|
AS211590
|
asn
|
2025-07-17 14:28:33
|
block
|
Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-17 14:28:33
|
block
|
Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-17 14:28:33
|
block
|
High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-17 14:28:33
|
block
|
All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-17 14:28:33
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-17 14:28:33
|
block
|
High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-17 14:28:33
|
block
|
Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-17 14:28:33
|
block
|
All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-17 14:28:33
|
block
|
Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|
|
123.6.49.50
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
101.55.81.36
|
ip
|
2025-07-17 14:23:48
|
block
|
High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-17 14:23:48
|
block
|
Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-17 14:23:48
|
block
|
100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-17 14:23:48
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-17 14:23:48
|
block
|
Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-07-17 14:23:48
|
block
|
Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-07-17 14:23:48
|
block
|
Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-17 14:23:48
|
block
|
Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-07-17 14:23:48
|
block
|
Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF with suspicious paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:23:48
|
block
|
Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.4
|
ip
|
2025-07-17 14:23:48
|
block
|
High percentage of flagged requests and triggered an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
205.169.39.130
|
ip
|
2025-07-17 14:23:48
|
block
|
Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF, including obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
216.126.227.20
|
ip
|
2025-07-17 14:23:48
|
block
|
Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
34.116.172.61
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
3.92.177.104
|
ip
|
2025-07-17 14:23:48
|
block
|
Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule.
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF with suspicious obfuscated paths and security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
51.38.105.105
|
ip
|
2025-07-17 14:23:48
|
block
|
Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF with obfuscated paths and multiple security alerts.
|
0.8500000238418579
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF and triggered security alerts, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS211590
|
asn
|
2025-07-17 14:23:48
|
block
|
Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-17 14:23:48
|
block
|
Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-17 14:23:48
|
block
|
High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-17 14:23:48
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-17 14:23:48
|
block
|
High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-17 14:23:48
|
block
|
Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-17 14:23:48
|
block
|
All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-07-17 14:23:48
|
block
|
Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:18:33
|
block
|
Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:13:22
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits, indicating normal benign traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:08:23
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Appears to be benign traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 14:03:28
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed. Despite an unusual obfuscated path, the overall activity indicates benign behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 13:58:17
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits found, suggesting benign activity or a resolved threat.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 13:53:23
|
watchlist
|
Entity accessed an obfuscated path also observed in patterns from previously blocked malicious entities. While no direct WAF flags or security rule hits were triggered for its requests, its activity warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-07-17 13:48:22
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. The accessed paths appear to be legitimate website content.
|
1.0
|
severity: Severity.low
|
|
157.180.49.118
|
ip
|
2025-07-17 13:43:34
|
block
|
All requests flagged by WAF and multiple security rule hits, indicating malicious probing.
|
0.8500000238418579
|
severity: Severity.medium
|