Additional information about the IP address from which malicious requests were sent always helps when investigating attacks and incidents.
Previously, we independently determined whether the IP address belonged to the Tor exit nodes, or AWS, GCP, or Azure data centers. We also independently determined whether the IP address belongs to a specific country.
Now, we use the IP2Location databases, and on the Wallarm Console display additional information about whether the IP address is included in:
- The database of addresses of public web proxies
- The database of addresses of public VPN services
Our next steps are filtering by attack source on the Wallarm Console pages and blocking requests by country or by attack source.