|
103.207.148.148
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.949999988079071
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.130
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.4
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.92.177.104
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8500000238418579
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.172.61
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ea97fdb0b70d4a7b7
|
tls
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
0.8999999761581421
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-18 11:36:33
|
ignore
|
Entity is already blocked and does not need to be actively monitored in the watchlist.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.207.148.148
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as 100% of requests were flagged by WAF, actively probing for sensitive configuration files, environment variables, and administrative paths, indicating a critical reconnaissance and potential exploitation attempt, also detected as a browser impersonator.
|
0.949999988079071
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to high volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to aggressive scanning for .env files, phpinfo, and .git configurations, directly hitting IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as 100% of requests were flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to targeting highly sensitive credentials, environment files, and server info pages, directly hitting IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as 100% of requests were flagged by WAF, targeting sensitive configuration files (.zshrc, config.php~, config.yml), exhibiting browser impersonation, and triggering critical IP blocking rules including LFI anomalies. This IP belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to accessing obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities, indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.130
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to having triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|