ClearSOC Dashboard - Traffic Overview

216.73.216.213 (IP)

All requests (100%) from this IP were flagged by WAF, indicating persistent malicious probing targeting WordPress endpoints and triggering security alerts. Confidence: 100% · 2025-12-05 18:50

AS48090 (ASN)

Associated with IP 45.148.10.246, which demonstrated extensive probing of sensitive files, had all requests flagged by WAF, and triggered critical deny rules including LFI-ANOMALY and IPBLOCK. Confidence: 100% · 2025-12-04 12:34

45.148.10.246 (IP)

Extensive probing of sensitive configuration files and backups (e.g., .env, config/mail), all requests (100%) flagged by WAF, and multiple critical deny rules triggered including LFI-ANOMALY and IPBLOCK. Confidence: 100% · 2025-12-04 12:34

2001:861:5860:e460:5175:54ff:bf15:b615 (IP)

No security rule hits, WAF flags, or detected threat requests, and no activity for over a month. Entity is no longer considered suspicious. Confidence: 95% · 2025-12-02 14:22

2001:861:5860:e460:9d10:3e29:e251:a165 (IP)

No current security rule hits, WAF flags, or detected threat requests. Entity has not shown recent malicious behavior, contradicting previous AI assessment. Confidence: 90% · 2025-12-02 14:22

62.60.130.210 (IP)

All requests (100%) were flagged by WAF and targeted 'wp-login.php', triggering security alerts indicative of a brute-force or credential stuffing attack. Confidence: 100% · 2025-12-02 14:22

3%7e67c0ea0c99e03401 (TLS Fingerprint)

TLS fingerprint associated with an IP (4.189.168.36) that had all requests flagged by WAF, bot impersonation, and probing of sensitive paths. Associated ASN AS8075 is blocklisted. Confidence: 100% · 2025-11-30 15:39

4.189.168.36 (IP)

All requests (100%) flagged by WAF with bot impersonation and probing of sensitive paths. Associated ASN AS8075 is already blocklisted for persistent malicious activity. Confidence: 100% · 2025-11-30 15:39

2001:861:5860:e460:9d10:3e29:e251:a165 (IP)

IP accessed sensitive WordPress login path (wp-login.php) and is from an ASN with a history of similar suspicious WordPress probing, indicating potential reconnaissance or enumeration attempts. Confidence: 60% · 2025-11-30 15:29

134.122.136.96 (IP)

Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and exploit attempts. All accessed paths were flagged. Confidence: 100% · 2025-11-30 14:03

Security Dashboard

Unique IPs

Bot Requests

WAF Rule Hits

Requests by Country (Map)

Recent AI Decisions Feed

Requests per Day

Threat Actions (Alert vs Deny)

Top Attacking IPs

Top Requested Paths