|
43.138.68.113
|
ip
|
2025-12-21 21:45:48
|
ignore
|
No detected threat requests, WAF did not flag any paths, and no security rules were triggered, indicating benign activity.
|
0.949999988079071
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 21:35:47
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed for this IP address.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 21:25:44
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. The IP and its ASN (AS45090) are not present in the existing blocklist. No suspicious behavior observed.
|
1.0
|
severity: Severity.low
|
|
43.138.68.113
|
ip
|
2025-12-21 21:15:43
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Entity shows no signs of malicious activity.
|
1.0
|
severity: Severity.low
|
|
77.90.185.245
|
ip
|
2025-12-21 17:05:27
|
block
|
High percentage of detected threat requests (87%) targeting 'wp-login.php' and triggering a brute-force alert. This IP's ASN (AS215476) and other IPs within it are already blocklisted for identical critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
52.172.223.9
|
ip
|
2025-12-21 11:35:13
|
block
|
All requests (100%) from this IP were flagged by WAF and targeted suspicious PHP files, triggering a critical 'IPBLOCK' deny rule. The associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
62.60.131.162
|
ip
|
2025-12-21 03:14:37
|
block
|
All requests (100%) from this IP were flagged as threats, specifically targeting the sensitive '.git/config' path, indicating a high-confidence reconnaissance or exploit attempt.
|
1.0
|
severity: Severity.critical
|
|
193.142.146.65
|
ip
|
2025-12-20 19:24:13
|
block
|
High percentage of detected threat requests (66.67%) specifically targeting 'wp-login.php' and triggering a security alert indicative of brute-force attempts. Another IP from the same ASN (AS213438) has been previously blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
13.229.199.18
|
ip
|
2025-12-20 07:23:34
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e2c022104e7e56fbe
|
tls
|
2025-12-19 11:42:24
|
block
|
TLS fingerprint detected probing 'wp-login.php', triggering a WAF alert (3900998) indicative of brute-force or credential stuffing attempts, consistent with previously blocked malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
45.149.173.217
|
ip
|
2025-12-19 11:22:19
|
block
|
Extensive WordPress enumeration and bot impersonation detected, triggering multiple WAF alerts and a critical 'IPBLOCK-BURST4' deny rule due to a very high rate of malicious requests.
|
1.0
|
severity: Severity.critical
|
|
AS209605
|
asn
|
2025-12-19 09:42:14
|
block
|
Multiple IPs from this ASN, including '91.224.92.93' and '91.224.92.99', are consistently performing brute-force and enumeration attacks on 'wp-login.php' and triggering critical WAF alerts.
|
1.0
|
severity: Severity.critical
|
|
91.224.92.93
|
ip
|
2025-12-19 09:42:14
|
block
|
Multiple requests targeting 'wp-login.php', flagged by WAF, triggered brute-force alert '3900998', and associated ASN AS209605 has other IPs blocklisted for similar activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
209.38.29.70
|
ip
|
2025-12-19 08:52:12
|
block
|
IP from blocklisted ASN AS14061 aggressively attempting Laravel and PHPUnit exploits, command injection, and local file inclusion by targeting sensitive files (.env, .git/config), triggered multiple critical WAF deny rules (CMD-INJECTION-ANOMALY, LFI-ANOMALY), and shows an extremely high number of detected threat requests.
|
1.0
|
severity: Severity.critical
|
|
209.38.88.38
|
ip
|
2025-12-19 07:02:04
|
block
|
IP from blocklisted ASN AS14061 aggressively attempting Laravel and PHPUnit exploits by targeting sensitive files, triggered a critical WAF deny rule, and showed a 100% threat request ratio.
|
1.0
|
severity: Severity.critical
|
|
170.64.219.248
|
ip
|
2025-12-19 04:01:53
|
block
|
IP is aggressively attempting critical exploits (Laravel RCE, PHPUnit RCE, LFI, sensitive file disclosure) and triggered multiple critical WAF deny rules. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.135.232.10
|
ip
|
2025-12-19 02:11:46
|
block
|
All requests (100%) from this IP targeted known WordPress exploit paths ('xmlrpc.php', 'wp-login.php') and triggered multiple critical WAF deny rules (IPBLOCK-PENALTY-BOX, PLATFORM-ANOMALY, POLICY-ANOMALY), indicating an active and severe brute-force or enumeration attack.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-18 20:11:21
|
block
|
IP belongs to AS396982, which is blocklisted for extensive WordPress enumeration, bot impersonation, and critical WAF deny rules, indicating a high risk of malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-18 20:01:26
|
ignore
|
No malicious activity detected for this IP (0 threat requests, no WAF flags or security rule hits), despite its ASN being blocklisted. This specific IP no longer exhibits suspicious behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
77.90.185.10
|
ip
|
2025-12-18 20:01:26
|
block
|
High percentage (90%) of detected threat requests targeting 'wp-login.php', triggering security alerts indicative of brute-force attempts. Associated ASN AS215476 also shows high malicious activity and has other IPs blocklisted for similar behavior.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS215476
|
asn
|
2025-12-18 20:01:26
|
block
|
High percentage (88.5%) of detected threat requests originating from this ASN, consistently targeting 'wp-login.php' and triggering security alerts for brute-force attempts. Other IPs within this ASN are already blocklisted for similar persistent malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
170.64.167.148
|
ip
|
2025-12-18 13:31:04
|
block
|
IP from blocklisted ASN AS14061 aggressively attempting Laravel and PHPUnit exploits, command injection, and local file inclusion by targeting sensitive files (.env, .git/config), triggering multiple critical WAF deny rules (CMD-INJECTION-ANOMALY, LFI-ANOMALY), and showing a very high threat request ratio (101/11).
|
1.0
|
severity: Severity.critical
|
|
114.119.146.15
|
ip
|
2025-12-18 03:30:22
|
block
|
All requests (100%) were detected as threats, including probing 'wp-login.php', and the associated ASN (AS136907) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.8
|
ip
|
2025-12-17 23:50:15
|
block
|
IP from blocklisted ASN AS211590, demonstrating bot-browser impersonation, multiple WAF alerts, and an exceptionally high number of detected threat requests (50 out of 17), indicating persistent malicious probing and automated attacks.
|
1.0
|
severity: Severity.critical
|
|
34.187.144.195
|
ip
|
2025-12-17 17:09:52
|
block
|
Extensive WordPress enumeration, bot impersonation, and high detected threat requests (127/27). Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and associated ASN (AS396982) is blocklisted for similar activity.
|
1.0
|
severity: Severity.critical
|
|
34.105.63.134
|
ip
|
2025-12-17 14:19:47
|
block
|
IP performing extensive WordPress enumeration and bot impersonation, triggering critical WAF deny rules (IPBLOCK-BURST4-318403) and multiple bot alerts. Behavior is consistent with blocklisted ASN AS396982.
|
1.0
|
severity: Severity.critical
|
|
AS396982
|
asn
|
2025-12-17 11:39:36
|
block
|
Associated IPs within this ASN are performing extensive WordPress enumeration and bot impersonation, triggering critical WAF deny rules like 'IPBLOCK-BURST4-318403', and demonstrating a very high threat request ratio.
|
1.0
|
severity: Severity.critical
|
|
74.7.243.201
|
ip
|
2025-12-17 10:39:34
|
block
|
High percentage of detected threat requests (75%) including suspicious and obfuscated paths, triggered WAF alert '3991023', and associated ASN AS8075 is blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
91.224.92.99
|
ip
|
2025-12-17 10:09:33
|
block
|
Detected brute-force or credential stuffing attempts targeting 'wp-login.php', with WAF flagging the path and triggering security alert '3900998'. Associated ASN (AS209605) has other IPs blocklisted for similar WordPress enumeration and bot activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-17 09:59:31
|
watchlist
|
Associated with ASN AS396982, which is linked to blocklisted IPs exhibiting extensive WordPress enumeration and bot impersonation, despite current low threat indicators.
|
0.699999988079071
|
severity: Severity.medium
|
|
91.224.92.99
|
ip
|
2025-12-17 09:59:31
|
ignore
|
No new activity or detected threat requests since being added to the watchlist, suggesting it's no longer a threat or was a false positive.
|
0.800000011920929
|
severity: Severity.low
|
|
66.249.66.32
|
ip
|
2025-12-17 08:49:40
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert 3991006. The associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.200
|
ip
|
2025-12-17 08:49:40
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert 3991006. The associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
91.224.92.99
|
ip
|
2025-12-17 08:49:40
|
watchlist
|
Entity continues to target wp-login.php with a low rate of threat requests (25%) and triggered a relevant alert (3900998), requiring further monitoring but not immediate blocking.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e643dc557cbaefec4
|
tls
|
2025-12-17 08:49:40
|
block
|
All requests (100%) from this TLS fingerprint were detected as threats and flagged by WAF, triggering security alert 3990011, indicating highly malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
13.54.76.125
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
104.252.191.81
|
ip
|
2025-12-17 08:29:42
|
block
|
High number of detected threat requests and multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing and exploit attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
103.4.251.192
|
ip
|
2025-12-17 08:29:42
|
block
|
High number of detected threat requests and multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing and exploit attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
16.16.253.36
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
194.180.49.171
|
ip
|
2025-12-17 08:29:42
|
block
|
Aggressively targeted highly sensitive configuration and information files, triggering critical WAF deny rules including IPBLOCK-BURST4, LFI-ANOMALY, and reputation-based blocking.
|
1.0
|
severity: Severity.critical
|
|
3.139.75.95
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
34.75.103.206
|
ip
|
2025-12-17 08:29:42
|
block
|
Extensive WordPress enumeration and bot impersonation attempts detected, triggering multiple WAF alerts and a critical 'IPBLOCK-BURST4' deny rule.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-17 08:29:42
|
ignore
|
No detected threat requests or WAF flags. This entity appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
66.249.66.32
|
ip
|
2025-12-17 08:29:42
|
watchlist
|
All requests were flagged by WAF and an alert triggered, but the entity (AS15169) is associated with legitimate search engine crawling, warranting continued monitoring for potential spoofing.
|
0.6000000238418579
|
severity: Severity.low
|
|
66.249.66.200
|
ip
|
2025-12-17 08:29:42
|
watchlist
|
All requests were flagged by WAF and an alert triggered, but the entity (AS15169) is associated with legitimate search engine crawling, warranting continued monitoring for potential spoofing.
|
0.6000000238418579
|
severity: Severity.low
|
|
54.206.119.170
|
ip
|
2025-12-17 08:29:42
|
block
|
All requests (100%) were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
91.224.92.99
|
ip
|
2025-12-17 08:29:42
|
watchlist
|
Accessed 'wp-login.php' and triggered a WAF alert indicative of brute-force attempts. Not enough deny rules or total threat requests to block immediately, but requires monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e643dc557cbaefec4
|
tls
|
2025-12-17 08:29:42
|
watchlist
|
All requests (100%) associated with this TLS fingerprint were detected as threats and triggered a WAF alert, but no critical deny rules were activated.
|
0.75
|
severity: Severity.medium
|
|
3%7e0e32d71b0a15c3f7
|
tls
|
2025-12-17 08:29:42
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
1.0
|
severity: Severity.critical
|
|
34.136.173.106
|
ip
|
2025-12-16 18:08:43
|
ignore
|
No suspicious activity, detected threats, or WAF flags were observed for this IP address across 10 requests. It does not warrant monitoring.
|
0.949999988079071
|
severity: Severity.low
|