ahnlab-tip-ip-addresses
Fetch malicious IP addresses for the specified date range from the AhnLab TIP service.
ahnlab-tip-ip-addresses [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=ORDER]
- profile=PROFILE
- Optional. AhnLab TIP connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Optional. Scan only recent data. You should use d(day) or mon(month) time unit. For example,
7dmeans data from 7 days earlier. - from=yyyyMMddHHmmss
- Optional. Start date (yyyyMMdd)
- to=yyyyMMddHHmmss
- Optional. End date (yyyyMMdd)
- order=ORDER
- Optional. Sort order (asc or desc, default: desc)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | Feed date. e.g. 2025-11-29 00:00:00+0900 |
| profile | String | Connect profile | AhnLab TIP connect profile code |
| ip | IP address | IP address | Malicious IP address. e.g. 197.227.8.186 |
| port | Integer | Port | e.g. 22, 80 |
| category | String | Category | e.g. Attacker/HoneyPot, Attacker/IPS, Malicious/Reputation |
| direction | String | Direction | Traffic direction. e.g. INBOUND, OUTBOUND |
| country | String | Country | e.g. KR, US, CN |
| risk_score | Integer | Risk score | 0-100 |
| first_seen | Date | First seen | First detection time. e.g. 2023-08-20 04:57:15+0900 |
| last_seen | Date | Last seen | Last detection time. e.g. 2025-11-29 23:59:51+0900 |
| revision | Integer | Revision | Feed revision number. e.g. 202511300204 |