|
20.199.186.0
|
ip
|
2026-02-14 08:08:31
|
block
|
All requests to suspicious PHP paths were flagged by WAF, indicating active exploitation attempts. Security rule hits show IPBLOCK.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-14 08:08:31
|
ignore
|
No new malicious activity detected. All accessed paths are legitimate, and no WAF flags or threat requests were recorded. Current observations contradict initial watchlist flagging.
|
0.8999999761581421
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-14 07:38:20
|
watchlist
|
IP accessed multiple WordPress-related paths (wp-content, wp-includes) indicative of scanning or reconnaissance. The 'last_seen' timestamp is in the future, suggesting a data anomaly or a highly unusual event. No direct threats were flagged by WAF or security rules.
|
0.699999988079071
|
severity: Severity.medium
|
|
144.124.246.157
|
ip
|
2026-02-14 07:28:14
|
block
|
This IP address generated 100% detected threat requests, triggered a WAF denial with rule 'REP_1654538', and attempted to access suspicious WordPress admin paths, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-14 07:28:14
|
ignore
|
This IP address shows no detected threat requests or WAF rule hits. All accessed paths are legitimate WordPress static files. The current data contradicts the previous high AI confidence and critical severity assessment.
|
0.8999999761581421
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-14 03:37:15
|
watchlist
|
The entity's 'last_seen' timestamp is in the future (2026-02-14T03:02:37), which indicates a severe data integrity issue or potential log manipulation. Further investigation is required to determine the cause and impact.
|
0.8999999761581421
|
severity: Severity.critical
|
|
35.75.145.215
|
ip
|
2026-02-14 03:27:09
|
ignore
|
Analysis shows no suspicious activity. All accessed paths are standard WordPress paths, and there are no WAF flags, security rule hits, or detected threat requests.
|
1.0
|
severity: Severity.low
|
|
35.75.145.215
|
ip
|
2026-02-14 03:17:00
|
ignore
|
Entity accessed standard WordPress paths without triggering any WAF flags, security rules, or detected threat requests. Activity appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
68.221.137.8
|
ip
|
2026-02-13 23:26:17
|
block
|
All 145 requests from this IP were detected as threats by the WAF and subsequently denied by an IP blocking security rule, indicating active malicious scanning or exploitation attempts against various PHP paths.
|
0.9900000095367432
|
severity: Severity.critical
|
|
178.128.59.205
|
ip
|
2026-02-13 21:45:57
|
block
|
IP address engaged in WordPress vulnerability scanning, brute-force attempts, detected as a bot impersonator, and has triggered WAF denial rules indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
54.162.205.66
|
ip
|
2026-02-13 20:45:43
|
block
|
All 5 requests from this IP were detected as threats and blocked by an 'IPBLOCK' security rule, indicating malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
157.230.96.220
|
ip
|
2026-02-13 15:14:40
|
block
|
IP address identified as a BOT-BROWSER-IMPERSONATOR, exhibiting aggressive WordPress scanning activity (wp-includes/wlwmanifest.xml), and actively denied by WAF IPBLOCK rules due to numerous detected threat requests.
|
0.9800000190734863
|
severity: Severity.critical
|
|
2600:8805:5201:1900:7b6b:a09a:eddf:c0ba
|
ip
|
2026-02-13 12:54:11
|
block
|
The IP address triggered WAF deny rule 'IPBLOCK-BURST4-318403' and had 4 detected threat requests out of 19 total, indicating malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
104.28.235.58
|
ip
|
2026-02-13 12:44:06
|
block
|
100% of requests from this IP were flagged by WAF and triggered security rule 3990001, indicating highly malicious activity targeting common web application exploit paths (WordPress).
|
1.0
|
severity: Severity.critical
|
|
2a09:bac5:cad6:154b::21f:108
|
ip
|
2026-02-13 12:44:06
|
block
|
100% of requests from this IP were flagged by WAF and triggered security rule 3990001, indicating highly malicious activity targeting common web application exploit paths (WordPress).
|
1.0
|
severity: Severity.critical
|
|
104.28.214.117
|
ip
|
2026-02-13 12:13:56
|
block
|
All requests were flagged as threats, accessing suspicious PHP files that mimic web shell or backdoor attempts, and triggered WAF deny rules. This indicates active, malicious exploitation attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac5:9529:3af::5e:1f
|
ip
|
2026-02-13 12:13:56
|
block
|
All requests were flagged as threats, accessing suspicious PHP files in administrative and theme directories typical of web shell or backdoor activity, and triggered WAF deny rules. This indicates active, malicious exploitation attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
148.153.56.170
|
ip
|
2026-02-12 17:19:43
|
block
|
This IP initiated 2 detected threat requests and triggered WAF alerts (rules 3910001, 3910004) against a WordPress site, indicating active exploitation attempts. The unusual path accessed also raises suspicion.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ec09a36bb1168dd08
|
tls
|
2026-02-12 17:19:43
|
block
|
This TLS fingerprint is directly associated with the same detected threat requests and WAF alerts as the malicious IP 148.153.56.170, indicating its use in active exploitation attempts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2a00:f2a0:0:f783:ca1f:66ff:fef3:e641
|
ip
|
2026-02-12 15:19:17
|
block
|
High number of detected threat requests (6 detections for 5 total requests), bot browser impersonation, and multiple security rule alerts originating from a high-risk geography (RU).
|
0.949999988079071
|
severity: Severity.critical
|
|
89.110.69.19
|
ip
|
2026-02-12 15:19:17
|
block
|
Repeated attempts to access various WordPress login and admin paths ('wp-login.php', 'wp-admin/', 'login'), highly indicative of a brute-force or credential stuffing attack, despite no explicit WAF alerts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
73.213.221.128
|
ip
|
2026-02-12 15:19:17
|
block
|
WAF already triggered an IP block due to a burst of activity (IPBLOCK-BURST4-318403), and a high percentage of requests (9 out of 21) were detected as threats, indicating continued malicious intent.
|
0.9800000190734863
|
severity: Severity.critical
|
|
172.114.67.124
|
ip
|
2026-02-11 14:09:49
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', detected a high percentage of threat requests (36.8%), accessed multiple WAF-flagged paths including an obfuscated one, and triggered security alert '3910006'. This pattern is consistent with other blocklisted malicious IPs exhibiting burst attacks and reconnaissance.
|
1.0
|
severity: Severity.critical
|
|
168.93.0.116
|
ip
|
2026-02-11 11:39:43
|
ignore
|
Despite previous moderate AI confidence, no new or active malicious activity (zero threat requests, no WAF flags, no security rule hits) has been observed in recent data.
|
0.800000011920929
|
severity: Severity.low
|
|
52.167.144.202
|
ip
|
2026-02-11 11:39:43
|
block
|
High percentage of detected threat requests (87.5%), triggered WAF alert '3991006' for multiple paths, and belongs to ASN AS8075 which is extensively blocklisted for persistent malicious activity with identical attack patterns. The IP also accessed a highly obfuscated path.
|
1.0
|
severity: Severity.critical
|
|
2a01:e0a:e19:5b00:2417:bf0e:958d:4188
|
ip
|
2026-02-11 10:19:30
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', indicating a burst of malicious activity, with 21% of requests detected as threats and belongs to blocklisted ASN AS12322, which is known for persistent malicious probing.
|
1.0
|
severity: Severity.critical
|
|
185.117.225.97
|
ip
|
2026-02-11 05:39:10
|
block
|
Extremely high percentage of detected threat requests (96%), numerous WAF flagged paths, and multiple security alerts (3990001, 3990004, 3990011) indicative of severe malicious probing. Its associated ASN (AS14618) has other IPs blocklisted for identical critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2.58.56.55
|
ip
|
2026-02-10 23:58:52
|
block
|
IP accessed highly suspicious web shell paths ending in '.php.suspected', strongly indicating web shell upload or exploitation attempts. This is critical malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.19.120.248
|
ip
|
2026-02-10 20:08:41
|
block
|
IP belongs to AS8075, which is extensively blocklisted for persistent malicious activity. The accessed paths (e.g., system.php, functions.php, info.php, wp-admin/includes/) are suspicious and consistent with reconnaissance and exploitation attempts observed from other blocklisted IPs from this ASN, warranting immediate blocking.
|
1.0
|
severity: Severity.critical
|
|
74.248.130.28
|
ip
|
2026-02-10 19:18:37
|
block
|
IP belongs to AS8075, which is extensively blocklisted for persistent malicious activity, and is actively probing highly suspicious PHP files and WordPress admin paths, consistent with reconnaissance and exploitation attempts observed from other blocklisted IPs from this ASN.
|
1.0
|
severity: Severity.critical
|
|
74.7.227.185
|
ip
|
2026-02-10 16:18:17
|
block
|
Extremely high ratio of detected threat requests (75 out of 76), all accessed paths flagged by WAF, and its associated ASN AS8075 is already blocklisted for persistent malicious activity and identical attack patterns.
|
1.0
|
severity: Severity.critical
|
|
2600:4041:58f4:7200:10b:144d:3ed7:48f0
|
ip
|
2026-02-10 14:58:21
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' with multiple paths flagged by WAF and a high threat request ratio (6/19), indicating severe malicious probing and automated attacks, consistent with other blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
45.74.10.74
|
ip
|
2026-02-10 09:07:52
|
block
|
Extremely high ratio of detected threat requests (19 over 10 total requests), multiple accessed paths flagged by WAF, and several critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts. This behavior is consistent with other blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
168.93.0.116
|
ip
|
2026-02-10 06:27:40
|
watchlist
|
The IP accessed an obfuscated path 'akam/13/5733f366' which is similar to paths previously flagged by WAF in blocklisted malicious activity, although this specific request did not trigger alerts or WAF flags. This warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
104.28.235.57
|
ip
|
2026-02-10 06:17:38
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files were flagged by WAF, and its associated ASN AS13335 is already blocklisted for widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
168.93.0.116
|
ip
|
2026-02-10 06:17:38
|
ignore
|
Entity shows no new detected threat requests or WAF flags since being added to the watchlist, and its initial AI confidence score was low.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a09:bac5:cad4:1caa::2db:2a
|
ip
|
2026-02-10 06:17:38
|
block
|
All requests (100%) from this IP were detected as threats, a critical WAF deny rule (IPBLOCK-BURST4-318403) was triggered, and its associated ASN AS13335 is already blocklisted for identical widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
20.46.120.47
|
ip
|
2026-02-10 04:37:57
|
block
|
IP belongs to AS8075, which is extensively blocklisted for persistent malicious activity, including probing suspicious PHP files and WordPress admin paths. Its accessed paths (e.g., system.php, info.php, wp-admin/) are consistent with reconnaissance and exploitation attempts observed from other blocklisted IPs from this ASN, warranting immediate blocking.
|
1.0
|
severity: Severity.critical
|
|
168.93.0.116
|
ip
|
2026-02-09 22:47:26
|
watchlist
|
Accessed an obfuscated path (akam/13/5733f366) which, while not currently flagged, matches patterns seen in paths accessed by other blocklisted entities for malicious probing. This warrants continued monitoring.
|
0.30000001192092896
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-09 22:37:12
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All accessed paths are common and benign. Associated ASN is not blocklisted.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-09 22:27:18
|
ignore
|
No suspicious activity, WAF flags, or security rule hits detected.
|
0.8999999761581421
|
severity: Severity.low
|
|
43.157.181.189
|
ip
|
2026-02-09 22:27:18
|
block
|
Associated ASN AS132203 is blocklisted for confirmed persistent malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
168.93.0.116
|
ip
|
2026-02-09 22:17:05
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. All accessed paths are typical website resources, indicating no malicious activity.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-09 22:07:06
|
ignore
|
No detected threat requests (0 out of 19 total), no WAF flagged paths, and no security rule hits indicate benign behavior. The accessed paths are typical static web assets.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-09 21:57:08
|
ignore
|
No malicious activity detected; 0 detected threat requests, no WAF flags, and no security rule hits. This entity does not warrant inclusion in the watchlist.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-09 21:47:12
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits indicate benign activity.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-09 21:37:12
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits indicate benign activity. This entity does not warrant active monitoring.
|
1.0
|
severity: Severity.low
|
|
168.93.0.116
|
ip
|
2026-02-09 21:27:05
|
ignore
|
This IP currently shows no detected threat requests, no WAF flags, and no security rule hits. The previous AI confidence score was low, indicating no ongoing malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
20.43.35.7
|
ip
|
2026-02-09 21:27:05
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files including a known WordPress File Manager exploit ('wp-content/plugins/hellopress/wp_filemanager.php') were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
172.59.76.191
|
ip
|
2026-02-09 15:56:42
|
block
|
High percentage of detected threat requests (36.8%), multiple WAF flagged paths, and the triggering of critical WAF deny rules (IPBLOCK-BURST4-318403, IPBLOCK-SUMMARY8-318403) indicate active malicious probing and a burst attack.
|
1.0
|
severity: Severity.critical
|