|
157.180.49.120
|
ip
|
2026-01-14 11:18:58
|
ignore
|
Extensive but legitimate browsing of site content and sitemap, no detected threats or WAF flags.
|
0.949999988079071
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:18:58
|
ignore
|
Associated with benign browsing patterns, no detected threats or WAF flags.
|
0.949999988079071
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Normal web traffic observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Paths accessed are mostly standard, 'akam' paths are not flagged.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Behavior consistent with a benign content crawler.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Behavior consistent with a benign content crawler, correlating with a benign IP.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 10:59:16
|
ignore
|
No current malicious activity, WAF flags, or detected threat requests. Past low confidence is no longer supported by recent traffic analysis.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 10:48:55
|
ignore
|
No detected malicious activity or WAF flags, indicating benign behavior.
|
1.0
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:48:55
|
ignore
|
No detected malicious activity or WAF flags, indicating benign behavior.
|
1.0
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:48:55
|
ignore
|
No detected malicious activity or WAF flags, indicating benign behavior.
|
1.0
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 10:38:48
|
ignore
|
No malicious activity detected; accessed common website assets and blog pages.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:38:48
|
ignore
|
No malicious activity detected; accessed common blog pages and sitemap.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:38:48
|
ignore
|
No malicious activity detected; associated IP showed benign browsing behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 10:29:11
|
ignore
|
No malicious activity detected and not currently on any watchlists.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:29:11
|
ignore
|
No malicious activity detected and not currently on any watchlists.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:29:11
|
ignore
|
No malicious activity detected and not currently on any watchlists.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 10:18:54
|
watchlist
|
Accessed obfuscated 'akam' paths, which can indicate probing attempts, but no direct WAF flags or threat requests were detected. Further monitoring is warranted.
|
0.6000000238418579
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:18:54
|
ignore
|
No activity (0 total requests) detected since being added to the watchlist, and no malicious behavior observed in the current period. Does not warrant continued monitoring based on current data.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 10:08:59
|
ignore
|
No malicious activity detected since being added to watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:08:59
|
ignore
|
No malicious activity detected since being added to watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.57
|
ip
|
2026-01-14 10:08:59
|
block
|
Associated with blocklisted ASN AS3356, which has a history of widespread malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.1.19.191
|
ip
|
2026-01-14 10:08:59
|
block
|
AI identified as critical severity with high confidence, despite no recent activity.
|
0.800000011920929
|
severity: Severity.critical
|
|
34.122.147.229
|
ip
|
2026-01-14 10:08:59
|
block
|
Associated with blocklisted ASN AS396982, which has a history of extensive malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.123.170.104
|
ip
|
2026-01-14 10:08:59
|
block
|
Associated with blocklisted ASN AS396982, which has a history of extensive malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:08:59
|
watchlist
|
AI identified as medium severity, but no recent malicious activity detected to warrant immediate block.
|
0.75
|
severity: Severity.medium
|
|
14.174.193.15
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
No new malicious activity, but previously flagged for suspicious behavior (AI Confidence 0.6).
|
0.6000000238418579
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 09:59:06
|
ignore
|
No current or recent malicious activity detected, and previous AI confidence was low (0.3).
|
0.30000001192092896
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
No new direct malicious activity, but a neighboring IP (157.180.49.118) is blocklisted for persistent malicious activity, suggesting this IP may belong to a suspicious range.
|
0.75
|
severity: Severity.medium
|
|
205.169.39.218
|
ip
|
2026-01-14 09:59:06
|
block
|
Multiple detected threat requests, WAF flagged paths, several security alerts, and associated with blocklisted ASN AS3356.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-14 09:59:06
|
ignore
|
No current or recent malicious activity detected, and previous AI confidence was low (0.7, but stated low severity).
|
0.30000001192092896
|
severity: Severity.low
|
|
205.169.39.57
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
IP associated with blocklisted ASN AS3356, indicating potential risk, though no direct malicious activity observed yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-14 09:59:06
|
ignore
|
No current or recent malicious activity detected, and previous AI confidence was low (0.3).
|
0.30000001192092896
|
severity: Severity.low
|
|
34.1.19.191
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
Previously accessed an obfuscated path and is associated with blocklisted ASN AS15169, requiring continued monitoring.
|
0.800000011920929
|
severity: Severity.critical
|
|
34.123.170.104
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
IP associated with blocklisted ASN AS396982, indicating potential risk, though no direct malicious activity observed yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
34.116.248.149
|
ip
|
2026-01-14 09:59:06
|
block
|
Detected threat requests, WAF flagged paths, security alerts, and associated with blocklisted ASN AS396982.
|
0.949999988079071
|
severity: Severity.critical
|
|
34.122.147.229
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
IP associated with blocklisted ASN AS396982, indicating potential risk, though no direct malicious activity observed yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 09:59:06
|
watchlist
|
TLS fingerprint associated with IP 157.180.49.120, which is kept in watchlist due to proximity to a blocklisted malicious IP.
|
0.75
|
severity: Severity.medium
|
|
154.28.229.89
|
ip
|
2026-01-14 09:49:05
|
block
|
Extremely high ratio of detected threat requests (54/13), with multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating persistent automated malicious probing and exploit attempts, consistent with other blocklisted entities.
|
0.949999988079071
|
severity: Severity.critical
|
|
134.209.25.199
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
165.227.173.41
|
ip
|
2026-01-14 09:49:05
|
block
|
Actively targeting sensitive configuration files (.git/config, .env, info.php) and known exploits (Jira exploit). All requests flagged by WAF, triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
178.128.207.138
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.218
|
ip
|
2026-01-14 09:49:05
|
watchlist
|
Low percentage of detected threat requests (4/36) related to Akamai bot management alerts. While its ASN AS3356 is blocklisted for malicious activity, this specific IP's current behavior does not warrant immediate blocking but requires continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
205.169.39.57
|
ip
|
2026-01-14 09:49:05
|
ignore
|
No detected threat requests, no paths flagged by WAF, and no security rules triggered, indicating no current malicious activity. Although its ASN AS3356 is blocklisted, this specific IP appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.116.248.149
|
ip
|
2026-01-14 09:49:05
|
ignore
|
Very low threat activity (1/33 requests) and only an Akamai bot management alert, no critical deny rules triggered. Despite its ASN AS396982 being blocklisted, this specific IP's current behavior is not critically malicious.
|
0.800000011920929
|
severity: Severity.low
|
|
34.122.147.229
|
ip
|
2026-01-14 09:49:05
|
ignore
|
No detected threat requests, no paths flagged by WAF, and no security rules triggered, indicating no current malicious activity. Although its ASN AS396982 is blocklisted, this specific IP appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
46.101.1.225
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
34.123.170.104
|
ip
|
2026-01-14 09:49:05
|
ignore
|
No detected threat requests, no paths flagged by WAF, and no security rules triggered, indicating no current malicious activity. Although its ASN AS396982 is blocklisted, this specific IP appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
68.183.9.16
|
ip
|
2026-01-14 09:49:05
|
block
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot impersonation), and triggered critical deny rules (LFI-ANOMALY, IPBLOCK-PENALTY-BOX). Associated ASN AS14061 is blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
14.174.193.15
|
ip
|
2026-01-13 23:08:15
|
watchlist
|
Accessed a suspicious obfuscated path 'akam/13/pixel_28ae533f' similar to those seen from blocklisted malicious entities, from a region (Vietnam) associated with previous threats.
|
0.6000000238418579
|
severity: Severity.medium
|
|
66.249.66.68
|
ip
|
2026-01-13 18:07:57
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) is already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|