|
154.242.193.88
|
ip
|
2025-12-28 10:25:23
|
block
|
Extremely high percentage (88%) of detected threat requests and all accessed paths were flagged by WAF, triggering security alert '3900999', indicating persistent malicious probing or automated attacks.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7eCDC2EF7588B03762
|
tls
|
2025-12-28 10:25:23
|
block
|
High percentage (~61%) of detected threat requests and all accessed paths were flagged by WAF, triggering security alert '3900999', indicating persistent malicious probing or automated attacks, similar to correlated IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.24.203.163
|
ip
|
2025-12-28 08:55:23
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
23.180.120.244
|
ip
|
2025-12-28 06:15:11
|
block
|
Aggressively targeted highly sensitive configuration files (.env, .env.example) and PHP information disclosure paths (phpinfo, info). All requests triggered critical WAF deny rules, specifically 'LFI-ANOMALY' and a reputation-based block ('REP_1654536'). The ratio of detected threat requests (32) to total requests (21) is extremely high, indicating severe malicious probing and exploitation attempts, consistent with previously blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
52.169.163.135
|
ip
|
2025-12-28 02:04:53
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
74.7.244.24
|
ip
|
2025-12-28 00:04:41
|
block
|
IP from blocklisted ASN AS8075 with 100% threat requests, all paths flagged by WAF, and triggered security alert '3991023', indicating persistent malicious probing.
|
1.0
|
severity: Severity.critical
|
|
74.7.242.31
|
ip
|
2025-12-28 00:04:41
|
block
|
IP from blocklisted ASN AS8075 with 100% threat requests, all paths flagged by WAF, and triggered security alert '3991023', indicating persistent malicious probing.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.11
|
ip
|
2025-12-27 19:24:27
|
block
|
IP from ASN AS3356, which has multiple IPs blocklisted for accessing suspicious/obfuscated paths. This IP exhibits similar behavior with a WAF-flagged path ('akam/13/2f321df0') and triggered security alert '3900999', indicating ongoing malicious probing.
|
0.8999999761581421
|
severity: Severity.critical
|
|
13.211.133.155
|
ip
|
2025-12-27 12:54:06
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
3.26.215.6
|
ip
|
2025-12-27 11:34:05
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
87.251.78.138
|
ip
|
2025-12-27 11:04:00
|
block
|
Extremely high number of detected threat events (60 over 10 requests), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
16.176.222.217
|
ip
|
2025-12-27 07:03:48
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
16.176.215.135
|
ip
|
2025-12-27 05:33:47
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
2600:3c00::2000:72ff:fe7b:3e96
|
ip
|
2025-12-27 05:33:47
|
block
|
Accessed a highly obfuscated and suspicious path (cMzmRHv2McZmnWgO3JrScmKtz0o/1Dw3GczYaVuVQN/Qk1QICE/KR9JTB/QVeC0), strongly indicating malicious probing or attempted exploitation, despite no direct WAF flags yet.
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.66
|
ip
|
2025-12-27 02:53:38
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. This behavior is consistent with other blocklisted IPs and the blocklisted ASN AS15169 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.86.202.87
|
ip
|
2025-12-26 21:13:20
|
block
|
Aggressively probing sensitive PHP info files and configuration files (.env.example), with almost all accessed paths flagged by WAF, triggering a critical IP block burst deny rule, and showing bot impersonation. This indicates persistent malicious reconnaissance and exploitation attempts, consistent with other malicious IPs from the same ASN (AS206092).
|
1.0
|
severity: Severity.critical
|
|
45.86.202.100
|
ip
|
2025-12-26 21:13:20
|
block
|
Aggressively probing sensitive PHP info files and configuration files (.env), with all accessed paths flagged by WAF, triggering critical IP block burst and LFI deny rules, and showing bot impersonation. This indicates persistent malicious reconnaissance and exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
20.37.218.115
|
ip
|
2025-12-26 17:13:04
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP and admin files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
141.98.11.23
|
ip
|
2025-12-26 16:02:56
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php' and triggered a WAF alert (3900998). This IP's ASN (AS209605) is already blocklisted for similar critical malicious activity, with other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
216.73.216.215
|
ip
|
2025-12-26 12:22:46
|
block
|
High percentage of detected threat requests (66.67%), triggered WAF alert '3991023', accessed highly obfuscated and suspicious paths, and belongs to ASN AS16509 which is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
136.117.243.55
|
ip
|
2025-12-26 10:22:40
|
block
|
IP performing extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), and belongs to ASN AS396982, which is blocklisted for highly malicious activity, consistent with other blocklisted IPs from this ASN.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.7
|
ip
|
2025-12-26 09:12:31
|
block
|
Accessed a highly obfuscated and suspicious path, consistent with other blocklisted IPs (205.169.39.14, 205.169.39.58) from the same ASN (AS3356) that were blocked for identical malicious probing and attempted exploitation.
|
1.0
|
severity: Severity.critical
|
|
99.79.31.5
|
ip
|
2025-12-26 09:02:26
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
152.42.219.118
|
ip
|
2025-12-26 03:22:08
|
block
|
IP is performing extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), and belongs to ASN AS14061, which is blocklisted for highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.135.232.178
|
ip
|
2025-12-26 01:11:58
|
block
|
IP is performing WordPress enumeration and brute-force attacks, targeting 'xmlrpc.php' and 'wp-login.php'. All accessed paths were flagged by WAF, and critical WAF deny rules 'IPBLOCK-PENALTY-BOX' and 'POLICY-ANOMALY' were triggered. This behavior is identical to another blocklisted IP (45.135.232.10) from the same ASN.
|
1.0
|
severity: Severity.critical
|
|
54.245.191.67
|
ip
|
2025-12-26 00:51:56
|
block
|
All requests from this IP were flagged as threats and by WAF, targeting WordPress enumeration paths, and triggering a reputation-based deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with many other IPs from this ASN blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
45.156.129.102
|
ip
|
2025-12-25 22:31:50
|
block
|
All accessed paths were flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR' were triggered, indicating persistent automated malicious probing and reconnaissance attempts.
|
0.9800000190734863
|
severity: Severity.critical
|
|
78.142.18.43
|
ip
|
2025-12-25 20:51:40
|
block
|
High percentage of detected threat requests (66.67%) specifically targeting 'wp-login.php' and triggering a security alert (3900998) indicative of brute-force attempts. This behavior is consistent with other blocklisted IPs from the same ASN (AS213438) exhibiting identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
217.113.194.247
|
ip
|
2025-12-25 12:51:13
|
block
|
All requests from this IP were detected as threats and flagged by WAF, triggering a security alert, indicating persistent malicious probing or automated attacks.
|
1.0
|
severity: Severity.critical
|
|
161.97.92.68
|
ip
|
2025-12-25 09:31:03
|
block
|
This IP targeted sensitive configuration files (.env), triggered critical WAF deny rules including LFI-ANOMALY and a reputation-based block (REP_1654536), and showed a very high rate of detected threat requests, consistent with already blocklisted malicious entities.
|
1.0
|
severity: Severity.critical
|
|
13.229.87.61
|
ip
|
2025-12-25 09:11:00
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.156
|
ip
|
2025-12-24 21:00:20
|
block
|
All requests from this IP targeted sensitive configuration files and triggered multiple critical WAF deny rules, including LFI-ANOMALY, IPBLOCK, and reputation-based blocking. The associated ASN (AS48090) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
AS51396
|
asn
|
2025-12-24 18:20:08
|
block
|
All requests from this ASN targeted highly sensitive files and known exploit paths (.env, .git/config, server.js), triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, and showed bot impersonation, indicating severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.153.34.212
|
ip
|
2025-12-24 18:00:07
|
block
|
All requests from this IP were flagged by WAF, targeting sensitive configuration files and known exploit paths (.git/config, .env, wp-config.php), and triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, along with bot impersonation.
|
1.0
|
severity: Severity.critical
|
|
136.107.98.35
|
ip
|
2025-12-24 15:09:55
|
block
|
Extensive WordPress enumeration and bot impersonation attempts detected, triggering a critical 'IPBLOCK-BURST4' deny rule. Associated ASN AS396982 is already blocklisted for identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
13.212.151.30
|
ip
|
2025-12-24 10:49:34
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
13.218.151.84
|
ip
|
2025-12-24 04:59:12
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered, indicating severe automated malicious activity.
|
1.0
|
severity: Severity.critical
|
|
202.8.42.45
|
ip
|
2025-12-24 02:59:05
|
block
|
Extremely high percentage of detected threat requests (82.35%) and all accessed paths were flagged by WAF, triggering security alert '3991008', indicating persistent malicious probing or automated attacks.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7eb88045f633bfc7f7
|
tls
|
2025-12-23 14:48:23
|
block
|
Very high percentage (94.4%) of requests associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering alert '3991006'. It also accessed a highly obfuscated path, indicating malicious probing or exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
40.77.167.27
|
ip
|
2025-12-23 14:48:22
|
block
|
All requests (100%) from this IP were flagged by WAF and triggered security alert '3991006'. The associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
52.167.144.218
|
ip
|
2025-12-23 14:48:22
|
block
|
High percentage (88.8%) of requests from this IP were flagged by WAF and triggered security alert '3991006'. It also accessed a highly obfuscated path, strongly indicating malicious probing. The associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
130.33.54.201
|
ip
|
2025-12-23 13:18:15
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
34.58.41.77
|
ip
|
2025-12-23 08:28:02
|
block
|
IP is performing extensive WordPress enumeration, bot impersonation, and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403) due to a burst of malicious activity. Its associated ASN (AS396982) is already blocklisted for identical malicious behavior from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.14
|
ip
|
2025-12-23 06:57:58
|
block
|
Accessed a highly obfuscated and suspicious path (-mN-Pzl2I/...), strongly indicating malicious probing or attempted exploitation, despite no direct WAF flags yet.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.58
|
ip
|
2025-12-23 06:57:58
|
block
|
Accessed a highly obfuscated and suspicious path (-mN-Pzl2I/...), strongly indicating malicious probing or attempted exploitation, despite no direct WAF flags yet.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:e05:3:35::1
|
ip
|
2025-12-22 21:57:26
|
block
|
All requests (100%) from this IP were flagged by WAF, triggering multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and demonstrating malicious probing on the same paths as a previously blocklisted IP (2a07:e05:3:1b::1) from the same ASN (AS400587).
|
1.0
|
severity: Severity.critical
|
|
3.9.114.107
|
ip
|
2025-12-22 19:07:15
|
block
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.33
|
ip
|
2025-12-22 16:47:09
|
block
|
All requests (100%) from this IP were detected as threats, flagged by WAF, and triggered security alert 3991006, consistent with the blocklisted ASN AS15169 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.201
|
ip
|
2025-12-22 16:47:09
|
block
|
All requests (100%) from this IP were detected as threats, flagged by WAF, and triggered security alert 3991006, consistent with the blocklisted ASN AS15169 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
77.90.185.12
|
ip
|
2025-12-22 15:07:01
|
block
|
IP from blocklisted ASN AS215476, with a high percentage (85.7%) of threat requests targeting 'wp-login.php' and triggering a brute-force alert, consistent with other blocklisted IPs from this ASN exhibiting identical malicious activity.
|
1.0
|
severity: Severity.critical
|