|
66.249.66.32
|
ip
|
2025-12-17 08:49:40
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert 3991006. The associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.200
|
ip
|
2025-12-17 08:49:40
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert 3991006. The associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
91.224.92.99
|
ip
|
2025-12-17 08:49:40
|
watchlist
|
Entity continues to target wp-login.php with a low rate of threat requests (25%) and triggered a relevant alert (3900998), requiring further monitoring but not immediate blocking.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e643dc557cbaefec4
|
tls
|
2025-12-17 08:49:40
|
block
|
All requests (100%) from this TLS fingerprint were detected as threats and flagged by WAF, triggering security alert 3990011, indicating highly malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
104.252.191.81
|
ip
|
2025-12-17 08:29:42
|
block
|
High number of detected threat requests and multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing and exploit attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
103.4.251.192
|
ip
|
2025-12-17 08:29:42
|
block
|
High number of detected threat requests and multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing and exploit attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
13.54.76.125
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
16.16.253.36
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
194.180.49.171
|
ip
|
2025-12-17 08:29:42
|
block
|
Aggressively targeted highly sensitive configuration and information files, triggering critical WAF deny rules including IPBLOCK-BURST4, LFI-ANOMALY, and reputation-based blocking.
|
1.0
|
severity: Severity.critical
|
|
3.139.75.95
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
34.75.103.206
|
ip
|
2025-12-17 08:29:42
|
block
|
Extensive WordPress enumeration and bot impersonation attempts detected, triggering multiple WAF alerts and a critical 'IPBLOCK-BURST4' deny rule.
|
1.0
|
severity: Severity.critical
|
|
54.206.119.170
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-17 08:29:42
|
ignore
|
No detected threat requests or WAF flags. This entity appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
66.249.66.32
|
ip
|
2025-12-17 08:29:42
|
watchlist
|
All requests were flagged by WAF and an alert triggered, but the entity (AS15169) is associated with legitimate search engine crawling, warranting continued monitoring for potential spoofing.
|
0.6000000238418579
|
severity: Severity.low
|
|
66.249.66.200
|
ip
|
2025-12-17 08:29:42
|
watchlist
|
All requests were flagged by WAF and an alert triggered, but the entity (AS15169) is associated with legitimate search engine crawling, warranting continued monitoring for potential spoofing.
|
0.6000000238418579
|
severity: Severity.low
|
|
91.224.92.99
|
ip
|
2025-12-17 08:29:42
|
watchlist
|
Accessed 'wp-login.php' and triggered a WAF alert indicative of brute-force attempts. Not enough deny rules or total threat requests to block immediately, but requires monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e643dc557cbaefec4
|
tls
|
2025-12-17 08:29:42
|
watchlist
|
All requests (100%) associated with this TLS fingerprint were detected as threats and triggered a WAF alert, but no critical deny rules were activated.
|
0.75
|
severity: Severity.medium
|
|
3%7e0e32d71b0a15c3f7
|
tls
|
2025-12-17 08:29:42
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-16 18:08:43
|
ignore
|
No suspicious activity, detected threats, or WAF flags were observed for this IP address across 10 requests. It does not warrant monitoring.
|
0.949999988079071
|
severity: Severity.low
|
|
34.136.173.106
|
ip
|
2025-12-16 17:58:44
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed. This IP shows no suspicious activity and is not present in the blocklist or watchlist.
|
1.0
|
severity: Severity.low
|
|
34.136.173.106
|
ip
|
2025-12-16 17:48:39
|
ignore
|
No malicious activity detected, no WAF flags, and no security rules were triggered.
|
0.0
|
severity: Severity.low
|
|
3%7e855c4ab9f9b8672b
|
tls
|
2025-12-16 17:38:34
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats, targeted 'wp-login.php', and triggered a critical 'IPBLOCK-PENALTY-BOX' WAF deny rule, indicating a severe brute-force or credential stuffing attempt.
|
1.0
|
severity: Severity.critical
|
|
54.71.96.232
|
ip
|
2025-12-16 17:28:39
|
block
|
Associated with ASN AS16509, which is already blocklisted for persistent malicious activity and triggering critical WAF deny rules. This IP also generated a WAF alert.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-16 17:28:39
|
ignore
|
No detected threat requests or WAF flags. Entity appears clean.
|
0.8999999761581421
|
severity: Severity.low
|
|
54.71.96.232
|
ip
|
2025-12-16 17:18:45
|
ignore
|
Entity in watchlist shows no current activity or detected threats since being added, indicating it is no longer suspicious.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.136.173.106
|
ip
|
2025-12-16 16:58:42
|
ignore
|
Entity shows no malicious activity (0/10 threat requests, no WAF flags, no security rule hits) and is not present in existing watchlists or blocklists. Does not require active monitoring.
|
0.8999999761581421
|
severity: Severity.low
|
|
114.119.159.62
|
ip
|
2025-12-16 16:48:34
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering a security alert.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-16 16:48:34
|
ignore
|
No malicious activity detected; all requests were legitimate and no WAF rules were triggered.
|
0.8999999761581421
|
severity: Severity.low
|
|
AS136907
|
asn
|
2025-12-16 16:48:34
|
block
|
All requests (100%) from this ASN were detected as threats and flagged by WAF, triggering a security alert.
|
1.0
|
severity: Severity.critical
|
|
114.119.142.93
|
ip
|
2025-12-16 16:38:53
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
0.8999999761581421
|
severity: Severity.critical
|
|
114.119.141.35
|
ip
|
2025-12-16 16:38:53
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
0.8999999761581421
|
severity: Severity.critical
|
|
114.119.136.249
|
ip
|
2025-12-16 16:38:53
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.141.144.222
|
ip
|
2025-12-16 16:38:53
|
block
|
Multiple WordPress enumeration/brute-force attempts detected, with critical WAF deny rules (IPBLOCK-PENALTY-BOX, PLATFORM-ANOMALY) triggered and a high number of threat requests (28/218).
|
0.949999988079071
|
severity: Severity.critical
|
|
114.119.129.175
|
ip
|
2025-12-16 16:38:53
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
0.8999999761581421
|
severity: Severity.critical
|
|
114.119.149.66
|
ip
|
2025-12-16 16:38:53
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.112.5.185
|
ip
|
2025-12-16 16:38:53
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-16 16:38:53
|
ignore
|
No detected threat requests and no paths flagged by WAF, indicating benign behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
47.128.19.44
|
ip
|
2025-12-16 16:38:53
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
0.8500000238418579
|
severity: Severity.medium
|
|
54.71.96.232
|
ip
|
2025-12-16 16:38:53
|
watchlist
|
Low percentage of detected threat requests and low AI confidence, but still triggered a WAF alert, warranting continued monitoring.
|
0.6000000238418579
|
severity: Severity.low
|
|
74.7.242.54
|
ip
|
2025-12-16 16:38:53
|
block
|
Extremely high percentage of detected threat requests (97.7%) and all accessed paths flagged by WAF.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e44d2a8b1bd7fcedf
|
tls
|
2025-12-16 16:38:53
|
block
|
High percentage of requests (80.3%) associated with this TLS fingerprint were detected as threats and flagged by WAF.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e038225e54eaf0990
|
tls
|
2025-12-16 16:38:53
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and flagged by WAF.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7eeb4f52e1e9bd4579
|
tls
|
2025-12-16 16:38:53
|
block
|
Over 90% of requests associated with this TLS fingerprint were detected as threats, indicating persistent malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
114.119.141.35
|
ip
|
2025-12-16 15:59:12
|
watchlist
|
All requests flagged by WAF with a general alert (3991006), indicating suspicious probing, but no critical deny rules were triggered.
|
0.699999988079071
|
severity: Severity.medium
|
|
114.119.136.249
|
ip
|
2025-12-16 15:59:12
|
watchlist
|
All requests flagged by WAF with a general alert (3991006), indicating suspicious probing, but no critical deny rules were triggered.
|
0.699999988079071
|
severity: Severity.medium
|
|
107.172.195.91
|
ip
|
2025-12-16 15:59:12
|
block
|
High number of detected threat requests and multiple WAF alerts, including bot impersonation, indicating automated malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
103.141.144.222
|
ip
|
2025-12-16 15:59:12
|
ignore
|
Previously watchlisted for suspicious activity, but current data shows no detected threat requests, no flagged paths by WAF, and no security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
141.98.11.181
|
ip
|
2025-12-16 15:59:12
|
block
|
Detected bot-browser impersonation, extensive WordPress enumeration, and triggered a critical 'IPBLOCK-BURST4' WAF deny rule due to a high rate of malicious requests.
|
1.0
|
severity: Severity.critical
|
|
104.244.74.39
|
ip
|
2025-12-16 15:59:12
|
block
|
All requests targeted sensitive configuration files and triggered critical LFI-ANOMALY and reputation-based WAF deny rules.
|
1.0
|
severity: Severity.critical
|
|
114.119.149.66
|
ip
|
2025-12-16 15:59:12
|
watchlist
|
All requests flagged by WAF with a general alert (3991006), including a request to an admin path, indicating suspicious probing, but no critical deny rules were triggered.
|
0.75
|
severity: Severity.medium
|