|
185.226.197.27
|
ip
|
2026-02-17 01:54:14
|
block
|
High number of detected threat requests (8) and hits on multiple security rules, including BOT-BROWSER-IMPERSONATOR, indicating malicious bot activity and potential impersonation.
|
0.8999999761581421
|
severity: Severity.critical
|
|
124.156.226.179
|
ip
|
2026-02-16 20:13:15
|
block
|
Detected threat requests and WAF flagged path 'akam/13/51626d4a'. Security rule 3900999 was alerted.
|
0.8999999761581421
|
severity: Severity.critical
|
|
45.94.31.224
|
ip
|
2026-02-16 18:52:58
|
block
|
Repeated WordPress enumeration attempts, high percentage of detected threat requests, and identified as a bot by security rules, including WAF deny hits.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS51167
|
asn
|
2026-02-16 18:52:58
|
block
|
Active exploitation attempts targeting sensitive files like .env and SQL backups, with multiple critical WAF deny rules triggered, including Local File Inclusion (LFI) anomalies.
|
0.9800000190734863
|
severity: Severity.critical
|
|
109.205.180.195
|
ip
|
2026-02-16 17:52:42
|
block
|
Multiple attempts to access sensitive configuration files (.env, mysql.sql) and Local File Inclusion (LFI) attempts, evidenced by WAF rule hits (LFI-ANOMALY) and a high ratio of detected threat requests.
|
0.9800000190734863
|
severity: Severity.critical
|
|
AS51167
|
asn
|
2026-02-16 17:52:42
|
watchlist
|
Associated with an IP address (109.205.180.195) engaged in critical security threats, including LFI attempts and sensitive file access. Requires monitoring for broader malicious activity from this ASN.
|
0.8999999761581421
|
severity: Severity.medium
|
|
2600:1700:f6aa:2c10:dd5c:8d0c:3fa5:8dba
|
ip
|
2026-02-16 10:20:41
|
block
|
This IP address generated a high percentage of threat requests (7 out of 19) and triggered a 'deny' rule specifically for 'IPBLOCK-BURST4-318403', indicating malicious burst activity or an attempted denial-of-service attack.
|
0.949999988079071
|
severity: Severity.critical
|
|
167.172.221.95
|
ip
|
2026-02-16 06:49:50
|
block
|
IP detected making numerous threat requests targeting WordPress paths like xmlrpc.php, flagged by WAF on all access attempts, and identified as a bot browser impersonator.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-16 06:49:50
|
ignore
|
No recent malicious activity detected. All accessed paths are legitimate WordPress static assets, with zero threat requests, WAF flags, or security rule hits. Previous AI assessment likely a false positive or outdated.
|
0.8999999761581421
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-16 00:58:26
|
watchlist
|
The 'last_seen' timestamp is in the future (2026-02-14T03:02:37), indicating a significant data anomaly or logging issue. While no direct malicious activity (such as detected threat requests, WAF flags, or security rule hits) was observed from the network activity itself, the integrity issue of the timestamp warrants keeping this entity in the watchlist for further investigation into the data source or potential underlying system issues.
|
0.800000011920929
|
severity: Severity.medium
|
|
2600:3c03::2000:ebff:fe62:f006
|
ip
|
2026-02-16 00:48:15
|
block
|
Access to highly suspicious and obfuscated path 'y40cf0A0/u29/CD-/fDKig86kEF/V7imftL3YLEpDwp3iz/ZxJDZw/eBUXI/RQvYA8B', indicating a potential exploit attempt or backdoor access. Although no WAF flags were triggered, the path pattern is indicative of malicious intent.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-16 00:48:15
|
ignore
|
No suspicious activity detected in the current access logs. All accessed paths are legitimate WordPress files, and there are no WAF flags, security rule hits, or detected threat requests. AI details also indicate low severity.
|
0.800000011920929
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-15 22:47:41
|
watchlist
|
IP associated with Amazon AWS accessing standard WordPress paths for 'www.darcherif.fr'. No WAF flags, threat detections, or security rule hits. Observed a future 'last_seen' timestamp which is anomalous, but no other suspicious activity was identified. Appears benign, continued monitoring recommended for any new behavioral changes.
|
0.8500000238418579
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-15 22:37:32
|
ignore
|
No malicious activity detected. IP accessed common WordPress paths with no WAF flags, security rule hits, or detected threat requests. Associated hostname 'www.darcherif.fr' appears legitimate.
|
1.0
|
severity: Severity.low
|
|
216.73.216.97
|
ip
|
2026-02-15 22:27:24
|
block
|
High ratio of detected threat requests (4/6) and suspicious, obfuscated path access indicative of malicious scanning or exploit attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 22:27:24
|
ignore
|
No recent activity, zero requests, and no security rule hits observed since initial detection.
|
0.8500000238418579
|
severity: Severity.low
|
|
34.41.205.200
|
ip
|
2026-02-15 22:27:24
|
block
|
WAF denied access due to Local File Inclusion (LFI) anomaly and attempted access to sensitive .env configuration file.
|
0.9900000095367432
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 15:06:03
|
watchlist
|
Previously flagged by AI with medium confidence and severity, and accessing a potentially unusual path ('akam/13/495284bd'), though no direct WAF or security rule hits were observed in recent activity. Requires further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
74.7.244.33
|
ip
|
2026-02-15 15:06:03
|
block
|
All requests were detected as threats, flagged by WAF, and triggered an IPBLOCK security rule, indicating critical malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 14:55:56
|
watchlist
|
Entity's last_seen timestamp is in the future (2026), indicating a potential data anomaly or sophisticated spoofing attempt, despite no other immediate threat indicators.
|
0.6000000238418579
|
severity: Severity.medium
|
|
160.250.132.165
|
ip
|
2026-02-15 14:45:48
|
block
|
Repeated access to sensitive WordPress enumeration and login paths (wp-json/wp/v2/users, wp-admin/, wp-login.php) from an IP (VN) inconsistent with the website's likely geographic location (FR hostname), indicating potential credential stuffing or reconnaissance.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 14:45:48
|
ignore
|
Entity shows no observed activity (0 total requests, 0 detected threat requests, no paths accessed) since its last brief appearance, despite being on the watchlist. No current evidence justifies its continued inclusion.
|
0.8999999761581421
|
severity: Severity.low
|
|
174.68.176.172
|
ip
|
2026-02-15 11:15:08
|
block
|
IP blocked by WAF rule 'IPBLOCK-BURST4-318403' and associated with multiple detected threat requests (5 out of 19 total requests).
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 11:15:08
|
watchlist
|
Previously flagged by AI with high confidence (0.9 score). No new activity or threats observed since first seen to warrant immediate blocking or removal from watchlist.
|
0.800000011920929
|
severity: Severity.medium
|
|
34.9.48.95
|
ip
|
2026-02-15 07:44:25
|
block
|
High number of detected threat requests (9 out of 19), multiple WAF flags, security rule hits including BOT-BROWSER-IMPERSONATOR, and an IPBLOCK-BURST4-318403 deny rule hit.
|
0.949999988079071
|
severity: Severity.critical
|
|
107.172.195.126
|
ip
|
2026-02-15 01:33:22
|
block
|
Repeated malicious activity including browser impersonation and a high volume of detected threat requests (31 out of 7 total requests, suggesting multiple threat detections per attempt). WAF rules indicate active bot activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 01:33:22
|
watchlist
|
Previously flagged by AI with high confidence and medium severity. No new activity observed in the current period to either confirm maliciousness or justify removal from watchlist; continued monitoring is required.
|
0.8999999761581421
|
severity: Severity.medium
|
|
35.75.145.215
|
ip
|
2026-02-15 01:03:09
|
watchlist
|
Entity previously identified by AI with high confidence (0.9) and medium severity. No new active threats or WAF flags detected in the current observation period, but continued monitoring is warranted.
|
0.8999999761581421
|
severity: Severity.medium
|
|
3%7eaa744a72243fb39f
|
tls
|
2026-02-15 01:03:09
|
block
|
WAF flagged suspicious paths and detected threat requests (2/16). Security rule 3900999 was triggered, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 00:42:58
|
watchlist
|
The 'last_seen' timestamp is in the future (2026-02-14T03:02:37), indicating a potential data integrity issue or an attempt to obfuscate activity. While no immediate security rule hits or WAF flags were observed, this anomaly warrants further investigation.
|
0.8999999761581421
|
severity: Severity.medium
|
|
35.75.145.215
|
ip
|
2026-02-15 00:32:51
|
ignore
|
No malicious activity detected. Entity exhibits standard WordPress accesses with no WAF flags, detected threat requests, or security rule hits. Appears to be benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7e415f6cb3e8aefec4
|
tls
|
2026-02-15 00:32:51
|
block
|
Critical malicious activity detected. Attempted access to highly sensitive files and directories (e.g., .env.old, wp-config.php.txt, .git/config, admin/settings, payment.js, stripe.js). All suspicious paths were flagged by WAF, and multiple security rules were triggered, including Local File Inclusion (LFI) anomalies and high-volume burst blocking. Extremely high number of detected threat requests (552).
|
0.9900000095367432
|
severity: Severity.critical
|
|
103.4.250.171
|
ip
|
2026-02-15 00:22:41
|
block
|
Multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', and a very high ratio of detected threat requests (54) to total requests (13) indicate severe malicious bot activity targeting the web application.
|
0.9800000190734863
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 00:22:41
|
ignore
|
No WAF flags, no detected threat requests, and no security rule hits. Traffic appears legitimate and does not exhibit any suspicious behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
104.164.173.104
|
ip
|
2026-02-15 00:12:30
|
block
|
High number of detected threat requests, multiple WAF flags, and identification as a bot impersonator, indicating automated malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
159.65.18.197
|
ip
|
2026-02-15 00:12:30
|
block
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules.
|
0.949999988079071
|
severity: Severity.critical
|
|
165.22.235.3
|
ip
|
2026-02-15 00:12:30
|
block
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules.
|
0.949999988079071
|
severity: Severity.critical
|
|
165.22.34.189
|
ip
|
2026-02-15 00:12:30
|
block
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules.
|
0.949999988079071
|
severity: Severity.critical
|
|
207.154.197.113
|
ip
|
2026-02-15 00:12:30
|
block
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-15 00:12:30
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed during the current period. The activity appears benign, primarily accessing WordPress assets.
|
0.800000011920929
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-14 15:00:38
|
watchlist
|
The 'last_seen' timestamp for this entity is in the future (2026-02-14T03:02:37), which indicates a significant data anomaly or potential system clock manipulation. While no direct malicious activity (WAF flags, threat requests, or security rule hits) was detected, this anomaly warrants further investigation and observation.
|
0.699999988079071
|
severity: Severity.medium
|
|
35.75.145.215
|
ip
|
2026-02-14 14:50:23
|
ignore
|
No suspicious activity observed. All accessed paths are standard components of a WordPress site, and there are no recorded WAF flags, security rule hits, or detected threat requests. The IP belongs to Amazon and resolves to a legitimate-looking hostname.
|
0.8999999761581421
|
severity: Severity.low
|
|
104.28.235.59
|
ip
|
2026-02-14 14:40:09
|
block
|
Critical threat detected: 100% of requests (42/42) flagged by WAF and triggered security rule 3990001 (Generic Web Application Attack). Accessing suspicious PHP files commonly associated with web shells and compromised WordPress sites (e.g., wp-admin/css/index.php, akcc.php).
|
1.0
|
severity: Severity.critical
|
|
2a09:bac1:7680:450::2e9:a3
|
ip
|
2026-02-14 14:40:09
|
block
|
Critical threat detected: 100% of requests (42/42) flagged by WAF and triggered security rule 3990001 (Generic Web Application Attack). This IPv6 address exhibits identical malicious behavior to a related IPv4 address (104.28.235.59), targeting the same suspicious PHP files.
|
1.0
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-14 14:40:09
|
ignore
|
No current malicious activity observed: 0 detected threat requests, 0 WAF flags, and no security rule hits. All accessed paths are standard WordPress files, except for 'akam/13/495284bd' which is not malicious in isolation. The entity's traffic does not support its current watchlist status.
|
0.8999999761581421
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-14 12:59:44
|
watchlist
|
Observed accessing numerous common WordPress paths, potentially indicating reconnaissance. While no explicit malicious activity or WAF flags were detected, the 'last_seen' timestamp is unusually in the future (2026-02-14), which warrants continued monitoring for unusual behavior or potential data anomalies.
|
0.6000000238418579
|
severity: Severity.medium
|
|
35.75.145.215
|
ip
|
2026-02-14 12:49:37
|
ignore
|
No malicious activity detected. All accessed paths are common WordPress files, no WAF flags, no threat requests, and no security rule hits observed.
|
1.0
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-14 12:39:29
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. AI confidence score is low, indicating no current malicious activity.
|
0.800000011920929
|
severity: Severity.low
|
|
98.144.155.254
|
ip
|
2026-02-14 12:39:29
|
block
|
High number of detected threat requests and triggered WAF deny rule 'IPBLOCK-BURST4-318403' for a burst attack.
|
0.8999999761581421
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-14 08:18:44
|
watchlist
|
Initial access to WordPress resources from an AWS IP associated with an external domain (darcherif.fr). No immediate threats or WAF flags detected, but warrants monitoring for any developing patterns.
|
0.4000000059604645
|
severity: Severity.low
|