|
185.177.72.104
|
ip
|
2025-07-17 15:38:58
|
block
|
Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-17 15:38:58
|
block
|
100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-17 15:38:58
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-17 15:38:58
|
block
|
Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-17 15:38:58
|
block
|
Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-17 15:38:58
|
block
|
Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-17 15:38:58
|
block
|
Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-17 15:38:58
|
block
|
Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 15:38:58
|
block
|
Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.4
|
ip
|
2025-07-17 15:38:58
|
block
|
High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
205.169.39.130
|
ip
|
2025-07-17 15:38:58
|
block
|
Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-17 15:38:58
|
block
|
Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
34.116.172.61
|
ip
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
3.92.177.104
|
ip
|
2025-07-17 15:38:58
|
block
|
Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-17 15:38:58
|
block
|
Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-17 15:38:58
|
block
|
High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-17 15:38:58
|
block
|
Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-17 15:38:58
|
block
|
Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-17 15:38:58
|
block
|
High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-17 15:38:58
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-17 15:38:58
|
block
|
Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-17 15:38:58
|
block
|
All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-17 15:38:58
|
block
|
Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-07-17 15:28:42
|
block
|
All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-17 15:28:42
|
block
|
All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-17 15:28:42
|
block
|
High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-17 15:28:42
|
block
|
Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-17 15:28:42
|
block
|
100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-17 15:28:42
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-17 15:28:42
|
block
|
Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-17 15:28:42
|
block
|
Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-17 15:28:42
|
block
|
Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-17 15:28:42
|
block
|
Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-17 15:28:42
|
block
|
Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-17 15:28:42
|
block
|
All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 15:28:42
|
block
|
Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-17 15:28:42
|
block
|
All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.4
|
ip
|
2025-07-17 15:28:42
|
block
|
High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
205.169.39.130
|
ip
|
2025-07-17 15:28:42
|
block
|
Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-17 15:28:42
|
block
|
All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-17 15:28:42
|
block
|
Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
34.116.172.61
|
ip
|
2025-07-17 15:28:42
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
3.92.177.104
|
ip
|
2025-07-17 15:28:42
|
block
|
Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|