|
135.181.246.140
|
ip
|
2026-02-28 17:12:44
|
ignore
|
No evidence of malicious activity, WAF flags, or security rule hits detected. All observed requests and paths accessed are consistent with normal web browsing. The future 'last_seen' timestamp is noted but not indicative of malice without further correlating factors.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 17:02:36
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Entity appears benign based on current data.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 16:52:27
|
ignore
|
This IP had zero detected threat requests, no WAF flags, and no security rule hits from its 5 requests. Its previous AI confidence score was low, and it was classified as low severity, indicating no current malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
51.158.204.94
|
ip
|
2026-02-28 16:52:27
|
block
|
All 18 requests from this IP were detected as threats and denied by WAF (REP_1654536), targeting common WordPress enumeration paths (wlwmanifest.xml). This indicates an active malicious scanning or attack attempt.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-28 13:11:45
|
watchlist
|
Anomalous 'last_seen' timestamp in the future, suggesting a potential data anomaly or obfuscation, warrants further monitoring despite no other direct malicious indicators.
|
0.6000000238418579
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 13:01:33
|
ignore
|
No malicious activity was detected from this IP based on the accessed paths, which appear benign. The existing AI confidence score and severity for this entity are low, and the shared hostname with a newly identified malicious IP is not sufficient reason to maintain its watchlist status without direct malicious behavior from this specific IP.
|
0.800000011920929
|
severity: Severity.low
|
|
20.151.205.221
|
ip
|
2026-02-28 13:01:33
|
block
|
The IP accessed multiple highly suspicious paths commonly associated with WordPress exploitation attempts and webshells, indicating an active attack. Despite no WAF flags, the path names are strong indicators of malicious intent.
|
0.8999999761581421
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-28 08:10:35
|
watchlist
|
The 'last_seen' timestamp is in the future, suggesting a data anomaly. No direct threat indicators (WAF flags, security rule hits, detected threat requests) were found.
|
0.4000000059604645
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 08:00:30
|
ignore
|
No suspicious activity detected. The entity shows no WAF flags, detected threat requests, or security rule hits. The accessed paths are consistent with normal website browsing. The 'last_seen' timestamp is unusual (in the future) but not indicative of maliciousness without other supporting evidence.
|
1.0
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 07:50:20
|
ignore
|
No threats detected, no WAF flags, and no security rule hits across 5 requests. Initial AI confidence was low, suggesting minimal or no malicious intent.
|
0.8999999761581421
|
severity: Severity.low
|
|
20.220.232.240
|
ip
|
2026-02-28 07:50:20
|
block
|
All 141 requests were flagged as threats and denied by WAF's IPBLOCK rule, accessing multiple suspicious PHP files. Indicates highly malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
69.234.95.143
|
ip
|
2026-02-28 07:50:20
|
block
|
Detected threat requests account for 43% of total requests and WAF denied with an IPBLOCK-BURST rule, indicating a malicious burst or automated attack.
|
0.8500000238418579
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-28 07:30:09
|
watchlist
|
No direct malicious activity detected, however, the 'last_seen' timestamp is reported as 2026-02-27T22:40:24, which is in the future. This anomaly warrants further investigation into data integrity or potential sophisticated time manipulation.
|
0.6000000238418579
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 07:19:56
|
ignore
|
Despite previous AI assessment, the entity shows 0 detected threat requests out of 5 total requests and no security rule hits. There is no current evidence of malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
149.102.230.117
|
ip
|
2026-02-28 07:19:55
|
block
|
All 8 requests from this IP were flagged as detected threats, triggering WAF alert rule 3990001. This indicates highly malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-28 02:49:02
|
watchlist
|
Entity has a future 'last_seen' timestamp (2026-02-27T22:40:24) which is highly anomalous, despite no direct threat detections. This warrants further investigation and monitoring for potential data integrity issues or evasive behavior.
|
0.800000011920929
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-02-28 02:38:55
|
ignore
|
No detected threat requests, no WAF flags, no security rule hits, and accessed paths appear benign. Older last_seen timestamp.
|
0.8500000238418579
|
severity: Severity.low
|
|
104.28.214.114
|
ip
|
2026-02-28 02:38:55
|
block
|
Multiple suspicious PHP file access attempts, 100% of requests flagged by WAF, indicating web shell or backdoor activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac1:76c0:780::5e:41
|
ip
|
2026-02-28 02:38:55
|
block
|
100% of requests are threats, targeting suspicious PHP files, and was already denied by a WAF IP blocking rule (IPBLOCK-BURST4-318403).
|
0.9800000190734863
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-27 22:48:10
|
watchlist
|
Associated with hostname 'www.darcherif.fr', which is being targeted by another highly suspicious IP in the watchlist. While this IP's direct activity is not malicious, its association warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
20.151.107.14
|
ip
|
2026-02-27 22:48:10
|
block
|
Exhibits highly suspicious behavior by attempting to access numerous sensitive paths and common exploit targets, indicative of malicious reconnaissance or attack attempts (e.g., 'cgi-bin/', 'wp-content/plugins/WordPressCore/', 'wp-trackback.php').
|
0.949999988079071
|
severity: Severity.critical
|
|
20.151.107.14
|
ip
|
2026-02-27 22:17:59
|
watchlist
|
Suspicious access patterns including cgi-bin, WordPress plugin probing (wp-content/plugins/WordPressCore/), and generic PHP file attempts (sf.php, an.php).
|
0.699999988079071
|
severity: Severity.medium
|
|
176.65.132.19
|
ip
|
2026-02-27 22:07:52
|
block
|
Multiple requests to wp-login.php flagged by WAF and security rule alerts indicate potential brute-force or credential stuffing attempt.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.151.107.14
|
ip
|
2026-02-27 22:07:52
|
ignore
|
No recent malicious activity detected; no requests, WAF flags, or security rule hits since being added to watchlist.
|
0.800000011920929
|
severity: Severity.low
|
|
20.151.107.14
|
ip
|
2026-02-27 19:17:19
|
watchlist
|
Previously identified with medium severity by AI with 0.75 confidence. No new activity detected in the current context to warrant removal or immediate blocking.
|
0.75
|
severity: Severity.medium
|
|
3%7eac3fac91d0eea84d
|
tls
|
2026-02-27 19:17:19
|
block
|
High percentage of detected threat requests (66%), WAF flags on security.txt paths, and detection as a 'BOT-BROWSER-IMPERSONATOR' from a suspicious geography (RU).
|
0.949999988079071
|
severity: Severity.critical
|
|
104.220.83.18
|
ip
|
2026-02-27 08:45:16
|
block
|
IP address triggered multiple WAF alerts, detected 3 threat requests out of 19, and was explicitly blocked by WAF rule 'IPBLOCK-BURST4-318403' for burst activity. Suspicious paths 'akam/13/pixel_200ee588' were flagged.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.151.107.14
|
ip
|
2026-02-27 08:45:16
|
watchlist
|
Previously watchlisted with high AI confidence (0.75) and medium severity. No new activity or threat detections observed in the current period to warrant removal or immediate block, requiring continued monitoring.
|
0.75
|
severity: Severity.medium
|
|
172.245.155.97
|
ip
|
2026-02-27 07:14:53
|
block
|
Observed multiple severe web attack attempts, including SQL injection and directory traversal, flagged by WAF and security rules. Identified as a bot browser impersonator and already in a penalty box status.
|
0.9800000190734863
|
severity: Severity.critical
|
|
20.151.107.14
|
ip
|
2026-02-27 07:14:53
|
watchlist
|
Previously flagged by AI with medium severity and 0.75 confidence, but no recent activity or new indicators to justify immediate blocking or removal from watchlist.
|
0.75
|
severity: Severity.medium
|
|
20.151.107.14
|
ip
|
2026-02-27 03:14:05
|
watchlist
|
Entity is on the watchlist with an AI confidence score of 0.8 and medium severity, but current logs show no recent activity or WAF flags. Further monitoring is required.
|
0.75
|
severity: Severity.medium
|
|
20.104.124.39
|
ip
|
2026-02-27 03:14:05
|
block
|
All 151 requests were flagged by WAF for suspicious paths indicating active compromise attempts or vulnerability scanning, and the IP was already denied by a security rule.
|
0.9900000095367432
|
severity: Severity.critical
|
|
45.91.87.118
|
ip
|
2026-02-27 03:14:05
|
ignore
|
No suspicious activity detected; accessed standard website paths, no WAF flags, no security rule hits, and zero detected threat requests.
|
0.949999988079071
|
severity: Severity.low
|
|
20.151.107.14
|
ip
|
2026-02-27 02:03:40
|
watchlist
|
Entity previously flagged by AI with high confidence and medium severity; no new activity observed to warrant removal or blocking, continued monitoring is advised.
|
0.800000011920929
|
severity: Severity.medium
|
|
20.151.107.14
|
ip
|
2026-02-27 00:53:22
|
watchlist
|
Despite no recent observable activity, the entity has a historical AI confidence score of 0.8 and a medium severity assessment, indicating a need for continued monitoring.
|
0.800000011920929
|
severity: Severity.medium
|
|
45.91.87.118
|
ip
|
2026-02-27 00:53:22
|
ignore
|
Entity exhibits no suspicious activity, WAF flags, or security rule hits during observation, suggesting it is benign and does not warrant watchlist inclusion.
|
0.949999988079071
|
severity: Severity.low
|
|
20.151.107.14
|
ip
|
2026-02-26 23:22:52
|
watchlist
|
Entity previously flagged by AI with high confidence and medium severity. No new activity observed in the current context to alter its status, warranting continued monitoring.
|
0.800000011920929
|
severity: Severity.medium
|
|
20.151.107.14
|
ip
|
2026-02-26 23:02:36
|
watchlist
|
No new activity or threat indicators observed since being added to the watchlist. Retaining for further monitoring based on its previous AI assessment.
|
0.800000011920929
|
severity: Severity.medium
|
|
35.212.235.164
|
ip
|
2026-02-26 23:02:36
|
block
|
Access to highly suspicious, long, and obfuscated path ('x8U4ppL5uvXI_/sYO8bI0q/J7lP70/Nia3SmzY3i9z2S/TgxyDCYfAw/P1wCfA/MqRHQB') indicative of reconnaissance or an exploit attempt.
|
0.8999999761581421
|
severity: Severity.critical
|
|
45.91.87.118
|
ip
|
2026-02-26 23:02:36
|
ignore
|
All accessed paths are legitimate WordPress files and content; no suspicious activity, WAF flags, or security rule hits detected.
|
0.949999988079071
|
severity: Severity.low
|
|
158.94.208.134
|
ip
|
2026-02-26 22:32:20
|
block
|
High number of threat requests (81%) targeting wp-login.php, indicating brute-force or credential stuffing attempt. WAF triggered alerts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
20.151.107.14
|
ip
|
2026-02-26 22:32:20
|
watchlist
|
Multiple suspicious paths accessed (e.g., cgi-bin/, wp-content/themes/hideo/network.php, wp-trackback.php) indicating potential vulnerability scanning or bot activity. Retaining on watchlist for continued monitoring despite no WAF flags in this report.
|
0.800000011920929
|
severity: Severity.medium
|
|
34.187.164.65
|
ip
|
2026-02-26 22:32:20
|
block
|
Confirmed malicious activity including WAF denial, multiple security rule hits (including bot detection), and scanning for WordPress vulnerabilities (wlwmanifest.xml).
|
0.949999988079071
|
severity: Severity.critical
|
|
45.91.87.118
|
ip
|
2026-02-26 22:32:20
|
ignore
|
No detected threat requests, no WAF alerts or denials, and low overall activity. Appears to be normal website browsing behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
35.212.235.164
|
ip
|
2026-02-26 22:32:20
|
ignore
|
No detected threat requests, no WAF alerts or denials, and low overall activity. Appears to be benign crawling.
|
0.8999999761581421
|
severity: Severity.low
|
|
143.198.86.151
|
ip
|
2026-02-26 18:21:13
|
block
|
High number of detected threat requests (34), multiple paths flagged by WAF, and security rule hits for bot impersonation (BOT-BROWSER-IMPERSONATOR) and various alerts (3904003, 3904013, 3904020, 3904052, 3904053) indicate active malicious activity.
|
1.0
|
severity: Severity.critical
|
|
20.151.107.14
|
ip
|
2026-02-26 18:21:13
|
watchlist
|
Accessed paths include common attack vectors and web application vulnerability probes (e.g., 'cgi-bin/', 'wp-content/plugins/WordPressCore/', 'wp-trackback.php'). While no direct threats were detected by WAF or security rules, this suggests reconnaissance or attempts to exploit vulnerabilities.
|
0.699999988079071
|
severity: Severity.medium
|
|
45.91.87.118
|
ip
|
2026-02-26 18:21:13
|
ignore
|
All accessed paths appear benign and relate to legitimate WordPress assets (JS files, category pages). There are no detected threat requests, WAF flags, or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
35.212.235.164
|
ip
|
2026-02-26 18:21:13
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Most accessed paths are benign. While one path 'x8U4ppL5uvXI_/...' is unusual, it lacks definitive malicious indicators without further context.
|
0.6000000238418579
|
severity: Severity.low
|
|
20.151.224.126
|
ip
|
2026-02-26 15:30:27
|
block
|
All requests (100%) from this IP were detected as threats, flagged by WAF, and explicitly denied by an IPBLOCK rule. Accessed paths indicate potential web shell activity or compromise attempts.
|
1.0
|
severity: Severity.critical
|