|
176.65.132.163
|
ip
|
2026-02-03 17:07:15
|
block
|
High percentage of detected threat requests (62.5%) targeting 'wp-login.php' and triggering a brute-force alert (3900998). Its associated ASN (AS51396) is already blocklisted for severe malicious activity, with other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
216.73.216.0
|
ip
|
2026-02-03 14:17:09
|
block
|
High percentage of detected threat requests (75%), accessed 'robots.txt' flagged by WAF, triggered security alert '3991023', and its associated ASN (AS16509) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
103.4.251.234
|
ip
|
2026-02-03 11:57:00
|
block
|
Extremely high ratio of detected threat requests (54 over 13), all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR'. This behavior is identical to multiple other blocklisted IPs from the same malicious ASN AS9009, indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:4:2:1:51:0:5
|
ip
|
2026-02-03 11:36:58
|
block
|
Extremely high percentage of detected threat requests (90.9%), all accessed paths flagged by WAF (mcp, sse), and triggered security alert '3990001'. This behavior is identical to multiple other blocklisted IPs from the same malicious ASN AS21859, indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
104.164.126.102
|
ip
|
2026-02-03 11:06:57
|
block
|
Extremely high ratio of detected threat requests (54 over 13), almost all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
167.71.175.236
|
ip
|
2026-02-03 11:06:57
|
block
|
Aggressive reconnaissance targeting sensitive files and API documentation (e.g., '.git/config', '.env', 'server-status'), all requests flagged by WAF, and triggered a critical 'LFI-ANOMALY' deny rule. This IP's ASN (AS14061) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
64.227.70.2
|
ip
|
2026-02-03 11:06:57
|
block
|
Aggressive reconnaissance targeting sensitive files and API documentation (e.g., '.git/config', '.env', 'server-status'), all requests flagged by WAF, and triggered multiple critical deny rules including 'LFI-ANOMALY' and 'IPBLOCK-PENALTY-BOX'. This IP's ASN (AS14061) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
68.183.180.73
|
ip
|
2026-02-03 11:06:57
|
block
|
Aggressive reconnaissance targeting sensitive files and API documentation (e.g., '.git/config', '.env', 'server-status'), all requests flagged by WAF, and triggered a critical 'LFI-ANOMALY' deny rule. This IP's ASN (AS14061) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
174.101.186.59
|
ip
|
2026-02-02 19:35:36
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', with a high percentage (36.8%) of detected threat requests and multiple paths flagged by WAF, indicating active malicious probing.
|
1.0
|
severity: Severity.critical
|
|
2600:382:37f8:bba8:c8a0:48e5:1cb1:a2f1
|
ip
|
2026-02-02 19:35:36
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', indicating malicious activity despite a lower percentage of detected threat requests.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:100:0:1:1:0:5
|
ip
|
2026-02-02 19:35:36
|
block
|
Extremely high ratio of detected threat requests (18 over 11 total requests), all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
44.222.230.102
|
ip
|
2026-02-02 19:05:36
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS14618) has multiple other IPs blocklisted for identical severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-02-02 18:05:34
|
block
|
High ratio of detected threat requests (~85.7%), the root path was flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR' were triggered, indicating severe automated malicious probing. This behavior is consistent with other blocklisted IPs from high-risk geo-locations.
|
1.0
|
severity: Severity.critical
|
|
104.211.72.80
|
ip
|
2026-02-02 17:55:38
|
block
|
IP belongs to AS8075, which is blocklisted for persistent malicious activity, and accessed suspicious PHP files consistent with prior attacks from this ASN.
|
1.0
|
severity: Severity.critical
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-02-02 17:55:38
|
ignore
|
No new or detected malicious activity since being added to the watchlist, and accessed benign paths.
|
0.8999999761581421
|
severity: Severity.low
|
|
77.83.39.184
|
ip
|
2026-02-02 17:55:38
|
ignore
|
No new or detected malicious activity since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
136.114.98.158
|
ip
|
2026-02-02 09:04:40
|
block
|
Extensive WordPress enumeration and bot impersonation attempts detected, with a very high number of detected threat requests (95 over 31 requests), all accessed paths flagged by WAF, and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403). Its associated ASN (AS396982) is already blocklisted for identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
109.105.210.88
|
ip
|
2026-02-02 06:14:27
|
block
|
Extremely high number of detected threat requests (42 over 5 requests), all accessed sensitive paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR'. Its associated ASN AS21859 has other IPs blocklisted for identical severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
20.89.56.154
|
ip
|
2026-02-02 04:54:23
|
block
|
Extremely high number of detected threat requests (478 over 74 requests), almost all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR' and 'IPBLOCK-BURST4-318403'. Its associated ASN AS8075 is already blocklisted for persistent malicious activity with numerous other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
4.213.174.69
|
ip
|
2026-02-02 03:04:06
|
block
|
Extremely high ratio of detected threat requests (1349/254), all accessed suspicious PHP and WordPress admin paths flagged by WAF, triggered multiple alerts including 'BOT-BROWSER-IMPERSONATOR', and a critical 'IPBLOCK-BURST4-318403' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.22
|
ip
|
2026-02-01 17:13:23
|
block
|
Extremely high ratio of detected threat requests (1643/1625), all accessed paths flagged by WAF, and multiple critical security deny rules triggered (IPBLOCK-BURST4, IPBLOCK-SUMMARY8, LFI-ANOMALY, REP_1654536). This IP is aggressively probing for sensitive configuration and credential files, and its associated ASN (AS211590) is already blocklisted for persistent and identical severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
4.241.184.25
|
ip
|
2026-02-01 13:12:49
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP and WordPress admin paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
45.156.87.17
|
ip
|
2026-02-01 11:02:41
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', with 50% threat requests and triggered WAF alert '3900998'. Its associated ASN (AS51396) is already blocklisted for severe malicious activity and multiple critical WAF deny rules, indicating a high-confidence threat.
|
1.0
|
severity: Severity.critical
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-01-31 22:51:53
|
watchlist
|
Initial review shows no immediate malicious activity, but geo-location from a high-risk region (RU) warrants continued monitoring.
|
0.30000001192092896
|
severity: Severity.low
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-01-31 22:41:45
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Observed benign activity including access to common website resources.
|
1.0
|
severity: Severity.low
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-01-31 22:31:49
|
ignore
|
No detected threat requests, WAF flags, or security rule hits over 7 requests to benign paths, suggesting legitimate activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-01-31 22:21:53
|
ignore
|
No malicious activity detected through WAF, threat requests, or security rule hits across 7 requests, indicating benign behavior.
|
1.0
|
severity: Severity.low
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-01-31 22:11:46
|
ignore
|
No suspicious activity detected; zero threat requests, no WAF flags, and no security rule hits. This IP is clean.
|
1.0
|
severity: Severity.low
|
|
2a00:f2a0:0:f783::100
|
ip
|
2026-01-31 22:01:49
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits for 6 total requests, indicating benign activity.
|
1.0
|
severity: Severity.low
|
|
149.56.160.146
|
ip
|
2026-01-31 20:41:44
|
block
|
High percentage of detected threat requests (~88.89%) and almost all accessed paths flagged by WAF, including a highly obfuscated suspicious path, triggering security alert '3991017'. Its associated ASN (AS16276) is already blocklisted for persistent malicious activity, with other IPs and related TLS fingerprints from this ASN blocklisted for identical malicious campaigns.
|
1.0
|
severity: Severity.critical
|
|
149.56.150.84
|
ip
|
2026-01-31 20:41:44
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991017'. Its associated ASN (AS16276) is already blocklisted for persistent malicious activity, with other IPs from this ASN and a related TLS fingerprint also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
141.98.10.134
|
ip
|
2026-01-30 10:48:16
|
block
|
IP 141.98.10.134 is performing WordPress enumeration attempts against 'index.php/author/admin3157/', detected by WAF alert '3900998'. Its associated ASN AS209605 is already blocklisted for similar critical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.53
|
ip
|
2026-01-30 08:07:56
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', detected threat requests (5/19), accessed a suspicious path ('assets/e8318ad247f4935a64a6053620f9ffbce001188a776'), and belongs to blocklisted ASN AS3356, which has multiple IPs blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
101.36.118.228
|
ip
|
2026-01-30 06:47:44
|
block
|
Extremely high number of detected threat events (28 over 9 requests), all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts. Its associated ASN AS135377 has another IP (152.32.192.241) blocklisted for identical activity.
|
1.0
|
severity: Severity.critical
|
|
152.32.131.118
|
ip
|
2026-01-30 06:47:44
|
block
|
Extremely high number of detected threat events (16 over 5 requests), all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts. Its associated ASN AS135377 has another IP (152.32.192.241) blocklisted for identical activity.
|
1.0
|
severity: Severity.critical
|
|
51.79.137.237
|
ip
|
2026-01-29 02:45:00
|
block
|
All requests (100%) from this IP were detected as threats, targeting WordPress enumeration paths like 'wlwmanifest.xml' and 'xmlrpc.php', and triggered a critical reputation-based WAF deny rule (REP_1654538).
|
1.0
|
severity: Severity.critical
|
|
146.19.24.116
|
ip
|
2026-01-28 21:24:39
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3990001'. Its associated ASN (AS201814) is already blocklisted for aggressively targeting sensitive configuration and information files with similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
104.210.140.139
|
ip
|
2026-01-28 21:04:36
|
block
|
All requests (100%) from this IP were detected as threats, the accessed path 'robots.txt' was flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
64.225.8.2
|
ip
|
2026-01-28 20:54:43
|
block
|
IP 64.225.8.2 is attempting local file inclusion by accessing sensitive '.env' files, triggering critical WAF deny rules (LFI-ANOMALY, REP_1654536), and showing a very high threat request ratio (6 detected for 5 total). Its associated ASN (AS14061) is already blocklisted for persistent and highly malicious activity including sensitive file probing and LFI attempts from numerous other IPs, confirming a coordinated and severe threat.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.165
|
ip
|
2026-01-28 20:44:40
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.11
|
ip
|
2026-01-28 20:44:40
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.74
|
ip
|
2026-01-28 20:44:40
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
20.214.153.76
|
ip
|
2026-01-28 13:24:18
|
block
|
IP belongs to blocklisted ASN AS8075, known for persistent malicious activity, and is probing suspicious PHP and WordPress paths, consistent with other blocklisted IPs from this ASN.
|
0.949999988079071
|
severity: Severity.critical
|
|
46.29.238.105
|
ip
|
2026-01-28 12:24:09
|
block
|
Accessed a highly obfuscated and suspicious path (rNiTG/9Z/...), consistent with other blocklisted IPs exhibiting similar malicious probing for exploitation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
129.204.130.14
|
ip
|
2026-01-28 12:14:14
|
block
|
Extremely high ratio of detected threat requests (81 for 9 total requests), all accessed paths were flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR'. This indicates severe automated probing and exploitation attempts targeting WordPress and Magento, originating from a high-risk geo-location (CN).
|
1.0
|
severity: Severity.critical
|
|
46.29.238.105
|
ip
|
2026-01-28 12:14:14
|
ignore
|
No activity detected (0 total requests, 0 threat requests, no paths accessed or flagged, no security rule hits) since being added to the watchlist. No current evidence of malicious behavior warrants its removal.
|
0.8999999761581421
|
severity: Severity.low
|
|
77.83.39.184
|
ip
|
2026-01-28 12:14:14
|
watchlist
|
Accessed 'xmlrpc.php' which is a common target for WordPress attacks, but no new WAF flags or security alerts were triggered in the latest observation. The existing AI assessment maintains it at medium severity, indicating continued monitoring is required.
|
0.6000000238418579
|
severity: Severity.medium
|
|
3.128.33.89
|
ip
|
2026-01-28 12:04:06
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
161.118.211.239
|
ip
|
2026-01-28 07:23:46
|
block
|
Actively targeting sensitive WordPress admin and login paths, all requests flagged by WAF with multiple security alerts (including 'BOT-BROWSER-IMPERSONATOR'), and triggered a critical WAF deny rule ('IPBLOCK-BURST4-318403'). Its associated ASN (AS31898) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
77.83.39.184
|
ip
|
2026-01-27 12:02:32
|
watchlist
|
Accessed 'xmlrpc.php' but without WAF flags or detected threat requests; requires continued monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|