• Начало
  • AIT Security Center – Public Threat Intelligence & Firewall Feed

AIT Security Center – Public Threat Intelligence & Firewall Feed

Real-world AIT NODE SECURITY AI intelligence feed

AIT Security Center – Public Threat Intelligence Feed

Threat Intelligence Feed data provides real-time cyber threat intelligence, firewall intelligence and blocked IP reputation data collected from attacks detected across our infrastructure.
The AIT Security Center Threat Intelligence Feed includes malicious bot activity, brute-force attacks, vulnerability scanners and continuously updated threat intelligence data.

Last update: 2026-06-19 13:00:01Source: AIT NODE SECURITY AI
Threat Intelligence Coverage1,279,468,280Protected IP Addresses

LIVE THREAT INTELLIGENCE METRICS

Total failed events417 099
Currently banned7 109
Listed IP entries7 109
Security modules8
AI crawler intelligence

AI Systems Tracking This Threat Intelligence Feed

Automated AI crawlers and search engines detected from real download activity across the Daily, Full and Trusted Networks firewall feeds.

Total AI feed hits16
Most active AI consumer🌐 Google
Last seen2026-06-19 02:13:47
🌐Google
4feed hits
Unique IPs: 2Last: 2026-06-19 02:13:47
☁️Amazon
3feed hits
Unique IPs: 3Last: 2026-06-19 00:07:47
🔎Perplexity
3feed hits
Unique IPs: 3Last: 2026-06-18 16:01:19
🤖OpenAI
3feed hits
Unique IPs: 3Last: 2026-06-18 09:15:51
🧠Anthropic Claude
3feed hits
Unique IPs: 1Last: 2026-06-18 02:51:45

This section is generated from download logs and updates automatically as AI crawlers access the public firewall feeds.

How The Threat Intelligence Feed Works

This Threat Intelligence Feed collects data from active AIT NODE SECURITY AI modules. When an IP address exceeds a security threshold it is automatically added to IPSet and blocked by the firewall. This page explains why an address may appear in the public firewall feed and blocked IP database.

Threat Intelligence Feed and Cyber Security Protection

The AIT Security Center provides a public Threat Intelligence Feed generated from real-world cyber attacks detected by AIT NODE SECURITY AI.

Public Firewall Feed and Blocked IP Database

This firewall feed contains malicious IP addresses, brute force attacks, bot activity and vulnerability scanners.

Trusted Networks White Feed

The Trusted Networks White Feed contains verified and trusted networks.

References: OWASP | MITRE ATT&CK

Blocks IP addresses searching for suspicious PHP files in website root directories, commonly associated with web shells, malware and WordPress exploit scanners.

Failed events3 462
Currently banned168
Listed IPs168

Why Are These IP Addresses Listed?

  1. Requests targeting PHP files that legitimate visitors normally never access.
  2. Large numbers of requests to root PHP files within a short period.
  3. Typical web shell filenames such as shell.php, x.php, fileXX.php and wp-load.php probes.
  4. Often originates from VPS or cloud infrastructure.
  5. After reaching the threshold the IP is added to IPSet and blocked at firewall level.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 20 example IPs from 168 listed entries.
+ 148 more IPs hidden from the HTML preview to keep the page fast.

Blocks aggressive bots, scrapers and crawlers that generate unnecessary traffic or behave like automated scanners.

Failed events978
Currently banned462
Listed IPs462

Why Are These IP Addresses Listed?

  1. Suspicious or unwanted User-Agent.
  2. Behavior typical of scraping or mass crawling activity.
  3. Unnecessary load on Apache, PHP-FPM, Redis and databases.
  4. May crawl large portions of websites without real user value.
  5. Blocking preserves resources for legitimate visitors.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 20 example IPs from 462 listed entries.
+ 442 more IPs hidden from the HTML preview to keep the page fast.

Detects excessive request rates, click floods, crawler storms and resource abuse.

Failed events364 503
Currently banned366
Listed IPs366

Why Are These IP Addresses Listed?

  1. Large numbers of HTTP requests within a short period of time.
  2. Behavior that can exhaust Apache and PHP worker resources.
  3. Commonly observed with aggressive crawlers and automated tools.
  4. Protects WooCommerce and WordPress websites from unnecessary load.
  5. The IP address is blocked before it can create a prolonged load spike.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 20 example IPs from 366 listed entries.
+ 346 more IPs hidden from the HTML preview to keep the page fast.

Blocks requests without a User-Agent header. Legitimate browsers almost always send one, while many scanners and scripts do not.

Failed events18 612
Currently banned870
Listed IPs870

Why Are These IP Addresses Listed?

  1. The request does not contain a User-Agent header.
  2. This is often a sign of a curl/wget script, scanner or bot.
  3. Legitimate browsers almost always send a User-Agent header.
  4. These requests are often an early stage of probing or automated reconnaissance.
  5. Blocking reduces background noise and unwanted traffic to websites.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 20 example IPs from 870 listed entries.
+ 850 more IPs hidden from the HTML preview to keep the page fast.

Protects WordPress xmlrpc.php from brute-force attempts, abuse and automated attacks.

Failed events5 631
Currently banned1 812
Listed IPs1 812

Why Are These IP Addresses Listed?

  1. Repeated requests targeting xmlrpc.php.
  2. Often used for brute-force attacks and credential stuffing.
  3. Can be used for amplification attacks and resource abuse.
  4. It is not normal for a single external IP to aggressively target XML-RPC.
  5. Blocking protects login systems and PHP-FPM processes.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 20 example IPs from 1 812 listed entries.
+ 1 792 more IPs hidden from the HTML preview to keep the page fast.

Blocks suspicious WordPress requests, login attacks, plugin probing and other common attack patterns.

Failed events20 226
Currently banned2 373
Listed IPs2 373

Why Are These IP Addresses Listed?

  1. Suspicious WordPress endpoints or login patterns.
  2. Attempts to probe plugins and themes.
  3. Requests typical of automated WordPress attack kits.
  4. Behavior that does not resemble a legitimate visitor.
  5. Blocking reduces the risk of brute-force attacks and vulnerability scanning.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 20 example IPs from 2 373 listed entries.
+ 2 353 more IPs hidden from the HTML preview to keep the page fast.

Blocks IP addresses responsible for failed SSH logins and brute-force attacks.

Failed events2 745
Currently banned1 057
Listed IPs1 057

Why Are These IP Addresses Listed?

  1. Repeated failed SSH login attempts.
  2. Brute-force attempts against system accounts.
  3. Often originates from botnets or cloud VPS infrastructure.
  4. SSH is a critical administrative access point to the server.
  5. Blocking reduces the risk of root or server access compromise.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 20 example IPs from 1 057 listed entries.
+ 1 037 more IPs hidden from the HTML preview to keep the page fast.

Blocks abuse against the mail server including SMTP authentication attacks, relay probing and mail abuse.

Failed events942
Currently banned1
Listed IPs1

Why Are These IP Addresses Listed?

  1. Failed SMTP authentication attempts.
  2. Attempts at relay probing or mail abuse.
  3. Behavior typical of mail brute-force tools.
  4. Protects the reputation of the mail server.
  5. Blocking protects domains from spam and abuse risks.

Data from this security module is automatically included in the public Threat Intelligence Feed.

Blocked IPs

Showing 1 example IPs from 1 listed entries.

Download Firewall Feeds

Download public AIT NODE SECURITY AI feeds. The Daily Firewall Feed contains active protections, the Full Server Firewall Feed contains published firewall intelligence, and the Trusted Networks White Feed contains verified network ranges.

⬇ Download Daily Firewall Feed⬇ Download Trusted Networks White Feed⬇ Download Full Server Firewall Feed
НАГОРЕ