|
192.161.58.113
|
ip
|
2026-01-05 19:17:17
|
ignore
|
No suspicious activity detected; accessed only static web assets, no WAF flags or threat requests.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:07:10
|
ignore
|
No malicious activity detected: 0 out of 11 total requests were identified as threats, no paths were flagged by WAF, and no security rule alerts or denies were triggered. The accessed paths consist of benign static web assets (CSS and images).
|
0.949999988079071
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:57:15
|
ignore
|
No malicious activity detected. All requests were for normal web assets, with no WAF flags or security rule hits. The entity is not currently on the watchlist or blocklist.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:47:08
|
ignore
|
No detected threat requests, no WAF flags, and only accessed standard web assets. Entity shows no signs of malicious activity.
|
0.949999988079071
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:37:13
|
ignore
|
Entity exhibits no malicious activity, no WAF flags, and only accessed static web assets. No detected threat requests (0/11) or security rule hits. This IP is benign and does not warrant observation.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:27:07
|
ignore
|
No detected threat requests, no WAF flags, no security rule hits, and accessed only normal static web assets. Its ASN is not blocklisted.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:17:12
|
ignore
|
Entity accessed only static content, showed no detected threat requests, and triggered no WAF flags or security alerts. No malicious activity identified.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:07:09
|
ignore
|
No malicious activity or suspicious patterns detected; all requests are for standard web assets and passed WAF without alerts or denies.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 17:57:07
|
ignore
|
All requests were for static web assets (CSS, images), with no detected threats, WAF flags, or security rule hits. Behavior is entirely benign and not indicative of any malicious activity.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 17:47:04
|
ignore
|
No detected threat requests, no WAF flags, no security rule hits, and only accessed benign static web assets. The IP and its ASN are not present in the blocklist.
|
1.0
|
severity: Severity.low
|
|
3%7e5280136f5f66ec7b
|
tls
|
2026-01-05 00:05:22
|
block
|
Extremely high threat request ratio (39/15), all accessed paths flagged by WAF including WordPress sensitive paths ('xmlrpc.php', 'wp-login.php'), multiple security alerts (e.g., 'BOT-BROWSER-IMPERSONATOR'), and critical WAF deny rules ('IPBLOCK-PENALTY-BOX', 'PLATFORM-ANOMALY') were triggered. This pattern is consistent with other blocklisted malicious entities.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-04 23:15:24
|
ignore
|
No recent detected threat requests, WAF flags, or security rule hits. Behavior no longer appears suspicious.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-04 23:15:24
|
ignore
|
No recent detected threat requests, WAF flags, or security rule hits. Current behavior does not align with the malicious activity of other IPs from its blocklisted ASN.
|
0.8500000238418579
|
severity: Severity.low
|
|
74.7.228.51
|
ip
|
2026-01-04 23:15:24
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and it triggered security alert '3991023'. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with identical behavior.
|
1.0
|
severity: Severity.critical
|
|
152.69.210.5
|
ip
|
2026-01-03 05:23:12
|
block
|
The IP is actively targeting sensitive WordPress admin and login paths, with all requests (100%) flagged by WAF and multiple security alerts (including bot impersonation). Its associated ASN (AS31898) is already blocklisted for similar malicious activity from other IPs.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.64
|
ip
|
2026-01-03 04:23:08
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991006'. Its associated ASN (AS15169) and multiple other IPs from the same subnet are already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
104.28.203.58
|
ip
|
2026-01-03 01:12:54
|
block
|
All requests (100%) from this IP were flagged by WAF, accessing suspicious PHP files and WordPress admin paths, and triggered a security alert, indicating active malicious probing or exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
AS13335
|
asn
|
2026-01-03 01:12:54
|
block
|
All requests (100%) associated with this ASN were flagged by WAF, accessing suspicious PHP files and WordPress admin paths, and triggered a security alert, indicating widespread malicious probing or exploitation attempts from this network.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-02 22:42:53
|
watchlist
|
Accessed suspicious 'akam' paths which are similar in pattern to those found in blocklisted entities. While no direct WAF flags or security rules were triggered for this specific IP, the pattern warrants further monitoring.
|
0.75
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 22:32:52
|
ignore
|
Entity previously added to watchlist showed no actual malicious activity, with 0 detected threat requests, no WAF flags, and no security rule hits observed since being placed on the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 22:32:52
|
watchlist
|
IP belongs to an ASN (AS43357) from which another IP was recently blocked for critical malicious activity, but this specific IP shows no direct malicious signs yet.
|
0.699999988079071
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 22:22:48
|
watchlist
|
Accessed obfuscated 'akam' paths similar to those seen in blocklisted IPs, suggesting potential malicious probing, though no direct WAF flags or threat requests detected yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 22:22:48
|
ignore
|
All requests were to legitimate WordPress paths, with no detected threat requests, WAF flags, or security rule hits. No signs of malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-01-02 22:12:51
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed, indicating the entity no longer exhibits suspicious behavior.
|
0.75
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 22:12:51
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed, indicating the entity no longer exhibits suspicious behavior.
|
0.800000011920929
|
severity: Severity.low
|
|
43.135.145.117
|
ip
|
2026-01-02 22:12:51
|
block
|
High percentage of detected threat requests (40%), WAF-flagged obfuscated paths, and triggered security alert '3900999', consistent with blocklisted ASN AS132203 and correlated TLS fingerprints exhibiting similar critical malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.205.118.141
|
ip
|
2026-01-02 19:32:38
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
20.239.67.81
|
ip
|
2026-01-02 15:02:19
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:52:07
|
watchlist
|
IP's ASN (AS43357) is associated with another blocklisted IP (194.36.25.27) that exhibited critical malicious probing. This IP currently shows no direct threats but warrants monitoring.
|
0.5
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 10:42:10
|
watchlist
|
IP accessed obfuscated 'akam' paths, which is suspicious and similar to patterns observed in other blocklisted entities. Lacks direct WAF flags for immediate blocking.
|
0.6000000238418579
|
severity: Severity.medium
|
|
205.169.39.22
|
ip
|
2026-01-02 10:42:10
|
block
|
IP from blocklisted ASN AS3356, accessing an obfuscated path ('akam/13/2f321ee0'), consistent with other blocklisted IPs from this ASN exhibiting malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:42:10
|
ignore
|
Entity currently shows no signs of malicious behavior, no WAF flags, and accessed paths are benign. Previous medium confidence score is no longer supported by current data.
|
0.800000011920929
|
severity: Severity.low
|
|
205.169.39.22
|
ip
|
2026-01-02 10:32:10
|
ignore
|
No new activity detected and no malicious behavior observed since being added to watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:32:10
|
watchlist
|
IP belongs to blocklisted ASN AS43357, which has shown critical malicious activity from other IPs. Current activity is benign, but warrants monitoring due to ASN reputation.
|
0.699999988079071
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 10:22:06
|
ignore
|
No detected malicious activity, WAF not triggered, and no security rule hits for this IP. Appears to be benign traffic.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:22:06
|
ignore
|
No current malicious activity detected for this specific IP; accessing benign WordPress assets. While its ASN includes a blocklisted IP, this entity shows no suspicious behavior.
|
0.800000011920929
|
severity: Severity.low
|
|
141.98.11.52
|
ip
|
2026-01-02 10:12:10
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-02 10:12:10
|
ignore
|
No current malicious activity detected, no WAF flags or security rule hits, and low AI confidence score. Behavior no longer warrants watchlist inclusion.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.22
|
ip
|
2026-01-02 10:12:10
|
watchlist
|
Although no new WAF flags or threat requests, the associated ASN (AS3356) is blocklisted for widespread malicious activity including accessing suspicious paths ('akam/13/2f321ee0' in this case). Medium AI confidence suggests continued monitoring.
|
0.75
|
severity: Severity.medium
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:12:10
|
ignore
|
No current malicious activity detected, no WAF flags or security rule hits. All accessed paths appear benign. Despite previous medium AI confidence, current behavior does not warrant watchlist inclusion.
|
0.8500000238418579
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-01-02 06:51:56
|
watchlist
|
Accessed unusual 'akam' paths which can sometimes be associated with tracking or malicious activity, despite no direct WAF flags or detected threats yet. Warrants further monitoring.
|
0.30000001192092896
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 06:51:56
|
watchlist
|
Associated with ASN AS43357, which is blocklisted due to high percentage of threat requests and suspicious activity (including obfuscated paths and WAF alerts) from other IPs. This IP's current requests are benign but it warrants monitoring due to its ASN.
|
0.699999988079071
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent malicious activity detected; no WAF flags, threat requests, or security rule hits observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
104.197.69.115
|
ip
|
2026-01-02 06:42:08
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and associated ASN AS396982 is already blocklisted for similar malicious activity, indicating active threat.
|
1.0
|
severity: Severity.critical
|
|
185.220.101.18
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent activity or malicious behavior detected.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.22
|
ip
|
2026-01-02 06:42:08
|
watchlist
|
Associated with ASN AS3356, which has multiple IPs blocklisted for suspicious activity. While this specific IP shows no direct malicious hits, its proximity to other threats from the same ASN warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
205.169.39.126
|
ip
|
2026-01-02 06:42:08
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and multiple alerts. Associated ASN AS3356 has multiple blocklisted IPs showing similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent malicious activity detected; no WAF flags, threat requests, or security rule hits observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent malicious activity detected; no WAF flags, threat requests, or security rule hits observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
AS3356
|
asn
|
2026-01-02 06:42:08
|
block
|
Multiple IPs within this ASN exhibit malicious behavior, including triggering critical WAF deny rules like 'IPBLOCK-BURST4-318403' and accessing suspicious paths, indicating persistent and widespread threat activity from this network.
|
1.0
|
severity: Severity.critical
|