|
216.73.216.215
|
ip
|
2025-12-26 12:22:46
|
block
|
High percentage of detected threat requests (66.67%), triggered WAF alert '3991023', accessed highly obfuscated and suspicious paths, and belongs to ASN AS16509 which is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
136.117.243.55
|
ip
|
2025-12-26 10:22:40
|
block
|
IP performing extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), and belongs to ASN AS396982, which is blocklisted for highly malicious activity, consistent with other blocklisted IPs from this ASN.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.7
|
ip
|
2025-12-26 09:12:31
|
block
|
Accessed a highly obfuscated and suspicious path, consistent with other blocklisted IPs (205.169.39.14, 205.169.39.58) from the same ASN (AS3356) that were blocked for identical malicious probing and attempted exploitation.
|
1.0
|
severity: Severity.critical
|
|
99.79.31.5
|
ip
|
2025-12-26 09:02:26
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
152.42.219.118
|
ip
|
2025-12-26 03:22:08
|
block
|
IP is performing extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), and belongs to ASN AS14061, which is blocklisted for highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.135.232.178
|
ip
|
2025-12-26 01:11:58
|
block
|
IP is performing WordPress enumeration and brute-force attacks, targeting 'xmlrpc.php' and 'wp-login.php'. All accessed paths were flagged by WAF, and critical WAF deny rules 'IPBLOCK-PENALTY-BOX' and 'POLICY-ANOMALY' were triggered. This behavior is identical to another blocklisted IP (45.135.232.10) from the same ASN.
|
1.0
|
severity: Severity.critical
|
|
54.245.191.67
|
ip
|
2025-12-26 00:51:56
|
block
|
All requests from this IP were flagged as threats and by WAF, targeting WordPress enumeration paths, and triggering a reputation-based deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with many other IPs from this ASN blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
45.156.129.102
|
ip
|
2025-12-25 22:31:50
|
block
|
All accessed paths were flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR' were triggered, indicating persistent automated malicious probing and reconnaissance attempts.
|
0.9800000190734863
|
severity: Severity.critical
|
|
78.142.18.43
|
ip
|
2025-12-25 20:51:40
|
block
|
High percentage of detected threat requests (66.67%) specifically targeting 'wp-login.php' and triggering a security alert (3900998) indicative of brute-force attempts. This behavior is consistent with other blocklisted IPs from the same ASN (AS213438) exhibiting identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
217.113.194.247
|
ip
|
2025-12-25 12:51:13
|
block
|
All requests from this IP were detected as threats and flagged by WAF, triggering a security alert, indicating persistent malicious probing or automated attacks.
|
1.0
|
severity: Severity.critical
|
|
161.97.92.68
|
ip
|
2025-12-25 09:31:03
|
block
|
This IP targeted sensitive configuration files (.env), triggered critical WAF deny rules including LFI-ANOMALY and a reputation-based block (REP_1654536), and showed a very high rate of detected threat requests, consistent with already blocklisted malicious entities.
|
1.0
|
severity: Severity.critical
|
|
13.229.87.61
|
ip
|
2025-12-25 09:11:00
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.156
|
ip
|
2025-12-24 21:00:20
|
block
|
All requests from this IP targeted sensitive configuration files and triggered multiple critical WAF deny rules, including LFI-ANOMALY, IPBLOCK, and reputation-based blocking. The associated ASN (AS48090) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
AS51396
|
asn
|
2025-12-24 18:20:08
|
block
|
All requests from this ASN targeted highly sensitive files and known exploit paths (.env, .git/config, server.js), triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, and showed bot impersonation, indicating severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.153.34.212
|
ip
|
2025-12-24 18:00:07
|
block
|
All requests from this IP were flagged by WAF, targeting sensitive configuration files and known exploit paths (.git/config, .env, wp-config.php), and triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, along with bot impersonation.
|
1.0
|
severity: Severity.critical
|
|
136.107.98.35
|
ip
|
2025-12-24 15:09:55
|
block
|
Extensive WordPress enumeration and bot impersonation attempts detected, triggering a critical 'IPBLOCK-BURST4' deny rule. Associated ASN AS396982 is already blocklisted for identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
13.212.151.30
|
ip
|
2025-12-24 10:49:34
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
13.218.151.84
|
ip
|
2025-12-24 04:59:12
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered, indicating severe automated malicious activity.
|
1.0
|
severity: Severity.critical
|
|
202.8.42.45
|
ip
|
2025-12-24 02:59:05
|
block
|
Extremely high percentage of detected threat requests (82.35%) and all accessed paths were flagged by WAF, triggering security alert '3991008', indicating persistent malicious probing or automated attacks.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7eb88045f633bfc7f7
|
tls
|
2025-12-23 14:48:23
|
block
|
Very high percentage (94.4%) of requests associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering alert '3991006'. It also accessed a highly obfuscated path, indicating malicious probing or exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
40.77.167.27
|
ip
|
2025-12-23 14:48:22
|
block
|
All requests (100%) from this IP were flagged by WAF and triggered security alert '3991006'. The associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
52.167.144.218
|
ip
|
2025-12-23 14:48:22
|
block
|
High percentage (88.8%) of requests from this IP were flagged by WAF and triggered security alert '3991006'. It also accessed a highly obfuscated path, strongly indicating malicious probing. The associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
130.33.54.201
|
ip
|
2025-12-23 13:18:15
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
34.58.41.77
|
ip
|
2025-12-23 08:28:02
|
block
|
IP is performing extensive WordPress enumeration, bot impersonation, and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403) due to a burst of malicious activity. Its associated ASN (AS396982) is already blocklisted for identical malicious behavior from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.14
|
ip
|
2025-12-23 06:57:58
|
block
|
Accessed a highly obfuscated and suspicious path (-mN-Pzl2I/...), strongly indicating malicious probing or attempted exploitation, despite no direct WAF flags yet.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.58
|
ip
|
2025-12-23 06:57:58
|
block
|
Accessed a highly obfuscated and suspicious path (-mN-Pzl2I/...), strongly indicating malicious probing or attempted exploitation, despite no direct WAF flags yet.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:e05:3:35::1
|
ip
|
2025-12-22 21:57:26
|
block
|
All requests (100%) from this IP were flagged by WAF, triggering multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and demonstrating malicious probing on the same paths as a previously blocklisted IP (2a07:e05:3:1b::1) from the same ASN (AS400587).
|
1.0
|
severity: Severity.critical
|
|
3.9.114.107
|
ip
|
2025-12-22 19:07:15
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.33
|
ip
|
2025-12-22 16:47:09
|
block
|
All requests (100%) from this IP were detected as threats, flagged by WAF, and triggered security alert 3991006, consistent with the blocklisted ASN AS15169 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.201
|
ip
|
2025-12-22 16:47:09
|
block
|
All requests (100%) from this IP were detected as threats, flagged by WAF, and triggered security alert 3991006, consistent with the blocklisted ASN AS15169 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
77.90.185.12
|
ip
|
2025-12-22 15:07:01
|
block
|
IP from blocklisted ASN AS215476, with a high percentage (85.7%) of threat requests targeting 'wp-login.php' and triggering a brute-force alert, consistent with other blocklisted IPs from this ASN exhibiting identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
13.229.89.63
|
ip
|
2025-12-22 10:46:49
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
157.230.46.137
|
ip
|
2025-12-22 10:26:48
|
block
|
IP is performing WordPress enumeration and bot impersonation, has an extremely high number of detected threat requests, and belongs to ASN AS14061, which is blocklisted for highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
114.119.151.146
|
ip
|
2025-12-22 09:26:42
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991006', consistent with blocklisted ASN AS136907 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
213.35.96.205
|
ip
|
2025-12-22 08:46:41
|
block
|
All requests from this IP targeted sensitive WordPress admin/login paths, were flagged by WAF, triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and show identical malicious patterns to a previously blocklisted IP from the same ASN and region (213.35.103.66).
|
1.0
|
severity: Severity.critical
|
|
138.197.152.229
|
ip
|
2025-12-22 08:06:40
|
block
|
All requests from this IP were flagged by WAF, triggered critical LFI-ANOMALY and reputation-based deny rules, and its associated ASN AS14061 is already blocklisted for highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e2d3399e1bbf557f5
|
tls
|
2025-12-22 08:06:40
|
block
|
All requests associated with this TLS fingerprint were flagged by WAF, triggered critical LFI-ANOMALY and reputation-based deny rules, and accessed highly suspicious paths indicative of web shell or exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
74.7.243.194
|
ip
|
2025-12-22 03:46:17
|
block
|
High percentage of detected threat requests (6/7), multiple paths flagged by WAF including a suspicious obfuscated path, and triggered WAF alert, consistent with the blocklisted ASN AS8075 for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
74.7.175.152
|
ip
|
2025-12-22 03:46:17
|
block
|
All requests (100%) from this IP were flagged by WAF and triggered an alert, consistent with the blocklisted ASN AS8075 for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
213.209.159.151
|
ip
|
2025-12-21 22:55:50
|
block
|
All requests targeted highly sensitive configuration and credential files, were flagged by WAF, and triggered critical IPBLOCK-BURST4 deny rules.
|
1.0
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 22:55:50
|
ignore
|
No suspicious activity, threat requests, or WAF alerts detected.
|
0.8999999761581421
|
severity: Severity.low
|
|
AS42821
|
asn
|
2025-12-21 22:55:50
|
block
|
ASN linked to IP 213.209.159.151, which targeted highly sensitive files, was fully flagged by WAF, and triggered critical IPBLOCK-BURST4 deny rules. Blocking the entire ASN is necessary to mitigate persistent threats from this network.
|
1.0
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 22:45:47
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits observed over 5 total requests. This entity shows no signs of malicious activity and does not need to be monitored.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 22:35:46
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed across 5 total requests. All activity appears benign.
|
0.949999988079071
|
severity: Severity.low
|
|
141.98.11.169
|
ip
|
2025-12-21 22:25:50
|
block
|
High percentage of threat requests (76.9%) targeting 'wp-login.php' and triggering a brute-force alert. This IP's ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 22:25:50
|
ignore
|
No malicious activity detected; 0% threat requests and no WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 22:15:46
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits across 5 total requests, indicating benign activity.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 22:05:49
|
ignore
|
No malicious activity detected across 5 total requests. There were no detected threat requests, no WAF flags, and no security rule hits. Neither the IP nor its associated ASN (AS45090) are present in the current blocklist or watchlist.
|
1.0
|
severity: Severity.low
|
|
103.179.173.163
|
ip
|
2025-12-21 21:55:44
|
block
|
High percentage of detected threat requests (84%) targeting 'wp-login.php' and triggering a brute-force alert. This behavior is consistent with other blocklisted IPs from Vietnam for similar critical malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
43.138.68.113
|
ip
|
2025-12-21 21:55:44
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits observed. This IP shows no signs of malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|