|
216.73.216.213
|
ip
|
2025-12-05 18:50:26
|
block
|
All requests (100%) from this IP were flagged by WAF, indicating persistent malicious probing targeting WordPress endpoints and triggering security alerts.
|
1.0
|
severity: Severity.critical
|
|
45.148.10.246
|
ip
|
2025-12-04 12:34:38
|
block
|
Extensive probing of sensitive configuration files and backups (e.g., .env, config/mail), all requests (100%) flagged by WAF, and multiple critical deny rules triggered including LFI-ANOMALY and IPBLOCK.
|
1.0
|
severity: Severity.critical
|
|
AS48090
|
asn
|
2025-12-04 12:34:38
|
block
|
Associated with IP 45.148.10.246, which demonstrated extensive probing of sensitive files, had all requests flagged by WAF, and triggered critical deny rules including LFI-ANOMALY and IPBLOCK.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-12-02 14:22:26
|
ignore
|
No security rule hits, WAF flags, or detected threat requests, and no activity for over a month. Entity is no longer considered suspicious.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:9d10:3e29:e251:a165
|
ip
|
2025-12-02 14:22:25
|
ignore
|
No current security rule hits, WAF flags, or detected threat requests. Entity has not shown recent malicious behavior, contradicting previous AI assessment.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.60.130.210
|
ip
|
2025-12-02 14:22:25
|
block
|
All requests (100%) were flagged by WAF and targeted 'wp-login.php', triggering security alerts indicative of a brute-force or credential stuffing attack.
|
1.0
|
severity: Severity.critical
|
|
3%7e67c0ea0c99e03401
|
tls
|
2025-11-30 15:39:51
|
block
|
TLS fingerprint associated with an IP (4.189.168.36) that had all requests flagged by WAF, bot impersonation, and probing of sensitive paths. Associated ASN AS8075 is blocklisted.
|
1.0
|
severity: Severity.critical
|
|
4.189.168.36
|
ip
|
2025-11-30 15:39:50
|
block
|
All requests (100%) flagged by WAF with bot impersonation and probing of sensitive paths. Associated ASN AS8075 is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:9d10:3e29:e251:a165
|
ip
|
2025-11-30 15:29:51
|
watchlist
|
IP accessed sensitive WordPress login path (wp-login.php) and is from an ASN with a history of similar suspicious WordPress probing, indicating potential reconnaissance or enumeration attempts.
|
0.6000000238418579
|
severity: Severity.medium
|
|
134.122.136.96
|
ip
|
2025-11-30 14:03:57
|
block
|
Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and exploit attempts. All accessed paths were flagged.
|
1.0
|
severity: Severity.critical
|
|
AS152194
|
asn
|
2025-11-30 14:03:57
|
block
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All accessed paths from this ASN were flagged as malicious.
|
1.0
|
severity: Severity.critical
|
|
3%7ed09afd3ffe9bdf7b
|
tls
|
2025-11-30 14:03:57
|
block
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This TLS fingerprint is used by a highly malicious client.
|
1.0
|
severity: Severity.critical
|
|
43.163.127.190
|
ip
|
2025-11-20 15:39:02
|
block
|
Repeated, targeted access attempts to sensitive Spring Boot actuator and mapping endpoints. All 13 requests flagged by WAF, with bot impersonation detected, indicating high-confidence malicious activity.
|
1.0
|
severity: Severity.critical
|
|
199.127.56.236
|
ip
|
2025-11-18 01:36:03
|
ignore
|
No malicious activity detected. All requests were benign and no security rules were triggered.
|
1.0
|
severity: Severity.low
|
|
20.37.96.143
|
ip
|
2025-11-10 22:07:17
|
block
|
All requests from this IP were flagged by WAF, accessing suspicious PHP files including known exploit paths like 'wp-filemanager.php', and triggered a deny security rule (REP_1654538).
|
1.0
|
severity: Severity.critical
|
|
AS15169
|
asn
|
2025-11-04 15:46:51
|
block
|
48% of requests were threatening, all accessed paths flagged by WAF, and a burst-rate IP block rule (IPBLOCK-BURST4-318403) was triggered.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:16:50
|
watchlist
|
Repeated access to wp-admin/admin-ajax.php, a common target for WordPress reconnaissance, without other immediate threat indicators.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:11:43
|
ignore
|
No observed malicious activity, 0 requests, and low initial AI confidence score.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:06:41
|
watchlist
|
Accessed sensitive WordPress path 'wp-admin/admin-ajax.php' with 17 requests but no WAF alerts or threat detections. AI confidence and severity are low.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 10:01:42
|
watchlist
|
Accessed a common WordPress admin path (wp-admin/admin-ajax.php) without triggering WAF or security rules, requires further monitoring for potential reconnaissance.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:56:42
|
ignore
|
Entity shows no malicious activity, no WAF flags, no security rule hits, and has a very low AI confidence score, indicating it is likely benign.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:51:56
|
watchlist
|
Accessed wp-admin/admin-ajax.php 17 times, a common target for reconnaissance, but no WAF alerts or security rules were triggered. Warrants minor monitoring.
|
0.20000000298023224
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:46:44
|
ignore
|
No detected threats, WAF alerts, or security rule hits, and a low AI confidence score.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:41:56
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' multiple times without triggering WAF, warrants further monitoring for potential probing.
|
0.30000001192092896
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:36:42
|
ignore
|
No further malicious activity or threat requests observed since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:31:40
|
watchlist
|
Access to sensitive WordPress path (wp-admin/admin-ajax.php) with medium AI confidence, but no WAF alerts or threat requests yet. Requires continued monitoring.
|
0.6499999761581421
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:26:41
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php', which is a common target for reconnaissance or exploitation. No WAF flags detected yet, warrants further monitoring.
|
0.6499999761581421
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:21:39
|
ignore
|
Entity has shown no activity (0 requests) and no security rule hits since being added to the watchlist, with a low initial AI confidence and severity. No longer deemed suspicious.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:16:39
|
watchlist
|
Accessed a common WordPress administration path (wp-admin/admin-ajax.php) but no WAF alerts or detected threat requests. Low AI confidence score, requiring continued monitoring.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:11:42
|
watchlist
|
Accessed WordPress admin AJAX path, which is a common target for reconnaissance. No WAF alerts or threat detections, but warrants continued monitoring.
|
0.4000000059604645
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:06:46
|
ignore
|
No malicious activity detected, zero WAF flags or security rule hits, and low request count to a common WordPress path. The associated ASN is not on the blocklist.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 09:01:50
|
ignore
|
No suspicious activity detected, including WAF flags or threat requests. The accessed path is legitimate for WordPress operation and the entity is not currently in the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:56:47
|
ignore
|
No detected threat requests, WAF flags, or security rule hits for this IP address. Despite accessing a common WordPress admin path, no malicious activity was observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:51:41
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' without triggering WAF alerts; warrants monitoring for further suspicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:46:45
|
ignore
|
No malicious activity detected. Entity accessed a common WordPress admin path without triggering any WAF or security alerts.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:41:44
|
ignore
|
No malicious activity detected, no WAF flags, no security rule hits, and not currently on any watchlist.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:36:41
|
ignore
|
No observed malicious activity or web requests since being added to the watchlist, indicating a potential false positive or abandoned threat.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:31:38
|
watchlist
|
Accessed a WordPress administrative path but currently lacks direct malicious indicators from WAF or security rules.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:26:40
|
watchlist
|
Accessed a potentially sensitive WordPress administrative path (wp-admin/admin-ajax.php) without triggering WAF or security alerts, but warrants continued monitoring for potential abuse.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:21:46
|
ignore
|
Entity has recorded zero requests and zero detected threats since being added to the watchlist, combined with a very low initial AI confidence score and severity.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:16:43
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' 17 times. No WAF flags or detected threats yet, but requires continued monitoring.
|
0.25
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:11:54
|
watchlist
|
Accessed sensitive WordPress admin path (wp-admin/admin-ajax.php) from an unknown IP; warrants low-level monitoring despite no current WAF flags or threat detections.
|
0.25
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:06:47
|
ignore
|
Entity exhibits no signs of malicious activity; all requests were benign with no WAF flags or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 08:01:37
|
ignore
|
Watchlisted IP shows no activity, no detected threat requests, and no security rule hits since being added.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 07:56:39
|
watchlist
|
Accessing a common WordPress administrative path with medium AI confidence, but no explicit WAF flags or threat detections yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 07:51:40
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' without triggering WAF or security rules; requires further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 07:46:49
|
ignore
|
No suspicious activity detected; no WAF flags or threat requests, despite accessing a common WordPress admin path.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 07:41:39
|
ignore
|
Entity shows no detected threat requests, no WAF rule hits, and has a low AI confidence score, indicating benign activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 07:36:50
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' 17 times; no WAF flags or detected threats, but warrants monitoring for potential reconnaissance or unusual patterns.
|
0.3499999940395355
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-11-02 07:31:43
|
ignore
|
No further malicious activity or requests observed since being added to watchlist.
|
0.800000011920929
|
severity: Severity.low
|