# rfxn signal · CVE-2026-41940 (cPanel/WHM SessionScribe) attacker block list
# Snapshot: 2026-05-08
# Attacker IPs: 61
# Source: https://signal.rfxn.com/cve-2026-41940
# License: CC BY 4.0 · free for any defensive use
# Format: one IPv4 address per line; lines starting with `#` are comments
#
# Drop-in:
#   curl -s https://signal.rfxn.com/feed/v1/cve-2026-41940/blocklist.txt \
#     | grep -v '^#' >> /etc/apf/deny_hosts.rules && apf -r
#
45.82.78.104
80.75.212.14
94.231.206.39
142.93.43.26
27.124.2.46
206.189.2.13
157.245.204.205
23.234.107.207
68.233.238.100
136.244.66.225
146.19.24.235
45.92.1.188
35.87.51.116
23.234.90.73
5.252.177.207
188.245.229.68
137.184.254.164
38.146.25.154
167.71.199.22
79.139.159.38
8.208.15.225
103.139.178.93
38.248.90.73
45.77.245.141
178.128.55.132
168.149.22.87
212.227.154.65
173.208.162.41
161.35.60.228
77.68.87.67
3.208.183.244
149.102.229.144
159.223.155.255
67.205.166.246
137.184.77.0
194.180.48.253
206.189.227.202
23.168.216.185
102.89.76.43
112.193.253.250
67.205.134.215
213.21.222.164
45.130.83.196
45.143.82.1
87.106.33.160
129.121.86.200
216.24.219.90
23.106.129.26
54.151.201.177
146.70.14.26
192.81.219.190
183.82.160.147
87.121.84.78
68.183.190.253
87.121.84.243
147.182.224.216
157.245.235.139
57.129.119.218
45.140.17.40
45.140.17.23
209.14.84.37