|
3%7eab81c74b51922644
|
tls
|
2026-01-15 13:00:18
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Associated with an IP showing legitimate browsing behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-15 13:00:17
|
ignore
|
No requests, no detected threat activity, no WAF flags, and no security rule hits observed since being added to watchlist.
|
0.800000011920929
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-15 13:00:17
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Entity appears clean.
|
0.949999988079071
|
severity: Severity.low
|
|
175.44.42.104
|
ip
|
2026-01-15 13:00:17
|
block
|
IP with multiple WAF alerts (3910001, 3910006), detected threat requests (2/12), and access to a highly obfuscated path, indicating escalating malicious probing.
|
0.8500000238418579
|
severity: Severity.critical
|
|
157.180.49.120
|
ip
|
2026-01-15 13:00:17
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Accessed paths are legitimate browsing behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
34.116.155.95
|
ip
|
2026-01-15 13:00:17
|
block
|
IP associated with blocklisted ASN AS396982, which is known for extensive WordPress enumeration and bot impersonation. Detected threat request with WAF flagged suspicious path and triggered security alert '3910002'.
|
0.8999999761581421
|
severity: Severity.critical
|
|
141.98.11.44
|
ip
|
2026-01-15 12:40:10
|
block
|
IP performing WordPress brute-force attempts targeting 'wp-login.php', with high threat request ratio (84.2%), and belonging to ASN AS209605 which is blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2001:bc8:701:51:da5e:d3ff:fe49:a574
|
ip
|
2026-01-15 08:20:04
|
block
|
Accessed a highly obfuscated and suspicious path, strongly indicating malicious probing or attempted exploitation, consistent with previously blocklisted entities.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e010387cc36ee791e
|
tls
|
2026-01-15 08:20:04
|
block
|
Associated with an IP accessing a highly obfuscated path, indicating a malicious client fingerprint consistent with previously blocklisted TLS fingerprints.
|
0.949999988079071
|
severity: Severity.critical
|
|
175.44.42.104
|
ip
|
2026-01-15 08:10:12
|
watchlist
|
IP shows low rate of WAF alerts (3910001, 3910006) and a small number of detected threat requests (2/12) accessing common web paths. Not severe enough to block, but warrants monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:bc8:701:51:da5e:d3ff:fe49:a574
|
ip
|
2026-01-15 08:10:12
|
ignore
|
No malicious activity, WAF flags, or security rule hits detected. Entity is not currently on the watchlist and shows no suspicious behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
208.84.101.102
|
ip
|
2026-01-15 08:10:12
|
block
|
High percentage of threat requests (45%), bot impersonation, active WordPress enumeration (wlwmanifest.xml scans), and triggered a critical WAF deny rule (IPBLOCK-BURST4-318403). Associated ASN (AS22295) is also blocklisted.
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:28:0:5
|
ip
|
2026-01-15 08:10:12
|
block
|
Extremely high detected threat requests (26/14), multiple WAF alerts including bot impersonation, and access to suspicious flagged paths ("mcp", "sse"), indicating severe automated malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:28:0:3
|
ip
|
2026-01-15 08:10:12
|
block
|
Extremely high detected threat requests (18/5), multiple WAF alerts including bot impersonation, indicating severe automated malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.69.92.175
|
ip
|
2026-01-15 08:10:12
|
block
|
Although no direct malicious activity from this IP, its associated ASN (AS396982) is blocklisted for extensive WordPress enumeration, bot impersonation, and critical WAF deny rules, indicating a high risk.
|
0.8999999761581421
|
severity: Severity.critical
|
|
AS215930
|
asn
|
2026-01-15 08:10:12
|
block
|
High percentage of detected threat requests (50/56), actively targeting 'wp-login.php', and triggered a brute-force WAF alert (3900998). This ASN has multiple IPs previously blocklisted for identical activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e010387cc36ee791e
|
tls
|
2026-01-15 08:10:12
|
ignore
|
No malicious activity, WAF flags, or security rule hits detected. Entity is not currently on the watchlist and shows no suspicious behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 14:29:07
|
watchlist
|
No direct malicious activity detected in current data, but keeping for further observation as it appeared in the suspicious entities queue.
|
0.30000001192092896
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 14:29:07
|
watchlist
|
No direct malicious activity detected in current data, but keeping for further observation as it appeared in the suspicious entities queue.
|
0.30000001192092896
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 14:29:07
|
watchlist
|
No direct malicious activity detected in current data, but keeping for further observation as it appeared in the suspicious entities queue.
|
0.30000001192092896
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 14:19:05
|
watchlist
|
Accessed suspicious 'akam' paths, indicating potential reconnaissance or bot activity, but no direct WAF flags or confirmed threats yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-14 14:19:05
|
ignore
|
Activity consists of legitimate web crawling (accessing sitemap, categories, tags) with no detected threats or WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 14:19:05
|
ignore
|
Activity consists of legitimate web crawling (accessing sitemap, categories, tags) with no detected threats or WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:59:03
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Accessed paths are benign WordPress assets, indicating normal web traffic.
|
1.0
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:49:05
|
ignore
|
No detected malicious activity, all requests were benign and to standard paths.
|
1.0
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:39:06
|
ignore
|
No malicious activity detected: 0 threat requests, no WAF flags, and standard web browsing patterns.
|
0.949999988079071
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 13:39:06
|
watchlist
|
Accessed potentially obfuscated 'akam' paths, and originates from a region (VN) with other blocklisted IPs for malicious activity. No direct threats or WAF flags currently, but warrants monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-14 13:39:06
|
watchlist
|
IP address is numerically close to a blocklisted IP (157.180.49.118) known for persistent malicious activity. While current traffic shows no direct threats, proximity suggests potential for rotating malicious IPs or related infrastructure.
|
0.6499999761581421
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 13:39:06
|
watchlist
|
This TLS fingerprint is associated with IP 157.180.49.120, which is numerically close to a blocklisted IP, suggesting potential for related malicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
14.174.193.15
|
ip
|
2026-01-14 13:29:12
|
ignore
|
Entity has recorded no activity (0 total requests, 0 threat requests) since being added to the watchlist. No current threat indicators.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:29:12
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. All accessed paths are benign WordPress component files.
|
0.10000000149011612
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 13:29:12
|
ignore
|
Entity has recorded no activity (0 total requests, 0 threat requests) since being added to the watchlist. No current threat indicators.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 13:29:12
|
ignore
|
Entity has recorded no activity (0 total requests, 0 threat requests) since being added to the watchlist. No current threat indicators.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 13:19:08
|
ignore
|
No malicious activity detected during observation period: zero detected threat requests, no WAF flags, and no security rule hits. This entity appears clean and does not warrant further monitoring or blocking.
|
0.949999988079071
|
severity: Severity.low
|
|
104.28.203.60
|
ip
|
2026-01-14 13:09:09
|
block
|
All requests (100%) were detected as threats, almost all accessed paths flagged by WAF, triggered a critical 'IPBLOCK-BURST4-318403' deny rule, and its ASN (AS13335) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-14 13:09:09
|
watchlist
|
Accessed obfuscated paths (e.g., 'akam/...'), indicating potential probing, although no WAF flags or new threat requests were detected. Previous AI assessment set medium confidence and severity, warranting continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 13:09:09
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits observed since being added to watchlist. Previous AI confidence was low.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 13:09:09
|
watchlist
|
No new threat requests or WAF flags, but previous AI assessment indicated medium confidence and severity. A closely related IP (157.180.49.118) is blocklisted, warranting continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 13:09:09
|
watchlist
|
No new threat requests or WAF flags, but previous AI assessment indicated medium confidence and severity, possibly correlated with a suspicious IP. Warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 11:39:08
|
watchlist
|
Normal browsing behavior observed, no immediate threats detected, adding to watchlist for baseline monitoring.
|
0.20000000298023224
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 11:39:08
|
watchlist
|
IP from a region (VN) associated with previous attacks, accessed potentially obfuscated 'akam' paths, warrants monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-14 11:39:08
|
watchlist
|
IP is in close proximity to a blocklisted malicious IP (157.180.49.118); observed crawling behavior might be reconnaissance.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:39:08
|
watchlist
|
TLS fingerprint associated with an IP in close proximity to a blocklisted malicious IP (157.180.49.118); observed crawling behavior might be reconnaissance.
|
0.699999988079071
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
23.180.120.131
|
ip
|
2026-01-14 11:28:57
|
block
|
Extremely high ratio of detected threat requests (117/37), all accessed paths flagged by WAF, multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', and a critical WAF deny rule 'IPBLOCK-BURST4-318403' triggered. Associated ASN AS53514 is blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 11:18:58
|
ignore
|
Normal browsing behavior, no detected threats or WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 11:18:58
|
ignore
|
Normal browsing behavior, no detected threats or WAF flags. Akamai paths are common.
|
0.8500000238418579
|
severity: Severity.low
|