|
157.180.49.120
|
ip
|
2026-01-14 13:09:09
|
watchlist
|
No new threat requests or WAF flags, but previous AI assessment indicated medium confidence and severity. A closely related IP (157.180.49.118) is blocklisted, warranting continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 13:09:09
|
watchlist
|
No new threat requests or WAF flags, but previous AI assessment indicated medium confidence and severity, possibly correlated with a suspicious IP. Warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
14.174.193.15
|
ip
|
2026-01-14 11:39:08
|
watchlist
|
IP from a region (VN) associated with previous attacks, accessed potentially obfuscated 'akam' paths, warrants monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 11:39:08
|
watchlist
|
Normal browsing behavior observed, no immediate threats detected, adding to watchlist for baseline monitoring.
|
0.20000000298023224
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 11:39:08
|
watchlist
|
IP is in close proximity to a blocklisted malicious IP (157.180.49.118); observed crawling behavior might be reconnaissance.
|
0.699999988079071
|
severity: Severity.medium
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:39:08
|
watchlist
|
TLS fingerprint associated with an IP in close proximity to a blocklisted malicious IP (157.180.49.118); observed crawling behavior might be reconnaissance.
|
0.699999988079071
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
23.180.120.131
|
ip
|
2026-01-14 11:28:57
|
block
|
Extremely high ratio of detected threat requests (117/37), all accessed paths flagged by WAF, multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', and a critical WAF deny rule 'IPBLOCK-BURST4-318403' triggered. Associated ASN AS53514 is blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:28:57
|
ignore
|
No malicious activity detected during the observed period.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 11:18:58
|
ignore
|
Normal browsing behavior, no detected threats or WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 11:18:58
|
ignore
|
Normal browsing behavior, no detected threats or WAF flags. Akamai paths are common.
|
0.8500000238418579
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 11:18:58
|
ignore
|
Extensive but legitimate browsing of site content and sitemap, no detected threats or WAF flags.
|
0.949999988079071
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:18:58
|
ignore
|
Associated with benign browsing patterns, no detected threats or WAF flags.
|
0.949999988079071
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Paths accessed are mostly standard, 'akam' paths are not flagged.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Normal web traffic observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Behavior consistent with a benign content crawler.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 11:08:59
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Behavior consistent with a benign content crawler, correlating with a benign IP.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 10:59:16
|
ignore
|
No current malicious activity, WAF flags, or detected threat requests. Past low confidence is no longer supported by recent traffic analysis.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 10:48:55
|
ignore
|
No detected malicious activity or WAF flags, indicating benign behavior.
|
1.0
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:48:55
|
ignore
|
No detected malicious activity or WAF flags, indicating benign behavior.
|
1.0
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:48:55
|
ignore
|
No detected malicious activity or WAF flags, indicating benign behavior.
|
1.0
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 10:38:48
|
ignore
|
No malicious activity detected; accessed common website assets and blog pages.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:38:48
|
ignore
|
No malicious activity detected; accessed common blog pages and sitemap.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:38:48
|
ignore
|
No malicious activity detected; associated IP showed benign browsing behavior.
|
0.8999999761581421
|
severity: Severity.low
|
|
109.166.52.58
|
ip
|
2026-01-14 10:29:11
|
ignore
|
No malicious activity detected and not currently on any watchlists.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:29:11
|
ignore
|
No malicious activity detected and not currently on any watchlists.
|
0.8999999761581421
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:29:11
|
ignore
|
No malicious activity detected and not currently on any watchlists.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 10:18:54
|
watchlist
|
Accessed obfuscated 'akam' paths, which can indicate probing attempts, but no direct WAF flags or threat requests were detected. Further monitoring is warranted.
|
0.6000000238418579
|
severity: Severity.low
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:18:54
|
ignore
|
No activity (0 total requests) detected since being added to the watchlist, and no malicious behavior observed in the current period. Does not warrant continued monitoring based on current data.
|
0.8999999761581421
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 10:08:59
|
ignore
|
No malicious activity detected since being added to watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
157.180.49.120
|
ip
|
2026-01-14 10:08:59
|
ignore
|
No malicious activity detected since being added to watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.57
|
ip
|
2026-01-14 10:08:59
|
block
|
Associated with blocklisted ASN AS3356, which has a history of widespread malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.1.19.191
|
ip
|
2026-01-14 10:08:59
|
block
|
AI identified as critical severity with high confidence, despite no recent activity.
|
0.800000011920929
|
severity: Severity.critical
|
|
34.122.147.229
|
ip
|
2026-01-14 10:08:59
|
block
|
Associated with blocklisted ASN AS396982, which has a history of extensive malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.123.170.104
|
ip
|
2026-01-14 10:08:59
|
block
|
Associated with blocklisted ASN AS396982, which has a history of extensive malicious activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 10:08:59
|
watchlist
|
AI identified as medium severity, but no recent malicious activity detected to warrant immediate block.
|
0.75
|
severity: Severity.medium
|
|
109.166.52.58
|
ip
|
2026-01-14 09:59:06
|
ignore
|
No current or recent malicious activity detected, and previous AI confidence was low (0.3).
|
0.30000001192092896
|
severity: Severity.low
|
|
14.174.193.15
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
No new malicious activity, but previously flagged for suspicious behavior (AI Confidence 0.6).
|
0.6000000238418579
|
severity: Severity.medium
|
|
157.180.49.120
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
No new direct malicious activity, but a neighboring IP (157.180.49.118) is blocklisted for persistent malicious activity, suggesting this IP may belong to a suspicious range.
|
0.75
|
severity: Severity.medium
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-14 09:59:06
|
ignore
|
No current or recent malicious activity detected, and previous AI confidence was low (0.7, but stated low severity).
|
0.30000001192092896
|
severity: Severity.low
|
|
205.169.39.218
|
ip
|
2026-01-14 09:59:06
|
block
|
Multiple detected threat requests, WAF flagged paths, several security alerts, and associated with blocklisted ASN AS3356.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.57
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
IP associated with blocklisted ASN AS3356, indicating potential risk, though no direct malicious activity observed yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
34.1.19.191
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
Previously accessed an obfuscated path and is associated with blocklisted ASN AS15169, requiring continued monitoring.
|
0.800000011920929
|
severity: Severity.critical
|
|
2a02:26f7:c9d0:6406::5
|
ip
|
2026-01-14 09:59:06
|
ignore
|
No current or recent malicious activity detected, and previous AI confidence was low (0.3).
|
0.30000001192092896
|
severity: Severity.low
|
|
34.122.147.229
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
IP associated with blocklisted ASN AS396982, indicating potential risk, though no direct malicious activity observed yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
34.123.170.104
|
ip
|
2026-01-14 09:59:06
|
watchlist
|
IP associated with blocklisted ASN AS396982, indicating potential risk, though no direct malicious activity observed yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
34.116.248.149
|
ip
|
2026-01-14 09:59:06
|
block
|
Detected threat requests, WAF flagged paths, security alerts, and associated with blocklisted ASN AS396982.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7eab81c74b51922644
|
tls
|
2026-01-14 09:59:06
|
watchlist
|
TLS fingerprint associated with IP 157.180.49.120, which is kept in watchlist due to proximity to a blocklisted malicious IP.
|
0.75
|
severity: Severity.medium
|