:27:02 BST Last observed 2026-06-05 14:41:39 BST First listed 2026-06-04 15:27:02 BST Last listed 2026-06-05 14:41:39 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:39 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
45.228.188.196	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	5 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:40:42 BST Last observed 2026-06-05 14:41:39 BST First listed 2026-06-04 15:40:42 BST Last listed 2026-06-05 14:41:39 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:39 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 5 / 0 Sanitised history JSON feed
147.236.122.237	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:59 BST Last observed 2026-06-05 14:41:38 BST First listed 2026-06-04 15:26:59 BST Last listed 2026-06-05 14:41:38 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:38 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
186.19.22.241	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET SCAN JAWS Webserver Unauthenticated Shell Command Execution First observed 2026-06-04 15:26:59 BST Last observed 2026-06-05 14:41:37 BST First listed 2026-06-04 15:26:59 BST Last listed 2026-06-05 14:41:37 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:37 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
212.58.102.249	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:58 BST Last observed 2026-06-05 14:41:36 BST First listed 2026-06-04 15:26:58 BST Last listed 2026-06-05 14:41:36 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:36 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
51.36.243.155	LISTED	127.0.0.4	Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection First observed 2026-06-04 15:26:57 BST Last observed 2026-06-05 14:41:35 BST First listed 2026-06-04 15:26:57 BST Last listed 2026-06-05 14:41:35 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:35 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
112.203.136.117	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:55 BST Last observed 2026-06-05 14:41:34 BST First listed 2026-06-04 15:26:55 BST Last listed 2026-06-05 14:41:34 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:34 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
190.148.49.156	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:56 BST Last observed 2026-06-05 14:41:34 BST First listed 2026-06-04 15:26:56 BST Last listed 2026-06-05 14:41:34 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:34 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
183.182.111.13	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:54 BST Last observed 2026-06-05 14:41:33 BST First listed 2026-06-04 15:26:54 BST Last listed 2026-06-05 14:41:33 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:33 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
103.195.236.35	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt First observed 2026-05-26 12:51:47 BST Last observed 2026-06-05 14:41:32 BST First listed 2026-06-04 15:26:54 BST Last listed 2026-06-05 14:41:32 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:32 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
213.254.134.82	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:53 BST Last observed 2026-06-05 14:41:31 BST First listed 2026-06-04 15:26:53 BST Last listed 2026-06-05 14:41:31 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:31 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
102.204.4.4	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:52 BST Last observed 2026-06-05 14:41:30 BST First listed 2026-06-04 15:26:52 BST Last listed 2026-06-05 14:41:30 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:30 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
154.125.245.102	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:51 BST Last observed 2026-06-05 14:41:30 BST First listed 2026-06-04 15:26:51 BST Last listed 2026-06-05 14:41:30 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:30 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
200.225.119.241	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:50 BST Last observed 2026-06-05 14:41:29 BST First listed 2026-06-04 15:26:50 BST Last listed 2026-06-05 14:41:29 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:29 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
202.187.230.179	LISTED	127.0.0.4	Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Attempted User Privilege Gain / ET EXPLOIT D-Link DSL-2750B - OS Command Injection First observed 2026-06-04 15:26:49 BST Last observed 2026-06-05 14:41:29 BST First listed 2026-06-04 15:26:49 BST Last listed 2026-06-05 14:41:29 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:29 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
81.230.60.253	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt First observed 2026-06-04 15:26:48 BST Last observed 2026-06-05 14:41:28 BST First listed 2026-06-04 15:26:48 BST Last listed 2026-06-05 14:41:28 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:28 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
20.171.125.215	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access First observed 2026-06-04 15:26:46 BST Last observed 2026-06-05 14:41:27 BST First listed 2026-06-04 15:26:46 BST Last listed 2026-06-05 14:41:27 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:27 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
68.167.181.179	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt First observed 2026-06-04 15:26:47 BST Last observed 2026-06-05 14:41:27 BST First listed 2026-06-04 15:26:47 BST Last listed 2026-06-05 14:41:27 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:27 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
190.30.208.251	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET SCAN JAWS Webserver Unauthenticated Shell Command Execution First observed 2026-06-04 15:26:46 BST Last observed 2026-06-05 14:41:25 BST First listed 2026-06-04 15:26:46 BST Last listed 2026-06-05 14:41:25 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:25 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
124.104.188.146	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:44 BST Last observed 2026-06-05 14:41:24 BST First listed 2026-06-04 15:26:44 BST Last listed 2026-06-05 14:41:24 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:24 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
190.61.40.218	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:43 BST Last observed 2026-06-05 14:41:23 BST First listed 2026-06-04 15:26:43 BST Last listed 2026-06-05 14:41:23 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:23 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
38.41.19.65	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:42 BST Last observed 2026-06-05 14:41:22 BST First listed 2026-06-04 15:26:42 BST Last listed 2026-06-05 14:41:22 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:22 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
129.224.215.91	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:41 BST Last observed 2026-06-05 14:41:21 BST First listed 2026-06-04 15:26:41 BST Last listed 2026-06-05 14:41:21 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:21 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
216.234.223.227	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:40 BST Last observed 2026-06-05 14:41:20 BST First listed 2026-06-04 15:26:40 BST Last listed 2026-06-05 14:41:20 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:20 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
212.14.250.141	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:39 BST Last observed 2026-06-05 14:41:19 BST First listed 2026-06-04 15:26:39 BST Last listed 2026-06-05 14:41:19 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:19 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
68.154.115.184	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access First observed 2026-06-04 15:26:38 BST Last observed 2026-06-05 14:41:19 BST First listed 2026-06-04 15:26:38 BST Last listed 2026-06-05 14:41:19 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:19 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
20.171.51.211	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access First observed 2026-06-04 15:26:37 BST Last observed 2026-06-05 14:41:18 BST First listed 2026-06-04 15:26:37 BST Last listed 2026-06-05 14:41:18 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:18 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
20.169.75.197	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access First observed 2026-06-04 15:26:36 BST Last observed 2026-06-05 14:41:17 BST First listed 2026-06-04 15:26:36 BST Last listed 2026-06-05 14:41:17 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:17 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
57.151.128.241	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access First observed 2026-06-04 15:26:35 BST Last observed 2026-06-05 14:41:17 BST First listed 2026-06-04 15:26:35 BST Last listed 2026-06-05 14:41:17 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:17 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
52.188.87.6	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access First observed 2026-06-04 15:26:33 BST Last observed 2026-06-05 14:41:15 BST First listed 2026-06-04 15:26:33 BST Last listed 2026-06-05 14:41:15 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:15 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
52.161.50.35	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / GPL WEB_SERVER .htpasswd access First observed 2026-06-04 15:26:32 BST Last observed 2026-06-05 14:41:12 BST First listed 2026-06-04 15:26:32 BST Last listed 2026-06-05 14:41:12 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:12 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
34.238.127.113	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182) First observed 2026-06-04 15:26:31 BST Last observed 2026-06-05 14:41:11 BST First listed 2026-06-04 15:26:31 BST Last listed 2026-06-05 14:41:11 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:11 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
136.32.228.192	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182) First observed 2026-06-04 15:26:29 BST Last observed 2026-06-05 14:41:10 BST First listed 2026-06-04 15:26:29 BST Last listed 2026-06-05 14:41:10 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:10 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
188.161.88.80	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:26:30 BST Last observed 2026-06-05 14:41:10 BST First listed 2026-06-04 15:26:30 BST Last listed 2026-06-05 14:41:10 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:10 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
68.65.121.100	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182) First observed 2026-06-04 15:26:28 BST Last observed 2026-06-05 14:41:09 BST First listed 2026-06-04 15:26:28 BST Last listed 2026-06-05 14:41:09 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:09 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
195.242.178.167	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	5 Jun 14:41 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt First observed 2026-06-04 15:26:26 BST Last observed 2026-06-05 14:41:06 BST First listed 2026-06-04 15:26:26 BST Last listed 2026-06-05 14:41:06 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:06 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed
116.99.49.208	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	5 Jun 14:41 BST	threatmail	5 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt First observed 2026-06-04 15:26:25 BST Last observed 2026-06-05 14:41:05 BST First listed 2026-06-04 15:26:25 BST Last listed 2026-06-05 14:41:05 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:05 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 5 / 0 Sanitised history JSON feed
45.130.127.36	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	5 Jun 14:41 BST	threatmail	5 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt First observed 2026-06-04 15:26:24 BST Last observed 2026-06-05 14:41:03 BST First listed 2026-06-04 15:26:24 BST Last listed 2026-06-05 14:41:03 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:03 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 5 / 0 Sanitised history JSON feed
89.58.31.64	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	5 Jun 14:41 BST	threatmail	4 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) First observed 2026-06-04 15:40:20 BST Last observed 2026-06-05 14:41:02 BST First listed 2026-06-04 15:40:20 BST Last listed 2026-06-05 14:41:02 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:02 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 4 / 0 Sanitised history JSON feed
178.162.196.48	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:41 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 14:40:59 BST Last observed 2026-06-05 14:41:01 BST First listed 2026-06-05 14:40:59 BST Last listed 2026-06-05 14:41:01 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:41:01 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
75.50.118.227	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:36 BST	threatmail	22 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 13:26:23 BST Last observed 2026-06-05 14:36:07 BST First listed 2026-06-05 13:26:23 BST Last listed 2026-06-05 14:36:07 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:36:07 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 22 / 0 Sanitised history JSON feed
9.234.8.54	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 14	5 Jun 14:35 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 14 First observed 2026-04-05 22:46:31 BST Last observed 2026-06-05 14:35:50 BST First listed 2026-06-05 13:26:31 BST Last listed 2026-06-05 14:35:50 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:35:50 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
143.42.1.34	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 185	5 Jun 14:35 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 185 First observed 2026-06-05 13:25:50 BST Last observed 2026-06-05 14:35:22 BST First listed 2026-06-05 13:25:50 BST Last listed 2026-06-05 14:35:22 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:35:22 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
45.198.224.144	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 63	5 Jun 14:34 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 63 First observed 2026-06-05 13:24:55 BST Last observed 2026-06-05 14:34:33 BST First listed 2026-06-05 13:24:55 BST Last listed 2026-06-05 14:34:33 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:34:33 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
65.49.1.160	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:34 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-06-05 13:24:50 BST Last observed 2026-06-05 14:34:31 BST First listed 2026-06-05 13:24:50 BST Last listed 2026-06-05 14:34:31 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:34:31 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
45.119.98.180	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:33 BST	threatmail	110 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 13:21:48 BST Last observed 2026-06-05 14:33:57 BST First listed 2026-06-05 13:21:48 BST Last listed 2026-06-05 14:33:57 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:33:57 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 110 / 0 Sanitised history JSON feed
20.80.105.83	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 34	5 Jun 14:32 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 34 First observed 2026-06-05 13:22:33 BST Last observed 2026-06-05 14:32:48 BST First listed 2026-06-05 13:22:33 BST Last listed 2026-06-05 14:32:48 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:32:48 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
217.160.0.222	LISTED	127.0.0.4	Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound	5 Jun 14:32 BST	threatmail	95 / 0
Full evidence / reason Threat Prevention: Potentially Bad Traffic / ET DOS DNS Amplification Attack Inbound First observed 2026-06-05 13:21:45 BST Last observed 2026-06-05 14:32:44 BST First listed 2026-06-05 13:21:45 BST Last listed 2026-06-05 14:32:44 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:32:44 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 95 / 0 Sanitised history JSON feed
216.180.246.58	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 289	5 Jun 14:32 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 289 First observed 2026-06-05 13:22:07 BST Last observed 2026-06-05 14:32:17 BST First listed 2026-06-05 13:22:07 BST Last listed 2026-06-05 14:32:17 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:32:17 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
205.210.31.251	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:25 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-06-05 13:27:52 BST Last observed 2026-06-05 14:25:19 BST First listed 2026-06-05 13:27:52 BST Last listed 2026-06-05 14:25:19 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:25:19 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
52.165.89.126	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 98	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 98 First observed 2026-06-05 13:28:36 BST Last observed 2026-06-05 14:20:41 BST First listed 2026-06-05 13:28:36 BST Last listed 2026-06-05 14:20:41 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:41 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
103.140.158.3	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 143	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 143 First observed 2026-06-05 13:28:36 BST Last observed 2026-06-05 14:20:40 BST First listed 2026-06-05 13:28:36 BST Last listed 2026-06-05 14:20:40 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:40 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
195.230.103.249	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 278	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 278 First observed 2026-06-05 13:28:35 BST Last observed 2026-06-05 14:20:40 BST First listed 2026-06-05 13:28:35 BST Last listed 2026-06-05 14:20:40 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:40 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
20.64.106.77	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 30	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 30 First observed 2026-02-25 15:32:47 GMT Last observed 2026-06-05 14:20:39 BST First listed 2026-06-05 13:28:34 BST Last listed 2026-06-05 14:20:39 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:39 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
193.163.125.181	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-06-05 13:28:34 BST Last observed 2026-06-05 14:20:38 BST First listed 2026-06-05 13:28:34 BST Last listed 2026-06-05 14:20:38 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:38 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
64.62.197.107	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-06-05 13:28:28 BST Last observed 2026-06-05 14:20:31 BST First listed 2026-06-05 13:28:28 BST Last listed 2026-06-05 14:20:31 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:31 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
167.94.146.48	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 231	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 231 First observed 2026-02-26 22:54:16 GMT Last observed 2026-06-05 14:20:30 BST First listed 2026-06-05 13:28:28 BST Last listed 2026-06-05 14:20:30 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:30 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
64.62.197.115	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-04-02 03:32:48 BST Last observed 2026-06-05 14:20:27 BST First listed 2026-06-05 13:28:26 BST Last listed 2026-06-05 14:20:27 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:27 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
194.88.98.117	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 273	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 273 First observed 2026-06-05 13:28:23 BST Last observed 2026-06-05 14:20:25 BST First listed 2026-06-05 13:28:23 BST Last listed 2026-06-05 14:20:25 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:25 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
66.132.195.106	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-04-14 06:49:01 BST Last observed 2026-06-05 14:20:25 BST First listed 2026-06-05 13:28:24 BST Last listed 2026-06-05 14:20:25 BST Last delisted — Last expired — Evidence expiry 2026-07-08 17:49:27 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
147.185.132.126	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-03-04 16:14:55 GMT Last observed 2026-06-05 14:20:22 BST First listed 2026-06-05 13:28:21 BST Last listed 2026-06-05 14:20:22 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:22 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
205.210.31.176	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-05-02 14:05:19 BST Last observed 2026-06-05 14:20:19 BST First listed 2026-06-05 13:28:19 BST Last listed 2026-06-05 14:20:19 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:19 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
167.94.146.51	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 231	5 Jun 14:20 BST	threatmail	2 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 231 First observed 2026-04-17 04:41:58 BST Last observed 2026-06-05 14:20:10 BST First listed 2026-06-05 13:28:14 BST Last listed 2026-06-05 14:20:10 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:20:10 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 2 / 0 Sanitised history JSON feed
20.65.144.62	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 31	5 Jun 14:15 BST	threatmail	1 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 31 First observed 2026-06-05 14:15:33 BST Last observed 2026-06-05 14:15:33 BST First listed 2026-06-05 14:15:33 BST Last listed 2026-06-05 14:15:33 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:33 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 1 / 0 Sanitised history JSON feed
66.132.195.100	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:15 BST	threatmail	1 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-04-09 13:19:41 BST Last observed 2026-06-05 14:15:32 BST First listed 2026-06-05 14:15:32 BST Last listed 2026-06-05 14:15:32 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:32 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 1 / 0 Sanitised history JSON feed
54.197.33.93	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 101	5 Jun 14:15 BST	threatmail	1 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 101 First observed 2026-06-05 14:15:31 BST Last observed 2026-06-05 14:15:31 BST First listed 2026-06-05 14:15:31 BST Last listed 2026-06-05 14:15:31 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:31 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 1 / 0 Sanitised history JSON feed
54.145.62.252	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 100	5 Jun 14:15 BST	threatmail	1 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 100 First observed 2026-06-05 14:15:30 BST Last observed 2026-06-05 14:15:30 BST First listed 2026-06-05 14:15:30 BST Last listed 2026-06-05 14:15:30 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:30 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 1 / 0 Sanitised history JSON feed
52.188.231.42	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 99	5 Jun 14:15 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 99 First observed 2026-06-05 13:21:24 BST Last observed 2026-06-05 14:15:25 BST First listed 2026-06-05 13:21:24 BST Last listed 2026-06-05 14:15:25 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:25 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
20.64.105.145	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 30	5 Jun 14:15 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET CINS Active Threat Intelligence Poor Reputation IP group 30 First observed 2026-06-05 13:21:20 BST Last observed 2026-06-05 14:15:20 BST First listed 2026-06-05 13:21:20 BST Last listed 2026-06-05 14:15:20 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:20 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
66.132.172.216	LISTED	127.0.0.4	Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1	5 Jun 14:15 BST	threatmail	3 / 0
Full evidence / reason Threat Prevention: Misc Attack / ET DROP Dshield Block Listed Source group 1 First observed 2026-06-05 13:21:21 BST Last observed 2026-06-05 14:15:20 BST First listed 2026-06-05 13:21:21 BST Last listed 2026-06-05 14:15:20 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:20 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 3 / 0 Sanitised history JSON feed
178.105.163.37	LISTED	127.0.0.4	Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt	5 Jun 14:15 BST	threatmail	6 / 0
Full evidence / reason Threat Prevention: Web Application Attack / ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt First observed 2026-06-05 12:26:57 BST Last observed 2026-06-05 14:15:18 BST First listed 2026-06-05 12:26:57 BST Last listed 2026-06-05 14:15:18 BST Last delisted — Last expired — Evidence expiry 2026-07-05 14:15:18 BST Confidence 85/100 high Sources threatmail Return code 127.0.0.4 Lists / Delists 6 / 0 Sanitised history JSON feed

Lists / Delists shows list_count and delist_count. OBSERVED means the IP exists in history but is not currently in BIND and has no recorded delist event. Trusted addresses in /etc/scotnet/dnsbl-public-hide.txt are omitted from this public history table.