|
66.249.77.104
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-17 14:23:48
|
block
|
High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-17 14:23:48
|
block
|
Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-17 14:23:48
|
block
|
Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-17 14:23:48
|
block
|
High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-17 14:23:48
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-17 14:23:48
|
block
|
Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-17 14:23:48
|
block
|
Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:18:33
|
block
|
Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:13:22
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits, indicating normal benign traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:08:23
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Appears to be benign traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:03:28
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed. Despite an unusual obfuscated path, the overall activity indicates benign behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 13:58:17
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits found, suggesting benign activity or a resolved threat.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 13:53:23
|
watchlist
|
Entity accessed an obfuscated path also observed in patterns from previously blocked malicious entities. While no direct WAF flags or security rule hits were triggered for its requests, its activity warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 13:48:22
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. The accessed paths appear to be legitimate website content.
|
1.0
|
severity: Severity.low
|
|
157.180.49.118
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
20.171.207.158
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.172.61
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.246.85
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-17 13:39:09
|
block
|
Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-17 13:39:09
|
block
|
Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-17 13:39:09
|
block
|
Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated path indicative of suspicious activity.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 13:39:09
|
ignore
|
No malicious activity detected by WAF or security rules; all requests were legitimate.
|
1.0
|
severity: Severity.low
|
|
20.171.207.158
|
ip
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including unusual URL patterns and obfuscated paths, indicative of aggressive or malformed crawling.
|
0.699999988079071
|
severity: Severity.medium
|
|
205.169.39.4
|
ip
|
2025-07-17 13:39:09
|
block
|
High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
205.169.39.130
|
ip
|
2025-07-17 13:39:09
|
block
|
Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated path indicative of suspicious activity.
|
0.699999988079071
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-17 13:39:09
|
block
|
Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
34.116.172.61
|
ip
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated paths, indicating suspicious activity that requires further observation.
|
0.699999988079071
|
severity: Severity.medium
|
|
3.92.177.104
|
ip
|
2025-07-17 13:39:09
|
block
|
Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated paths, warranting further monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-17 13:39:09
|
block
|
Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated paths, indicating suspicious activity that requires further observation.
|
0.699999988079071
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-17 13:39:09
|
ignore
|
All requests appear legitimate for a web crawler (Googlebot IP range) accessing public assets, and no critical security rules were triggered, suggesting a false positive for an aggressive but benign bot.
|
0.800000011920929
|
severity: Severity.low
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-17 13:39:09
|
block
|
High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-17 13:39:09
|
block
|
Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-17 13:39:09
|
block
|
Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-17 13:39:09
|
block
|
High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated paths and aggressive crawling, indicating suspicious automated activity.
|
0.800000011920929
|
severity: Severity.medium
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-17 13:39:09
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|