|
173.211.0.229
|
ip
|
2026-02-21 17:08:20
|
ignore
|
Analysis revealed no malicious activity, WAF flags, or security rule hits. All accessed paths are consistent with benign WordPress site browsing. Associated hostname 'www.darcherif.fr' appears legitimate.
|
0.9900000095367432
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 16:58:09
|
ignore
|
No malicious indicators detected. Activity consists of standard WordPress asset requests without WAF flags, security rule hits, or identified threat requests. Associated hostname 'www.darcherif.fr' appears legitimate.
|
0.949999988079071
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 16:47:58
|
ignore
|
No malicious activity detected. All requests were for standard WordPress resources, no WAF flags, no detected threats, and no security rule hits. Associated hostname 'www.darcherif.fr' appears legitimate. The future 'last_seen' date is an anomaly but does not indicate malicious intent given the lack of other threat indicators.
|
0.949999988079071
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 16:37:47
|
ignore
|
No malicious activity, WAF flags, or security rule hits detected. Appears to be a benign IP accessing standard website resources.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.173.96.22
|
ip
|
2026-02-21 16:37:47
|
block
|
Multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', and denial rules ('IPBLOCK-BURST4') triggered. Repeated attempts to access 'wlwmanifest.xml' paths indicate automated enumeration or scanning activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
173.211.0.229
|
ip
|
2026-02-21 16:27:40
|
ignore
|
No suspicious activity detected; zero threat requests, no WAF flags, and access to common WordPress files. Previous AI assessment of medium severity is not supported by current data.
|
0.8999999761581421
|
severity: Severity.low
|
|
40.69.66.178
|
ip
|
2026-02-21 16:27:40
|
block
|
All requests were flagged by WAF and hit 'IPBLOCK' security rule, attempting access to known malicious paths like 'admin.php' and 'wp_filemanager.php'.
|
1.0
|
severity: Severity.critical
|
|
173.211.0.229
|
ip
|
2026-02-21 14:37:16
|
watchlist
|
The 'last_seen' timestamp for this entity (2026-02-21T12:42:52) is in the future, which is an anomalous data point that could indicate system misconfiguration or an attempt to obscure activity. While no immediate malicious activities (WAF flags, threat detections) were observed from the accessed WordPress paths, the timestamp anomaly warrants further monitoring and investigation to determine the root cause and ensure it's not indicative of a deeper issue.
|
0.699999988079071
|
severity: Severity.medium
|
|
173.211.0.229
|
ip
|
2026-02-21 14:27:01
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Access patterns are consistent with typical WordPress site interaction. The entity is not currently present in the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 14:16:53
|
ignore
|
No suspicious activity detected. All requests are benign, with no WAF flags or security rule hits.
|
1.0
|
severity: Severity.low
|
|
2a10:3c0:101:0:1:12:0:5
|
ip
|
2026-02-21 14:16:53
|
block
|
All requests flagged by WAF and detected as threats. High confidence in malicious activity requiring immediate blocking.
|
0.949999988079071
|
severity: Severity.critical
|
|
173.211.0.229
|
ip
|
2026-02-21 14:06:35
|
ignore
|
No suspicious activities detected; all requests are for standard website resources with no WAF rule hits or detected threats.
|
0.949999988079071
|
severity: Severity.low
|
|
170.64.198.170
|
ip
|
2026-02-21 14:06:35
|
block
|
Multiple high-severity WAF rule hits including command injection, LFI, and attempts to access sensitive configuration files like .env and .git/config, indicative of active exploitation attempts.
|
0.9800000190734863
|
severity: Severity.critical
|
|
2a10:3c0:101:0:1:12:0:5
|
ip
|
2026-02-21 14:06:35
|
watchlist
|
All requests were flagged by WAF with a specific alert rule (3990001), indicating suspicious activity, but no explicit high-severity deny rules were triggered. Further monitoring is advised.
|
0.8500000238418579
|
severity: Severity.medium
|
|
173.211.0.229
|
ip
|
2026-02-21 13:56:27
|
ignore
|
No malicious activity detected. All accessed paths are consistent with normal website operation. No WAF alerts or internal threat detections.
|
0.8999999761581421
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 13:46:21
|
ignore
|
No malicious activity detected. The IP accessed standard web assets for a WordPress site, with no WAF flags, detected threat requests, or security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 13:36:14
|
ignore
|
No malicious activity detected. Accesses to common WordPress assets without WAF flags or threat alerts.
|
0.8999999761581421
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 13:26:04
|
ignore
|
No malicious activity or suspicious patterns detected. All accessed paths are typical for a WordPress site, and there are no WAF flags, security rule hits, or detected threat requests. The associated hostname www.darcherif.fr appears to be a legitimate website.
|
0.949999988079071
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 13:15:59
|
ignore
|
No malicious activity detected. All accessed paths are typical WordPress files (themes, plugins, uploads, core JS), with no WAF flags, security rule hits, or detected threat requests.
|
1.0
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 13:05:46
|
ignore
|
No suspicious activity detected, typical WordPress site access, no WAF flags or threat alerts. Entity appears benign.
|
1.0
|
severity: Severity.low
|
|
173.211.0.229
|
ip
|
2026-02-21 12:55:37
|
ignore
|
No malicious activity detected; accessed standard WordPress resources, no WAF flags or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
20.187.125.76
|
ip
|
2026-02-21 12:55:37
|
block
|
All requests (100%) were detected as threats, flagged by WAF, and denied by an IPBLOCK rule. Accessed suspicious PHP paths indicative of web shell or vulnerability scanning attempts.
|
1.0
|
severity: Severity.critical
|
|
172.232.36.208
|
ip
|
2026-02-21 12:35:31
|
block
|
Multiple severe security rule violations including SQL Injection attempts, accessing sensitive .git directory, and triggering IPBLOCK-PENALTY-BOX rule.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.53.240.38
|
ip
|
2026-02-21 12:15:24
|
block
|
Suspicious file access patterns indicative of web shell activity or server compromise. Observed access to generic .php files like 'file.php', 'file2.php', 'doc.php', 'k.php', and 'admin.php' within wp-content and uploads directories, which are common indicators of malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
70.123.97.128
|
ip
|
2026-02-21 06:24:10
|
block
|
IP triggered WAF deny rule 'IPBLOCK-BURST4-318403' and made 6 threat-detected requests out of 19 total, indicating automated or malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.214.159.60
|
ip
|
2026-02-21 01:33:21
|
block
|
Multiple suspicious paths accessed consistent with web application scanning and exploitation attempts (e.g., ioxi-o.php, wp-content/plugins/WordPressCore/, sf.php, wp-trackback.php, cgi-bin/).
|
0.8999999761581421
|
severity: Severity.critical
|
|
207.46.13.18
|
ip
|
2026-02-20 20:52:23
|
block
|
All requests flagged as threats by WAF (Rule 3991006). High likelihood of reconnaissance or automated attack due to 100% threat rate.
|
0.8999999761581421
|
severity: Severity.medium
|
|
207.46.13.168
|
ip
|
2026-02-20 20:52:23
|
block
|
Multiple WAF alerts (Rule 3991006) and access to a highly suspicious, obfuscated path. High ratio of detected threat requests (7 out of 8).
|
0.949999988079071
|
severity: Severity.critical
|
|
35.245.125.98
|
ip
|
2026-02-20 17:01:21
|
block
|
Engaging in widespread WordPress vulnerability scanning attempts (wlwmanifest.xml), flagged by WAF on multiple paths, detected as a bot browser impersonator, and has already triggered an IPBLOCK deny rule. A disproportionately high number of threat requests were detected.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ef4680262e7deb748
|
tls
|
2026-02-20 11:50:14
|
block
|
Multiple WAF rule hits indicating SQL injection attempts, access to sensitive paths (.git/), and triggering of IP blocking penalties.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:3c39:ee45:8634:30ee
|
ip
|
2026-02-20 11:40:08
|
block
|
The IP attempted SQL injection, accessed sensitive .git paths, triggered multiple security alerts, and is in an IP block penalty box. A high ratio of threat requests to total requests indicates malicious activity.
|
1.0
|
severity: Severity.critical
|
|
170.64.40.138
|
ip
|
2026-02-20 06:59:16
|
block
|
IP triggered a deny rule (IPBLOCK-BURST4-318403) and had multiple detected threat requests flagged by WAF, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS23470
|
asn
|
2026-02-20 06:39:10
|
block
|
High volume of detected threat requests (456), multiple WAF rule hits including bot impersonation and suspicious path access patterns, indicating automated malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.195.100.207
|
ip
|
2026-02-20 05:59:01
|
block
|
This IP exhibits highly malicious behavior with a high number of detected threat requests (61 out of 8 total), numerous WAF rule hits including 'BOT-BROWSER-IMPERSONATOR', and repeated attempts to access common WordPress exploitation paths.
|
0.949999988079071
|
severity: Severity.critical
|
|
146.70.59.42
|
ip
|
2026-02-20 04:48:46
|
block
|
IP blocked by WAF rule 'IPBLOCK-BURST4-318403' due to burst activity, with 35% of total requests detected as threats and multiple paths flagged.
|
0.949999988079071
|
severity: Severity.critical
|
|
179.43.159.170
|
ip
|
2026-02-20 03:58:35
|
block
|
Repeated access to wp-login.php, indicative of a brute-force or credential stuffing attempt.
|
0.800000011920929
|
severity: Severity.medium
|
|
2409:8a34:4071:5b10:a00:27ff:fea2:560b
|
ip
|
2026-02-19 20:17:11
|
block
|
Detected multiple threat requests and accessed highly suspicious, obfuscated paths indicating potential exploitation or attack attempts from a Chinese IP address. Security rules were triggered.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.205.120.43
|
ip
|
2026-02-19 19:16:55
|
block
|
Multiple highly suspicious path accesses, including `wp-content/cong.php` (likely a typo for config.php probe) and an unusual `.well-known/classwithtostring.php`, indicative of WordPress vulnerability scanning and exploitation attempts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
20.24.197.43
|
ip
|
2026-02-19 17:16:27
|
block
|
Detected access to known malicious web shell pattern 'ioxi-o.php' and suspicious 'wp-content/plugins/WordPressCore/' path, indicating potential exploitation attempts or reconnaissance.
|
0.8999999761581421
|
severity: Severity.critical
|
|
74.7.241.43
|
ip
|
2026-02-19 13:05:31
|
block
|
Almost all requests (45 out of 46) from this IP were flagged as threats by the WAF, indicating highly malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
45.149.173.195
|
ip
|
2026-02-19 08:14:39
|
block
|
IP engaged in extensive WordPress vulnerability scanning targeting 'wlwmanifest.xml', flagged by WAF as a 'BOT-BROWSER-IMPERSONATOR', and previously denied by burst IP blocking rules. High number of detected threat requests.
|
0.949999988079071
|
severity: Severity.critical
|
|
130.12.180.90
|
ip
|
2026-02-19 07:34:29
|
block
|
Repeated suspicious access to wp-login.php flagged by WAF and triggered security alerts, indicating potential brute-force or credential stuffing attack.
|
0.8999999761581421
|
severity: Severity.critical
|
|
66.249.66.161
|
ip
|
2026-02-19 07:24:23
|
block
|
All requests from this IP address triggered WAF alerts (rule 3991006) on WordPress core and theme files. This indicates a high probability of malicious scanning or attempted exploitation.
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.45
|
ip
|
2026-02-19 07:24:23
|
block
|
All requests from this IP address triggered WAF alerts (rule 3991006) on WordPress core and plugin files, similar to 66.249.66.161. This indicates a high probability of malicious scanning or attempted exploitation.
|
0.949999988079071
|
severity: Severity.critical
|
|
99.24.217.1
|
ip
|
2026-02-19 07:24:23
|
block
|
The WAF already denied requests from this IP due to a 'burst' rule (IPBLOCK-BURST4-318403), indicating automated, excessive activity. This behavior is consistent with bots or scrapers and warrants continued blocking.
|
0.800000011920929
|
severity: Severity.medium
|
|
66.249.66.161
|
ip
|
2026-02-19 07:14:15
|
ignore
|
IP belongs to Google (ASN AS15169) and triggered WAF rule 3991006, which is commonly associated with Googlebot activity. All flagged requests appear to be legitimate crawling for website content, not malicious activity.
|
0.949999988079071
|
severity: Severity.low
|
|
66.249.66.45
|
ip
|
2026-02-19 07:14:15
|
ignore
|
IP belongs to Google (ASN AS15169) and triggered WAF rule 3991006, which is commonly associated with Googlebot activity. All flagged requests appear to be legitimate crawling for website content, not malicious activity.
|
0.949999988079071
|
severity: Severity.low
|
|
158.158.51.6
|
ip
|
2026-02-19 03:33:25
|
block
|
All 20 requests from this IP address were flagged by the WAF as threats, including attempts to access sensitive WordPress configuration files and known vulnerable plugin paths, indicating a clear malicious intent and active attack.
|
0.9900000095367432
|
severity: Severity.critical
|
|
192.161.169.184
|
ip
|
2026-02-19 00:22:54
|
block
|
IP was blocked by WAF rule 'IPBLOCK-BURST4-318403' indicating burst activity and a detected threat request.
|
0.8999999761581421
|
severity: Severity.critical
|
|
40.115.138.121
|
ip
|
2026-02-18 12:20:45
|
block
|
Accessed multiple highly suspicious PHP paths commonly associated with web shell uploads or compromise attempts (e.g., hehe.php, wp-content/cong.php, alfa-rex.php, admin/function.php).
|
0.8999999761581421
|
severity: Severity.critical
|