|
13.229.89.63
|
ip
|
2025-12-22 10:46:49
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
157.230.46.137
|
ip
|
2025-12-22 10:26:48
|
block
|
IP is performing WordPress enumeration and bot impersonation, has an extremely high number of detected threat requests, and belongs to ASN AS14061, which is blocklisted for highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
114.119.151.146
|
ip
|
2025-12-22 09:26:42
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991006', consistent with blocklisted ASN AS136907 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
213.35.96.205
|
ip
|
2025-12-22 08:46:41
|
block
|
All requests from this IP targeted sensitive WordPress admin/login paths, were flagged by WAF, triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and show identical malicious patterns to a previously blocklisted IP from the same ASN and region (213.35.103.66).
|
1.0
|
severity: Severity.critical
|
|
138.197.152.229
|
ip
|
2025-12-22 08:06:40
|
block
|
All requests from this IP were flagged by WAF, triggered critical LFI-ANOMALY and reputation-based deny rules, and its associated ASN AS14061 is already blocklisted for highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e2d3399e1bbf557f5
|
tls
|
2025-12-22 08:06:40
|
block
|
All requests associated with this TLS fingerprint were flagged by WAF, triggered critical LFI-ANOMALY and reputation-based deny rules, and accessed highly suspicious paths indicative of web shell or exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
74.7.175.152
|
ip
|
2025-12-22 03:46:17
|
block
|
All requests (100%) from this IP were flagged by WAF and triggered an alert, consistent with the blocklisted ASN AS8075 for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
74.7.243.194
|
ip
|
2025-12-22 03:46:17
|
block
|
High percentage of detected threat requests (6/7), multiple paths flagged by WAF including a suspicious obfuscated path, and triggered WAF alert, consistent with the blocklisted ASN AS8075 for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
213.209.159.151
|
ip
|
2025-12-21 22:55:50
|
block
|
All requests targeted highly sensitive configuration and credential files, were flagged by WAF, and triggered critical IPBLOCK-BURST4 deny rules.
|
1.0
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 22:55:50
|
ignore
|
No suspicious activity, threat requests, or WAF alerts detected.
|
0.8999999761581421
|
severity: Severity.low
|
|
AS42821
|
asn
|
2025-12-21 22:55:50
|
block
|
ASN linked to IP 213.209.159.151, which targeted highly sensitive files, was fully flagged by WAF, and triggered critical IPBLOCK-BURST4 deny rules. Blocking the entire ASN is necessary to mitigate persistent threats from this network.
|
1.0
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 22:45:47
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits observed over 5 total requests. This entity shows no signs of malicious activity and does not need to be monitored.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 22:35:46
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed across 5 total requests. All activity appears benign.
|
0.949999988079071
|
severity: Severity.low
|
|
141.98.11.169
|
ip
|
2025-12-21 22:25:50
|
block
|
High percentage of threat requests (76.9%) targeting 'wp-login.php' and triggering a brute-force alert. This IP's ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 22:25:50
|
ignore
|
No malicious activity detected; 0% threat requests and no WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 22:15:46
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits across 5 total requests, indicating benign activity.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 22:05:49
|
ignore
|
No malicious activity detected across 5 total requests. There were no detected threat requests, no WAF flags, and no security rule hits. Neither the IP nor its associated ASN (AS45090) are present in the current blocklist or watchlist.
|
1.0
|
severity: Severity.low
|
|
103.179.173.163
|
ip
|
2025-12-21 21:55:44
|
block
|
High percentage of detected threat requests (84%) targeting 'wp-login.php' and triggering a brute-force alert. This behavior is consistent with other blocklisted IPs from Vietnam for similar critical malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 21:55:44
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits observed. This IP shows no signs of malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 21:45:48
|
ignore
|
No detected threat requests, WAF did not flag any paths, and no security rules were triggered, indicating benign activity.
|
0.949999988079071
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 21:35:47
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed for this IP address.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 21:25:44
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. The IP and its ASN (AS45090) are not present in the existing blocklist. No suspicious behavior observed.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 21:15:43
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Entity shows no signs of malicious activity.
|
1.0
|
severity: Severity.low
|
|
77.90.185.245
|
ip
|
2025-12-21 17:05:27
|
block
|
High percentage of detected threat requests (87%) targeting 'wp-login.php' and triggering a brute-force alert. This IP's ASN (AS215476) and other IPs within it are already blocklisted for identical critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
52.172.223.9
|
ip
|
2025-12-21 11:35:13
|
block
|
All requests (100%) from this IP were flagged by WAF and targeted suspicious PHP files, triggering a critical 'IPBLOCK' deny rule. The associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
62.60.131.162
|
ip
|
2025-12-21 03:14:37
|
block
|
All requests (100%) from this IP were flagged as threats, specifically targeting the sensitive '.git/config' path, indicating a high-confidence reconnaissance or exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
193.142.146.65
|
ip
|
2025-12-20 19:24:13
|
block
|
High percentage of detected threat requests (66.67%) specifically targeting 'wp-login.php' and triggering a security alert indicative of brute-force attempts. Another IP from the same ASN (AS213438) has been previously blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
13.229.199.18
|
ip
|
2025-12-20 07:23:34
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e2c022104e7e56fbe
|
tls
|
2025-12-19 11:42:24
|
block
|
TLS fingerprint detected probing 'wp-login.php', triggering a WAF alert (3900998) indicative of brute-force or credential stuffing attempts, consistent with previously blocked malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
45.149.173.217
|
ip
|
2025-12-19 11:22:19
|
block
|
Extensive WordPress enumeration and bot impersonation detected, triggering multiple WAF alerts and a critical 'IPBLOCK-BURST4' deny rule due to a very high rate of malicious requests.
|
1.0
|
severity: Severity.critical
|
|
AS209605
|
asn
|
2025-12-19 09:42:14
|
block
|
Multiple IPs from this ASN, including '91.224.92.93' and '91.224.92.99', are consistently performing brute-force and enumeration attacks on 'wp-login.php' and triggering critical WAF alerts.
|
1.0
|
severity: Severity.critical
|
|
91.224.92.93
|
ip
|
2025-12-19 09:42:14
|
block
|
Multiple requests targeting 'wp-login.php', flagged by WAF, triggered brute-force alert '3900998', and associated ASN AS209605 has other IPs blocklisted for similar activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
209.38.29.70
|
ip
|
2025-12-19 08:52:12
|
block
|
IP from blocklisted ASN AS14061 aggressively attempting Laravel and PHPUnit exploits, command injection, and local file inclusion by targeting sensitive files (.env, .git/config), triggered multiple critical WAF deny rules (CMD-INJECTION-ANOMALY, LFI-ANOMALY), and shows an extremely high number of detected threat requests.
|
1.0
|
severity: Severity.critical
|
|
209.38.88.38
|
ip
|
2025-12-19 07:02:04
|
block
|
IP from blocklisted ASN AS14061 aggressively attempting Laravel and PHPUnit exploits by targeting sensitive files, triggered a critical WAF deny rule, and showed a 100% threat request ratio.
|
1.0
|
severity: Severity.critical
|
|
170.64.219.248
|
ip
|
2025-12-19 04:01:53
|
block
|
IP is aggressively attempting critical exploits (Laravel RCE, PHPUnit RCE, LFI, sensitive file disclosure) and triggered multiple critical WAF deny rules. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.135.232.10
|
ip
|
2025-12-19 02:11:46
|
block
|
All requests (100%) from this IP targeted known WordPress exploit paths ('xmlrpc.php', 'wp-login.php') and triggered multiple critical WAF deny rules (IPBLOCK-PENALTY-BOX, PLATFORM-ANOMALY, POLICY-ANOMALY), indicating an active and severe brute-force or enumeration attack.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-18 20:11:21
|
block
|
IP belongs to AS396982, which is blocklisted for extensive WordPress enumeration, bot impersonation, and critical WAF deny rules, indicating a high risk of malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-18 20:01:26
|
ignore
|
No malicious activity detected for this IP (0 threat requests, no WAF flags or security rule hits), despite its ASN being blocklisted. This specific IP no longer exhibits suspicious behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
77.90.185.10
|
ip
|
2025-12-18 20:01:26
|
block
|
High percentage (90%) of detected threat requests targeting 'wp-login.php', triggering security alerts indicative of brute-force attempts. Associated ASN AS215476 also shows high malicious activity and has other IPs blocklisted for similar behavior.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS215476
|
asn
|
2025-12-18 20:01:26
|
block
|
High percentage (88.5%) of detected threat requests originating from this ASN, consistently targeting 'wp-login.php' and triggering security alerts for brute-force attempts. Other IPs within this ASN are already blocklisted for similar persistent malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
170.64.167.148
|
ip
|
2025-12-18 13:31:04
|
block
|
IP from blocklisted ASN AS14061 aggressively attempting Laravel and PHPUnit exploits, command injection, and local file inclusion by targeting sensitive files (.env, .git/config), triggering multiple critical WAF deny rules (CMD-INJECTION-ANOMALY, LFI-ANOMALY), and showing a very high threat request ratio (101/11).
|
1.0
|
severity: Severity.critical
|
|
114.119.146.15
|
ip
|
2025-12-18 03:30:22
|
block
|
All requests (100%) were detected as threats, including probing 'wp-login.php', and the associated ASN (AS136907) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.8
|
ip
|
2025-12-17 23:50:15
|
block
|
IP from blocklisted ASN AS211590, demonstrating bot-browser impersonation, multiple WAF alerts, and an exceptionally high number of detected threat requests (50 out of 17), indicating persistent malicious probing and automated attacks.
|
1.0
|
severity: Severity.critical
|
|
34.187.144.195
|
ip
|
2025-12-17 17:09:52
|
block
|
Extensive WordPress enumeration, bot impersonation, and high detected threat requests (127/27). Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and associated ASN (AS396982) is blocklisted for similar activity.
|
1.0
|
severity: Severity.critical
|
|
34.105.63.134
|
ip
|
2025-12-17 14:19:47
|
block
|
IP performing extensive WordPress enumeration and bot impersonation, triggering critical WAF deny rules (IPBLOCK-BURST4-318403) and multiple bot alerts. Behavior is consistent with blocklisted ASN AS396982.
|
1.0
|
severity: Severity.critical
|
|
AS396982
|
asn
|
2025-12-17 11:39:36
|
block
|
Associated IPs within this ASN are performing extensive WordPress enumeration and bot impersonation, triggering critical WAF deny rules like 'IPBLOCK-BURST4-318403', and demonstrating a very high threat request ratio.
|
1.0
|
severity: Severity.critical
|
|
74.7.243.201
|
ip
|
2025-12-17 10:39:34
|
block
|
High percentage of detected threat requests (75%) including suspicious and obfuscated paths, triggered WAF alert '3991023', and associated ASN AS8075 is blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
91.224.92.99
|
ip
|
2025-12-17 10:09:33
|
block
|
Detected brute-force or credential stuffing attempts targeting 'wp-login.php', with WAF flagging the path and triggering security alert '3900998'. Associated ASN (AS209605) has other IPs blocklisted for similar WordPress enumeration and bot activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-17 09:59:31
|
watchlist
|
Associated with ASN AS396982, which is linked to blocklisted IPs exhibiting extensive WordPress enumeration and bot impersonation, despite current low threat indicators.
|
0.699999988079071
|
severity: Severity.medium
|
|
91.224.92.99
|
ip
|
2025-12-17 09:59:31
|
ignore
|
No new activity or detected threat requests since being added to the watchlist, suggesting it's no longer a threat or was a false positive.
|
0.800000011920929
|
severity: Severity.low
|