|
168.93.0.116
|
ip
|
2026-02-09 08:46:20
|
watchlist
|
Accessed an obfuscated path ('akam/13/5733f366') similar to those observed with malicious probing from other blocklisted IPs. However, no immediate WAF flags or detected threat requests were triggered, warranting continued monitoring.
|
0.30000001192092896
|
severity: Severity.low
|
|
104.208.81.121
|
ip
|
2026-02-09 08:36:20
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files including a known WordPress File Manager exploit ('wp-content/plugins/hellopress/wp_filemanager.php') were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
168.93.0.116
|
ip
|
2026-02-09 08:36:20
|
ignore
|
The IP '168.93.0.116' currently shows no detected threat requests, no WAF flags, and no security rule hits across 19 requests, indicating it is no longer exhibiting suspicious behavior. Its accessed paths are consistent with benign website asset retrieval.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-08 17:15:12
|
watchlist
|
The IP accessed a highly suspicious obfuscated path ('akam/13/5733f366') which is consistent with malicious probing observed from numerous other blocklisted IPs. While no immediate WAF alerts were triggered for this specific request, the pattern warrants closer monitoring.
|
0.800000011920929
|
severity: Severity.medium
|
|
168.93.0.116
|
ip
|
2026-02-08 17:05:10
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. All accessed paths appear benign, and the associated ASN is not blocklisted.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-08 16:55:10
|
ignore
|
No detected threat requests (0/19), no WAF flags, and no security rule hits. The associated ASN (AS35847) is not found in the blocklist. All accessed paths appear legitimate.
|
0.8999999761581421
|
severity: Severity.low
|
|
209.97.162.190
|
ip
|
2026-02-08 11:45:04
|
block
|
Extremely high ratio of detected threat requests (95 over 31 requests), all accessed WordPress enumeration paths ('wlwmanifest.xml') flagged by WAF, triggered critical security alerts including 'BOT-BROWSER-IMPERSONATOR', and hit a critical WAF deny rule ('IPBLOCK-BURST4-318403'). Its associated ASN AS14061 is already blocklisted for identical, severe malicious activity from numerous other IPs, confirming a coordinated and persistent threat.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:5:1:1:9:0:5
|
ip
|
2026-02-08 11:14:57
|
block
|
Extremely high ratio of detected threat requests (90.9%), all non-trivial accessed paths (mcp, sse) flagged by WAF, and triggered security alert '3990001'. This behavior is identical to multiple other blocklisted IPs from the same malicious ASN AS21859, indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
AS21859
|
asn
|
2026-02-08 11:14:57
|
block
|
Extremely high number of detected threat requests (100 over 54 total requests), widespread WAF flags across various paths including 'mcp' and 'sse', and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR'. This confirms persistent and severe automated malicious probing and exploit attempts across the ASN.
|
1.0
|
severity: Severity.critical
|
|
20.205.200.255
|
ip
|
2026-02-08 08:34:53
|
block
|
IP belongs to AS8075, which is extensively blocklisted for persistent malicious activity. This IP is actively probing highly suspicious WordPress administration and core file paths, consistent with reconnaissance and exploitation attempts observed from other blocklisted IPs from this ASN, despite no immediate WAF flags.
|
1.0
|
severity: Severity.critical
|
|
3%7eeed460c9d12572ae
|
tls
|
2026-02-08 01:04:21
|
block
|
Extremely high number of detected threat events (121 over 20 requests), all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
216.73.216.4
|
ip
|
2026-02-07 22:24:13
|
block
|
High percentage of detected threat requests (66.67%), accessed WAF-flagged paths ('robots.txt'), triggered security alert '3991023', and accessed highly obfuscated suspicious paths. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
174.78.6.84
|
ip
|
2026-02-07 17:54:06
|
block
|
Triggered a critical WAF deny rule 'IPBLOCK-BURST4-318403', showed a high percentage of detected threat requests (36.8%), and accessed a suspicious obfuscated path ('akam/13/pixel_117686f9'), indicating a burst of malicious probing consistent with other blocklisted entities.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:46:0:5
|
ip
|
2026-02-07 17:33:57
|
block
|
High percentage of detected threat requests (80%), all non-trivial accessed paths (mcp, sse) flagged by WAF, and triggered security alert '3990001'. This behavior is identical to multiple other blocklisted IPs from the same malicious ASN AS21859, indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
20.220.144.75
|
ip
|
2026-02-07 16:33:54
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
206.189.87.51
|
ip
|
2026-02-07 15:13:48
|
block
|
IP is performing WordPress brute-force attempts, indicated by access to wp-login.php and WAF alert '3900998'. Its associated ASN AS14061 is already blocklisted for extensive and highly malicious activity including WordPress enumeration and bot impersonation, consistent with this behavior.
|
1.0
|
severity: Severity.critical
|
|
45.149.173.211
|
ip
|
2026-02-07 11:23:36
|
block
|
Extremely high number of detected threat requests (89 over 25 requests), all accessed WordPress enumeration paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR'. This IP also triggered a critical WAF deny rule ('IPBLOCK-BURST4-318403'), and its associated ASN AS62240 is already blocklisted for identical, severe malicious activity from other IPs.
|
1.0
|
severity: Severity.critical
|
|
45.156.128.178
|
ip
|
2026-02-07 09:33:28
|
block
|
Extremely high ratio of detected threat requests (47 over 7 total requests), all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR'. Its associated ASN AS211680 is already blocklisted for identical severe malicious activity, indicating a persistent and coordinated threat.
|
1.0
|
severity: Severity.critical
|
|
20.110.243.199
|
ip
|
2026-02-07 09:13:31
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files including a known WordPress File Manager exploit ('wp-content/plugins/hellopress/wp_filemanager.php') were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
20.187.78.62
|
ip
|
2026-02-07 07:53:35
|
block
|
IP belongs to AS8075, which is extensively blocklisted for persistent malicious activity, including probing suspicious PHP files and WordPress admin paths. While this specific IP has no immediate WAF flags or detected threat requests, its accessed paths (e.g., class-t.api.php, info.php, sf.php) are consistent with the malicious reconnaissance observed from other blocklisted IPs from this ASN.
|
0.949999988079071
|
severity: Severity.critical
|
|
24.126.4.95
|
ip
|
2026-02-06 18:32:38
|
block
|
IP 24.126.4.95 triggered a critical WAF deny rule ('IPBLOCK-BURST4-318403') and generated multiple WAF alerts, with a high percentage of detected threat requests (~36.8%), indicating a burst of malicious activity consistent with botnet behavior.
|
1.0
|
severity: Severity.critical
|
|
193.143.1.12
|
ip
|
2026-02-06 15:12:28
|
block
|
The IP 193.143.1.12 from Russia (RU) shows an extremely high rate of detected threat requests (84 over 21 total), engaged in aggressive WordPress enumeration (targeting 'wlwmanifest.xml', 'xmlrpc.php', 'feed/'), triggered a critical 'BOT-BROWSER-IMPERSONATOR' alert, and hit a critical WAF deny rule ('IPBLOCK-BURST4-318403'). Its associated ASN AS198953 is already blocklisted for identical and persistent malicious activity from multiple other IPs, confirming a severe and coordinated threat.
|
1.0
|
severity: Severity.critical
|
|
52.167.144.171
|
ip
|
2026-02-06 12:42:09
|
block
|
High percentage of detected threat requests (~85.7%), numerous WAF flags including an obfuscated and suspicious path, and its associated ASN (AS8075) is already blocklisted for persistent malicious activity with identical attack patterns.
|
1.0
|
severity: Severity.critical
|
|
52.167.144.187
|
ip
|
2026-02-06 12:42:09
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991006'. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with identical attack patterns.
|
1.0
|
severity: Severity.critical
|
|
20.110.170.61
|
ip
|
2026-02-06 08:32:03
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files including a known WordPress File Manager exploit ('wp-content/plugins/hellopress/wp_filemanager.php') were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
73.98.29.196
|
ip
|
2026-02-05 19:21:17
|
block
|
Triggered a critical WAF deny rule 'IPBLOCK-BURST4-318403' indicating a burst of malicious activity, and detected security alert '3910006' for an obfuscated path ('akam/13/pixel_6600b21e'), consistent with other blocklisted entities showing severe malicious probing.
|
1.0
|
severity: Severity.critical
|
|
142.93.0.66
|
ip
|
2026-02-05 12:40:35
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, extremely high threat request ratio (62 over 35 requests), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
167.172.232.142
|
ip
|
2026-02-05 12:40:35
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, extremely high threat request ratio (63 over 35 requests), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.148.10.154
|
ip
|
2026-02-05 01:59:54
|
block
|
Extremely high ratio of detected threat requests (111 over 14 requests), all accessed sensitive version control system files (.svn, .git) were flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR' were triggered. Its associated ASN AS48090 is already blocklisted for persistent and identical severe malicious activity from numerous other IPs.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.202
|
ip
|
2026-02-05 01:29:53
|
block
|
High percentage of detected threat requests (60%), all accessed suspicious paths flagged by WAF, and triggered security alert '3991006'. Its associated ASN (AS15169) is already blocklisted for persistent malicious activity with numerous other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
52.184.97.233
|
ip
|
2026-02-04 23:19:39
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with numerous other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
51.195.103.76
|
ip
|
2026-02-04 18:29:24
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991006'. Its associated ASN (AS16276) is already blocklisted for persistent malicious activity, with other IPs from this ASN also blocklisted for similar malicious campaigns.
|
1.0
|
severity: Severity.critical
|
|
43.164.195.17
|
ip
|
2026-02-04 16:29:19
|
block
|
High percentage of detected threat requests (40%), all accessed non-empty paths flagged by WAF, and triggered security alert '3900999', consistent with blocklisted ASN AS132203 and other blocklisted IPs exhibiting similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
167.71.198.160
|
ip
|
2026-02-04 11:58:50
|
block
|
IP is actively performing WordPress enumeration and bot impersonation, with an extremely high number of detected threat requests (34 over 6 requests) and all accessed paths flagged by WAF. Its associated ASN (AS14061) is already blocklisted for identical highly malicious activity, confirming a coordinated and severe threat.
|
1.0
|
severity: Severity.critical
|
|
20.211.1.249
|
ip
|
2026-02-04 11:48:48
|
block
|
IP belongs to AS8075, which is blocklisted for persistent malicious activity. This IP is actively probing highly suspicious WordPress administration and core file paths (e.g., wp-admin/images/file.php, wp-load.php, chosen.php), consistent with reconnaissance and exploitation attempts, despite no explicit WAF flags for these specific requests.
|
0.9800000190734863
|
severity: Severity.critical
|
|
149.57.176.44
|
ip
|
2026-02-04 10:28:43
|
block
|
Accessed a WAF-flagged obfuscated path ("akam/13/pixel_2eb3b2db") and triggered security alert '3910006', a pattern consistent with malicious probing observed from blocklisted IPs from the same ASN (`149.57.191.20`).
|
0.949999988079071
|
severity: Severity.critical
|
|
149.57.191.228
|
ip
|
2026-02-04 10:28:43
|
block
|
Accessed a WAF-flagged obfuscated path ("akam/13/pixel_69827dcf") and triggered security alert '3910006', a pattern consistent with malicious probing observed from blocklisted IPs from the same ASN (`149.57.191.20`).
|
0.949999988079071
|
severity: Severity.critical
|
|
AS64286
|
asn
|
2026-02-04 10:28:43
|
block
|
Multiple associated IPs are performing malicious probing by accessing WAF-flagged obfuscated paths and triggering security alert '3910006', indicating widespread malicious activity from this ASN, consistent with other blocklisted ASNs.
|
0.9800000190734863
|
severity: Severity.critical
|
|
149.57.191.20
|
ip
|
2026-02-04 09:28:40
|
block
|
Accessed a WAF-flagged obfuscated path ("akam/13/pixel_2eb3b1d8") and triggered security alert '3910006', a pattern consistent with malicious probing observed from other blocklisted IPs.
|
0.8500000238418579
|
severity: Severity.critical
|
|
205.169.39.29
|
ip
|
2026-02-04 09:28:40
|
block
|
Accessed a WAF-flagged obfuscated path ("akam/13/2f321e7e") and triggered security alert '3900999', consistent with other blocklisted IPs from its associated ASN (AS3356) exhibiting similar malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
149.57.191.20
|
ip
|
2026-02-04 06:58:28
|
watchlist
|
Low percentage of detected threat requests (3.7%), a single obfuscated path flagged by WAF, and one security alert (3910006) indicate suspicious but not critically malicious activity, warranting continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
149.57.191.20
|
ip
|
2026-02-04 06:48:32
|
ignore
|
This IP has shown no traffic or detected threat requests since being added to the watchlist, indicating no current malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
74.7.230.8
|
ip
|
2026-02-04 06:48:32
|
block
|
This IP shows 100% detected threat requests, accessed a WAF-flagged path 'robots.txt', and its associated ASN (AS8075) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
149.57.191.20
|
ip
|
2026-02-04 06:38:31
|
watchlist
|
Entity continues to show low-level suspicious activity, including an obfuscated path flagged by WAF and a security alert, but lacks enough critical evidence for immediate blocking. Further monitoring is required.
|
0.699999988079071
|
severity: Severity.medium
|
|
74.7.228.59
|
ip
|
2026-02-04 06:38:31
|
block
|
All requests (100%) from this IP were detected as threats, the accessed path 'robots.txt' was flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
149.57.191.20
|
ip
|
2026-02-04 05:58:33
|
watchlist
|
Low ratio of detected threat requests (1/27) and a single WAF alert (3910006) on an 'akamai pixel' path, insufficient evidence for immediate blocking but warrants monitoring for escalating malicious behavior.
|
0.6000000238418579
|
severity: Severity.medium
|
|
216.81.248.41
|
ip
|
2026-02-03 18:57:27
|
block
|
Extremely high ratio of detected threat requests (36 for 6 total requests), all accessed highly sensitive configuration and version control paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
136.118.224.227
|
ip
|
2026-02-03 17:27:22
|
block
|
Extensive WordPress enumeration and bot impersonation attempts detected, with all accessed paths flagged by WAF, and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403). Its associated ASN (AS396982) is already blocklisted for identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
176.65.132.163
|
ip
|
2026-02-03 17:07:15
|
block
|
High percentage of detected threat requests (62.5%) targeting 'wp-login.php' and triggering a brute-force alert (3900998). Its associated ASN (AS51396) is already blocklisted for severe malicious activity, with other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
216.73.216.0
|
ip
|
2026-02-03 14:17:09
|
block
|
High percentage of detected threat requests (75%), accessed 'robots.txt' flagged by WAF, triggered security alert '3991023', and its associated ASN (AS16509) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|