Table: Security_events
Displaying rows 120301 - 120350 of 120479 (Page 2407 / 2410)
| Entity | Type | Event time | Action taken | Ai reason | Ai confidence score | Ai details | Event id |
|---|---|---|---|---|---|---|---|
| 178.33.134.25 | ip | 2025-07-17 14:53:46 | block | 100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation. | 0.8999999761581421 | severity: Severity.critical | 83ce0aab-2101-4aac-a471-73367953b581 |
| 185.177.72.12 | ip | 2025-07-17 14:53:46 | block | Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules. | 1.0 | severity: Severity.critical | 202795e6-1b19-4c33-bd34-916430e72683 |
| 185.177.72.11 | ip | 2025-07-17 14:53:46 | block | Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules. | 1.0 | severity: Severity.critical | 55992a62-b7fc-4f87-ba52-d7078610c96c |
| 185.177.72.205 | ip | 2025-07-17 14:53:46 | block | Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules. | 1.0 | severity: Severity.critical | 830b5f86-afbc-49a4-b7c7-ec2c7a7881f1 |
| 185.177.72.204 | ip | 2025-07-17 14:53:46 | block | Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules. | 1.0 | severity: Severity.critical | c3130995-06b5-4f4f-b320-4e86345f0e99 |
| 195.178.110.161 | ip | 2025-07-17 14:53:46 | block | Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation. | 0.8999999761581421 | severity: Severity.critical | 27a43499-fc4f-4758-be8a-e624e0cf3b87 |
| 194.50.16.252 | ip | 2025-07-17 14:53:46 | block | Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt. | 1.0 | severity: Severity.critical | 0a89e89b-5de3-4bfc-8bf8-55850a623153 |
| 2001:4878:8216:510:dddd:b98a:3a76:296c | ip | 2025-07-17 14:53:46 | block | Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent. | 0.949999988079071 | severity: Severity.critical | b21ca702-b13d-46cc-9860-4c3c1f256240 |
| 20.171.207.158 | ip | 2025-07-17 14:53:46 | block | All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress. | 0.8500000238418579 | severity: Severity.medium | 4b45e59e-a771-413f-9331-3c4d61b78a81 |
| 205.169.39.130 | ip | 2025-07-17 14:53:46 | block | Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests. | 0.8999999761581421 | severity: Severity.critical | 69826b57-4300-4648-ac8e-cd28714c0afd |
| 2001:bc8:1f90:4:7ec2:55ff:fe9e:8476 | ip | 2025-07-17 14:53:46 | block | All requests flagged by WAF, including obfuscated paths and security alerts. | 0.8500000238418579 | severity: Severity.medium | e47bbe20-516d-45a3-9e97-53b5bb863cca |
| 2001:bc8:1201:19:46a8:42ff:fe1b:ae29 | ip | 2025-07-17 14:53:46 | block | All requests flagged by WAF with suspicious paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | 03161593-989f-4124-8565-623ca98a331b |
| 216.126.227.20 | ip | 2025-07-17 14:53:46 | block | Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules. | 1.0 | severity: Severity.critical | cd5ccd82-6a43-4f78-a467-454b32b502a6 |
| 205.169.39.4 | ip | 2025-07-17 14:53:46 | block | High percentage of flagged requests and triggered an IP blocking rule due to burst activity. | 0.8999999761581421 | severity: Severity.critical | 5dae57d0-f624-49a2-914e-c4a3a4b92718 |
| 3.92.177.104 | ip | 2025-07-17 14:53:46 | block | Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule. | 1.0 | severity: Severity.critical | 2bd74651-f6c3-4db3-a257-2b4fb776d529 |
| 2604:a880:400:d1:0:1:4cea:4001 | ip | 2025-07-17 14:53:46 | block | All requests flagged by WAF with suspicious obfuscated paths and security alerts. | 0.8500000238418579 | severity: Severity.medium | 92640db1-9724-4cca-9f0c-76fd28de691b |
| 51.38.105.105 | ip | 2025-07-17 14:53:46 | block | Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation. | 0.8999999761581421 | severity: Severity.critical | bdbddb31-2b96-4377-b9f6-9ffec1ad2ebb |
| 34.116.246.85 | ip | 2025-07-17 14:53:46 | block | All requests flagged by WAF with obfuscated paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | 40835b92-eeae-468f-b86b-fada06f482e7 |
| 34.116.172.61 | ip | 2025-07-17 14:53:46 | block | All requests flagged by WAF with obfuscated paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | d0b01d56-eb40-4210-bd38-f104fb1ff536 |
| 66.249.77.104 | ip | 2025-07-17 14:53:46 | block | All requests flagged by WAF and triggered security alerts, indicating malicious activity. | 0.949999988079071 | severity: Severity.critical | ceafe0f8-1219-4454-8f6b-4c5c51736ee5 |
| AS211590 | asn | 2025-07-17 14:53:46 | block | Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules. | 1.0 | severity: Severity.critical | 6befebc9-776b-43aa-a508-4e9b012afefe |
| AS16276 | asn | 2025-07-17 14:53:46 | block | Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts. | 1.0 | severity: Severity.critical | a9a13c17-e833-46e5-89ab-47c9993662e0 |
| AS132203 | asn | 2025-07-17 14:53:46 | block | High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity. | 0.8999999761581421 | severity: Severity.critical | 2260e1e7-3c4b-4aee-ad93-1b60351cef03 |
| 3%7e7bcf51bfc0d0b65f | tls | 2025-07-17 14:53:46 | block | Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint. | 1.0 | severity: Severity.critical | 4a04ca63-9b13-41af-8abf-b800910334eb |
| 3%7e2faa3a9db1c111de | tls | 2025-07-17 14:53:46 | block | High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules. | 1.0 | severity: Severity.critical | aa323813-4ac2-4795-8ef4-9d5aec8343dd |
| 3%7ee35ec11fcbea7346 | tls | 2025-07-17 14:53:46 | block | Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity. | 0.8999999761581421 | severity: Severity.critical | 913e8a0f-b045-4313-a892-157584aeba2b |
| 3%7ede293936a8dc4153 | tls | 2025-07-17 14:53:46 | block | All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent. | 0.949999988079071 | severity: Severity.critical | cc69d715-08fa-442f-88b1-a2e501aa410a |
| 3%7ebaae1457ad64ff16 | tls | 2025-07-17 14:53:46 | block | All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance. | 0.8999999761581421 | severity: Severity.critical | f01bc88b-e63b-4a1f-8aac-b1f906d4c599 |
| UNKNOWN | tls | 2025-07-17 14:53:46 | block | Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules. | 1.0 | severity: Severity.critical | 0741964a-ad17-4ab2-94c2-df8ae90b4e2f |
| 157.180.49.118 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF and multiple security rule hits, indicating malicious probing. | 0.8500000238418579 | severity: Severity.medium | 51c51b11-9378-4f9d-8403-8e9c99b4ed96 |
| 123.6.49.50 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity. | 0.8999999761581421 | severity: Severity.critical | 854d2ae3-bafb-4708-98bc-96eee856e87c |
| 101.55.81.36 | ip | 2025-07-17 14:48:36 | block | High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt. | 1.0 | severity: Severity.critical | e8416d94-d3ca-45a2-8600-72449b9b0e2d |
| 185.177.72.104 | ip | 2025-07-17 14:48:36 | block | Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules. | 1.0 | severity: Severity.critical | 8834d1a2-282a-4b8a-a4d8-d15f09d08e85 |
| 178.33.134.25 | ip | 2025-07-17 14:48:36 | block | 100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation. | 0.8999999761581421 | severity: Severity.critical | 458be9cf-98a7-4bd6-9bea-a695ebe06cb0 |
| 185.177.72.12 | ip | 2025-07-17 14:48:36 | block | Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules. | 1.0 | severity: Severity.critical | f6643c0f-c9b0-426c-a100-6abab43ccf4e |
| 185.177.72.11 | ip | 2025-07-17 14:48:36 | block | Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules. | 1.0 | severity: Severity.critical | 0b5d2118-a2b4-4c9d-b3a7-203209409c9c |
| 185.177.72.205 | ip | 2025-07-17 14:48:36 | block | Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules. | 1.0 | severity: Severity.critical | 926c99dc-95f9-4d40-aac8-be6cd8a5fb43 |
| 185.177.72.204 | ip | 2025-07-17 14:48:36 | block | Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules. | 1.0 | severity: Severity.critical | d77e5de9-7866-4138-a678-21ba19bf9de9 |
| 195.178.110.161 | ip | 2025-07-17 14:48:36 | block | Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation. | 0.8999999761581421 | severity: Severity.critical | c8310d21-dc13-4871-9615-e7b135ec8705 |
| 194.50.16.252 | ip | 2025-07-17 14:48:36 | block | Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt. | 1.0 | severity: Severity.critical | c19de3bf-9b70-4ee6-98c2-c47b988b3b39 |
| 2001:4878:8216:510:dddd:b98a:3a76:296c | ip | 2025-07-17 14:48:36 | block | Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent. | 0.949999988079071 | severity: Severity.critical | f6dc3e9b-73fe-4b85-b19f-2eb576a666e4 |
| 20.171.207.158 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress. | 0.8500000238418579 | severity: Severity.medium | 72c1dece-ae12-4046-8e6a-ea28ae29582c |
| 205.169.39.130 | ip | 2025-07-17 14:48:36 | block | Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests. | 0.8999999761581421 | severity: Severity.critical | adf3e7e3-be0f-4d3f-8399-584464210de3 |
| 2001:bc8:1f90:4:7ec2:55ff:fe9e:8476 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF, including obfuscated paths and security alerts. | 0.8500000238418579 | severity: Severity.medium | e5273810-1a7c-4d9b-98a7-5bbf738ae4c0 |
| 2001:bc8:1201:19:46a8:42ff:fe1b:ae29 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF with suspicious paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | 78299d98-bf38-4e7a-abf8-56b61ebae8cc |
| 216.126.227.20 | ip | 2025-07-17 14:48:36 | block | Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules. | 1.0 | severity: Severity.critical | 130b495b-4210-4bbb-b2f5-e973425b3b08 |
| 205.169.39.4 | ip | 2025-07-17 14:48:36 | block | High percentage of flagged requests and triggered an IP blocking rule due to burst activity. | 0.8999999761581421 | severity: Severity.critical | 432b131d-b474-437d-bb50-76a054d15307 |
| 3.92.177.104 | ip | 2025-07-17 14:48:36 | block | Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule. | 1.0 | severity: Severity.critical | 0e0ac24b-fdc4-4bb0-8376-f386daca324f |
| 2604:a880:400:d1:0:1:4cea:4001 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF with suspicious obfuscated paths and security alerts. | 0.8500000238418579 | severity: Severity.medium | 3c68c6d9-dd68-434d-8df2-7f7bf1ef7534 |
| 51.38.105.105 | ip | 2025-07-17 14:48:36 | block | Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation. | 0.8999999761581421 | severity: Severity.critical | 607dbadd-197e-4630-b68b-f7b7cb118b63 |