|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 09:13:11
|
ignore
|
No malicious activity detected: zero WAF flags, zero threat requests, and no security rule hits. All accessed paths are consistent with normal website browsing.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 09:03:04
|
ignore
|
No malicious activity detected: 0 out of 25 requests were identified as threats, no WAF flags, and no security rule alerts or denies were triggered.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 08:53:07
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All observed activity is consistent with normal web traffic for a WordPress site.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 08:43:06
|
ignore
|
No suspicious activity detected; all requests appear legitimate, with no WAF flags or security rule hits recorded.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 08:33:06
|
ignore
|
No detected threat requests, WAF flags, or security rule hits, indicating benign activity.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 08:23:05
|
ignore
|
No malicious activity detected, zero threat requests, no WAF flags, and only accessed standard website assets.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 08:13:01
|
ignore
|
No suspicious activity detected: 0/25 requests flagged as threats, no WAF flags, and no security rule hits.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 08:03:02
|
ignore
|
No malicious activity detected: 0 threat requests, no WAF flags, and no security rule hits. ASN AS5410 is not blocklisted.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 07:53:02
|
ignore
|
No malicious activity or suspicious patterns detected; all requests are benign and no WAF rules were triggered.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 07:43:08
|
ignore
|
No malicious activity detected across 25 requests, with no WAF flags or security rule hits, and its ASN (AS5410) is not blocklisted.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 07:33:03
|
ignore
|
No malicious activity detected; all requests were benign, and no WAF flags or security rule hits were observed.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 07:23:00
|
ignore
|
No malicious activity detected, no WAF flags, and zero threat requests out of 25 total requests.
|
0.949999988079071
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 07:12:59
|
ignore
|
No malicious activity detected, no WAF flags, no security rule hits, and the associated ASN is not blocklisted. All accessed paths are benign.
|
1.0
|
severity: Severity.low
|
|
185.177.72.60
|
ip
|
2026-01-10 07:03:00
|
block
|
Actively probed sensitive configuration and credential files with all requests flagged by WAF, triggered critical LFI-ANOMALY and reputation-based deny rules. Its ASN (AS211590) is blocklisted for persistent malicious activity, with other IPs from this ASN exhibiting identical severe malicious behavior.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 07:03:00
|
ignore
|
No malicious activity detected, no WAF flags, and only accessed standard WordPress files.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 06:52:57
|
ignore
|
No malicious activity detected: 0 out of 25 requests were flagged by WAF, no security rules were triggered (alerts or denies), and all accessed paths are typical for a benign website visitor.
|
0.8999999761581421
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 06:42:57
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. All accessed paths are common WordPress and theme assets. The associated ASN is not blocklisted.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-10 06:33:02
|
ignore
|
No malicious activity detected, no WAF flags, no threat requests, and only seen once accessing legitimate website resources. Initial low confidence score is no longer justified.
|
0.8999999761581421
|
severity: Severity.low
|
|
45.148.10.158
|
ip
|
2026-01-10 06:33:02
|
block
|
Aggressively probed sensitive configuration and credential files, with all requests flagged by WAF, triggered critical LFI-ANOMALY and reputation-based deny rules, and belongs to blocklisted ASN AS48090 which has other IPs exhibiting identical severe malicious behavior.
|
1.0
|
severity: Severity.critical
|
|
4.241.228.159
|
ip
|
2026-01-10 05:12:52
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and WordPress admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.61
|
ip
|
2026-01-10 03:02:41
|
block
|
Actively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggered critical LFI and reputation-based deny rules, and belongs to a blocklisted ASN with other IPs exhibiting identical severe malicious behavior.
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 21:52:38
|
watchlist
|
IP accessing a domain (www.darcherif.fr) frequently targeted by blocklisted malicious entities, despite no current malicious activity detected from this IP.
|
0.30000001192092896
|
severity: Severity.low
|
|
185.209.196.229
|
ip
|
2026-01-09 21:42:26
|
block
|
Accessed highly suspicious '.suspected' web shell paths, indicating critical web shell upload or exploitation attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 21:42:26
|
ignore
|
No new malicious activity detected; accessed paths are benign WordPress files, and no WAF flags or threat requests were observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
195.24.236.78
|
ip
|
2026-01-09 17:22:03
|
block
|
IP attempted to access highly suspicious paths like 'plugins/content/apismtp/apismtp.php.suspected' and 'wp-content/plugins/apikey/apikey.php.suspected', strongly indicating web shell upload or exploitation attempts, despite no immediate WAF flags.
|
0.8999999761581421
|
severity: Severity.critical
|
|
217.113.194.103
|
ip
|
2026-01-09 11:51:43
|
block
|
All requests (100%) were detected as threats and flagged by WAF, triggering security alert '3991020'. This behavior is consistent with other blocklisted IPs from the same ASN (AS210743).
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 11:02:13
|
watchlist
|
IP accessed a domain (www.darcherif.fr) heavily targeted and associated with numerous blocklisted malicious entities (IPs, ASNs, TLS fingerprints), warranting continued monitoring despite currently showing no direct malicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 10:51:44
|
ignore
|
No suspicious activity detected; zero WAF flags, zero detected threat requests, and no security rule hits. Does not warrant inclusion in watchlist.
|
1.0
|
severity: Severity.low
|
|
2001:861:5860:e460:e520:bae1:233b:c9d2
|
ip
|
2026-01-09 10:41:42
|
ignore
|
No malicious activity detected. All 25 requests were to benign paths, no WAF rules were triggered, and zero threat requests were observed.
|
1.0
|
severity: Severity.low
|
|
185.177.72.67
|
ip
|
2026-01-09 10:21:40
|
block
|
IP is aggressively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggering critical 'LFI-ANOMALY' and reputation-based deny rules. Its associated ASN AS211590 is already blocklisted for persistent malicious activity, with other IPs from this ASN exhibiting identical severe malicious behavior.
|
1.0
|
severity: Severity.critical
|
|
3%7e9b3e34567f4e1910
|
tls
|
2026-01-09 10:01:37
|
block
|
All requests (100%) associated with this TLS fingerprint targeted highly sensitive configuration files and triggered critical LFI-ANOMALY and reputation-based WAF deny rules.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.200
|
ip
|
2026-01-09 07:51:34
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and multiple alerts. Associated ASN AS3356 has multiple blocklisted IPs showing similar malicious activity, including accessing suspicious obfuscated paths.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.8
|
ip
|
2026-01-09 07:51:34
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and has a high percentage of detected threat requests. Associated ASN AS3356 is blocklisted for similar activity, indicating a persistent threat from this network.
|
1.0
|
severity: Severity.critical
|
|
185.177.72.69
|
ip
|
2026-01-08 22:51:10
|
block
|
IP is aggressively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggering critical 'LFI-ANOMALY' and reputation-based deny rules. Its associated ASN AS211590 is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.54
|
ip
|
2026-01-08 17:20:49
|
block
|
IP belongs to blocklisted ASN AS48090, shows a high ratio of detected threat requests (22/10), and triggered multiple critical WAF alerts including 'BOT-BROWSER-IMPERSONATOR' for suspicious probing.
|
1.0
|
severity: Severity.critical
|
|
195.178.110.132
|
ip
|
2026-01-08 15:40:46
|
block
|
Actively probing for sensitive configuration files, detected as a bot impersonator, triggered critical LFI and IPBLOCK burst WAF deny rules, and its ASN (AS48090) is already blocklisted for identical malicious activity from other IPs.
|
1.0
|
severity: Severity.critical
|
|
4.190.211.79
|
ip
|
2026-01-08 15:40:46
|
block
|
All requests were detected as threats, targeted known malicious PHP files including a 'wp_filemanager.php' exploit, triggered a critical 'IPBLOCK' WAF deny rule, and its ASN (AS8075) is already blocklisted for persistent and identical malicious activity from multiple other IPs.
|
1.0
|
severity: Severity.critical
|
|
13.55.232.71
|
ip
|
2026-01-08 09:00:18
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
52.64.60.91
|
ip
|
2026-01-08 06:20:12
|
block
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
141.98.11.120
|
ip
|
2026-01-07 21:29:48
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-07 21:29:48
|
ignore
|
No malicious activity detected: 0 threat requests out of 11 total, no WAF flags, and no security rule hits. The AI confidence score is also very low (0.1).
|
0.8999999761581421
|
severity: Severity.low
|
|
52.178.176.146
|
ip
|
2026-01-07 20:19:47
|
block
|
All requests (100%) from this IP were flagged as threats, accessing suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
35.231.29.86
|
ip
|
2026-01-07 15:29:31
|
block
|
IP is performing extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), has an exceptionally high number of detected threat requests, and belongs to ASN AS396982, which is blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
52.169.143.103
|
ip
|
2026-01-07 13:59:25
|
block
|
All requests (100%) were detected as threats, all accessed suspicious PHP and config files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.39
|
ip
|
2026-01-07 11:09:16
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its associated ASN (AS15169) and multiple other IPs from the same subnet are already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
45.156.128.112
|
ip
|
2026-01-07 01:08:43
|
block
|
All accessed paths (100%) were flagged by WAF, detected threat events greatly exceed total requests (35 over 5), and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR' were triggered. The associated ASN AS211680 has another IP blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
176.65.148.161
|
ip
|
2026-01-07 00:48:40
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3990011'. Its associated ASN AS51396 is already blocklisted for severe malicious activity, indicating high confidence in malicious intent.
|
1.0
|
severity: Severity.critical
|
|
143.110.217.244
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
142.93.129.190
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
159.223.132.86
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|