|
3%7eab81c74b51922644
|
tls
|
2026-01-14 09:59:06
|
watchlist
|
TLS fingerprint associated with IP 157.180.49.120, which is kept in watchlist due to proximity to a blocklisted malicious IP.
|
0.75
|
severity: Severity.medium
|
|
134.209.25.199
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
154.28.229.89
|
ip
|
2026-01-14 09:49:05
|
block
|
Extremely high ratio of detected threat requests (54/13), with multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating persistent automated malicious probing and exploit attempts, consistent with other blocklisted entities.
|
0.949999988079071
|
severity: Severity.critical
|
|
178.128.207.138
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
165.227.173.41
|
ip
|
2026-01-14 09:49:05
|
block
|
Actively targeting sensitive configuration files (.git/config, .env, info.php) and known exploits (Jira exploit). All requests flagged by WAF, triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.218
|
ip
|
2026-01-14 09:49:05
|
watchlist
|
Low percentage of detected threat requests (4/36) related to Akamai bot management alerts. While its ASN AS3356 is blocklisted for malicious activity, this specific IP's current behavior does not warrant immediate blocking but requires continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
205.169.39.57
|
ip
|
2026-01-14 09:49:05
|
ignore
|
No detected threat requests, no paths flagged by WAF, and no security rules triggered, indicating no current malicious activity. Although its ASN AS3356 is blocklisted, this specific IP appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.122.147.229
|
ip
|
2026-01-14 09:49:05
|
ignore
|
No detected threat requests, no paths flagged by WAF, and no security rules triggered, indicating no current malicious activity. Although its ASN AS396982 is blocklisted, this specific IP appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.116.248.149
|
ip
|
2026-01-14 09:49:05
|
ignore
|
Very low threat activity (1/33 requests) and only an Akamai bot management alert, no critical deny rules triggered. Despite its ASN AS396982 being blocklisted, this specific IP's current behavior is not critically malicious.
|
0.800000011920929
|
severity: Severity.low
|
|
34.123.170.104
|
ip
|
2026-01-14 09:49:05
|
ignore
|
No detected threat requests, no paths flagged by WAF, and no security rules triggered, indicating no current malicious activity. Although its ASN AS396982 is blocklisted, this specific IP appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
46.101.1.225
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
68.183.9.16
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-13 23:08:15
|
watchlist
|
Accessed a suspicious obfuscated path 'akam/13/pixel_28ae533f' similar to those seen from blocklisted malicious entities, from a region (Vietnam) associated with previous threats.
|
0.6000000238418579
|
severity: Severity.medium
|
|
66.249.66.5
|
ip
|
2026-01-13 18:07:57
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.68
|
ip
|
2026-01-13 18:07:57
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.164
|
ip
|
2026-01-13 18:07:57
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
104.28.224.94
|
ip
|
2026-01-13 15:27:48
|
block
|
All requests from this IP were detected as threats and flagged by WAF, triggering security alert '3991006'. Its associated ASN AS13335 is already blocklisted for similar widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e56c3ba2d23a6c2fe
|
tls
|
2026-01-13 15:27:48
|
block
|
All requests associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering security alert '3991006'. Its behavior is identical to a newly identified malicious IP whose ASN is already blocklisted for similar activity.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.120
|
ip
|
2026-01-13 14:27:49
|
watchlist
|
Closely related IP (157.180.49.118) is blocklisted for persistent malicious activity; this IP's behavior warrants continued monitoring for potential coordinated activity or IP rotation within a suspicious range.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 14:27:49
|
watchlist
|
No direct malicious indicators, but associated with an IP address (157.180.49.120) that warrants continued monitoring due to its proximity to a blocklisted malicious IP.
|
0.5
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-13 14:17:50
|
ignore
|
No malicious activity detected; requests are typical for benign browsing and there are no WAF flags or security rule hits.
|
1.0
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 14:17:50
|
ignore
|
No malicious activity detected; requests are typical for benign browsing and there are no WAF flags or security rule hits for this TLS fingerprint.
|
1.0
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-13 14:08:00
|
ignore
|
No malicious activity detected; entity appears benign and does not warrant watchlist inclusion.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 14:08:00
|
ignore
|
No malicious activity detected for this TLS fingerprint; entity appears benign and does not warrant watchlist inclusion.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-13 13:57:51
|
ignore
|
No malicious activity detected: zero threat requests, no WAF flags, and no security rule hits. Accessed paths are benign.
|
1.0
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 13:57:51
|
ignore
|
No malicious activity detected: zero threat requests, no WAF flags, and no security rule hits. Associated activity is benign.
|
1.0
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-13 13:47:46
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Accessing normal website content.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 13:47:46
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Associated with normal website browsing patterns.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-13 13:37:49
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Entity is clean.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 13:37:49
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits for this TLS fingerprint. Entity is clean.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-13 13:27:48
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Activity appears to be normal browsing.
|
1.0
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 13:27:48
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Activity appears to be normal browsing and correlates with non-malicious IP activity.
|
1.0
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-13 13:17:44
|
ignore
|
No malicious activity detected, zero threat requests, and no WAF flags or security alerts. Traffic appears to be legitimate browsing.
|
1.0
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-13 13:17:44
|
ignore
|
No malicious activity detected for this TLS fingerprint, zero threat requests, and no WAF flags or security alerts. Traffic appears to be legitimate browsing.
|
1.0
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-13 08:57:29
|
watchlist
|
No malicious activity detected, but keeping under observation as a new entity.
|
0.30000001192092896
|
severity: Severity.low
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-13 08:57:29
|
watchlist
|
No malicious activity detected, but keeping under observation as a new entity.
|
0.30000001192092896
|
severity: Severity.low
|
|
35.196.98.70
|
ip
|
2026-01-13 08:57:29
|
block
|
Extensive WordPress enumeration and bot impersonation attempts detected, with all accessed paths flagged by WAF, multiple security alerts, and a critical IPBLOCK deny rule triggered. Its associated ASN AS396982 is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
109.166.52.58
|
ip
|
2026-01-13 08:37:27
|
ignore
|
No malicious activity detected; accessed standard website resources.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-13 08:37:27
|
ignore
|
No malicious activity detected; accessed standard website resources.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-13 08:27:38
|
ignore
|
No malicious activity detected; accessed only benign web resources.
|
0.8999999761581421
|
severity: Severity.low
|
|
138.197.136.144
|
ip
|
2026-01-13 08:27:38
|
block
|
Aggressive probing of suspicious PHP files and WordPress admin paths, triggered critical LFI-ANOMALY and reputation-based WAF deny rules, and its ASN (AS14061) is blocklisted for highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
34.1.19.191
|
ip
|
2026-01-13 08:27:38
|
watchlist
|
Accessed a highly obfuscated and suspicious path while belonging to a blocklisted ASN (AS15169) known for malicious activity, requiring further monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-13 08:27:38
|
ignore
|
No malicious activity detected; accessed only benign resource files.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.23.95.230
|
ip
|
2026-01-13 08:27:38
|
block
|
Extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), and its ASN (AS396982) is blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
80.94.92.21
|
ip
|
2026-01-13 08:27:38
|
block
|
Extremely high number of detected threat requests (36/6), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing.
|
1.0
|
severity: Severity.critical
|
|
3%7eff9e7c847339adbd
|
tls
|
2026-01-13 08:27:38
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering security alert '3991008', indicating persistent malicious probing.
|
1.0
|
severity: Severity.critical
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-12 11:26:30
|
ignore
|
IP activity consists solely of benign requests for static website assets with no detected threats or WAF alerts.
|
1.0
|
severity: Severity.low
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-12 10:46:19
|
ignore
|
No malicious activity detected; accessed only benign static files, and no WAF flags or security rule hits.
|
1.0
|
severity: Severity.low
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-12 10:26:18
|
ignore
|
No malicious activity detected; accessed only benign paths and no security rules were triggered.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-12 10:16:15
|
ignore
|
No malicious activity detected. The IP accessed common static web assets without triggering any WAF flags or security rules, and has no detected threat requests.
|
1.0
|
severity: Severity.low
|