|
135.181.246.140
|
ip
|
2026-01-02 04:51:46
|
watchlist
|
Accessed obfuscated and suspicious paths (e.g., 'akam/13/a6b6d26', 'akam/13/pixel_a6b6d26'), indicating potential malicious probing.
|
0.699999988079071
|
severity: Severity.medium
|
|
35.79.222.149
|
ip
|
2026-01-02 01:31:44
|
block
|
IP 35.79.222.149 targeted highly sensitive configuration files (e.g., .env) with all requests flagged by WAF and triggered multiple critical deny rules including LFI-ANOMALY, IPBLOCK-BURST4, and BOT-BROWSER-IMPERSONATOR. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with many other IPs from this ASN also blocklisted for identical severe behavior.
|
1.0
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-01 23:21:31
|
watchlist
|
New IP from ASN AS43357, which has a correlated IP (194.36.25.27) blocklisted for critical malicious probing and automated attacks. Current activity is clean but limited, requiring further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
194.36.25.27
|
ip
|
2026-01-01 23:11:35
|
block
|
High percentage of detected threat requests (76.9%) including access to a highly obfuscated path, and triggered security alert '3900999', indicating persistent malicious probing or automated attacks.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-01 23:11:35
|
ignore
|
No detected threat requests, no WAF flags, and all accessed paths appear legitimate. No signs of malicious behavior.
|
1.0
|
severity: Severity.low
|
|
141.98.11.189
|
ip
|
2026-01-01 22:01:23
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', which was flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
91.224.92.182
|
ip
|
2026-01-01 21:51:19
|
block
|
IP performed a WordPress brute-force attempt targeting 'wp-login.php', which was flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
35.215.69.228
|
ip
|
2026-01-01 10:30:51
|
block
|
IP belongs to blocklisted ASN AS15169, which is associated with threatening requests and burst attacks. This IP also accessed a highly obfuscated and suspicious path, indicating malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
161.118.250.104
|
ip
|
2026-01-01 08:50:41
|
block
|
Actively targeting sensitive WordPress admin and login paths, 100% of requests flagged by WAF with critical deny rules (IPBLOCK-BURST4, REP_1654544), and associated ASN AS31898 is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2607:9000:7000:35:198:44:133:150
|
ip
|
2025-12-31 17:29:53
|
block
|
Accessed a highly obfuscated and suspicious path ('nUgzRQGQiVNp_UhOzggZItsrtwk/uzV1bNt3t53Dz2V9JY/NncmY3J3Bw/FR/cfdjtBZG8'), strongly indicating malicious probing or attempted exploitation, consistent with other blocklisted entities showing similar behavior.
|
0.949999988079071
|
severity: Severity.critical
|
|
144.217.135.240
|
ip
|
2025-12-31 11:49:33
|
block
|
Very high percentage of detected threat requests (~88.9%), all accessed paths flagged by WAF, and its associated ASN (AS16276) is already blocklisted for persistent malicious activity. Consistent with other blocklisted entities showing similar behavior.
|
1.0
|
severity: Severity.critical
|
|
3%7e03c384726f922644
|
tls
|
2025-12-31 11:49:33
|
block
|
Very high percentage of detected threat requests (~87%), all accessed paths flagged by WAF, and triggered security alert '3991017', indicating highly malicious activity. This TLS fingerprint's behavior is consistent with other blocklisted entities from the same malicious campaign.
|
1.0
|
severity: Severity.critical
|
|
149.56.150.7
|
ip
|
2025-12-31 09:19:19
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering a security alert. Its associated ASN (AS16276) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e265cf3d41dd8d729
|
tls
|
2025-12-31 09:19:19
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering a security alert, indicating highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:38:47
|
watchlist
|
IP accessed a hostname (www.darcherif.fr) that is a frequent target for WordPress enumeration and attacks by multiple blocklisted entities, indicating potential reconnaissance despite no direct WAF flags.
|
0.6499999761581421
|
severity: Severity.medium
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:28:38
|
ignore
|
No suspicious activity detected. All 24 requests were legitimate, with no WAF flags, detected threat requests, or security rule hits. The entity or its ASN is not currently on the watchlist or blocklist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:18:40
|
ignore
|
No malicious activity detected. All requests are legitimate for public WordPress resources, with no WAF flags or security rule hits.
|
1.0
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:08:40
|
ignore
|
No suspicious activity detected. All requests were for legitimate website resources, with no WAF flags, detected threat requests, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:58:33
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. All requests appear to be legitimate.
|
0.949999988079071
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:48:36
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Observed traffic consists of normal website asset requests, indicating legitimate browsing behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:38:31
|
ignore
|
No malicious activity detected. Zero threat requests, no WAF flags, and no security rule hits. All accessed paths are legitimate WordPress files.
|
0.949999988079071
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:28:41
|
ignore
|
No malicious activity detected during analysis. All requests were for benign web assets, and no WAF flags or security alerts were triggered.
|
1.0
|
severity: Severity.low
|
|
152.32.192.241
|
ip
|
2025-12-30 16:18:31
|
block
|
Extremely high number of detected threat events (50) across all 9 requests, all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
185.220.101.18
|
ip
|
2025-12-30 16:18:31
|
watchlist
|
Previously flagged for probing sensitive admin paths ('index.php/author/admin3157/'). No new malicious activity detected since last review, but the original suspicious behavior warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
45.142.154.66
|
ip
|
2025-12-30 16:18:31
|
block
|
Extremely high number of detected threat events (29) across all 5 requests, all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
185.220.101.18
|
ip
|
2025-12-30 13:08:19
|
watchlist
|
Detected WordPress author enumeration attempt, a common reconnaissance technique, without triggering immediate WAF alerts or threat detections. Further monitoring is required.
|
0.699999988079071
|
severity: Severity.medium
|
|
185.220.101.18
|
ip
|
2025-12-30 12:58:19
|
ignore
|
No malicious activity (0 detected threat requests, no WAF flags, no security rule hits) observed since it was added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
217.113.194.106
|
ip
|
2025-12-30 12:58:19
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991020'. This IP belongs to ASN AS210743, which has other IPs blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.220.101.18
|
ip
|
2025-12-29 06:56:34
|
watchlist
|
IP accessed a suspicious WordPress author enumeration path ('index.php/author/admin3157/'), a common target for malicious reconnaissance, correlating with similar activity from other blocklisted IPs. While no direct WAF flags or threat requests were triggered yet, further monitoring is warranted.
|
0.699999988079071
|
severity: Severity.medium
|
|
74.7.241.140
|
ip
|
2025-12-28 22:16:07
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991023'. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
74.7.175.135
|
ip
|
2025-12-28 21:35:59
|
block
|
All requests from this IP were detected as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
154.242.193.88
|
ip
|
2025-12-28 10:25:23
|
block
|
Extremely high percentage (88%) of detected threat requests and all accessed paths were flagged by WAF, triggering security alert '3900999', indicating persistent malicious probing or automated attacks.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7eCDC2EF7588B03762
|
tls
|
2025-12-28 10:25:23
|
block
|
High percentage (~61%) of detected threat requests and all accessed paths were flagged by WAF, triggering security alert '3900999', indicating persistent malicious probing or automated attacks, similar to correlated IP activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.24.203.163
|
ip
|
2025-12-28 08:55:23
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
23.180.120.244
|
ip
|
2025-12-28 06:15:11
|
block
|
Aggressively targeted highly sensitive configuration files (.env, .env.example) and PHP information disclosure paths (phpinfo, info). All requests triggered critical WAF deny rules, specifically 'LFI-ANOMALY' and a reputation-based block ('REP_1654536'). The ratio of detected threat requests (32) to total requests (21) is extremely high, indicating severe malicious probing and exploitation attempts, consistent with previously blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
52.169.163.135
|
ip
|
2025-12-28 02:04:53
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
74.7.244.24
|
ip
|
2025-12-28 00:04:41
|
block
|
IP from blocklisted ASN AS8075 with 100% threat requests, all paths flagged by WAF, and triggered security alert '3991023', indicating persistent malicious probing.
|
1.0
|
severity: Severity.critical
|
|
74.7.242.31
|
ip
|
2025-12-28 00:04:41
|
block
|
IP from blocklisted ASN AS8075 with 100% threat requests, all paths flagged by WAF, and triggered security alert '3991023', indicating persistent malicious probing.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.11
|
ip
|
2025-12-27 19:24:27
|
block
|
IP from ASN AS3356, which has multiple IPs blocklisted for accessing suspicious/obfuscated paths. This IP exhibits similar behavior with a WAF-flagged path ('akam/13/2f321df0') and triggered security alert '3900999', indicating ongoing malicious probing.
|
0.8999999761581421
|
severity: Severity.critical
|
|
13.211.133.155
|
ip
|
2025-12-27 12:54:06
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
3.26.215.6
|
ip
|
2025-12-27 11:34:05
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
87.251.78.138
|
ip
|
2025-12-27 11:04:00
|
block
|
Extremely high number of detected threat events (60 over 10 requests), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
16.176.222.217
|
ip
|
2025-12-27 07:03:48
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
16.176.215.135
|
ip
|
2025-12-27 05:33:47
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
2600:3c00::2000:72ff:fe7b:3e96
|
ip
|
2025-12-27 05:33:47
|
block
|
Accessed a highly obfuscated and suspicious path (cMzmRHv2McZmnWgO3JrScmKtz0o/1Dw3GczYaVuVQN/Qk1QICE/KR9JTB/QVeC0), strongly indicating malicious probing or attempted exploitation, despite no direct WAF flags yet.
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.66
|
ip
|
2025-12-27 02:53:38
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. This behavior is consistent with other blocklisted IPs and the blocklisted ASN AS15169 for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.86.202.87
|
ip
|
2025-12-26 21:13:20
|
block
|
Aggressively probing sensitive PHP info files and configuration files (.env.example), with almost all accessed paths flagged by WAF, triggering a critical IP block burst deny rule, and showing bot impersonation. This indicates persistent malicious reconnaissance and exploitation attempts, consistent with other malicious IPs from the same ASN (AS206092).
|
1.0
|
severity: Severity.critical
|
|
45.86.202.100
|
ip
|
2025-12-26 21:13:20
|
block
|
Aggressively probing sensitive PHP info files and configuration files (.env), with all accessed paths flagged by WAF, triggering critical IP block burst and LFI deny rules, and showing bot impersonation. This indicates persistent malicious reconnaissance and exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
20.37.218.115
|
ip
|
2025-12-26 17:13:04
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP and admin files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
141.98.11.23
|
ip
|
2025-12-26 16:02:56
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php' and triggered a WAF alert (3900998). This IP's ASN (AS209605) is already blocklisted for similar critical malicious activity, with other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|