|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:01:00
|
ignore
|
No new malicious activity detected since being added to the watchlist, and no requests recorded.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:56:02
|
watchlist
|
Accessed suspicious WordPress administrative path (wp-admin/admin-ajax.php), AI assessment indicates medium severity with no direct threat detections yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:51:01
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' which is often abused in attacks. No WAF flags currently, but warrants close monitoring for further suspicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:46:02
|
ignore
|
Entity shows no current malicious activity, no WAF flags, no threat requests, and low AI confidence/severity, suggesting it is safe to remove.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:36:01
|
watchlist
|
Accessed a commonly exploited WordPress admin path (wp-admin/admin-ajax.php) without triggering WAF or security rules, suggesting potential reconnaissance.
|
0.6499999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:30:59
|
ignore
|
No activity detected from this entity since being added to the watchlist. No requests or threat detections.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:20:59
|
watchlist
|
Entity shows suspicious behavior with medium confidence, requiring continued monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:16:00
|
watchlist
|
Accessed sensitive WordPress path wp-admin/admin-ajax.php, but no WAF alerts or detected threats yet. Requires continued monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:01:02
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php', which is often targeted by bots and attackers. While no explicit WAF flags or threat detections occurred, this path warrants vigilance. Requires further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
3%7ede8d6a84fab8672b
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed common malicious client fingerprint associated with suspicious access patterns and reconnaissance.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede29393936a8dc4153
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.949999988079071
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using an unknown TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7efe38c35477967146
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.8999999761581421
|
severity: Severity.critical
|
|
141.98.11.115
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed highly malicious automated activity and bot impersonation.
|
1.0
|
severity: Severity.critical
|
|
123.6.49.50
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
178.33.134.25
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.106
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
172.190.142.176
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
157.180.49.118
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8500000238418579
|
severity: Severity.medium
|
|
172.192.3.69
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed suspicious PHP file probing, WAF deny rule triggered, and associated ASN is blocked.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.107
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.16
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.12
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.11
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.144
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.205
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.3
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.2
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
194.50.16.252
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.161
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
195.178.110.201
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed severe reconnaissance and potential exploit attempts (LFI anomaly, sensitive file access).
|
1.0
|
severity: Severity.critical
|
|
196.251.84.111
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
196.251.66.28
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
195.178.110.75
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:4878:8216:510:dddd:b98a:3a76:296c
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.171.207.158
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8500000238418579
|
severity: Severity.medium
|
|
196.251.86.207
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
20.193.136.32
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.244.26.188
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.125
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed part of a malicious subnet, linked to malicious hostname and TLS fingerprint, and accessed obfuscated paths.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:bc8:1201:19:46a8:42ff:fe1b:ae29
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.130
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
2001:bc8:1f90:4:7ec2:55ff:fe9e:8476
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8500000238418579
|
severity: Severity.medium
|
|
205.169.39.38
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
216.244.66.244
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed consistent malicious probing observed, triggering WAF alerts.
|
0.800000011920929
|
severity: Severity.medium
|