|
51.38.105.105
|
ip
|
2025-07-17 13:39:09
|
block
|
Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated paths, indicating suspicious activity that requires further observation.
|
0.699999988079071
|
severity: Severity.medium
|
|
66.249.77.104
|
ip
|
2025-07-17 13:39:09
|
ignore
|
All requests appear legitimate for a web crawler (Googlebot IP range) accessing public assets, and no critical security rules were triggered, suggesting a false positive for an aggressive but benign bot.
|
0.800000011920929
|
severity: Severity.low
|
|
AS211590
|
asn
|
2025-07-17 13:39:09
|
block
|
Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
AS16276
|
asn
|
2025-07-17 13:39:09
|
block
|
Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts.
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
2025-07-17 13:39:09
|
block
|
High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
2025-07-17 13:39:09
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
2025-07-17 13:39:09
|
block
|
High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules.
|
1.0
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-07-17 13:39:09
|
block
|
Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-07-17 13:39:09
|
watchlist
|
High volume of 100% flagged requests targeting WordPress endpoints and including obfuscated paths, indicating suspicious automated activity.
|
0.800000011920929
|
severity: Severity.medium
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-07-17 13:39:09
|
watchlist
|
All requests flagged by WAF, including obfuscated paths and aggressive crawling, indicating suspicious automated activity.
|
0.800000011920929
|
severity: Severity.medium
|
|
UNKNOWN
|
tls
|
2025-07-17 13:39:09
|
block
|
Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-07-17 13:39:08
|
watchlist
|
High request volume flagged by WAF, consistent with aggressive crawling or reconnaissance.
|
0.6000000238418579
|
severity: Severity.low
|
|
123.6.49.50
|
ip
|
2025-07-17 13:39:08
|
watchlist
|
All requests flagged by WAF including highly obfuscated paths.
|
0.800000011920929
|
severity: Severity.medium
|
|
101.55.81.36
|
ip
|
2025-07-17 13:39:08
|
block
|
High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-07-17 13:39:08
|
block
|
Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-07-17 13:39:08
|
block
|
100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-07-17 13:39:08
|
block
|
Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-07-17 13:39:08
|
block
|
Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-07-17 13:39:08
|
block
|
Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules.
|
1.0
|
severity: Severity.critical
|