|
4.241.228.159
|
ip
|
2026-01-10 05:12:52
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and WordPress admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.61
|
ip
|
2026-01-10 03:02:41
|
block
|
Actively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggered critical LFI and reputation-based deny rules, and belongs to a blocklisted ASN with other IPs exhibiting identical severe malicious behavior.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 21:52:38
|
watchlist
|
IP accessing a domain (www.darcherif.fr) frequently targeted by blocklisted malicious entities, despite no current malicious activity detected from this IP.
|
0.30000001192092896
|
severity: Severity.low
|
|
185.209.196.229
|
ip
|
2026-01-09 21:42:26
|
block
|
Accessed highly suspicious '.suspected' web shell paths, indicating critical web shell upload or exploitation attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 21:42:26
|
ignore
|
No new malicious activity detected; accessed paths are benign WordPress files, and no WAF flags or threat requests were observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
195.24.236.78
|
ip
|
2026-01-09 17:22:03
|
block
|
IP attempted to access highly suspicious paths like 'plugins/content/apismtp/apismtp.php.suspected' and 'wp-content/plugins/apikey/apikey.php.suspected', strongly indicating web shell upload or exploitation attempts, despite no immediate WAF flags.
|
0.8999999761581421
|
severity: Severity.critical
|
|
217.113.194.103
|
ip
|
2026-01-09 11:51:43
|
block
|
All requests (100%) were detected as threats and flagged by WAF, triggering security alert '3991020'. This behavior is consistent with other blocklisted IPs from the same ASN (AS210743).
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 11:02:13
|
watchlist
|
IP accessed a domain (www.darcherif.fr) heavily targeted and associated with numerous blocklisted malicious entities (IPs, ASNs, TLS fingerprints), warranting continued monitoring despite currently showing no direct malicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 10:51:44
|
ignore
|
No suspicious activity detected; zero WAF flags, zero detected threat requests, and no security rule hits. Does not warrant inclusion in watchlist.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 10:41:42
|
ignore
|
No malicious activity detected. All 25 requests were to benign paths, no WAF rules were triggered, and zero threat requests were observed.
|
1.0
|
severity: Severity.low
|
|
185.177.72.67
|
ip
|
2026-01-09 10:21:40
|
block
|
IP is aggressively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggering critical 'LFI-ANOMALY' and reputation-based deny rules. Its associated ASN AS211590 is already blocklisted for persistent malicious activity, with other IPs from this ASN exhibiting identical severe malicious behavior.
|
1.0
|
severity: Severity.critical
|
|
3%7e9b3e34567f4e1910
|
tls
|
2026-01-09 10:01:37
|
block
|
All requests (100%) associated with this TLS fingerprint targeted highly sensitive configuration files and triggered critical LFI-ANOMALY and reputation-based WAF deny rules.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.200
|
ip
|
2026-01-09 07:51:34
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and multiple alerts. Associated ASN AS3356 has multiple blocklisted IPs showing similar malicious activity, including accessing suspicious obfuscated paths.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.8
|
ip
|
2026-01-09 07:51:34
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and has a high percentage of detected threat requests. Associated ASN AS3356 is blocklisted for similar activity, indicating a persistent threat from this network.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.69
|
ip
|
2026-01-08 22:51:10
|
block
|
IP is aggressively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggering critical 'LFI-ANOMALY' and reputation-based deny rules. Its associated ASN AS211590 is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.54
|
ip
|
2026-01-08 17:20:49
|
block
|
IP belongs to blocklisted ASN AS48090, shows a high ratio of detected threat requests (22/10), and triggered multiple critical WAF alerts including 'BOT-BROWSER-IMPERSONATOR' for suspicious probing.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.132
|
ip
|
2026-01-08 15:40:46
|
block
|
Actively probing for sensitive configuration files, detected as a bot impersonator, triggered critical LFI and IPBLOCK burst WAF deny rules, and its ASN (AS48090) is already blocklisted for identical malicious activity from other IPs.
|
1.0
|
severity: Severity.critical
|
|
4.190.211.79
|
ip
|
2026-01-08 15:40:46
|
block
|
All requests were detected as threats, targeted known malicious PHP files including a 'wp_filemanager.php' exploit, triggered a critical 'IPBLOCK' WAF deny rule, and its ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
13.55.232.71
|
ip
|
2026-01-08 09:00:18
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
52.64.60.91
|
ip
|
2026-01-08 06:20:12
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
141.98.11.120
|
ip
|
2026-01-07 21:29:48
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-07 21:29:48
|
ignore
|
No malicious activity detected: 0 threat requests out of 11 total, no WAF flags, and no security rule hits. The AI confidence score is also very low (0.1).
|
0.8999999761581421
|
severity: Severity.low
|
|
52.178.176.146
|
ip
|
2026-01-07 20:19:47
|
block
|
All requests (100%) from this IP were flagged as threats, accessing suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
35.231.29.86
|
ip
|
2026-01-07 15:29:31
|
block
|
IP is performing extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), has an exceptionally high number of detected threat requests, and belongs to ASN AS396982, which is blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
52.169.143.103
|
ip
|
2026-01-07 13:59:25
|
block
|
All requests (100%) were detected as threats, all accessed suspicious PHP and config files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.39
|
ip
|
2026-01-07 11:09:16
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) and multiple other IPs from the same subnet are already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.156.128.112
|
ip
|
2026-01-07 01:08:43
|
block
|
All accessed paths (100%) were flagged by WAF, detected threat events greatly exceed total requests (35 over 5), and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR' were triggered. The associated ASN AS211680 has another IP blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
176.65.148.161
|
ip
|
2026-01-07 00:48:40
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3990011'. Its associated ASN AS51396 is already blocklisted for severe malicious activity, indicating high confidence in malicious intent.
|
1.0
|
severity: Severity.critical
|
|
142.93.129.190
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
143.110.217.244
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
159.223.132.86
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
46.101.111.185
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
213.35.103.47
|
ip
|
2026-01-06 21:28:33
|
block
|
IP actively targeting sensitive WordPress admin and login paths, with all accessed paths flagged by WAF. Triggered critical 'IPBLOCK-BURST4' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS31898) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-06 08:37:58
|
watchlist
|
New IP address exhibiting benign behavior, no detected threats or WAF flags. Placed on watchlist for initial observation.
|
0.10000000149011612
|
severity: Severity.low
|
|
91.92.241.119
|
ip
|
2026-01-06 08:37:58
|
block
|
Extremely high number of detected threat requests (64 over 17), numerous WAF flags on all accessed paths, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious activity similar to previously blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-06 08:27:54
|
ignore
|
The entity exhibits no detected threat requests, WAF flags, or security rule hits. All accessed paths are benign static content, indicating normal user behavior. Therefore, it is safe and should not be on a watchlist.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-06 08:17:54
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All accessed paths were static and benign content. Entity shows no signs of malicious activity.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-06 08:07:49
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All accessed paths are consistent with normal web traffic.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 21:07:17
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits, indicating benign web traffic.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:57:14
|
ignore
|
No detected threat requests, no WAF flags, and only accessed standard website assets.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:47:19
|
ignore
|
No suspicious activity detected; observed normal web traffic patterns and no WAF flags or threat requests.
|
0.8999999761581421
|
severity: Severity.low
|
|
65.111.27.46
|
ip
|
2026-01-05 20:47:19
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, including probing sensitive WordPress paths like 'xmlrpc.php', and triggered security alert '3900999', indicating active malicious probing.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-05 20:37:18
|
ignore
|
No malicious activity detected: 0 out of 11 requests were threats, no WAF rules triggered, and all accessed paths are benign. The associated ASN (AS203020) is not on the blocklist.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:27:15
|
ignore
|
No malicious activity detected. This IP accessed only standard web assets, triggered no security alerts or WAF flags, and shows no signs of suspicious behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:17:09
|
ignore
|
No malicious activity detected; accessed only static website assets and triggered no security alerts or WAF flags. This IP shows benign browsing behavior.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:07:13
|
ignore
|
No malicious activity or suspicious patterns detected. All requests are for static, benign web assets, with zero threat detections, WAF flags, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:57:13
|
ignore
|
No suspicious activity detected. All requests were for static web assets, with no WAF flags, detected threats, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:47:12
|
ignore
|
Entity performed only benign requests for static website assets, with no detected threat requests, no WAF flags, and no security rule hits. No malicious activity observed.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:37:14
|
ignore
|
No malicious activity detected, no WAF flags, and only accessed static content. Behaves as benign.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:27:15
|
ignore
|
Entity shows no signs of malicious behavior; all requests were for legitimate static assets, with no WAF flags or detected threat requests.
|
1.0
|
severity: Severity.low
|