|
AS22295
|
asn
|
2025-12-16 15:59:12
|
block
|
Detected bot-browser impersonation and extensive WordPress enumeration, triggering a critical 'IPBLOCK-BURST4' WAF deny rule. This ASN is already associated with blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
3%7edf1fada1233fb39f
|
tls
|
2025-12-16 15:59:12
|
block
|
High number of detected threat requests (20/22) including access to a highly obfuscated and suspicious path, indicating malicious probing or exploit attempts.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7eeb4f52e1e9bd4579
|
tls
|
2025-12-16 15:59:12
|
watchlist
|
High number of detected threat requests (41/45) and multiple general WAF alerts, indicating persistent suspicious scanning or bot activity.
|
0.800000011920929
|
severity: Severity.medium
|
|
193.142.147.57
|
ip
|
2025-12-16 06:13:43
|
block
|
All requests (100%) from this IP were detected as threats, specifically targeting 'wp-login.php' and triggering a security alert indicative of a brute-force or credential stuffing attack.
|
1.0
|
severity: Severity.critical
|
|
208.84.101.251
|
ip
|
2025-12-15 22:03:11
|
block
|
50% of requests were detected as threats, targeting sensitive WordPress enumeration paths and triggering a critical IP block deny rule due to a burst of malicious activity.
|
1.0
|
severity: Severity.critical
|
|
103.141.144.222
|
ip
|
2025-12-15 03:12:11
|
watchlist
|
Accessed 'wp-login.php' 6 times, a common target for brute-force attempts. Although no WAF flags or security rule hits were triggered, the activity warrants further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
103.4.251.152
|
ip
|
2025-12-12 06:58:39
|
block
|
All requests (100%) from this IP were flagged by WAF, with a high number of detected threat requests, and triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
65.87.7.112
|
ip
|
2025-12-12 00:48:21
|
block
|
All requests (100%) from this IP were flagged by WAF, triggering security alert "3990011", and all accessed paths were marked as threats, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
147.182.149.75
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive files (.git/config, .env, config.json) and known exploit paths (LFI, Jira exploit), and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
159.89.12.166
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive files (.git/config, .env, .vscode/sftp.json) and known exploit paths (LFI, Jira exploit), and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
159.89.174.87
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive files (.env, api-docs/swagger.json, .vscode/sftp.json) and common admin/info paths, and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
167.71.81.114
|
ip
|
2025-12-12 00:08:31
|
block
|
All requests were flagged by WAF, targeting sensitive endpoints (actuator/env, api/swagger.json, .env, .vscode/sftp.json) and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
AS14061
|
asn
|
2025-12-12 00:08:31
|
block
|
All requests from IPs associated with this ASN were flagged by WAF, extensively probing sensitive configurations and known exploit paths (including LFI and Jira exploits), and consistently triggered critical 'LFI-ANOMALY' deny rules. This ASN is confirmed to be highly malicious and is already in the blocklist.
|
1.0
|
severity: Severity.critical
|
|
3%7ebb4be091c5dc4153
|
tls
|
2025-12-12 00:08:31
|
block
|
All requests associated with this TLS fingerprint were flagged by WAF, targeting sensitive files (.DS_Store, .env, .git/config) and common admin/info paths, and triggered a critical 'LFI-ANOMALY' deny rule. This fingerprint is indicative of a highly malicious client.
|
1.0
|
severity: Severity.critical
|
|
40.83.76.149
|
ip
|
2025-12-10 00:46:02
|
block
|
All requests (100%) from this IP were flagged by WAF, accessing suspicious PHP files, and triggered an 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
37.228.254.154
|
ip
|
2025-12-09 12:55:20
|
block
|
High ratio of detected threat requests (60%), including access to an extremely suspicious and obfuscated path 'NqKXrfXQ/UVmgosN/YjdiKN1/-J/EYm94maubaDicN/RiQhYUIC/fGlT/I3ESewcB', indicating malicious probing and potential exploit attempts. A WAF alert rule '3900999' was also triggered.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:e05:3:1b::1
|
ip
|
2025-12-08 08:23:25
|
block
|
All requests (100%) from this IP were flagged by WAF, triggering multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and demonstrating a high ratio of detected threat requests to total requests, indicating automated malicious probing.
|
1.0
|
severity: Severity.critical
|
|
213.35.103.66
|
ip
|
2025-12-06 13:41:21
|
block
|
All requests from this IP targeted sensitive WordPress admin/login paths, were flagged by WAF, and triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing.
|
1.0
|
severity: Severity.critical
|
|
216.73.216.213
|
ip
|
2025-12-05 18:50:26
|
block
|
All requests (100%) from this IP were flagged by WAF, indicating persistent malicious probing targeting WordPress endpoints and triggering security alerts.
|
1.0
|
severity: Severity.critical
|
|
45.148.10.246
|
ip
|
2025-12-04 12:34:38
|
block
|
Extensive probing of sensitive configuration files and backups (e.g., .env, config/mail), all requests (100%) flagged by WAF, and multiple critical deny rules triggered including LFI-ANOMALY and IPBLOCK.
|
1.0
|
severity: Severity.critical
|
|
AS48090
|
asn
|
2025-12-04 12:34:38
|
block
|
Associated with IP 45.148.10.246, which demonstrated extensive probing of sensitive files, had all requests flagged by WAF, and triggered critical deny rules including LFI-ANOMALY and IPBLOCK.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-12-02 14:22:26
|
ignore
|
No security rule hits, WAF flags, or detected threat requests, and no activity for over a month. Entity is no longer considered suspicious.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:9d10:3e29:e251:a165
|
ip
|
2025-12-02 14:22:25
|
ignore
|
No current security rule hits, WAF flags, or detected threat requests. Entity has not shown recent malicious behavior, contradicting previous AI assessment.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.60.130.210
|
ip
|
2025-12-02 14:22:25
|
block
|
All requests (100%) were flagged by WAF and targeted 'wp-login.php', triggering security alerts indicative of a brute-force or credential stuffing attack.
|
1.0
|
severity: Severity.critical
|
|
3%7e67c0ea0c99e03401
|
tls
|
2025-11-30 15:39:51
|
block
|
TLS fingerprint associated with an IP (4.189.168.36) that had all requests flagged by WAF, bot impersonation, and probing of sensitive paths. Associated ASN AS8075 is blocklisted.
|
1.0
|
severity: Severity.critical
|
|
4.189.168.36
|
ip
|
2025-11-30 15:39:50
|
block
|
All requests (100%) flagged by WAF with bot impersonation and probing of sensitive paths. Associated ASN AS8075 is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:9d10:3e29:e251:a165
|
ip
|
2025-11-30 15:29:51
|
watchlist
|
IP accessed sensitive WordPress login path (wp-login.php) and is from an ASN with a history of similar suspicious WordPress probing, indicating potential reconnaissance or enumeration attempts.
|
0.6000000238418579
|
severity: Severity.medium
|
|
134.122.136.96
|
ip
|
2025-11-30 14:03:57
|
block
|
Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and exploit attempts. All accessed paths were flagged.
|
1.0
|
severity: Severity.critical
|
|
AS152194
|
asn
|
2025-11-30 14:03:57
|
block
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All accessed paths from this ASN were flagged as malicious.
|
1.0
|
severity: Severity.critical
|
|
3%7ed09afd3ffe9bdf7b
|
tls
|
2025-11-30 14:03:57
|
block
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This TLS fingerprint is used by a highly malicious client.
|
1.0
|
severity: Severity.critical
|
|
43.163.127.190
|
ip
|
2025-11-20 15:39:02
|
block
|
Repeated, targeted access attempts to sensitive Spring Boot actuator and mapping endpoints. All 13 requests flagged by WAF, with bot impersonation detected, indicating high-confidence malicious activity.
|
1.0
|
severity: Severity.critical
|
|
199.127.56.236
|
ip
|
2025-11-18 01:36:03
|
ignore
|
No malicious activity detected. All requests were benign and no security rules were triggered.
|
1.0
|
severity: Severity.low
|
|
20.37.96.143
|
ip
|
2025-11-10 22:07:17
|
block
|
All requests from this IP were flagged by WAF, accessing suspicious PHP files including known exploit paths like 'wp-filemanager.php', and triggered a deny security rule (REP_1654538).
|
1.0
|
severity: Severity.critical
|
|
AS15169
|
asn
|
2025-11-04 15:46:51
|
block
|
48% of requests were threatening, all accessed paths flagged by WAF, and a burst-rate IP block rule (IPBLOCK-BURST4-318403) was triggered.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:16:50
|
watchlist
|
Repeated access to wp-admin/admin-ajax.php, a common target for WordPress reconnaissance, without other immediate threat indicators.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:11:43
|
ignore
|
No observed malicious activity, 0 requests, and low initial AI confidence score.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:06:41
|
watchlist
|
Accessed sensitive WordPress path 'wp-admin/admin-ajax.php' with 17 requests but no WAF alerts or threat detections. AI confidence and severity are low.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:01:42
|
watchlist
|
Accessed a common WordPress admin path (wp-admin/admin-ajax.php) without triggering WAF or security rules, requires further monitoring for potential reconnaissance.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:56:42
|
ignore
|
Entity shows no malicious activity, no WAF flags, no security rule hits, and has a very low AI confidence score, indicating it is likely benign.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:51:56
|
watchlist
|
Accessed wp-admin/admin-ajax.php 17 times, a common target for reconnaissance, but no WAF alerts or security rules were triggered. Warrants minor monitoring.
|
0.20000000298023224
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:46:44
|
ignore
|
No detected threats, WAF alerts, or security rule hits, and a low AI confidence score.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:41:56
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' multiple times without triggering WAF, warrants further monitoring for potential probing.
|
0.30000001192092896
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:36:42
|
ignore
|
No further malicious activity or threat requests observed since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:31:40
|
watchlist
|
Access to sensitive WordPress path (wp-admin/admin-ajax.php) with medium AI confidence, but no WAF alerts or threat requests yet. Requires continued monitoring.
|
0.6499999761581421
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:26:41
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php', which is a common target for reconnaissance or exploitation. No WAF flags detected yet, warrants further monitoring.
|
0.6499999761581421
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:21:39
|
ignore
|
Entity has shown no activity (0 requests) and no security rule hits since being added to the watchlist, with a low initial AI confidence and severity. No longer deemed suspicious.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:16:39
|
watchlist
|
Accessed a common WordPress administration path (wp-admin/admin-ajax.php) but no WAF alerts or detected threat requests. Low AI confidence score, requiring continued monitoring.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:11:42
|
watchlist
|
Accessed WordPress admin AJAX path, which is a common target for reconnaissance. No WAF alerts or threat detections, but warrants continued monitoring.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:06:46
|
ignore
|
No malicious activity detected, zero WAF flags or security rule hits, and low request count to a common WordPress path. The associated ASN is not on the blocklist.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:01:50
|
ignore
|
No suspicious activity detected, including WAF flags or threat requests. The accessed path is legitimate for WordPress operation and the entity is not currently in the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|