|
114.119.142.93
|
ip
|
2025-12-16 15:59:12
|
watchlist
|
All requests flagged by WAF with a general alert (3991006), indicating suspicious probing, but no critical deny rules were triggered.
|
0.699999988079071
|
severity: Severity.medium
|
|
107.172.195.91
|
ip
|
2025-12-16 15:59:12
|
block
|
High number of detected threat requests and multiple WAF alerts, including bot impersonation, indicating automated malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
194.180.49.169
|
ip
|
2025-12-16 15:59:12
|
block
|
Aggressively targeted highly sensitive configuration and information files, triggering critical WAF deny rules including IPBLOCK-BURST4, LFI-ANOMALY, and reputation-based blocking.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-16 15:59:12
|
ignore
|
No detected threat requests, no flagged paths by WAF, and no security rule hits, indicating benign activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
47.128.19.44
|
ip
|
2025-12-16 15:59:12
|
watchlist
|
All requests flagged by WAF with a general alert (3991023) for seemingly benign static assets, indicating unusual access patterns but no critical exploit attempts.
|
0.6000000238418579
|
severity: Severity.medium
|
|
54.71.96.232
|
ip
|
2025-12-16 15:59:12
|
watchlist
|
Low number of detected threat requests (1/23) but includes a suspicious 'akam' path and a WAF alert, warranting continued monitoring.
|
0.5
|
severity: Severity.low
|
|
62.60.130.228
|
ip
|
2025-12-16 15:59:12
|
block
|
High percentage of detected threat requests (13/16) specifically targeting 'wp-login.php' and triggering an alert indicative of brute-force attempts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
77.90.185.240
|
ip
|
2025-12-16 15:59:12
|
block
|
High percentage of detected threat requests (33/36) specifically targeting 'wp-login.php' and triggering an alert indicative of brute-force attempts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
74.7.242.54
|
ip
|
2025-12-16 15:59:12
|
watchlist
|
High number of detected threat requests (43/44) with all requests flagged by WAF for general alert (3991023), indicating suspicious scanning or aggressive bot activity.
|
0.75
|
severity: Severity.medium
|
|
AS16509
|
asn
|
2025-12-16 15:59:12
|
block
|
High ratio of detected threat requests and a critical 'IPBLOCK' WAF deny rule was triggered. This ASN is already in the blocklist for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
AS140818
|
asn
|
2025-12-16 15:59:12
|
block
|
High volume of requests targeting WordPress enumeration and login paths, triggering critical WAF deny rules including IPBLOCK-PENALTY-BOX and PLATFORM-ANOMALY.
|
1.0
|
severity: Severity.critical
|
|
AS22295
|
asn
|
2025-12-16 15:59:12
|
block
|
Detected bot-browser impersonation and extensive WordPress enumeration, triggering a critical 'IPBLOCK-BURST4' WAF deny rule. This ASN is already associated with blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
3%7e038225e54eaf0990
|
tls
|
2025-12-16 15:59:12
|
watchlist
|
All requests flagged by WAF, including suspicious and malformed WordPress API paths, triggering a general WAF alert (3991006). Warrants further monitoring.
|
0.800000011920929
|
severity: Severity.medium
|
|
3%7e7d37a809e7e56fbe
|
tls
|
2025-12-16 15:59:12
|
block
|
Aggressively targeted highly sensitive configuration and information files, triggering critical WAF deny rules including IPBLOCK-BURST4, LFI-ANOMALY, and reputation-based blocking.
|
1.0
|
severity: Severity.critical
|
|
3%7e01ca4d1c280cf0ab
|
tls
|
2025-12-16 15:59:12
|
block
|
Very high percentage of detected threat requests (52/54) with multiple WAF alerts and a critical 'IPBLOCK' deny rule triggered, indicating malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e44d2a8b1bd7fcedf
|
tls
|
2025-12-16 15:59:12
|
watchlist
|
High number of detected threat requests (49/61) with all requests flagged by WAF for a general alert (3991006), indicating suspicious scanning or aggressive bot activity.
|
0.75
|
severity: Severity.medium
|
|
3%7e407f950e81268bfe
|
tls
|
2025-12-16 15:59:12
|
block
|
High percentage of detected threat requests (57/72) specifically targeting 'wp-login.php' and triggering an alert indicative of brute-force attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e24e11312e419fb9c
|
tls
|
2025-12-16 15:59:12
|
block
|
Extremely high number of detected threat requests and multiple WAF alerts, including bot impersonation, indicating severe automated malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7e305534a7233fb39f
|
tls
|
2025-12-16 15:59:12
|
block
|
Aggressively targeted highly sensitive configuration files (e.g., .env, .git/config) and triggered multiple critical WAF deny rules, including IPBLOCK and LFI-ANOMALY.
|
1.0
|
severity: Severity.critical
|
|
3%7e2891d83539e8d2fd
|
tls
|
2025-12-16 15:59:12
|
block
|
Extremely high number of detected threat requests and extensive WordPress enumeration, triggering multiple WAF alerts, bot impersonation, and a critical 'IPBLOCK-BURST4' deny rule.
|
1.0
|
severity: Severity.critical
|
|
3%7edf1fada1233fb39f
|
tls
|
2025-12-16 15:59:12
|
block
|
High number of detected threat requests (20/22) including access to a highly obfuscated and suspicious path, indicating malicious probing or exploit attempts.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7eeb4f52e1e9bd4579
|
tls
|
2025-12-16 15:59:12
|
watchlist
|
High number of detected threat requests (41/45) and multiple general WAF alerts, indicating persistent suspicious scanning or bot activity.
|
0.800000011920929
|
severity: Severity.medium
|
|
193.142.147.57
|
ip
|
2025-12-16 06:13:43
|
block
|
All requests (100%) from this IP were detected as threats, specifically targeting 'wp-login.php' and triggering a security alert indicative of a brute-force or credential stuffing attack.
|
1.0
|
severity: Severity.critical
|
|
208.84.101.251
|
ip
|
2025-12-15 22:03:11
|
block
|
50% of requests were detected as threats, targeting sensitive WordPress enumeration paths and triggering a critical IP block deny rule due to a burst of malicious activity.
|
1.0
|
severity: Severity.critical
|
|
103.141.144.222
|
ip
|
2025-12-15 03:12:11
|
watchlist
|
Accessed 'wp-login.php' 6 times, a common target for brute-force attempts. Although no WAF flags or security rule hits were triggered, the activity warrants further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
103.4.251.152
|
ip
|
2025-12-12 06:58:39
|
block
|
All requests (100%) from this IP were flagged by WAF, with a high number of detected threat requests, and triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
65.87.7.112
|
ip
|
2025-12-12 00:48:21
|
block
|
All requests (100%) from this IP were flagged by WAF, triggering security alert "3990011", and all accessed paths were marked as threats, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
147.182.149.75
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive files (.git/config, .env, config.json) and known exploit paths (LFI, Jira exploit), and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
159.89.174.87
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive files (.env, api-docs/swagger.json, .vscode/sftp.json) and common admin/info paths, and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
159.89.12.166
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive files (.git/config, .env, .vscode/sftp.json) and known exploit paths (LFI, Jira exploit), and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
167.71.81.114
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive endpoints (actuator/env, api/swagger.json, .env, .vscode/sftp.json) and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
AS14061
|
asn
|
2025-12-12 00:08:31
|
block
|
All requests from IPs associated with this ASN were flagged by WAF, extensively probing sensitive configurations and known exploit paths (including LFI and Jira exploits), and consistently triggered critical 'LFI-ANOMALY' deny rules. This ASN is confirmed to be highly malicious and is already in the blocklist.
|
1.0
|
severity: Severity.critical
|
|
3%7ebb4be091c5dc4153
|
tls
|
2025-12-12 00:08:31
|
block
|
All requests associated with this TLS fingerprint were flagged by WAF, targeting sensitive files (.DS_Store, .env, .git/config) and common admin/info paths, and triggered a critical 'LFI-ANOMALY' deny rule. This fingerprint is indicative of a highly malicious client.
|
1.0
|
severity: Severity.critical
|
|
40.83.76.149
|
ip
|
2025-12-10 00:46:02
|
block
|
All requests (100%) from this IP were flagged by WAF, accessing suspicious PHP files, and triggered an 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
37.228.254.154
|
ip
|
2025-12-09 12:55:20
|
block
|
High ratio of detected threat requests (60%), including access to an extremely suspicious and obfuscated path 'NqKXrfXQ/UVmgosN/YjdiKN1/-J/EYm94maubaDicN/RiQhYUIC/fGlT/I3ESewcB', indicating malicious probing and potential exploit attempts. A WAF alert rule '3900999' was also triggered.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:e05:3:1b::1
|
ip
|
2025-12-08 08:23:25
|
block
|
All requests (100%) from this IP were flagged by WAF, triggering multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and demonstrating a high ratio of detected threat requests to total requests, indicating automated malicious probing.
|
1.0
|
severity: Severity.critical
|
|
213.35.103.66
|
ip
|
2025-12-06 13:41:21
|
block
|
All requests from this IP targeted sensitive WordPress admin/login paths, were flagged by WAF, and triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing.
|
1.0
|
severity: Severity.critical
|
|
216.73.216.213
|
ip
|
2025-12-05 18:50:26
|
block
|
All requests (100%) from this IP were flagged by WAF, indicating persistent malicious probing targeting WordPress endpoints and triggering security alerts.
|
1.0
|
severity: Severity.critical
|
|
45.148.10.246
|
ip
|
2025-12-04 12:34:38
|
block
|
Extensive probing of sensitive configuration files and backups (e.g., .env, config/mail), all requests (100%) flagged by WAF, and multiple critical deny rules triggered including LFI-ANOMALY and IPBLOCK.
|
1.0
|
severity: Severity.critical
|
|
AS48090
|
asn
|
2025-12-04 12:34:38
|
block
|
Associated with IP 45.148.10.246, which demonstrated extensive probing of sensitive files, had all requests flagged by WAF, and triggered critical deny rules including LFI-ANOMALY and IPBLOCK.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-12-02 14:22:26
|
ignore
|
No security rule hits, WAF flags, or detected threat requests, and no activity for over a month. Entity is no longer considered suspicious.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:9d10:3e29:e251:a165
|
ip
|
2025-12-02 14:22:25
|
ignore
|
No current security rule hits, WAF flags, or detected threat requests. Entity has not shown recent malicious behavior, contradicting previous AI assessment.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.60.130.210
|
ip
|
2025-12-02 14:22:25
|
block
|
All requests (100%) were flagged by WAF and targeted 'wp-login.php', triggering security alerts indicative of a brute-force or credential stuffing attack.
|
1.0
|
severity: Severity.critical
|
|
3%7e67c0ea0c99e03401
|
tls
|
2025-11-30 15:39:51
|
block
|
TLS fingerprint associated with an IP (4.189.168.36) that had all requests flagged by WAF, bot impersonation, and probing of sensitive paths. Associated ASN AS8075 is blocklisted.
|
1.0
|
severity: Severity.critical
|
|
4.189.168.36
|
ip
|
2025-11-30 15:39:50
|
block
|
All requests (100%) flagged by WAF with bot impersonation and probing of sensitive paths. Associated ASN AS8075 is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:9d10:3e29:e251:a165
|
ip
|
2025-11-30 15:29:51
|
watchlist
|
IP accessed sensitive WordPress login path (wp-login.php) and is from an ASN with a history of similar suspicious WordPress probing, indicating potential reconnaissance or enumeration attempts.
|
0.6000000238418579
|
severity: Severity.medium
|
|
134.122.136.96
|
ip
|
2025-11-30 14:03:57
|
block
|
Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and exploit attempts. All accessed paths were flagged.
|
1.0
|
severity: Severity.critical
|
|
AS152194
|
asn
|
2025-11-30 14:03:57
|
block
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All accessed paths from this ASN were flagged as malicious.
|
1.0
|
severity: Severity.critical
|
|
3%7ed09afd3ffe9bdf7b
|
tls
|
2025-11-30 14:03:57
|
block
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This TLS fingerprint is used by a highly malicious client.
|
1.0
|
severity: Severity.critical
|
|
43.163.127.190
|
ip
|
2025-11-20 15:39:02
|
block
|
Repeated, targeted access attempts to sensitive Spring Boot actuator and mapping endpoints. All 13 requests flagged by WAF, with bot impersonation detected, indicating high-confidence malicious activity.
|
1.0
|
severity: Severity.critical
|