|
205.169.39.16
|
ip
|
2026-03-08 03:19:13
|
ignore
|
No suspicious activity detected; access patterns are consistent with normal web browsing or CDN activity, associated with Akamai ASN.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 03:19:13
|
ignore
|
Access patterns are typical for a WordPress website visitor, loading standard JavaScript files and theme assets. No malicious activity or WAF alerts observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 03:09:04
|
ignore
|
No malicious activity or security rule hits detected. Access patterns are consistent with legitimate web browsing, including Akamai CDN usage.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 03:09:04
|
ignore
|
No malicious activity or security rule hits detected. Access patterns are consistent with legitimate browsing of a WordPress site.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 02:58:56
|
ignore
|
IP is associated with Akamai CDN serving content for darcherif.fr. No malicious activity, flagged paths, or security rule hits detected.
|
0.949999988079071
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 02:58:56
|
ignore
|
IP is the main host for www.darcherif.fr. All accessed paths are standard for a WordPress site, with no detected threats or security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 02:48:47
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Traffic consistent with normal web asset access for a legitimate Akamai CDN hostname.
|
0.949999988079071
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 02:48:47
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Accessed typical WordPress site paths for a legitimate hostname.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 02:38:40
|
ignore
|
IP shows normal website browsing behavior, accessing common static assets. No WAF flags or security rule hits detected. Associated hostname 'akamai.darcherif.fr' suggests legitimate CDN usage.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 02:38:40
|
ignore
|
IP exhibits normal WordPress site interaction, accessing standard theme and plugin assets. No WAF flags or security rule hits detected.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 02:28:30
|
ignore
|
No suspicious activity detected; associated with a legitimate CDN (Akamai), accessed common website resources, and no WAF flags or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 02:28:30
|
ignore
|
No suspicious activity detected; accessing typical WordPress site resources, and no WAF flags or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 02:18:19
|
ignore
|
No suspicious activity, WAF flags, or security rule hits detected. Appears to be legitimate CDN traffic accessing standard web assets.
|
0.8999999761581421
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 02:18:19
|
ignore
|
No suspicious activity, WAF flags, or security rule hits detected. Appears to be legitimate traffic accessing standard WordPress resources.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 02:08:10
|
ignore
|
No suspicious activity detected. Accessing common web assets via Akamai CDN with no WAF flags or security rule hits. Appears to be benign web traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 02:08:10
|
ignore
|
No suspicious activity detected. Accessing standard WordPress files with no WAF flags or security rule hits. Appears to be benign web traffic.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 01:58:03
|
ignore
|
Entity currently on watchlist shows zero requests, no paths accessed, no WAF flags, and no security rule hits. No evidence of current or past malicious activity from available data to justify continued watchlisting.
|
0.75
|
severity: Severity.low
|
|
62.216.67.111
|
ip
|
2026-03-08 01:58:03
|
ignore
|
No malicious activity detected. Entity accessed standard web server paths, had no WAF flags, no detected threat requests, and no security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 01:47:51
|
watchlist
|
Entity is currently in watchlist with an AI confidence score of 0.8 and assessed as medium severity. Further monitoring required for additional evidence.
|
0.800000011920929
|
severity: Severity.medium
|
|
62.216.67.111
|
ip
|
2026-03-08 01:47:51
|
ignore
|
No malicious activity detected, including no WAF flags, threat requests, or security rule hits. Hostname www.darcherif.fr on US IP is not inherently suspicious.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 01:37:37
|
watchlist
|
Entity previously identified with high AI confidence (0.8) and medium severity. While current observations show no activity, the existing threat assessment remains valid, warranting continued monitoring.
|
0.800000011920929
|
severity: Severity.medium
|
|
205.169.39.16
|
ip
|
2026-03-08 01:27:21
|
watchlist
|
Accessing standard web assets such as CSS, JS, and images, often associated with CDN activity (akamai.darcherif.fr). While current activity appears benign and without WAF flags or threat detections, the entity remains on the watchlist due to a prior AI assessment of medium severity, warranting continued observation.
|
0.800000011920929
|
severity: Severity.medium
|
|
62.216.67.111
|
ip
|
2026-03-08 01:27:21
|
ignore
|
Accessing standard WordPress application paths without triggering any security alerts or WAF flags. No indicators of compromise detected, suggesting benign activity.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 01:17:10
|
watchlist
|
IP associated with an unusual hostname 'akamai.darcherif.fr' and an unusually formatted asset path. No direct threats detected, but warrants further monitoring for suspicious activity.
|
0.6000000238418579
|
severity: Severity.medium
|
|
205.169.39.16
|
ip
|
2026-03-08 01:07:02
|
ignore
|
No malicious activity detected. All requests are for standard web assets, no WAF flags, and no security rule hits were observed. The IP appears to be a legitimate user accessing a benign Akamai-hosted website.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 00:56:54
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. Accessed paths are typical for web assets, and the hostname (Akamai CDN) does not indicate direct malicious activity without further context.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 00:46:50
|
ignore
|
No security rule hits, WAF flags, or detected threat requests. All observed activity is consistent with benign web traffic.
|
1.0
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 00:36:44
|
ignore
|
No suspicious activity detected. All requests were for common web assets, with no WAF flags or security rule hits. Entity associated with Akamai, a legitimate CDN.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 00:26:35
|
ignore
|
No malicious activity detected: 0 threat requests, no WAF flags, and no security rule hits. The accessed paths are consistent with benign web browsing, and the IP is associated with a legitimate CDN (Akamai) and a major ISP (AS3356). Although not currently in the watchlist, the entity is deemed safe and does not warrant monitoring.
|
0.9800000190734863
|
severity: Severity.low
|
|
205.169.39.16
|
ip
|
2026-03-08 00:16:18
|
ignore
|
No suspicious activity detected. All network requests are legitimate for standard website access, with no WAF flags, security rule hits, or detected threats. The entity does not warrant further monitoring.
|
1.0
|
severity: Severity.low
|
|
54.145.16.22
|
ip
|
2026-03-07 21:55:50
|
block
|
All 5 requests from this IP were detected as threats and explicitly denied by an IPBLOCK security rule.
|
0.949999988079071
|
severity: Severity.critical
|
|
13.75.194.66
|
ip
|
2026-03-07 09:33:44
|
block
|
Actively probing for web shells, admin interfaces, and potentially crypto miners with multiple suspicious path accesses (e.g., xmr.php, upload.php, bolt.php).
|
0.8999999761581421
|
severity: Severity.critical
|
|
192.109.200.92
|
ip
|
2026-03-07 09:33:44
|
block
|
Multiple detected threat requests targeting wp-login.php and flagged by WAF with a security rule hit (3900998), indicating a brute-force or credential stuffing attack.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS198953
|
asn
|
2026-03-07 08:23:27
|
block
|
Suspicious activity detected from AS198953 including WAF flags on xmlrpc.php, multiple detected threat requests, and a 'PLATFORM-ANOMALY' security rule hit from a high-risk geographical location (RU).
|
0.8999999761581421
|
severity: Severity.critical
|
|
45.153.34.154
|
ip
|
2026-03-07 01:52:23
|
block
|
Multiple severe security rule hits including a 'CMD-INJECTION-ANOMALY' deny action, 'BOT-BROWSER-IMPERSONATOR' alert, and access to sensitive '.git/config' path. This indicates active, high-severity attack attempts.
|
0.9800000190734863
|
severity: Severity.critical
|
|
104.28.246.115
|
ip
|
2026-03-06 19:01:07
|
block
|
Repeated access attempts to suspicious 'style.php' paths within WordPress directories, with all requests flagged as threats by WAF rule '3990001', indicating a high-confidence malicious exploitation attempt.
|
0.9800000190734863
|
severity: Severity.critical
|
|
185.117.225.176
|
ip
|
2026-03-06 09:29:33
|
block
|
The IP address triggered a WAF deny rule (IPBLOCK-BURST4-318403) and was associated with 22 detected threat requests, indicating a high likelihood of malicious activity such as scanning or brute-forcing.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.220.232.101
|
ip
|
2026-03-06 01:18:10
|
block
|
All 151 requests were flagged by WAF as detected threats, accessing suspicious paths (e.g., PHP web shells, administrative probes), and explicitly triggered an IPBLOCK security rule.
|
1.0
|
severity: Severity.critical
|
|
159.54.153.72
|
ip
|
2026-03-05 22:17:38
|
block
|
Repeated access to 'wp-login.php', a common target for brute-force attacks, from a geographically distinct IP address. This indicates a high likelihood of malicious probing or an attempted credential stuffing attack.
|
0.8500000238418579
|
severity: Severity.medium
|
|
159.54.153.72
|
ip
|
2026-03-05 22:07:31
|
ignore
|
Despite being on the watchlist with a previous AI confidence score, the entity shows no current activity (0 total requests, 0 detected threat requests), no security rule hits, and no other indicators of compromise in the provided context.
|
0.8500000238418579
|
severity: Severity.low
|
|
216.73.216.24
|
ip
|
2026-03-05 22:07:31
|
block
|
Observed highly suspicious and obfuscated paths accessed, a high ratio of detected threat requests (4 out of 6), and triggered a security alert rule (3991023).
|
0.949999988079071
|
severity: Severity.critical
|
|
159.54.153.72
|
ip
|
2026-03-05 17:06:38
|
watchlist
|
Entity was previously added to the watchlist with medium AI confidence; no new suspicious activity detected in the current context to warrant removal, continued monitoring is advised.
|
0.800000011920929
|
severity: Severity.medium
|
|
66.249.66.162
|
ip
|
2026-03-05 17:06:38
|
block
|
All requests (6/6) from this IP address were flagged by WAF and triggered security rule '3991006', indicating active malicious scanning or attack attempts.
|
1.0
|
severity: Severity.critical
|
|
159.54.153.72
|
ip
|
2026-03-05 12:35:54
|
watchlist
|
Entity previously flagged with medium AI severity and moderate confidence (0.7), but no recent malicious activity or requests detected in the current observation window. Requires continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
192.109.200.98
|
ip
|
2026-03-05 12:35:54
|
block
|
Active enumeration and attack attempts against WordPress site, including wp-admin, user enumeration via REST API, and login attempts. WAF flagged malicious requests.
|
0.949999988079071
|
severity: Severity.critical
|
|
159.54.153.72
|
ip
|
2026-03-05 11:45:39
|
watchlist
|
Accessed 'wp-login.php', a common attack target, but no direct threats detected by WAF or security rules in this interaction. AI confidence score is medium, indicating continued suspicion.
|
0.699999988079071
|
severity: Severity.medium
|
|
20.151.11.236
|
ip
|
2026-03-05 11:45:39
|
block
|
Highly malicious activity detected: 100% of requests flagged by WAF, multiple suspicious PHP files accessed indicative of web shell attempts or compromises, and hit an IPBLOCK security rule.
|
1.0
|
severity: Severity.critical
|
|
159.54.153.72
|
ip
|
2026-03-05 11:05:27
|
watchlist
|
Access to 'wp-login.php' often indicates reconnaissance or brute-force attempts. Although no direct threats were detected and request volume is low, continued monitoring is warranted for potential unauthorized access attempts.
|
0.6499999761581421
|
severity: Severity.medium
|
|
169.150.203.249
|
ip
|
2026-03-05 05:04:21
|
block
|
High volume of detected threat requests, including bot impersonation and repeated WordPress vulnerability scanning attempts, triggering multiple WAF denial rules.
|
0.949999988079071
|
severity: Severity.critical
|
|
AS212238
|
asn
|
2026-03-05 05:04:21
|
block
|
This ASN is a source of high-volume malicious bot traffic, repeatedly attempting WordPress vulnerability scans and triggering multiple WAF denial rules, encompassing critically malicious IPs within its range.
|
0.8999999761581421
|
severity: Severity.critical
|