|
157.180.49.120
|
ip
|
2026-01-16 22:52:18
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits were observed in the latest activity.
|
0.800000011920929
|
severity: Severity.low
|
|
45.139.104.168
|
ip
|
2026-01-16 22:52:18
|
block
|
Extremely high ratio of detected threat requests (85/25), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-16 22:52:18
|
ignore
|
No detected threat requests, no WAF flagged paths, and no security rule hits were observed in the latest activity.
|
0.800000011920929
|
severity: Severity.low
|
|
185.117.225.139
|
ip
|
2026-01-16 17:11:44
|
block
|
Extremely high percentage of detected threat requests (~94.7%), numerous WAF flagged paths, and multiple security alerts ('3990001', '3990011') indicative of severe malicious probing. Furthermore, its associated ASN (AS14618) has other IPs blocklisted for identical critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
37.77.150.123
|
ip
|
2026-01-16 14:41:30
|
block
|
High percentage of detected threat requests (83.3%), all accessed paths ('xmlrpc.php', 'wp-login.php') flagged by WAF, and triggered critical WAF deny rules ('IPBLOCK-PENALTY-BOX', 'PLATFORM-ANOMALY'), indicating active WordPress enumeration/brute-force attempts. This behavior is consistent with other blocklisted IPs from Russia.
|
1.0
|
severity: Severity.critical
|
|
209.38.65.47
|
ip
|
2026-01-16 12:41:19
|
block
|
All accessed paths flagged by WAF, extremely high number of detected threat events (34) compared to total requests (6), multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', and its associated ASN AS14061 is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:100:0:1:38:0:5
|
ip
|
2026-01-16 12:01:16
|
block
|
High percentage of detected threat requests (~90.9%), multiple WAF flagged paths (mcp, sse), and an associated ASN (AS211680) is already blocklisted for similar severe malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e91b41c1481268bfe
|
tls
|
2026-01-16 12:01:16
|
block
|
All requests (100%) were detected as threats, all accessed paths were flagged by WAF including highly sensitive '.git/HEAD', and a security alert (3990001) was triggered, indicating severe malicious probing and exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.49
|
ip
|
2026-01-16 05:40:53
|
block
|
IP belongs to ASN AS3356, which is blocklisted for widespread malicious activity and persistent threats, warranting blocking of all associated IPs.
|
1.0
|
severity: Severity.critical
|
|
43.157.149.188
|
ip
|
2026-01-15 19:50:28
|
block
|
IP is part of ASN AS132203, which is blocklisted for confirmed persistent malicious activity, indicating a high-risk association.
|
0.949999988079071
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-15 13:10:21
|
watchlist
|
IP from Vietnam accessing suspicious obfuscated paths, consistent with early reconnaissance from other blocklisted IPs from the same region, despite no direct WAF flags or detected threats yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-15 13:10:21
|
watchlist
|
IP is in close proximity to a blocklisted IP (157.180.49.118) identified for persistent malicious activity, warrants further observation.
|
0.5
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-15 13:10:21
|
watchlist
|
TLS fingerprint associated with an IP (157.180.49.120) in close proximity to a blocklisted IP, warrants further observation.
|
0.5
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-15 13:00:18
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Associated with an IP showing legitimate browsing behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-15 13:00:17
|
ignore
|
No requests, no detected threat activity, no WAF flags, and no security rule hits observed since being added to watchlist.
|
0.800000011920929
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-15 13:00:17
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Entity appears clean.
|
0.949999988079071
|
severity: Severity.low
|
|
175.44.42.104
|
ip
|
2026-01-15 13:00:17
|
block
|
IP with multiple WAF alerts (3910001, 3910006), detected threat requests (2/12), and access to a highly obfuscated path, indicating escalating malicious probing.
|
0.8500000238418579
|
severity: Severity.critical
|
|
157.180.49.120
|
ip
|
2026-01-15 13:00:17
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Accessed paths are legitimate browsing behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
34.116.155.95
|
ip
|
2026-01-15 13:00:17
|
block
|
IP associated with blocklisted ASN AS396982, which is known for extensive WordPress enumeration and bot impersonation. Detected threat request with WAF flagged suspicious path and triggered security alert '3910002'.
|
0.8999999761581421
|
severity: Severity.critical
|
|
141.98.11.44
|
ip
|
2026-01-15 12:40:10
|
block
|
IP performing WordPress brute-force attempts targeting 'wp-login.php', with high threat request ratio (84.2%), and belonging to ASN AS209605 which is blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2001:bc8:701:51:da5e:d3ff:fe49:a574
|
ip
|
2026-01-15 08:20:04
|
block
|
Accessed a highly obfuscated and suspicious path, strongly indicating malicious probing or attempted exploitation, consistent with previously blocklisted entities.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e010387cc36ee791e
|
tls
|
2026-01-15 08:20:04
|
block
|
Associated with an IP accessing a highly obfuscated path, indicating a malicious client fingerprint consistent with previously blocklisted TLS fingerprints.
|
0.949999988079071
|
severity: Severity.critical
|
|
175.44.42.104
|
ip
|
2026-01-15 08:10:12
|
watchlist
|
IP shows low rate of WAF alerts (3910001, 3910006) and a small number of detected threat requests (2/12) accessing common web paths. Not severe enough to block, but warrants monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:bc8:701:51:da5e:d3ff:fe49:a574
|
ip
|
2026-01-15 08:10:12
|
ignore
|
No malicious activity, WAF flags, or security rule hits detected. Entity is not currently on the watchlist and shows no suspicious behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
208.84.101.102
|
ip
|
2026-01-15 08:10:12
|
block
|
High percentage of threat requests (45%), bot impersonation, active WordPress enumeration (wlwmanifest.xml scans), and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403). Associated ASN (AS22295) is also blocklisted.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:28:0:3
|
ip
|
2026-01-15 08:10:12
|
block
|
Extremely high detected threat requests (18/5), multiple WAF alerts including bot impersonation, indicating severe automated malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:28:0:5
|
ip
|
2026-01-15 08:10:12
|
block
|
Extremely high detected threat requests (26/14), multiple WAF alerts including bot impersonation, and access to suspicious flagged paths ("mcp", "sse"), indicating severe automated malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.69.92.175
|
ip
|
2026-01-15 08:10:12
|
block
|
Although no direct malicious activity from this IP, its associated ASN (AS396982) is blocklisted for extensive WordPress enumeration, bot impersonation, and critical WAF deny rules, indicating a high risk.
|
0.8999999761581421
|
severity: Severity.critical
|
|
AS215930
|
asn
|
2026-01-15 08:10:12
|
block
|
High percentage of detected threat requests (50/56), actively targeting 'wp-login.php', and triggered a brute-force WAF alert (3900998). This ASN has multiple IPs previously blocklisted for identical activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e010387cc36ee791e
|
tls
|
2026-01-15 08:10:12
|
ignore
|
No malicious activity, WAF flags, or security rule hits detected. Entity is not currently on the watchlist and shows no suspicious behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 14:29:07
|
watchlist
|
No direct malicious activity detected in current data, but keeping for further observation as it appeared in the suspicious entities queue.
|
0.30000001192092896
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 14:29:07
|
watchlist
|
No direct malicious activity detected in current data, but keeping for further observation as it appeared in the suspicious entities queue.
|
0.30000001192092896
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 14:29:07
|
watchlist
|
No direct malicious activity detected in current data, but keeping for further observation as it appeared in the suspicious entities queue.
|
0.30000001192092896
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 14:19:05
|
watchlist
|
Accessed suspicious 'akam' paths, indicating potential reconnaissance or bot activity, but no direct WAF flags or confirmed threats yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-14 14:19:05
|
ignore
|
Activity consists of legitimate web crawling (accessing sitemap, categories, tags) with no detected threats or WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 14:19:05
|
ignore
|
Activity consists of legitimate web crawling (accessing sitemap, categories, tags) with no detected threats or WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:59:03
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Accessed paths are benign WordPress assets, indicating normal web traffic.
|
1.0
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:49:05
|
ignore
|
No detected malicious activity, all requests were benign and to standard paths.
|
1.0
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:39:06
|
ignore
|
No malicious activity detected: 0 threat requests, no WAF flags, and standard web browsing patterns.
|
0.949999988079071
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 13:39:06
|
watchlist
|
Accessed potentially obfuscated 'akam' paths, and originates from a region (VN) with other blocklisted IPs for malicious activity. No direct threats or WAF flags currently, but warrants monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-14 13:39:06
|
watchlist
|
IP address is numerically close to a blocklisted IP (157.180.49.118) known for persistent malicious activity. While current traffic shows no direct threats, proximity suggests potential for rotating malicious IPs or related infrastructure.
|
0.6499999761581421
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 13:39:06
|
watchlist
|
This TLS fingerprint is associated with IP 157.180.49.120, which is numerically close to a blocklisted IP, suggesting potential for related malicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
14.174.193.15
|
ip
|
2026-01-14 13:29:12
|
ignore
|
Entity has recorded no activity (0 total requests, 0 threat requests) since being added to the watchlist. No current threat indicators.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:29:12
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. All accessed paths are benign WordPress component files.
|
0.10000000149011612
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 13:29:12
|
ignore
|
Entity has recorded no activity (0 total requests, 0 threat requests) since being added to the watchlist. No current threat indicators.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 13:29:12
|
ignore
|
Entity has recorded no activity (0 total requests, 0 threat requests) since being added to the watchlist. No current threat indicators.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:19:08
|
ignore
|
No malicious activity detected during observation period: zero detected threat requests, no WAF flags, and no security rule hits. This entity appears clean and does not warrant further monitoring or blocking.
|
0.949999988079071
|
severity: Severity.low
|
|
104.28.203.60
|
ip
|
2026-01-14 13:09:09
|
block
|
All requests (100%) were detected as threats, almost all accessed paths flagged by WAF, triggered a critical 'IPBLOCK-BURST4-318403' deny rule, and its ASN (AS13335) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-14 13:09:09
|
watchlist
|
Accessed obfuscated paths (e.g., 'akam/...'), indicating potential probing, although no WAF flags or new threat requests were detected. Previous AI assessment set medium confidence and severity, warranting continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 13:09:09
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits observed since being added to watchlist. Previous AI confidence was low.
|
0.8999999761581421
|
severity: Severity.low
|