|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.4
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to a high percentage of flagged requests and having triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.92.177.104
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.172.61
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to a high volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ea97fdb0b70d4a7b7
|
tls
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as 100% of requests were flagged by WAF, exhibiting aggressive and broad scanning for sensitive files (e.g., credentials, environment configs, phpinfo) and common attack vectors like wp-login.php, combined with browser impersonation, indicating a highly malicious and determined attack.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to high volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to a very high percentage of flagged requests, including obfuscated paths, and having triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious as all requests were flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-18 11:31:27
|
watchlist
|
Entity remains highly suspicious due to comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.207.148.148
|
ip
|
2025-07-18 11:26:23
|
block
|
100% of requests flagged by WAF, actively probing for sensitive configuration files, environment variables, and administrative paths, indicating a critical reconnaissance and potential exploitation attempt, also detected as a browser impersonator.
|
0.949999988079071
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-18 11:26:23
|
block
|
High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-18 11:26:23
|
block
|
Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-18 11:26:23
|
block
|
100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-18 11:26:23
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-18 11:26:23
|
block
|
Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-18 11:26:23
|
block
|
Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-18 11:26:23
|
block
|
Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-07-18 11:26:23
|
block
|
100% of requests flagged by WAF, targeting sensitive configuration files (.zshrc, config.php~, config.yml), exhibiting browser impersonation, and triggering critical IP blocking rules including LFI anomalies. This IP belongs to an ASN (AS211590) already blocked for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-18 11:26:23
|
block
|
Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-18 11:26:23
|
block
|
Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-18 11:26:23
|
block
|
Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.130
|
ip
|
2025-07-18 11:26:23
|
block
|
Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-18 11:26:23
|
block
|
Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.4
|
ip
|
2025-07-18 11:26:23
|
block
|
High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.92.177.104
|
ip
|
2025-07-18 11:26:23
|
block
|
Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-18 11:26:23
|
block
|
Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.172.61
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-18 11:26:23
|
block
|
All requests flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-18 11:26:23
|
block
|
Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-18 11:26:23
|
block
|
Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-18 11:26:23
|
block
|
High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ea97fdb0b70d4a7b7
|
tls
|
2025-07-18 11:26:23
|
block
|
100% of requests flagged by WAF, exhibiting aggressive and broad scanning for sensitive files (e.g., credentials, environment configs, phpinfo) and common attack vectors like wp-login.php, combined with browser impersonation, indicating a highly malicious and determined attack.
|
0.9800000190734863
|
severity: Severity.critical
|