Table: Security_events
Displaying rows 120351 - 120400 of 120479 (Page 2408 / 2410)
| Entity | Type | Event time | Action taken | Ai reason | Ai confidence score | Ai details | Event id |
|---|---|---|---|---|---|---|---|
| 34.116.246.85 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF with obfuscated paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | c586c3ae-5f20-4606-8a3e-e48908712770 |
| 34.116.172.61 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF with obfuscated paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | d31edebc-5454-4979-9914-410744183880 |
| 66.249.77.104 | ip | 2025-07-17 14:48:36 | block | All requests flagged by WAF and triggered security alerts, indicating malicious activity. | 0.949999988079071 | severity: Severity.critical | 61c4e144-a138-44da-a79f-c26a9f171d72 |
| AS211590 | asn | 2025-07-17 14:48:36 | block | Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules. | 1.0 | severity: Severity.critical | 18ca4c8e-debd-4e55-8a85-99a9a3b4e022 |
| AS16276 | asn | 2025-07-17 14:48:36 | block | Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts. | 1.0 | severity: Severity.critical | 7d128c74-4abd-415f-b9a7-eafe454892cf |
| AS132203 | asn | 2025-07-17 14:48:36 | block | High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity. | 0.8999999761581421 | severity: Severity.critical | ede992c6-7d69-4cb9-baef-b0fe37b116ea |
| 3%7e7bcf51bfc0d0b65f | tls | 2025-07-17 14:48:36 | block | Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint. | 1.0 | severity: Severity.critical | 077064dc-6b9d-407d-9bde-76478904c8d3 |
| 3%7e2faa3a9db1c111de | tls | 2025-07-17 14:48:36 | block | High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules. | 1.0 | severity: Severity.critical | 871f1e7a-670c-4b47-8d1e-8f17055db815 |
| 3%7ee35ec11fcbea7346 | tls | 2025-07-17 14:48:36 | block | Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity. | 0.8999999761581421 | severity: Severity.critical | f9f7253d-e1fa-4861-a552-977c7dc4f406 |
| 3%7ede293936a8dc4153 | tls | 2025-07-17 14:48:36 | block | All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent. | 0.949999988079071 | severity: Severity.critical | 5789e477-82a2-4e13-b92f-f55ab5bcc93f |
| 3%7ebaae1457ad64ff16 | tls | 2025-07-17 14:48:36 | block | All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance. | 0.8999999761581421 | severity: Severity.critical | 399ee9be-df31-49ee-9685-32f7c7c2e248 |
| UNKNOWN | tls | 2025-07-17 14:48:36 | block | Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules. | 1.0 | severity: Severity.critical | 68d2b4be-57dd-46ae-905f-f4eedbeaf81c |
| 157.180.49.118 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF and multiple security rule hits, indicating malicious probing. | 0.8500000238418579 | severity: Severity.medium | e2199daf-2a10-4f2d-a257-107099f870ef |
| 123.6.49.50 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity. | 0.8999999761581421 | severity: Severity.critical | bcc90893-8024-42c8-bf8d-549d7532b941 |
| 101.55.81.36 | ip | 2025-07-17 14:28:33 | block | High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt. | 1.0 | severity: Severity.critical | e625bcd7-874a-49c2-ac3d-423c0c6a5f34 |
| 185.177.72.104 | ip | 2025-07-17 14:28:33 | block | Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules. | 1.0 | severity: Severity.critical | 201d94cd-4ba7-4c7d-9c82-f541977cd890 |
| 178.33.134.25 | ip | 2025-07-17 14:28:33 | block | 100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation. | 0.8999999761581421 | severity: Severity.critical | d9eb90b5-cd2c-48d8-923e-96f70027143d |
| 185.177.72.12 | ip | 2025-07-17 14:28:33 | block | Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules. | 1.0 | severity: Severity.critical | 8a80e806-0dfd-4847-8f4b-8a7c1f00de4f |
| 185.177.72.11 | ip | 2025-07-17 14:28:33 | block | Targeting highly sensitive credentials, environment files, and server info pages, directly hit IP reputation deny rules. | 1.0 | severity: Severity.critical | 711bf53e-a1a5-46a5-bb43-bb86568ebb57 |
| 185.177.72.205 | ip | 2025-07-17 14:28:33 | block | Attempting to access sensitive cloud credentials, environment files, and configuration, hitting LFI and IP blocking rules. | 1.0 | severity: Severity.critical | 7dbd4f28-5c7d-42ba-aa9f-d8f281ee39b1 |
| 185.177.72.204 | ip | 2025-07-17 14:28:33 | block | Targeted scanning for configuration files and source code repositories, triggering IP reputation deny rules. | 1.0 | severity: Severity.critical | 4d22661a-c90e-4d3c-b4a3-64cbaaffeb0b |
| 195.178.110.161 | ip | 2025-07-17 14:28:33 | block | Targeted scanning for sensitive JavaScript config files, JSON credentials, environment variables, and phpinfo, flagged by WAF and browser impersonation. | 0.8999999761581421 | severity: Severity.critical | ca3f8e93-1617-4f17-85ba-aeef61c97fb2 |
| 194.50.16.252 | ip | 2025-07-17 14:28:33 | block | Targeting Spring Boot Actuator endpoints with command injection attempts and path obfuscation, indicating a direct exploit attempt. | 1.0 | severity: Severity.critical | 66fb5379-809f-4827-8d6e-e4d23782bb5b |
| 2001:4878:8216:510:dddd:b98a:3a76:296c | ip | 2025-07-17 14:28:33 | block | Accessed obfuscated path 'oVBKUKnaa/nq36z4Dw/fOEJy35E/c0/uVaJz65XJ3SLLDS3/HyNpQmYB/HT8s/UgxbeHQ' which was previously flagged by WAF and linked to critical malicious activity in other blocked entities (e.g., AS132203, 3%7e2faa3a9db1c111de), indicating high potential for evasive or malicious intent. | 0.949999988079071 | severity: Severity.critical | 2d742a0c-cb2e-4e6f-9f3d-5227c3459c09 |
| 20.171.207.158 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF, including suspicious and obfuscated paths targeting WordPress. | 0.8500000238418579 | severity: Severity.medium | 198027f7-1603-402a-82f6-be47372caacf |
| 205.169.39.130 | ip | 2025-07-17 14:28:33 | block | Triggered an IP blocking rule due to burst activity, despite a lower percentage of detected threat requests. | 0.8999999761581421 | severity: Severity.critical | 5ce9f647-f1ef-4b57-87f9-0eaf22471395 |
| 2001:bc8:1f90:4:7ec2:55ff:fe9e:8476 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF, including obfuscated paths and security alerts. | 0.8500000238418579 | severity: Severity.medium | a9c5169b-407b-4b11-86ac-24ecf85b63d4 |
| 2001:bc8:1201:19:46a8:42ff:fe1b:ae29 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF with suspicious paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | 5844a7ca-7454-4bb7-a682-7b82db69a5fb |
| 216.126.227.20 | ip | 2025-07-17 14:28:33 | block | Targeted WordPress specific attack paths like wlwmanifest.xml and xmlrpc.php, coupled with browser impersonation and IP blocking rules. | 1.0 | severity: Severity.critical | ab258e45-0b4a-4a19-a592-4e3280b10eff |
| 205.169.39.4 | ip | 2025-07-17 14:28:33 | block | High percentage of flagged requests and triggered an IP blocking rule due to burst activity. | 0.8999999761581421 | severity: Severity.critical | 8b128ae1-4dbd-4d3e-8f27-0c8017042b0f |
| 3.92.177.104 | ip | 2025-07-17 14:28:33 | block | Actively targeting WordPress wlwmanifest.xml and xmlrpc.php, directly triggering a WAF IPBLOCK rule. | 1.0 | severity: Severity.critical | 07facdd3-b5dc-4fc4-ba84-68a5113f2ee6 |
| 2604:a880:400:d1:0:1:4cea:4001 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF with suspicious obfuscated paths and security alerts. | 0.8500000238418579 | severity: Severity.medium | 7ae41652-2473-45e2-adfa-d48d4b65e907 |
| 51.38.105.105 | ip | 2025-07-17 14:28:33 | block | Extensive scanning for sensitive configuration files, credentials, and PHP info pages, with a high threat detection rate and browser impersonation. | 0.8999999761581421 | severity: Severity.critical | 18420338-a3cb-4ad3-a30a-f648da668d11 |
| 34.116.246.85 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF with obfuscated paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | 29846c42-72a9-4009-bccb-94593ae9d5ed |
| 34.116.172.61 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF with obfuscated paths and multiple security alerts. | 0.8500000238418579 | severity: Severity.medium | 748d8b74-936a-44d4-83d2-f83e164f83c9 |
| 66.249.77.104 | ip | 2025-07-17 14:28:33 | block | All requests flagged by WAF and triggered security alerts, indicating malicious activity. | 0.949999988079071 | severity: Severity.critical | 0c3eb8be-d385-4cbc-9601-2bc1c015a3a3 |
| AS211590 | asn | 2025-07-17 14:28:33 | block | Aggregated traffic from this ASN demonstrates a 100% threat detection rate involving widespread probing for sensitive files, credentials, and actively attempting LFI attacks, triggering multiple critical IP blocking and reputation rules. | 1.0 | severity: Severity.critical | 861c408f-09b9-44c8-99b2-f763af6293eb |
| AS16276 | asn | 2025-07-17 14:28:33 | block | Aggregated traffic from this ASN shows a very high threat detection rate with diverse malicious activities, including directory scanning and sensitive file probing, consistent with multiple compromised or malicious hosts. | 1.0 | severity: Severity.critical | b9313d0a-296f-4f44-8359-3b54627aa283 |
| AS132203 | asn | 2025-07-17 14:28:33 | block | High volume of 100% flagged requests targeting WordPress endpoints and including multiple obfuscated paths, indicating aggressive and suspicious automated activity. | 0.8999999761581421 | severity: Severity.critical | ad4f4b8b-51ae-45c9-a85e-e1221c01bda1 |
| 3%7e7bcf51bfc0d0b65f | tls | 2025-07-17 14:28:33 | block | Extensive reconnaissance for sensitive application configurations and credentials, coupled with LFI attempts and multiple IP blocking rules, associated with this TLS fingerprint. | 1.0 | severity: Severity.critical | 3529d508-bb97-4303-800b-5109811efa57 |
| 3%7e2faa3a9db1c111de | tls | 2025-07-17 14:28:33 | block | High volume of 100% flagged requests targeting WordPress attack vectors, sensitive configurations, and including obfuscated paths, directly triggering WAF IPBLOCK rules. | 1.0 | severity: Severity.critical | 3158e97f-b1a3-4093-8a54-f4e81a106ad1 |
| 3%7ee35ec11fcbea7346 | tls | 2025-07-17 14:28:33 | block | Very high percentage of flagged requests, including obfuscated paths, directly triggering an IP blocking rule due to burst activity. | 0.8999999761581421 | severity: Severity.critical | c1677f5a-9326-4eba-b3b6-62e21cd53055 |
| 3%7ede293936a8dc4153 | tls | 2025-07-17 14:28:33 | block | All requests flagged by WAF, targeting sensitive WordPress endpoints, containing suspicious obfuscated paths, and showing browser impersonation. High confidence of malicious intent. | 0.949999988079071 | severity: Severity.critical | 81690ddd-f5ee-40ea-b5d0-bd4293428b4a |
| 3%7ebaae1457ad64ff16 | tls | 2025-07-17 14:28:33 | block | All requests flagged by WAF, including obfuscated paths, and multiple security rule hits indicating reconnaissance. | 0.8999999761581421 | severity: Severity.critical | af1a42ce-9a6b-479e-9237-bb5d47671ce2 |
| UNKNOWN | tls | 2025-07-17 14:28:33 | block | Comprehensive and aggressive attack patterns including sensitive file probing, WordPress exploit attempts, web shell probing, LFI, and triggering multiple critical IP blocking and reputation rules. | 1.0 | severity: Severity.critical | 526fdc91-3cdc-46c4-9bc6-1b3d5a3e320d |
| 157.180.49.118 | ip | 2025-07-17 14:23:48 | block | All requests flagged by WAF and multiple security rule hits, indicating malicious probing. | 0.8500000238418579 | severity: Severity.medium | c340fdab-e1ad-4764-b54d-490ce5f62c37 |
| 123.6.49.50 | ip | 2025-07-17 14:23:48 | block | All requests flagged by WAF with multiple security rule hits, indicating high confidence malicious activity. | 0.8999999761581421 | severity: Severity.critical | 313ad45a-f24c-4420-a399-e1ddc9302338 |
| 101.55.81.36 | ip | 2025-07-17 14:23:48 | block | High volume of requests targeting sensitive application files, configuration files, and known web shell paths, indicating an active reconnaissance and exploitation attempt. | 1.0 | severity: Severity.critical | d3791d5f-3a18-4fb8-b048-7a58e6455fa2 |
| 185.177.72.104 | ip | 2025-07-17 14:23:48 | block | Aggressive scanning for .env files, phpinfo, and .git configurations, directly hit IP blocking reputation rules. | 1.0 | severity: Severity.critical | 801f8d79-f879-4d75-b5ff-88bd8c20db9d |
| 178.33.134.25 | ip | 2025-07-17 14:23:48 | block | 100% of requests flagged, actively scanning for common website directories and old/backup sites, coupled with browser impersonation. | 0.8999999761581421 | severity: Severity.critical | 10dc5ca9-225d-4fd8-b48c-1e65dc8cb60e |