|
216.73.216.218
|
ip
|
2026-03-14 03:58:36
|
block
|
High proportion of detected threat requests (4 out of 6), access to suspicious obfuscated paths, and WAF alert for security rule 3991023 indicating potential RFI/LFI or command injection attempts. This IP is actively engaged in malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
85.11.167.108
|
ip
|
2026-03-14 03:58:36
|
watchlist
|
Previously identified by AI with medium confidence and severity. While no new WAF flags, this IP accessed sensitive WordPress administrative paths (wp-admin/, wp-login.php), indicating potential reconnaissance or brute-force attempts. The same hostname (www.darcherif.fr) is also being targeted by another highly malicious IP, suggesting a coordinated or related threat.
|
0.699999988079071
|
severity: Severity.medium
|
|
85.11.167.108
|
ip
|
2026-03-14 00:07:57
|
watchlist
|
IP accessed common WordPress administration and login paths (wp-admin/, wp-login.php) without triggering any explicit threat detections or security alerts. This activity suggests potential reconnaissance or unauthorized access attempts, warranting further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
4.205.16.4
|
ip
|
2026-03-13 23:57:50
|
block
|
All requests detected as threats, probing for common web shell locations and WordPress vulnerabilities. IP has triggered IPBLOCK deny rules, indicating previous malicious activity.
|
1.0
|
severity: Severity.critical
|
|
85.11.167.108
|
ip
|
2026-03-13 23:57:50
|
ignore
|
No actual threats detected by WAF or security rules for this entity, despite accessing common WordPress login paths. Low volume of requests (8 total) and no confirmed malicious activity in the current observation period.
|
0.800000011920929
|
severity: Severity.low
|
|
85.11.167.108
|
ip
|
2026-03-13 05:34:48
|
watchlist
|
IP address accessed sensitive WordPress administration paths (wp-admin/, wp-login.php). No immediate security alerts or WAF flags were triggered, but this pattern is often associated with reconnaissance or attempted unauthorized access. Recommend continued monitoring for suspicious activity.
|
0.699999988079071
|
severity: Severity.medium
|
|
45.156.87.198
|
ip
|
2026-03-12 22:13:31
|
block
|
IP engaged in suspicious activity targeting wp-login.php, flagged by WAF, with 50% of requests detected as threats.
|
0.949999988079071
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-12 20:13:10
|
block
|
Entity shows a 'last_seen' timestamp in the future, indicating data integrity issues or a sophisticated attempt to evade detection, combined with access to a highly anomalous and obfuscated-looking path (RUug7/gyu/sD-F/cT/Nb_-bi/7bw3bJb9uwf56VXuwa/GSQqEQE/GmkhP/EYCbwwC) commonly associated with vulnerability scanning or exploitation attempts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-12 20:03:03
|
ignore
|
Despite an AI confidence score for watchlist inclusion, the entity exhibits no recent activity, zero total requests, zero detected threat requests, and no security rule hits in the provided context. No current evidence supports its malicious nature.
|
0.8500000238418579
|
severity: Severity.low
|
|
216.73.216.133
|
ip
|
2026-03-12 20:03:03
|
block
|
Observed highly suspicious and obfuscated path requests, 4 out of 6 requests detected as threats, and triggered security rule '3991023'. This indicates active malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
185.193.156.155
|
ip
|
2026-03-12 17:32:34
|
block
|
This IP address exhibits highly suspicious behavior, including numerous attempts to access WordPress enumeration paths ('wlwmanifest.xml'), a significantly high number of detected threat requests, and multiple WAF rule hits such as 'BOT-BROWSER-IMPERSONATOR' and 'IPBLOCK-BURST4-318403'. This indicates active malicious scanning and potential exploitation attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-12 10:31:23
|
watchlist
|
Entity remains suspicious based on prior AI confidence score (0.75) and medium severity, despite no recent activity detected on our systems. Further monitoring is required for this watchlist item.
|
0.75
|
severity: Severity.medium
|
|
47.128.16.18
|
ip
|
2026-03-12 10:31:23
|
block
|
All requests from this IP address were flagged by WAF and triggered security alerts (rule 3991023), indicating highly malicious activity targeting WordPress vulnerabilities.
|
0.949999988079071
|
severity: Severity.critical
|
|
124.198.132.28
|
ip
|
2026-03-12 09:21:05
|
block
|
All 19 requests from this IP address were flagged by WAF, hitting a deny rule (REP_1654538), and involved scanning common WordPress manifest files (wlwmanifest.xml). This indicates a highly confident malicious reconnaissance or attack attempt.
|
1.0
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-12 09:21:05
|
watchlist
|
This IP address is on the watchlist with an AI confidence score of 0.75 and medium severity. While no recent activity or WAF hits were observed in the current context, the prior AI assessment suggests it warrants continued monitoring.
|
0.75
|
severity: Severity.medium
|
|
20.119.217.110
|
ip
|
2026-03-12 09:10:55
|
block
|
Multiple suspicious WordPress-related paths accessed, including potential web shell (sf.php), unauthorized admin access attempts (wp-admin.php, wp-content/edit.php, wp-admin/css/index.php), and anomalous file in content directory (wp-content/1.php). This indicates an active attempt to compromise or exploit a WordPress site.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-12 09:10:55
|
watchlist
|
Previously identified by AI with medium confidence and severity. While no recent activity is observed in the provided snapshot, there is no information to invalidate the prior assessment. Keeping it in the watchlist for continued monitoring is prudent.
|
0.75
|
severity: Severity.medium
|
|
2.22.226.14
|
ip
|
2026-03-12 07:10:26
|
watchlist
|
The entity remains on the watchlist based on a prior AI assessment (confidence 0.75, medium severity). No new activity was detected in this period to warrant removal or an immediate block.
|
0.75
|
severity: Severity.medium
|
|
74.7.227.173
|
ip
|
2026-03-12 07:10:26
|
block
|
This IP exhibits critical malicious activity with 30 out of 31 requests flagged as threats, multiple WAF rule hits, and access to highly suspicious, obfuscated paths.
|
0.9800000190734863
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-12 06:40:15
|
watchlist
|
Presence of a highly unusual and potentially obfuscated path in access logs, suggesting probing or exploit attempts. This aligns with its existing AI confidence score and medium severity rating in the watchlist, despite no new WAF or security rule hits.
|
0.75
|
severity: Severity.medium
|
|
45.156.87.11
|
ip
|
2026-03-12 06:40:15
|
block
|
Observed high number of threat requests (34 out of 37 total) targeting 'wp-login.php' and flagged by WAF, strongly indicating brute-force or credential stuffing attacks.
|
0.949999988079071
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-11 18:17:54
|
watchlist
|
Accessed an highly unusual and obfuscated path ('RUug7/gyu/sD-F/cT/Nb_-bi/7bw3bJb9uwf56VXuwa/GSQqEQE/GmkhP/EYCbwwC'), which may indicate a reconnaissance attempt, vulnerability probing, or obfuscated command execution.
|
0.699999988079071
|
severity: Severity.medium
|
|
159.54.151.59
|
ip
|
2026-03-11 18:07:48
|
block
|
This IP address has engaged in suspicious activity, targeting wp-login.php with multiple detected threat requests and triggering a security alert rule.
|
0.949999988079071
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-11 18:07:48
|
ignore
|
The entity has shown no activity since being added to the watchlist, with zero total requests, WAF flags, or security rule hits. No current threat detected.
|
0.8500000238418579
|
severity: Severity.low
|
|
2.22.226.14
|
ip
|
2026-03-11 13:56:58
|
watchlist
|
Previously flagged by AI with medium severity and a suspicious path in requests. No new threat activity or WAF flags detected in the latest context, but the unique and potentially obfuscated path warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
91.132.139.11
|
ip
|
2026-03-11 13:56:58
|
block
|
Accessed and flagged '.env' file, indicating potential sensitive information disclosure or configuration exposure attempt. WAF also denied requests due to LFI-ANOMALY rule, indicating a critical vulnerability exploit attempt.
|
0.9800000190734863
|
severity: Severity.critical
|
|
2001:4878:a216:3000:7d60:d1f2:13b7:4d95
|
ip
|
2026-03-11 10:56:19
|
block
|
Exhibited critical malicious behavior with 18 out of 19 requests detected as threats, multiple WAF flags on accessed paths, and triggered a security alert while accessing a highly obfuscated malicious path.
|
0.949999988079071
|
severity: Severity.critical
|
|
2.22.226.14
|
ip
|
2026-03-11 10:56:19
|
watchlist
|
Accessed a highly obfuscated and suspicious path, indicating potential reconnaissance or evasion, despite no WAF flags or explicit threat detections.
|
0.699999988079071
|
severity: Severity.medium
|
|
205.169.39.16
|
ip
|
2026-03-11 00:14:29
|
ignore
|
No suspicious activity detected; benign access patterns to WordPress assets.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.72.176.129
|
ip
|
2026-03-11 00:14:29
|
ignore
|
No suspicious activity detected; benign access patterns to WordPress assets.
|
0.8999999761581421
|
severity: Severity.low
|
|
76.186.108.43
|
ip
|
2026-03-11 00:14:29
|
block
|
Multiple detected threat requests, WAF flags, and a security rule deny hit (IPBLOCK-BURST4-318403) indicating a burst attack or malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
205.169.39.16
|
ip
|
2026-03-10 22:03:59
|
ignore
|
No malicious activity detected. IP accessed standard WordPress paths without triggering WAF or security rules.
|
0.949999988079071
|
severity: Severity.low
|
|
34.72.176.129
|
ip
|
2026-03-10 22:03:59
|
ignore
|
No malicious activity detected. IP accessed standard WordPress paths without triggering WAF or security rules.
|
0.949999988079071
|
severity: Severity.low
|
|
158.158.32.105
|
ip
|
2026-03-10 18:13:03
|
block
|
All requests flagged by WAF, accessing highly suspicious PHP files (e.g., webshells), and already subject to an IPBLOCK security rule. This indicates severe malicious activity.
|
0.9900000095367432
|
severity: Severity.critical
|
|
205.169.39.16
|
ip
|
2026-03-10 18:13:03
|
ignore
|
No detected threat requests, no WAF flags, and accessing standard WordPress resources. Appears to be benign traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
34.72.176.129
|
ip
|
2026-03-10 18:13:03
|
ignore
|
No detected threat requests, no WAF flags, and accessing standard WordPress resources. Appears to be benign traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
165.22.210.209
|
ip
|
2026-03-10 15:12:20
|
block
|
High number of detected threat requests (155) and all requests targeting WordPress manifest files (wlwmanifest.xml), combined with WAF alerts including BOT-BROWSER-IMPERSONATOR. This indicates a highly malicious automated attack or reconnaissance attempt.
|
0.9800000190734863
|
severity: Severity.critical
|
|
205.169.39.16
|
ip
|
2026-03-10 15:12:20
|
ignore
|
No detected threat requests or WAF flags. All accessed paths are standard WordPress theme and plugin files, indicating legitimate browsing or benign crawler activity.
|
0.949999988079071
|
severity: Severity.low
|
|
207.46.13.9
|
ip
|
2026-03-10 15:12:20
|
block
|
All 7 requests made by this IP were flagged by WAF with security rule '3991006', indicating malicious activity or a web attack.
|
0.8999999761581421
|
severity: Severity.medium
|
|
2600:1f28:365:80b0:ac56:4a:ab84:dcd6
|
ip
|
2026-03-10 15:12:20
|
block
|
All 18 requests from this IP were flagged by WAF with security rule '3991023', indicating suspicious bot activity despite accessing seemingly legitimate content paths. This suggests an aggressive or malicious bot.
|
0.8999999761581421
|
severity: Severity.medium
|
|
216.73.216.6
|
ip
|
2026-03-10 15:12:20
|
block
|
A very high percentage (4 out of 5) of requests were detected as threats. The presence of a highly suspicious, obfuscated-looking path 'ATNFpI/99R4/SoOp/SSYb/...' and WAF alerts for bot activity (rule 3991023) points to a targeted malicious probe.
|
0.9800000190734863
|
severity: Severity.critical
|
|
34.72.176.129
|
ip
|
2026-03-10 15:12:20
|
ignore
|
No detected threat requests or WAF flags. All accessed paths are standard WordPress theme and plugin files, indicating legitimate browsing or benign crawler activity.
|
0.949999988079071
|
severity: Severity.low
|
|
52.167.144.209
|
ip
|
2026-03-10 15:12:20
|
block
|
High percentage of threat requests (6 out of 7) and access to a highly suspicious, obfuscated-looking path 'ATNFpI/99R4/SoOp/SSYb/...' flagged by WAF with rule '3991006'. This suggests targeted malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7e462712aa36a1f7a1
|
tls
|
2026-03-10 15:12:20
|
block
|
This TLS entity is strongly associated with an IP address (2600:1f28:365:80b0:ac56:4a:ab84:dcd6) that exhibited 100% threat requests and triggered WAF alerts for suspicious bot activity (rule 3991023).
|
0.8999999761581421
|
severity: Severity.medium
|
|
205.169.39.16
|
ip
|
2026-03-10 11:51:22
|
ignore
|
No suspicious activity detected. This IP accessed standard WordPress paths on a known legitimate domain (www.darcherif.fr) with no WAF flags, detected threats, or security rule hits. The activity appears benign.
|
1.0
|
severity: Severity.low
|
|
34.72.176.129
|
ip
|
2026-03-10 11:51:22
|
ignore
|
No suspicious activity detected. This IP accessed standard WordPress paths on a known legitimate domain (www.darcherif.fr) with no WAF flags, detected threats, or security rule hits. The activity appears benign.
|
1.0
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-10 10:30:56
|
ignore
|
Standard WordPress access, no detected threats, WAF flags, or security rule hits. Entity is not exhibiting suspicious behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
34.72.176.129
|
ip
|
2026-03-10 10:30:56
|
ignore
|
Standard WordPress access, no detected threats, WAF flags, or security rule hits. Entity is not exhibiting suspicious behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-10 10:20:44
|
ignore
|
No malicious activity detected. This IP address is accessing standard WordPress resources without triggering any security alerts or WAF flags. Despite the unusual future timestamp in 'last_seen', there are no other indicators of compromise.
|
1.0
|
severity: Severity.low
|
|
34.72.176.129
|
ip
|
2026-03-10 10:20:44
|
ignore
|
No malicious activity detected. This IP address is accessing standard WordPress resources without triggering any security alerts or WAF flags. Despite the unusual future timestamp in 'last_seen', there are no other indicators of compromise.
|
1.0
|
severity: Severity.low
|