|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:55:58
|
watchlist
|
Entity shows suspicious behavior with medium confidence; further monitoring needed.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:51:08
|
watchlist
|
Observed access to a common WordPress attack surface (wp-admin/admin-ajax.php) with medium AI confidence, warrants continued monitoring despite no WAF flags.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:41:03
|
watchlist
|
Accessed sensitive WordPress administrative path (wp-admin/admin-ajax.php) without triggering WAF rules, suggesting potential reconnaissance or unusual bot activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:35:57
|
ignore
|
No suspicious activity detected since being added to the watchlist.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:31:13
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php' without triggering WAF alerts, indicating potential reconnaissance or probing. AI confidence is low but warrants continued monitoring.
|
0.6000000238418579
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:26:06
|
watchlist
|
Accessed frequently targeted WordPress wp-admin/admin-ajax.php path without triggering WAF or threat rules, requires monitoring.
|
0.6000000238418579
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:21:00
|
ignore
|
No subsequent malicious activity or requests detected since being added to the watchlist, indicating the initial trigger may have been a false positive or transient anomaly.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:15:57
|
watchlist
|
Entity shows suspicious behavior with medium confidence, but no new activity to warrant immediate blocking or removal from the watchlist.
|
0.75
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:11:07
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php', with medium AI confidence, but no explicit threat detections or WAF alerts yet.
|
0.75
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:06:05
|
watchlist
|
Repeated access (17 requests) to a common WordPress attack vector (wp-admin/admin-ajax.php) by an unknown entity. No WAF alerts or explicit threats detected, but warrants further monitoring for suspicious patterns or escalation of activity.
|
0.75
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:01:00
|
ignore
|
No new malicious activity detected since being added to the watchlist, and no requests recorded.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:56:02
|
watchlist
|
Accessed suspicious WordPress administrative path (wp-admin/admin-ajax.php), AI assessment indicates medium severity with no direct threat detections yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:51:01
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' which is often abused in attacks. No WAF flags currently, but warrants close monitoring for further suspicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:46:02
|
ignore
|
Entity shows no current malicious activity, no WAF flags, no threat requests, and low AI confidence/severity, suggesting it is safe to remove.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:36:01
|
watchlist
|
Accessed a commonly exploited WordPress admin path (wp-admin/admin-ajax.php) without triggering WAF or security rules, suggesting potential reconnaissance.
|
0.6499999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:30:59
|
ignore
|
No activity detected from this entity since being added to the watchlist. No requests or threat detections.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:20:59
|
watchlist
|
Entity shows suspicious behavior with medium confidence, requiring continued monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:16:00
|
watchlist
|
Accessed sensitive WordPress path wp-admin/admin-ajax.php, but no WAF alerts or detected threats yet. Requires continued monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:01:02
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php', which is often targeted by bots and attackers. While no explicit WAF flags or threat detections occurred, this path warrants vigilance. Requires further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
3%7ede293936a8dc4153
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede8d6a84fab8672b
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed common malicious client fingerprint associated with suspicious access patterns and reconnaissance.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede29393936a8dc4153
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.949999988079071
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using an unknown TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7efe38c35477967146
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.9800000190734863
|
severity: Severity.critical
|
|
123.6.49.50
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
141.98.11.115
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed highly malicious automated activity and bot impersonation.
|
1.0
|
severity: Severity.critical
|
|
172.190.142.176
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8500000238418579
|
severity: Severity.medium
|
|
185.177.72.106
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
172.192.3.69
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed suspicious PHP file probing, WAF deny rule triggered, and associated ASN is blocked.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.107
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.16
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.144
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.3
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.201
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed severe reconnaissance and potential exploit attempts (LFI anomaly, sensitive file access).
|
1.0
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
196.251.84.111
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
196.251.66.28
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
195.178.110.75
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.193.136.32
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|