|
96.41.38.202
|
ip
|
2026-01-24 14:27:17
|
watchlist
|
Detected access to suspicious obfuscated path 'akam/13/6d6bbf9e' flagged by WAF and triggered security alert '3900999', indicating potential malicious probing. While total threat requests are low (11.1%), the nature of the activity warrants monitoring.
|
0.8500000238418579
|
severity: Severity.critical
|
|
45.148.10.159
|
ip
|
2026-01-24 12:06:51
|
block
|
All requests (100%) from this IP were detected as threats, targeted sensitive version control system files ('.git/config', '.svn/entries'), and triggered a critical reputation-based WAF deny rule. Its associated ASN (AS48090) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.3
|
ip
|
2026-01-23 15:25:23
|
block
|
IP belongs to blocklisted ASN AS3356, which has multiple IPs blocklisted for similar malicious activity including accessing highly obfuscated paths. This IP also accessed a highly obfuscated path, indicating malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
192.109.200.72
|
ip
|
2026-01-23 12:45:14
|
block
|
Detected WordPress brute-force attempts targeting 'wp-login.php', with the path flagged by WAF and security alert '3900998' triggered. This behavior is consistent with other blocklisted IPs.
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.1
|
ip
|
2026-01-22 17:03:51
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.41
|
ip
|
2026-01-22 17:03:51
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
103.169.53.127
|
ip
|
2026-01-22 16:34:10
|
watchlist
|
IP accessed a hostname ('www.darcherif.fr') frequently targeted by numerous blocklisted entities for WordPress enumeration and brute-force attempts. Although no direct malicious activity (0 threat requests, 0 WAF flags) was detected from this IP, its association with a highly targeted domain warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
105.111.199.40
|
ip
|
2026-01-22 16:24:04
|
watchlist
|
Entity previously flagged with medium severity and high confidence, but has shown no further activity. Requires continued monitoring.
|
0.8500000238418579
|
severity: Severity.medium
|
|
67.227.1.140
|
ip
|
2026-01-22 16:24:04
|
block
|
Accessed a highly obfuscated and suspicious path ('TXopfWNANuR3i/si/1SETC7qsZnKc/3cp5fp1mD3Lif4OJ/PD1OGXQoKgE/dTch/U2dsdHkB'), indicating malicious probing and attempted exploitation, consistent with blocklisted entities exhibiting similar behavior.
|
0.949999988079071
|
severity: Severity.critical
|
|
4.217.180.34
|
ip
|
2026-01-22 13:53:29
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
94.26.106.114
|
ip
|
2026-01-22 00:21:50
|
block
|
IP is performing WordPress enumeration and brute-force attempts against 'wp-login.php', with WAF flagging and triggering a security alert, consistent with other blocklisted IPs from the same ASN (AS215607).
|
0.949999988079071
|
severity: Severity.critical
|
|
67.227.1.140
|
ip
|
2026-01-21 21:11:28
|
watchlist
|
IP accessed a highly obfuscated and suspicious path on a frequently targeted domain, indicating potential malicious reconnaissance despite no direct WAF flags or detected threat requests.
|
0.75
|
severity: Severity.medium
|
|
185.193.157.209
|
ip
|
2026-01-21 21:01:36
|
block
|
IP is performing extensive WordPress enumeration and bot impersonation, has an exceptionally high number of detected threat requests (95/31), and triggered critical WAF deny rules. Its associated ASN AS62240 is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
67.227.1.140
|
ip
|
2026-01-21 21:01:36
|
ignore
|
No malicious activity detected: 0 detected threat requests, no WAF flags, and no security rule hits. This entity appears to be benign.
|
1.0
|
severity: Severity.low
|
|
3%7e2d6b59b088802a54
|
tls
|
2026-01-21 19:11:16
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and triggered a critical reputation-based WAF deny rule (REP_1654536), indicating persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
20.205.96.233
|
ip
|
2026-01-21 18:01:04
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
3%7e9d029ea544b45c6f
|
tls
|
2026-01-21 11:40:28
|
block
|
High percentage (90.9%) of requests associated with this TLS fingerprint were detected as threats and flagged by WAF, triggered security alert '3991006', and included access to a highly obfuscated path, indicating malicious probing or exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.13
|
ip
|
2026-01-21 11:20:27
|
block
|
Aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules. Its associated ASN (AS211590) is already blocklisted for persistent and identical severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.38
|
ip
|
2026-01-21 04:09:46
|
block
|
Aggressively probed sensitive configuration and credential files, with all requests flagged by WAF, triggered multiple critical LFI-ANOMALY, IPBLOCK-BURST4, and reputation-based deny rules. Its associated ASN AS211590 is already blocklisted for persistent and identical severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2600:3c03::2000:fcff:fe11:a64e
|
ip
|
2026-01-21 03:09:37
|
block
|
Accessed a highly obfuscated and suspicious path, consistent with other blocklisted IPs from ASN AS63949 exhibiting similar malicious probing for exploitation.
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.49
|
ip
|
2026-01-21 02:19:33
|
block
|
IP with 100% detected threat requests and triggered a critical WAF deny rule (REP_1654536). Its associated ASN (AS211590) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
149.102.225.179
|
ip
|
2026-01-21 01:59:39
|
block
|
IP exhibiting aggressive WordPress enumeration, bot impersonation, high threat requests (95/31), all accessed paths flagged by WAF, and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), consistent with other blocklisted IPs from similar malicious campaigns.
|
1.0
|
severity: Severity.critical
|
|
105.111.199.40
|
ip
|
2026-01-21 01:59:39
|
watchlist
|
IP from blocklisted ASN AS36947, which has a history of critical malicious activity including persistent probing and automated attacks. This specific IP currently shows no direct threat flags, but its association with a highly malicious ASN warrants continued monitoring.
|
0.8500000238418579
|
severity: Severity.medium
|
|
AS12322
|
asn
|
2026-01-21 01:59:39
|
block
|
ASN associated with blocklisted IP '2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0', which accessed highly obfuscated and suspicious paths, indicative of malicious probing and consistent with other blocklisted entities from this ASN.
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.30
|
ip
|
2026-01-21 01:39:33
|
block
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules. This behavior is consistent with other blocklisted IPs from the same ASN.
|
1.0
|
severity: Severity.critical
|
|
2a09:bac1:76a0:1378::b:2f9
|
ip
|
2026-01-20 17:38:39
|
block
|
This IP shows 100% detected threat requests, all accessed paths were flagged by WAF (including suspicious PHP files and WordPress admin paths), and it triggered a critical 'IPBLOCK-BURST4-318403' deny rule. Its associated ASN (AS13335) is already blocklisted for identical widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.51
|
ip
|
2026-01-20 16:48:38
|
block
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules. This behavior is consistent with other blocklisted IPs from the same ASN.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.23
|
ip
|
2026-01-20 14:18:28
|
block
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and triggered critical LFI and reputation-based deny rules.
|
1.0
|
severity: Severity.critical
|
|
85.11.167.3
|
ip
|
2026-01-20 07:07:53
|
block
|
IP engaged in WordPress brute-force attempts targeting 'wp-login.php', triggered security alert '3900998', and its ASN AS213438 is blocklisted for identical critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
34.133.255.234
|
ip
|
2026-01-19 20:37:16
|
block
|
All requests (100% threat rate) targeted sensitive configuration and credential files (.aws/credentials, .env/.env.bak, phpinfo.php), triggered critical LFI-ANOMALY and reputation-based WAF deny rules, and its associated ASN (AS396982) is already blocklisted for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
68.155.153.238
|
ip
|
2026-01-19 15:37:01
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files including a 'wp_filemanager.php' exploit were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
105.111.199.40
|
ip
|
2026-01-19 12:06:49
|
watchlist
|
IP from ASN AS36947, which has an associated IP (154.242.193.88) blocklisted for critical malicious probing, warrants further monitoring despite no current direct threats.
|
0.699999988079071
|
severity: Severity.medium
|
|
47.128.57.40
|
ip
|
2026-01-18 09:04:33
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering alert '3991023'. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity and identical attack patterns.
|
1.0
|
severity: Severity.critical
|
|
45.149.173.233
|
ip
|
2026-01-18 08:14:30
|
block
|
Extensive WordPress enumeration and bot impersonation detected, with a high number of detected threat events (96 events for 32 requests) and a critical WAF deny rule (IPBLOCK-BURST4-318403) triggered.
|
1.0
|
severity: Severity.critical
|
|
2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0
|
ip
|
2026-01-17 15:53:44
|
block
|
Accessed a highly obfuscated and suspicious path (Lk4TRUPUqhrDr/tAn/f7XLQlaR8xY/ri1hVDa9akG7VcaLV9/YyZNWVcPAQ/HAYUASFM/PisB), strongly indicating malicious probing or attempted exploitation, consistent with other blocklisted entities.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS12322
|
asn
|
2026-01-17 15:53:44
|
watchlist
|
Associated with IP 2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0 which accessed a highly obfuscated malicious path. Monitoring is required for further activity from this ASN.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e32bee0f5e54580be
|
tls
|
2026-01-17 15:53:44
|
block
|
Associated with IP 2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0 which accessed a highly obfuscated and suspicious path, indicating a malicious client fingerprint consistent with previously blocklisted TLS fingerprints.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0
|
ip
|
2026-01-17 15:43:37
|
ignore
|
No detected threat requests, WAF flags, or security rule hits since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
52.167.144.203
|
ip
|
2026-01-17 15:43:37
|
block
|
High percentage of threat requests (83.3%), all accessed paths flagged by WAF, triggered security alert '3991006', and belongs to blocklisted ASN AS8075 which is known for persistent malicious activity and identical attack patterns.
|
1.0
|
severity: Severity.critical
|
|
AS12322
|
asn
|
2026-01-17 15:43:37
|
ignore
|
No detected threat requests, WAF flags, or security rule hits from associated entities since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7e32bee0f5e54580be
|
tls
|
2026-01-17 15:43:37
|
ignore
|
No detected threat requests, WAF flags, or security rule hits from entities using this TLS fingerprint since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0
|
ip
|
2026-01-17 12:23:13
|
watchlist
|
Accessed a highly obfuscated and suspicious path, suggesting malicious probing or attempted exploitation, but no direct WAF flags or detected threat requests yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
AS12322
|
asn
|
2026-01-17 12:23:13
|
watchlist
|
Associated IP (2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0) accessed a highly obfuscated and suspicious path, warranting monitoring of the entire ASN.
|
0.550000011920929
|
severity: Severity.medium
|
|
3%7e32bee0f5e54580be
|
tls
|
2026-01-17 12:23:13
|
watchlist
|
Associated with an IP (2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0) that accessed a highly obfuscated and suspicious path, indicating a potentially malicious client fingerprint.
|
0.550000011920929
|
severity: Severity.medium
|
|
16.176.147.22
|
ip
|
2026-01-17 11:23:09
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
45.148.10.238
|
ip
|
2026-01-17 10:13:01
|
block
|
IP from blocklisted ASN AS48090 performing aggressive reconnaissance, detected bot impersonation, targeted sensitive configuration/credential files (.git/config, .aws/credentials, .env), and triggered a critical LFI-ANOMALY WAF deny rule with a high threat request ratio (11/6).
|
1.0
|
severity: Severity.critical
|
|
4.147.187.31
|
ip
|
2026-01-17 08:43:02
|
block
|
All requests (100%) were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
40.69.27.251
|
ip
|
2026-01-17 00:02:19
|
block
|
All requests (100%) were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-16 22:52:18
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits were observed in the latest activity.
|
0.800000011920929
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-16 22:52:18
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits were observed in the latest activity.
|
0.800000011920929
|
severity: Severity.low
|