In October 2025, UltraWAF processed approximately 1.86 trillion web requests, representing a significant increase in overall volume compared to August 2025. Of this traffic, roughly 31.65%—about 589 billion requests—was identified as malicious, reflecting a decrease in the proportion of malicious traffic even as total volume grew. Bot-generated traffic accounted for approximately 2.34% of all requests and continued to rise.
A notable change during the month was the sharp increase in malformed XML requests (XML_ERR_NOT_WELLFORMED), which rose by 99.29%. While some malformed XML traffic is unintentional, this pattern is also commonly associated with reconnaissance that evaluates how applications respond to parsing errors. More broadly, malicious traffic continued to be dominated by input- and format-based manipulation, with Cookie-related violations and Invalid RFC traffic comprising the majority of blocked events.
The observed payloads this month illustrate a consistent focus on probing application behavior and identifying opportunities for deeper access. These included attempts to execute system-level commands, requests crafted to force server-side callbacks to attacker-controlled infrastructure, probes targeting administrative interfaces such as phpMyAdmin, combined local file inclusion and SQL error-based extraction techniques, multi-parameter XSS testing, and obfuscated JNDI callback patterns reminiscent of prior remote code execution vulnerabilities. Many of these payloads incorporated encoded values or layered obfuscation, indicating continued sophistication in automated scanning and reconnaissance tooling.
Overall, the trends observed this month reflect sustained automated probing activity alongside more targeted attempts to identify misconfigurations, weak input handling, and externally reachable administrative components. The continued evolution of payload structure and obfuscation techniques underscores the importance of maintaining strong visibility into application request patterns and tracking shifts in payload behavior over time.
Stats at a Glance
- Total Web Requests: 1,866,993,811 (89.68% increase from September 2025)
- Largest Threat Category: Cookie (39.00%)
- Total WAF Violations: 590,882,420
- Top Three Industry Targeted: Travel/Hospitality (79.43%), Financial (15.48%), Retail (3.44%)
- Total Bot Violations: 43,615,475 (a 35.43% increase from August 2025)
- Top Three Source Countries: Great Britain (81.96%), United States (6.60%), France (1.07%)
