|
185.193.157.209
|
ip
|
2026-01-21 21:01:36
|
block
|
IP is performing extensive WordPress enumeration and bot impersonation, has an exceptionally high number of detected threat requests (95/31), and triggered critical WAF deny rules. Its associated ASN AS62240 is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
67.227.1.140
|
ip
|
2026-01-21 21:01:36
|
ignore
|
No malicious activity detected: 0 detected threat requests, no WAF flags, and no security rule hits. This entity appears to be benign.
|
1.0
|
severity: Severity.low
|
|
3%7e2d6b59b088802a54
|
tls
|
2026-01-21 19:11:16
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and triggered a critical reputation-based WAF deny rule (REP_1654536), indicating persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
20.205.96.233
|
ip
|
2026-01-21 18:01:04
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
3%7e9d029ea544b45c6f
|
tls
|
2026-01-21 11:40:28
|
block
|
High percentage (90.9%) of requests associated with this TLS fingerprint were detected as threats and flagged by WAF, triggered security alert '3991006', and included access to a highly obfuscated path, indicating malicious probing or exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.13
|
ip
|
2026-01-21 11:20:27
|
block
|
Aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules. Its associated ASN (AS211590) is already blocklisted for persistent and identical severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.38
|
ip
|
2026-01-21 04:09:46
|
block
|
Aggressively probed sensitive configuration and credential files, with all requests flagged by WAF, triggered multiple critical LFI-ANOMALY, IPBLOCK-BURST4, and reputation-based deny rules. Its associated ASN AS211590 is already blocklisted for persistent and identical severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2600:3c03::2000:fcff:fe11:a64e
|
ip
|
2026-01-21 03:09:37
|
block
|
Accessed a highly obfuscated and suspicious path, consistent with other blocklisted IPs from ASN AS63949 exhibiting similar malicious probing for exploitation.
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.49
|
ip
|
2026-01-21 02:19:33
|
block
|
IP with 100% detected threat requests and triggered a critical WAF deny rule (REP_1654536). Its associated ASN (AS211590) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
149.102.225.179
|
ip
|
2026-01-21 01:59:39
|
block
|
IP exhibiting aggressive WordPress enumeration, bot impersonation, high threat requests (95/31), all accessed paths flagged by WAF, and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), consistent with other blocklisted IPs from similar malicious campaigns.
|
1.0
|
severity: Severity.critical
|
|
105.111.199.40
|
ip
|
2026-01-21 01:59:39
|
watchlist
|
IP from blocklisted ASN AS36947, which has a history of critical malicious activity including persistent probing and automated attacks. This specific IP currently shows no direct threat flags, but its association with a highly malicious ASN warrants continued monitoring.
|
0.8500000238418579
|
severity: Severity.medium
|
|
AS12322
|
asn
|
2026-01-21 01:59:39
|
block
|
ASN associated with blocklisted IP '2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0', which accessed highly obfuscated and suspicious paths, indicative of malicious probing and consistent with other blocklisted entities from this ASN.
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.30
|
ip
|
2026-01-21 01:39:33
|
block
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules. This behavior is consistent with other blocklisted IPs from the same ASN.
|
1.0
|
severity: Severity.critical
|
|
2a09:bac1:76a0:1378::b:2f9
|
ip
|
2026-01-20 17:38:39
|
block
|
This IP shows 100% detected threat requests, all accessed paths were flagged by WAF (including suspicious PHP files and WordPress admin paths), and it triggered a critical 'IPBLOCK-BURST4-318403' deny rule. Its associated ASN (AS13335) is already blocklisted for identical widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.51
|
ip
|
2026-01-20 16:48:38
|
block
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules. This behavior is consistent with other blocklisted IPs from the same ASN.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.23
|
ip
|
2026-01-20 14:18:28
|
block
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules.
|
1.0
|
severity: Severity.critical
|
|
85.11.167.3
|
ip
|
2026-01-20 07:07:53
|
block
|
IP engaged in WordPress brute-force attempts targeting 'wp-login.php', triggered security alert '3900998', and its ASN AS213438 is blocklisted for identical critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
34.133.255.234
|
ip
|
2026-01-19 20:37:16
|
block
|
All requests (100% threat rate) targeted sensitive configuration and credential files (.aws/credentials, .env/.env.bak, phpinfo.php), triggered critical LFI-ANOMALY and reputation-based WAF deny rules, and its associated ASN (AS396982) is already blocklisted for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
68.155.153.238
|
ip
|
2026-01-19 15:37:01
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files including a 'wp_filemanager.php' exploit were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
105.111.199.40
|
ip
|
2026-01-19 12:06:49
|
watchlist
|
IP from ASN AS36947, which has an associated IP (154.242.193.88) blocklisted for critical malicious probing, warrants further monitoring despite no current direct threats.
|
0.699999988079071
|
severity: Severity.medium
|
|
47.128.57.40
|
ip
|
2026-01-18 09:04:33
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering alert '3991023'. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity and identical attack patterns.
|
1.0
|
severity: Severity.critical
|
|
45.149.173.233
|
ip
|
2026-01-18 08:14:30
|
block
|
Extensive WordPress enumeration and bot impersonation detected, with a high number of detected threat events (96 events for 32 requests) and a critical WAF deny rule (IPBLOCK-BURST4-318403) triggered.
|
1.0
|
severity: Severity.critical
|
|
2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0
|
ip
|
2026-01-17 15:53:44
|
block
|
Accessed a highly obfuscated and suspicious path (Lk4TRUPUqhrDr/tAn/f7XLQlaR8xY/ri1hVDa9akG7VcaLV9/YyZNWVcPAQ/HAYUASFM/PisB), strongly indicating malicious probing or attempted exploitation, consistent with other blocklisted entities.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS12322
|
asn
|
2026-01-17 15:53:44
|
watchlist
|
Associated with IP 2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0 which accessed a highly obfuscated malicious path. Monitoring is required for further activity from this ASN.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e32bee0f5e54580be
|
tls
|
2026-01-17 15:53:44
|
block
|
Associated with IP 2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0 which accessed a highly obfuscated and suspicious path, indicating a malicious client fingerprint consistent with previously blocklisted TLS fingerprints.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0
|
ip
|
2026-01-17 15:43:37
|
ignore
|
No detected threat requests, WAF flags, or security rule hits since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
52.167.144.203
|
ip
|
2026-01-17 15:43:37
|
block
|
High percentage of threat requests (83.3%), all accessed paths flagged by WAF, triggered security alert '3991006', and belongs to blocklisted ASN AS8075 which is known for persistent malicious activity and identical attack patterns.
|
1.0
|
severity: Severity.critical
|
|
AS12322
|
asn
|
2026-01-17 15:43:37
|
ignore
|
No detected threat requests, WAF flags, or security rule hits from associated entities since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7e32bee0f5e54580be
|
tls
|
2026-01-17 15:43:37
|
ignore
|
No detected threat requests, WAF flags, or security rule hits from entities using this TLS fingerprint since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0
|
ip
|
2026-01-17 12:23:13
|
watchlist
|
Accessed a highly obfuscated and suspicious path, suggesting malicious probing or attempted exploitation, but no direct WAF flags or detected threat requests yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
AS12322
|
asn
|
2026-01-17 12:23:13
|
watchlist
|
Associated IP (2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0) accessed a highly obfuscated and suspicious path, warranting monitoring of the entire ASN.
|
0.550000011920929
|
severity: Severity.medium
|
|
3%7e32bee0f5e54580be
|
tls
|
2026-01-17 12:23:13
|
watchlist
|
Associated with an IP (2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0) that accessed a highly obfuscated and suspicious path, indicating a potentially malicious client fingerprint.
|
0.550000011920929
|
severity: Severity.medium
|
|
16.176.147.22
|
ip
|
2026-01-17 11:23:09
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
45.148.10.238
|
ip
|
2026-01-17 10:13:01
|
block
|
IP from blocklisted ASN AS48090 performing aggressive reconnaissance, detected bot impersonation, targeted sensitive configuration/credential files (.git/config, .aws/credentials, .env), and triggered a critical LFI-ANOMALY WAF deny rule with a high threat request ratio (11/6).
|
1.0
|
severity: Severity.critical
|
|
4.147.187.31
|
ip
|
2026-01-17 08:43:02
|
block
|
All requests (100%) were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
40.69.27.251
|
ip
|
2026-01-17 00:02:19
|
block
|
All requests (100%) were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-16 22:52:18
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits were observed in the latest activity.
|
0.800000011920929
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-16 22:52:18
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits were observed in the latest activity.
|
0.800000011920929
|
severity: Severity.low
|
|
45.139.104.168
|
ip
|
2026-01-16 22:52:18
|
block
|
Extremely high ratio of detected threat requests (85/25), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-16 22:52:18
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits were observed in the latest activity.
|
0.800000011920929
|
severity: Severity.low
|
|
185.117.225.139
|
ip
|
2026-01-16 17:11:44
|
block
|
Extremely high percentage of detected threat requests (~94.7%), numerous WAF flagged paths, and multiple security alerts ('3990001', '3990011') indicative of severe malicious probing. Furthermore, its associated ASN (AS14618) has other IPs blocklisted for identical critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
37.77.150.123
|
ip
|
2026-01-16 14:41:30
|
block
|
High percentage of detected threat requests (83.3%), all accessed paths ('xmlrpc.php', 'wp-login.php') flagged by WAF, and triggered critical WAF deny rules ('IPBLOCK-PENALTY-BOX', 'PLATFORM-ANOMALY'), indicating active WordPress enumeration/brute-force attempts. This behavior is consistent with other blocklisted IPs from Russia.
|
1.0
|
severity: Severity.critical
|
|
209.38.65.47
|
ip
|
2026-01-16 12:41:19
|
block
|
All accessed paths flagged by WAF, extremely high number of detected threat events (34) compared to total requests (6), multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', and its associated ASN AS14061 is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:100:0:1:38:0:5
|
ip
|
2026-01-16 12:01:16
|
block
|
High percentage of detected threat requests (~90.9%), multiple WAF flagged paths (mcp, sse), and an associated ASN (AS211680) is already blocklisted for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e91b41c1481268bfe
|
tls
|
2026-01-16 12:01:16
|
block
|
All requests (100%) were detected as threats, all accessed paths were flagged by WAF including highly sensitive '.git/HEAD', and a security alert (3990001) was triggered, indicating severe malicious probing and exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.49
|
ip
|
2026-01-16 05:40:53
|
block
|
IP belongs to ASN AS3356, which is blocklisted for widespread malicious activity and persistent threats, warranting blocking of all associated IPs.
|
1.0
|
severity: Severity.critical
|
|
43.157.149.188
|
ip
|
2026-01-15 19:50:28
|
block
|
IP is part of ASN AS132203, which is blocklisted for confirmed persistent malicious activity, indicating a high-risk association.
|
0.949999988079071
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-15 13:10:21
|
watchlist
|
IP from Vietnam accessing suspicious obfuscated paths, consistent with early reconnaissance from other blocklisted IPs from the same region, despite no direct WAF flags or detected threats yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-15 13:10:21
|
watchlist
|
IP is in close proximity to a blocklisted IP (157.180.49.118) identified for persistent malicious activity, warrants further observation.
|
0.5
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-15 13:10:21
|
watchlist
|
TLS fingerprint associated with an IP (157.180.49.120) in close proximity to a blocklisted IP, warrants further observation.
|
0.5
|
severity: Severity.low
|