|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-18 20:07:30
|
block
|
Confirmed critical malicious activity: Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-18 20:07:30
|
block
|
Confirmed critical malicious activity: High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-18 20:07:30
|
block
|
Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede29393936a8dc4153
|
tls
|
2025-07-18 20:07:30
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-18 20:07:30
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-18 20:07:30
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-18 20:07:30
|
block
|
Confirmed critical malicious activity: Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.207.148.148
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, actively probing for sensitive configuration files, environment variables, and administrative paths, indicating a critical reconnaissance and potential exploitation attempt, also detected as a browser impersonator.
|
0.949999988079071
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: 100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.144
|
ip
|
2025-07-18 19:57:32
|
block
|
All 100% of requests flagged by WAF, demonstrating aggressive and widespread probing for sensitive configuration files, environment variables, administrative paths, and actively attempting Local File Inclusion (LFI). This IP directly triggered multiple critical IP blocking and reputation rules and belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, targeting sensitive configuration files (.zshrc, config.php~, config.yml), exhibiting browser impersonation, and triggering critical IP blocking rules including LFI anomalies. This IP belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.130
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.4
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.92.177.104
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.172.61
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ea97fdb0b70d4a7b7
|
tls
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, exhibiting aggressive and broad scanning for sensitive files (e.g., credentials, environment configs, phpinfo) and common attack vectors like wp-login.php, combined with browser impersonation, indicating a highly malicious and determined attack.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-18 19:57:32
|
block
|
Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede29393936a8dc4153
|
tls
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-18 19:57:32
|
block
|
Confirmed critical malicious activity: Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.144
|
ip
|
2025-07-18 19:52:04
|
block
|
All 100% of requests flagged by WAF, demonstrating aggressive and widespread probing for sensitive configuration files, environment variables, administrative paths, and actively attempting Local File Inclusion (LFI). This IP directly triggered multiple critical IP blocking and reputation rules and belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-07-18 19:42:13
|
block
|
Confirmed medium malicious activity: All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-18 19:42:13
|
block
|
Confirmed critical malicious activity: All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.207.148.148
|
ip
|
2025-07-18 19:42:13
|
block
|
Confirmed critical malicious activity: 100% of requests flagged by WAF, actively probing for sensitive configuration files, environment variables, and administrative paths, indicating a critical reconnaissance and potential exploitation attempt, also detected as a browser impersonator.
|
0.949999988079071
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-18 19:42:13
|
block
|
Confirmed critical malicious activity: High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|