|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:36:01
|
watchlist
|
Accessed common WordPress admin path 'wp-admin/admin-ajax.php' with multiple requests, warrants further monitoring for suspicious patterns despite no WAF flags.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:31:06
|
ignore
|
Entity has recorded no traffic and no security rule hits since being added to the watchlist, indicating no detected malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:25:58
|
watchlist
|
Entity still exhibits suspicious behavior with medium confidence, warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:20:58
|
watchlist
|
Ongoing suspicious behavior with medium AI confidence. Further monitoring required.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:16:00
|
watchlist
|
Entity maintains suspicious behavior with medium AI confidence; no new data to alter status.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:11:02
|
watchlist
|
Entity remains suspicious with medium AI severity, but no active malicious traffic has been observed yet to warrant blocking.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:06:04
|
watchlist
|
Entity was added to watchlist based on AI-detected suspicious behavior; no new traffic or threat indications have been observed since its last evaluation to warrant a change in status.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 17:01:01
|
watchlist
|
Entity remains on watchlist based on initial medium severity AI assessment; no new activity observed to justify further action or removal.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:56:02
|
watchlist
|
Initial threat intelligence indicated medium severity, but no current activity has been observed. Keeping in watchlist for continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:51:01
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' with medium AI confidence, but no explicit threat detections yet. Requires further monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:46:07
|
watchlist
|
Accessed 'wp-admin/admin-ajax.php', a common target for WordPress attacks, warranting further monitoring for suspicious patterns despite no WAF flags.
|
0.699999988079071
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:41:01
|
ignore
|
No further malicious activity or traffic observed since being added to the watchlist. Initial low confidence and severity were not substantiated.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:36:02
|
watchlist
|
Entity accessed sensitive WordPress admin paths multiple times (17 requests to wp-admin/admin-ajax.php) with a low AI confidence score and no WAF flags, requires continued monitoring.
|
0.6000000238418579
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:31:04
|
watchlist
|
Accessed a common WordPress administration path (wp-admin/admin-ajax.php). While no WAF alerts or threats were detected, this path is frequently used for reconnaissance and enumeration, warranting continued monitoring for suspicious patterns.
|
0.6000000238418579
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:26:01
|
ignore
|
No suspicious activity detected since being added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:16:02
|
watchlist
|
Initial AI analysis indicates low severity and access to a commonly targeted WordPress path, but no WAF alerts or detected threats currently observed to warrant a block.
|
0.6499999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:11:02
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' without triggering WAF alerts or threat detections. Requires further monitoring for potential reconnaissance or automated activity.
|
0.6499999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:06:10
|
ignore
|
No malicious activity or WAF alerts detected across 17 requests, including access to a common WordPress path. Entity and associated ASN are not found on any existing blocklists.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 16:00:59
|
ignore
|
No malicious activity detected and zero requests observed since being added to watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:55:58
|
watchlist
|
Entity shows suspicious behavior with medium confidence; further monitoring needed.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:51:08
|
watchlist
|
Observed access to a common WordPress attack surface (wp-admin/admin-ajax.php) with medium AI confidence, warrants continued monitoring despite no WAF flags.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:41:03
|
watchlist
|
Accessed sensitive WordPress administrative path (wp-admin/admin-ajax.php) without triggering WAF rules, suggesting potential reconnaissance or unusual bot activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:35:57
|
ignore
|
No suspicious activity detected since being added to the watchlist.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:31:13
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php' without triggering WAF alerts, indicating potential reconnaissance or probing. AI confidence is low but warrants continued monitoring.
|
0.6000000238418579
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:26:06
|
watchlist
|
Accessed frequently targeted WordPress wp-admin/admin-ajax.php path without triggering WAF or threat rules, requires monitoring.
|
0.6000000238418579
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:21:00
|
ignore
|
No subsequent malicious activity or requests detected since being added to the watchlist, indicating the initial trigger may have been a false positive or transient anomaly.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:15:57
|
watchlist
|
Entity shows suspicious behavior with medium confidence, but no new activity to warrant immediate blocking or removal from the watchlist.
|
0.75
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:11:07
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php', with medium AI confidence, but no explicit threat detections or WAF alerts yet.
|
0.75
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:06:05
|
watchlist
|
Repeated access (17 requests) to a common WordPress attack vector (wp-admin/admin-ajax.php) by an unknown entity. No WAF alerts or explicit threats detected, but warrants further monitoring for suspicious patterns or escalation of activity.
|
0.75
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 15:01:00
|
ignore
|
No new malicious activity detected since being added to the watchlist, and no requests recorded.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:56:02
|
watchlist
|
Accessed suspicious WordPress administrative path (wp-admin/admin-ajax.php), AI assessment indicates medium severity with no direct threat detections yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:51:01
|
watchlist
|
Accessed sensitive WordPress admin path 'wp-admin/admin-ajax.php' which is often abused in attacks. No WAF flags currently, but warrants close monitoring for further suspicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:46:02
|
ignore
|
Entity shows no current malicious activity, no WAF flags, no threat requests, and low AI confidence/severity, suggesting it is safe to remove.
|
0.800000011920929
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:36:01
|
watchlist
|
Accessed a commonly exploited WordPress admin path (wp-admin/admin-ajax.php) without triggering WAF or security rules, suggesting potential reconnaissance.
|
0.6499999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:30:59
|
ignore
|
No activity detected from this entity since being added to the watchlist. No requests or threat detections.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:20:59
|
watchlist
|
Entity shows suspicious behavior with medium confidence, requiring continued monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:16:00
|
watchlist
|
Accessed sensitive WordPress path wp-admin/admin-ajax.php, but no WAF alerts or detected threats yet. Requires continued monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:5175:54ff:bf15:b615
|
ip
|
2025-10-31 14:01:02
|
watchlist
|
Accessed sensitive WordPress administrative path 'wp-admin/admin-ajax.php', which is often targeted by bots and attackers. While no explicit WAF flags or threat detections occurred, this path warrants vigilance. Requires further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
3%7ede8d6a84fab8672b
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed common malicious client fingerprint associated with suspicious access patterns and reconnaissance.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede29393936a8dc4153
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.8999999761581421
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using an unknown TLS fingerprint.
|
1.0
|
severity: Severity.critical
|
|
3%7efe38c35477967146
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
2025-10-31 13:37:03
|
block
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
0.8999999761581421
|
severity: Severity.critical
|
|
123.6.49.50
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
0.8999999761581421
|
severity: Severity.critical
|
|
141.98.11.115
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed highly malicious automated activity and bot impersonation.
|
1.0
|
severity: Severity.critical
|
|
172.190.142.176
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.104
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed persistent malicious IP activity.
|
1.0
|
severity: Severity.critical
|
|
172.192.3.69
|
ip
|
2025-10-31 13:37:02
|
block
|
Confirmed suspicious PHP file probing, WAF deny rule triggered, and associated ASN is blocked.
|
1.0
|
severity: Severity.critical
|