|
157.180.49.118
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.207.148.148
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, actively probing for sensitive configuration files, environment variables, and administrative paths, indicating a critical reconnaissance and potential exploitation attempt, also detected as a browser impersonator.
|
0.949999988079071
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: 100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.144
|
ip
|
2025-07-19 10:39:11
|
block
|
All 100% of requests flagged by WAF, demonstrating aggressive and widespread probing for sensitive configuration files, environment variables, administrative paths, and actively attempting Local File Inclusion (LFI). This IP directly triggered multiple critical IP blocking and reputation rules and belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, targeting sensitive configuration files (.zshrc, config.php~, config.yml), exhibiting browser impersonation, and triggering critical IP blocking rules including LFI anomalies. This IP belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.130
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.4
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.92.177.104
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed critical malicious activity: Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-19 10:39:11
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
157.180.49.118
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.207.148.148
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, actively probing for sensitive configuration files, environment variables, and administrative paths, indicating a critical reconnaissance and potential exploitation attempt, also detected as a browser impersonator.
|
0.949999988079071
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: 100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.144
|
ip
|
2025-07-19 10:29:26
|
block
|
All 100% of requests flagged by WAF, demonstrating aggressive and widespread probing for sensitive configuration files, environment variables, administrative paths, and actively attempting Local File Inclusion (LFI). This IP directly triggered multiple critical IP blocking and reputation rules and belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, targeting sensitive configuration files (.zshrc, config.php~, config.yml), exhibiting browser impersonation, and triggering critical IP blocking rules including LFI anomalies. This IP belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.130
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.4
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.92.177.104
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.172.61
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-19 10:29:26
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|