|
2001:41d0:303:5899::1
|
ip
|
2026-02-25 08:08:08
|
block
|
All requests were flagged by WAF and detected as threats, hitting security rule 3991006, indicating malicious activity like SQL injection attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.25
|
ip
|
2026-02-25 08:08:08
|
ignore
|
No WAF flags, no detected threat requests, and no security rule hits. Activity appears to be normal website browsing.
|
0.8999999761581421
|
severity: Severity.low
|
|
45.91.87.118
|
ip
|
2026-02-25 08:08:08
|
ignore
|
No WAF flags, no detected threat requests, and no security rule hits. Activity appears to be normal website browsing.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-25 04:37:18
|
ignore
|
No malicious activity detected, accessed standard WordPress paths without triggering any security alerts or WAF flags. Appears to be benign web crawling or user activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
45.91.87.118
|
ip
|
2026-02-25 04:37:18
|
ignore
|
No malicious activity detected, accessed standard WordPress paths without triggering any security alerts or WAF flags. Appears to be benign web crawling or user activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
85.11.167.79
|
ip
|
2026-02-25 04:37:18
|
block
|
Multiple detected threat requests, WAF flagged 'wp-login.php' access, and a security alert (3900998) was triggered. This indicates a high probability of attempted unauthorized access or brute-force attack.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.25
|
ip
|
2026-02-25 02:56:54
|
ignore
|
Entity exhibits normal WordPress website access patterns, with no detected threat requests, WAF flags, or security rule hits. Appears to be a benign visitor.
|
0.949999988079071
|
severity: Severity.low
|
|
45.91.87.118
|
ip
|
2026-02-25 02:56:54
|
ignore
|
Entity exhibits normal WordPress website access patterns, with no detected threat requests, WAF flags, or security rule hits. Appears to be a benign visitor.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-25 01:16:21
|
ignore
|
Entity exhibits normal browsing behavior accessing a WordPress site. No WAF flags, detected threats, or security rule hits were observed. High confidence this is benign traffic.
|
0.8999999761581421
|
severity: Severity.low
|
|
45.91.87.118
|
ip
|
2026-02-25 01:16:21
|
ignore
|
Entity exhibits normal browsing behavior accessing a WordPress site. No WAF flags, detected threats, or security rule hits were observed. High confidence this is benign traffic.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 23:35:55
|
ignore
|
No malicious activity detected, normal website access patterns with no WAF flags or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
35.175.103.28
|
ip
|
2026-02-24 23:35:55
|
block
|
All requests were flagged by WAF, detected as threats, and an IPBLOCK security rule was hit.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.25
|
ip
|
2026-02-24 23:15:43
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Accessed paths are standard WordPress files. Insufficient evidence to suggest malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 22:05:19
|
ignore
|
No evidence of malicious activity detected. Requests were for standard WordPress resources, and there were no WAF flags, detected threat requests, or security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
194.26.192.238
|
ip
|
2026-02-24 18:34:35
|
block
|
Highly suspicious access patterns to common WordPress directories with unusual PHP filenames (e.g., 'txets.php', 'schallfuns.php'), indicating potential backdoor attempts or vulnerability exploitation.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.25
|
ip
|
2026-02-24 18:34:35
|
ignore
|
Access patterns consist of normal requests for static website assets (CSS, JS, images) typically loaded by a WordPress site. No detected threats or WAF flags. Activity appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 18:14:23
|
ignore
|
Analysis shows only standard WordPress resource requests (CSS, JS, images, themes, plugins) with no WAF flags, detected threat requests, or security rule hits. No indicators of malicious activity found.
|
0.9800000190734863
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 18:04:14
|
ignore
|
No malicious activity or suspicious patterns detected. Observed traffic is consistent with benign access to a WordPress site, and there are no WAF flags or threat detections.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 17:54:06
|
ignore
|
Analysis shows no indicators of malicious activity. The IP accessed common WordPress paths without triggering WAF flags, detected threat requests, or security rule hits. The 'last_seen' timestamp appears to be an anomaly in the data source, but it does not directly point to maliciousness from this IP.
|
0.800000011920929
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 17:43:54
|
ignore
|
Entity exhibits no suspicious activity. All accessed paths are consistent with legitimate WordPress content, and there are no detected threat requests, WAF flags, or security rule hits. Appears to be a benign user.
|
1.0
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 17:33:41
|
ignore
|
Analysis shows normal web traffic to a WordPress site (www.darcherif.fr) with no detected threats, WAF flags, or security rule hits. No suspicious activity observed.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 17:23:32
|
ignore
|
Entity accessed standard WordPress paths; no WAF flags, detected threats, or security rule hits. Associated hostname 'www.darcherif.fr' appears legitimate.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 17:13:21
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. The entity accessed standard WordPress resources and is associated with a seemingly legitimate hostname.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 17:03:13
|
ignore
|
No malicious activity detected. All accessed paths correspond to benign WordPress resource loading. No WAF flags, detected threat requests, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
104.28.246.116
|
ip
|
2026-02-24 16:53:03
|
block
|
All requests to suspicious paths flagged by WAF, indicating potential web shell or backdoor activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.25
|
ip
|
2026-02-24 16:53:03
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All accessed paths appear legitimate for a WordPress site.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a09:bac5:952b:3af::5e:3b
|
ip
|
2026-02-24 16:53:03
|
block
|
All requests to highly suspicious paths flagged by WAF and triggered deny rules, indicating active malicious exploit attempts.
|
0.9800000190734863
|
severity: Severity.critical
|
|
205.169.39.25
|
ip
|
2026-02-24 11:11:59
|
watchlist
|
Geo-location (US) mismatch with associated hostname's top-level domain (.fr). No direct malicious activity detected, but warrants further monitoring.
|
0.4000000059604645
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 11:01:46
|
ignore
|
Entity exhibits no malicious activity: zero detected threat requests, no WAF flags, and no security rule hits. Accessed paths are standard WordPress files. The geographic location (US) differing from the hostname's domain (France) is not, by itself, a strong indicator of compromise.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 10:51:33
|
ignore
|
Normal web browsing activity detected; accessed standard WordPress content with no security rule hits or flagged paths.
|
0.949999988079071
|
severity: Severity.low
|
|
43.133.220.37
|
ip
|
2026-02-24 10:51:33
|
ignore
|
Normal web browsing activity detected; accessed a specific blog post with no security rule hits or flagged paths.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 10:41:24
|
ignore
|
Entity accessed standard WordPress content (CSS, JS, images) for 'www.darcherif.fr' without triggering any WAF flags, detected threats, or security rule hits. No malicious activity identified.
|
1.0
|
severity: Severity.low
|
|
43.133.220.37
|
ip
|
2026-02-24 10:41:24
|
ignore
|
Entity accessed standard WordPress content for 'www.darcherif.fr' without triggering any WAF flags, detected threats, or security rule hits. No malicious activity identified.
|
1.0
|
severity: Severity.low
|
|
205.169.39.25
|
ip
|
2026-02-24 10:31:07
|
ignore
|
No suspicious activity detected. All accessed paths are standard WordPress resources, and there are no WAF flags, detected threats, or security rule hits. This appears to be normal website browsing activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
43.133.220.37
|
ip
|
2026-02-24 10:31:07
|
ignore
|
No suspicious activity detected. Accessed paths are legitimate website content, and there are no WAF flags, detected threats, or security rule hits. This also appears to be normal website browsing activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.24
|
ip
|
2026-02-24 10:20:58
|
block
|
This IP address exhibited highly suspicious behavior, including 5 detected threat requests out of 19 total requests, multiple paths flagged by WAF, and being explicitly denied by the 'IPBLOCK-BURST4-318403' security rule. These indicators suggest active malicious activity or a concerted attack.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.25
|
ip
|
2026-02-24 10:20:58
|
ignore
|
This IP address showed no indicators of malicious activity. It had no WAF flags, no detected threat requests, and no security rule hits. The accessed paths appear to be legitimate WordPress content.
|
1.0
|
severity: Severity.low
|
|
43.133.220.37
|
ip
|
2026-02-24 10:20:58
|
ignore
|
This IP address showed no indicators of malicious activity. It had no WAF flags, no detected threat requests, and no security rule hits. The accessed paths suggest legitimate browsing of blog content.
|
1.0
|
severity: Severity.low
|
|
43.133.220.37
|
ip
|
2026-02-24 10:00:45
|
ignore
|
No evidence of malicious activity found in the provided data. All requests appear legitimate, with no WAF flags, no detected threats, and no security rule hits. The initial watchlist entry appears to be a false positive based on current observations.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.138.168.131
|
ip
|
2026-02-24 10:00:45
|
block
|
Repeated scanning attempts for WordPress vulnerabilities across multiple paths, detected bot browser impersonation, and multiple WAF rules triggered including a burst-based IP block. High ratio of detected threat requests (104) compared to total requests (32).
|
0.949999988079071
|
severity: Severity.critical
|
|
43.133.220.37
|
ip
|
2026-02-24 08:40:19
|
watchlist
|
The 'last_seen' timestamp (2026-02-23T21:04:28) for this entity is in the future, indicating a significant data anomaly or potential attempt to bypass time-based detections.
|
0.8999999761581421
|
severity: Severity.medium
|
|
43.133.220.37
|
ip
|
2026-02-24 08:30:12
|
ignore
|
No malicious activity detected: 0 threat requests, no WAF flags, and no security rule hits. The associated hostname 'www.darcherif.fr' appears to be a legitimate personal website.
|
0.8999999761581421
|
severity: Severity.low
|
|
18.237.91.58
|
ip
|
2026-02-24 08:20:04
|
block
|
Detected highly suspicious and obfuscated paths consistent with attempted exploits or reconnaissance. AI also flagged as medium severity, but the path patterns warrant immediate blocking.
|
0.949999988079071
|
severity: Severity.critical
|
|
43.133.220.37
|
ip
|
2026-02-24 08:20:04
|
ignore
|
No suspicious activity detected; access patterns appear benign for this new entity. No threats flagged by WAF or security rules.
|
0.8999999761581421
|
severity: Severity.low
|
|
195.178.110.242
|
ip
|
2026-02-24 08:09:50
|
block
|
High number of detected threat requests, all accessed paths flagged by WAF, and hits on security rules including bot impersonation.
|
0.949999988079071
|
severity: Severity.critical
|
|
43.133.220.37
|
ip
|
2026-02-24 08:09:50
|
ignore
|
No suspicious activity detected; accessed legitimate content without triggering any security alerts.
|
0.8999999761581421
|
severity: Severity.low
|
|
18.237.91.58
|
ip
|
2026-02-24 08:09:49
|
watchlist
|
Suspicious, obfuscated path accessed; potential probe or hidden resource access attempt.
|
0.699999988079071
|
severity: Severity.medium
|
|
51.107.182.56
|
ip
|
2026-02-24 03:38:44
|
block
|
All requests (81/81) were detected as threats, all paths were flagged by WAF, and an 'IPBLOCK' deny rule was triggered, indicating active malicious exploitation attempts.
|
0.9900000095367432
|
severity: Severity.critical
|
|
45.141.233.196
|
ip
|
2026-02-24 03:38:44
|
block
|
High number of detected threat requests (41/44) targeting wp-login.php, flagged by WAF with an alert, indicating a likely brute-force or credential stuffing attack.
|
0.949999988079071
|
severity: Severity.critical
|
|
43.133.220.37
|
ip
|
2026-02-24 03:38:44
|
ignore
|
No detected threat requests and no WAF flags, indicating benign activity.
|
0.8999999761581421
|
severity: Severity.low
|