|
37.77.150.124
|
ip
|
2026-01-27 11:52:32
|
block
|
All requests (100%) from this IP targeted known WordPress exploit paths ('xmlrpc.php', 'wp-login.php') and triggered multiple critical WAF deny rules (IPBLOCK-PENALTY-BOX, PLATFORM-ANOMALY, POLICY-ANOMALY), indicating an active and severe brute-force or enumeration attack. Its ASN (AS198953) has other IPs blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
77.83.39.184
|
ip
|
2026-01-27 11:52:32
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. The entity no longer shows signs of malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
46.29.238.105
|
ip
|
2026-01-27 09:12:26
|
watchlist
|
Accessed a highly obfuscated and suspicious path, indicating potential reconnaissance or evasion, but no WAF flags or threat requests detected yet.
|
0.699999988079071
|
severity: Severity.medium
|
|
77.83.39.184
|
ip
|
2026-01-27 09:12:26
|
watchlist
|
Accessed 'xmlrpc.php', a common target for WordPress attacks, but no direct WAF flags or threat requests detected yet. Requires further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
46.29.238.105
|
ip
|
2026-01-27 09:02:27
|
ignore
|
No new active threat indicators detected; current data shows 0 detected threat requests and no WAF flags.
|
0.800000011920929
|
severity: Severity.low
|
|
91.98.176.9
|
ip
|
2026-01-27 09:02:27
|
block
|
Detected threat requests, WAF flagged suspicious path, and triggered security alert indicate active malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
96.41.38.202
|
ip
|
2026-01-27 09:02:27
|
block
|
Detected threat requests, WAF flagged suspicious path, and triggered security alert indicate active malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e19BE7A78618186D4
|
tls
|
2026-01-27 09:02:27
|
block
|
Detected threat requests, WAF flagged suspicious path, and triggered security alert indicate active malicious activity, correlated with another malicious entity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
185.177.72.56
|
ip
|
2026-01-26 21:31:27
|
block
|
This IP has a 100% threat request rate, triggered a critical reputation-based WAF deny rule (REP_1654536), and belongs to ASN AS211590, which is already blocklisted for persistent and severe malicious activity, including similar deny rules. This confirms active malicious intent.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.20
|
ip
|
2026-01-26 19:21:29
|
block
|
IP is part of blocklisted ASN AS3356, which has a history of widespread and persistent malicious activity from multiple IPs, warranting blocking of all associated IPs in this ASN.
|
0.949999988079071
|
severity: Severity.critical
|
|
160.30.137.9
|
ip
|
2026-01-26 18:01:19
|
block
|
Actively probing WordPress admin and login paths, with WAF alert 3900998 triggered, indicative of brute-force attempts, and originating from a high-risk geo-location (VN) with other blocklisted IPs for identical malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.52
|
ip
|
2026-01-26 16:21:05
|
block
|
Aggressively probed highly sensitive configuration, credential, and exploit paths with all requests flagged by WAF, triggered multiple critical LFI, IPBLOCK, and reputation-based deny rules. Its associated ASN AS211590 is blocklisted for identical severe malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
157.55.39.203
|
ip
|
2026-01-26 13:10:56
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and triggered security alert '3991006'. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
46.29.238.105
|
ip
|
2026-01-26 11:10:47
|
watchlist
|
Accessed a highly obfuscated and suspicious path (rNiTG/9Z/Q/T/CCbFON1ihAk/puc7Xp1NaO7ENQJ5/d2tkKgcmAQ/VTUXL3/w8MEMB), indicating potential malicious probing, but currently lacks direct WAF flags or detected threat requests for immediate blocking.
|
0.699999988079071
|
severity: Severity.medium
|
|
91.98.176.9
|
ip
|
2026-01-26 08:10:31
|
watchlist
|
IP showed low ratio of detected threat requests (3.8%), but accessed a WAF-flagged obfuscated path ('akam/13/pixel_1554f24e') and triggered a security alert ('3910006'), indicating potential probing.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e19BE7A78618186D4
|
tls
|
2026-01-26 08:10:31
|
watchlist
|
TLS fingerprint showed low ratio of detected threat requests (6.25%), but accessed a WAF-flagged obfuscated path ('akam/13/pixel_1554f24e') and triggered a security alert ('3910006'), indicating potential probing.
|
0.699999988079071
|
severity: Severity.medium
|
|
91.98.176.9
|
ip
|
2026-01-26 08:00:38
|
ignore
|
IP address has shown no further malicious activity since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
96.41.38.202
|
ip
|
2026-01-26 08:00:37
|
watchlist
|
IP showed a detected threat request, had a path flagged by WAF, and triggered security alert '3900999', indicating initial malicious probing. Needs further monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7e19BE7A78618186D4
|
tls
|
2026-01-26 08:00:37
|
ignore
|
TLS fingerprint has shown no further malicious activity since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.179
|
ip
|
2026-01-26 07:50:36
|
block
|
IP showed detected threat requests, WAF flagged paths, triggered security alerts, and its associated ASN AS3356 is already blocklisted for widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
34.116.135.1
|
ip
|
2026-01-26 07:50:36
|
block
|
IP showed detected threat requests, a WAF flagged path, triggered a security alert, and its associated ASN AS396982 is already blocklisted for extensive malicious activity.
|
1.0
|
severity: Severity.critical
|
|
91.98.176.9
|
ip
|
2026-01-26 07:50:36
|
watchlist
|
Continues to show minor suspicious activity (single detected threat, WAF flagged path, security alert) but not enough to warrant a block at this time.
|
0.6499999761581421
|
severity: Severity.low
|
|
96.41.38.202
|
ip
|
2026-01-26 07:50:36
|
ignore
|
No recorded activity (total_requests: 0, detected_threat_requests: 0, no flagged paths or rule hits). No current signs of malicious behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7e19BE7A78618186D4
|
tls
|
2026-01-26 07:50:36
|
watchlist
|
Continues to show minor suspicious activity (single detected threat, WAF flagged path, security alert) but not enough evidence to warrant a block at this time.
|
0.6499999761581421
|
severity: Severity.low
|
|
52.169.124.184
|
ip
|
2026-01-26 07:40:36
|
block
|
All requests (100%) from this IP were detected as threats, accessing highly suspicious PHP files including a known WordPress File Manager exploit ('wp-content/plugins/hellopress/wp_filemanager.php'), and triggered a critical 'IPBLOCK' WAF deny rule. Its associated ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
104.28.235.60
|
ip
|
2026-01-25 23:29:59
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths (suspicious PHP files and WordPress admin paths) were flagged by WAF, and a critical 'IPBLOCK-BURST4-318403' deny rule was triggered. Its associated ASN (AS13335) is already blocklisted for widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a09:bac1:76c0:450::2db:d3
|
ip
|
2026-01-25 23:29:59
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths (suspicious PHP files and WordPress paths) were flagged by WAF, and a security alert was triggered. Its associated ASN (AS13335) is already blocklisted for identical widespread malicious activity.
|
1.0
|
severity: Severity.critical
|
|
20.89.194.119
|
ip
|
2026-01-25 19:49:28
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
91.98.176.9
|
ip
|
2026-01-25 11:08:54
|
watchlist
|
Low percentage of detected threat requests (3.8%) and only triggered a WAF alert (3910006) on a potentially benign tracking pixel.
|
0.6000000238418579
|
severity: Severity.low
|
|
3%7e19BE7A78618186D4
|
tls
|
2026-01-25 11:08:54
|
watchlist
|
Low percentage of detected threat requests (6.25%) and only triggered a WAF alert (3910006) on a potentially benign tracking pixel, correlated with IP 91.98.176.9.
|
0.6000000238418579
|
severity: Severity.low
|
|
207.154.219.217
|
ip
|
2026-01-25 03:48:17
|
block
|
IP aggressively accessed sensitive configuration files (.env), triggered critical WAF deny rules (LFI-ANOMALY, reputation-based blocks), and has an extremely high threat request ratio (6 detected for 5 total). Its associated ASN (AS14061) is already blocklisted for persistent and highly malicious activity including sensitive file probing.
|
1.0
|
severity: Severity.critical
|
|
13.217.48.7
|
ip
|
2026-01-25 03:38:28
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS14618) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
103.169.53.127
|
ip
|
2026-01-25 03:38:28
|
ignore
|
No malicious activity detected since being added to the watchlist; no threat requests or WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
105.111.199.40
|
ip
|
2026-01-25 03:38:28
|
ignore
|
No activity or malicious indicators detected since being added to the watchlist.
|
0.800000011920929
|
severity: Severity.low
|
|
96.41.38.202
|
ip
|
2026-01-25 03:38:28
|
watchlist
|
Continued detection of WAF-flagged suspicious paths ('akam/13/6d6bbf9e') and triggered alert rule '3900999', indicating persistent low-level malicious probing. Requires further monitoring.
|
0.8500000238418579
|
severity: Severity.medium
|
|
165.22.31.165
|
ip
|
2026-01-24 23:28:00
|
block
|
IP accessed sensitive configuration file (.env), triggered critical WAF deny rules (LFI-ANOMALY, reputation-based blocks), and has an extremely high threat request ratio (6 detected for 5 total). Furthermore, its associated ASN (AS14061) is already blocklisted for persistent and highly malicious activity including sensitive file probing and LFI attempts.
|
1.0
|
severity: Severity.critical
|
|
40.77.167.13
|
ip
|
2026-01-24 20:37:59
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991006'. Its associated ASN (AS8075) is already blocklisted for persistent and widespread malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
96.41.38.202
|
ip
|
2026-01-24 14:27:17
|
watchlist
|
Detected access to suspicious obfuscated path 'akam/13/6d6bbf9e' flagged by WAF and triggered security alert '3900999', indicating potential malicious probing. While total threat requests are low (11.1%), the nature of the activity warrants monitoring.
|
0.8500000238418579
|
severity: Severity.critical
|
|
45.148.10.159
|
ip
|
2026-01-24 12:06:51
|
block
|
All requests (100%) from this IP were detected as threats, targeted sensitive version control system files ('.git/config', '.svn/entries'), and triggered a critical reputation-based WAF deny rule. Its associated ASN (AS48090) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.3
|
ip
|
2026-01-23 15:25:23
|
block
|
IP belongs to blocklisted ASN AS3356, which has multiple IPs blocklisted for similar malicious activity including accessing highly obfuscated paths. This IP also accessed a highly obfuscated path, indicating malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
192.109.200.72
|
ip
|
2026-01-23 12:45:14
|
block
|
Detected WordPress brute-force attempts targeting 'wp-login.php', with the path flagged by WAF and security alert '3900998' triggered. This behavior is consistent with other blocklisted IPs.
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.41
|
ip
|
2026-01-22 17:03:51
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.1
|
ip
|
2026-01-22 17:03:51
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
103.169.53.127
|
ip
|
2026-01-22 16:34:10
|
watchlist
|
IP accessed a hostname ('www.darcherif.fr') frequently targeted by numerous blocklisted entities for WordPress enumeration and brute-force attempts. Although no direct malicious activity (0 threat requests, 0 WAF flags) was detected from this IP, its association with a highly targeted domain warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
105.111.199.40
|
ip
|
2026-01-22 16:24:04
|
watchlist
|
Entity previously flagged with medium severity and high confidence, but has shown no further activity. Requires continued monitoring.
|
0.8500000238418579
|
severity: Severity.medium
|
|
67.227.1.140
|
ip
|
2026-01-22 16:24:04
|
block
|
Accessed a highly obfuscated and suspicious path ('TXopfWNANuR3i/si/1SETC7qsZnKc/3cp5fp1mD3Lif4OJ/PD1OGXQoKgE/dTch/U2dsdHkB'), indicating malicious probing and attempted exploitation, consistent with blocklisted entities exhibiting similar behavior.
|
0.949999988079071
|
severity: Severity.critical
|
|
4.217.180.34
|
ip
|
2026-01-22 13:53:29
|
block
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with other IPs showing identical behavior.
|
1.0
|
severity: Severity.critical
|
|
94.26.106.114
|
ip
|
2026-01-22 00:21:50
|
block
|
IP is performing WordPress enumeration and brute-force attempts against 'wp-login.php', with WAF flagging and triggering a security alert, consistent with other blocklisted IPs from the same ASN (AS215607).
|
0.949999988079071
|
severity: Severity.critical
|
|
67.227.1.140
|
ip
|
2026-01-21 21:11:28
|
watchlist
|
IP accessed a highly obfuscated and suspicious path on a frequently targeted domain, indicating potential malicious reconnaissance despite no direct WAF flags or detected threat requests.
|
0.75
|
severity: Severity.medium
|
|
185.193.157.209
|
ip
|
2026-01-21 21:01:36
|
block
|
IP is performing extensive WordPress enumeration and bot impersonation, has an exceptionally high number of detected threat requests (95/31), and triggered critical WAF deny rules. Its associated ASN AS62240 is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|