|
46.101.111.185
|
ip
|
2026-01-07 00:38:51
|
block
|
All accessed paths were flagged by WAF, detected threat requests exceed total requests, triggered critical 'LFI-ANOMALY' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS14061) is already blocklisted for similar highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
213.35.103.47
|
ip
|
2026-01-06 21:28:33
|
block
|
IP actively targeting sensitive WordPress admin and login paths, with all accessed paths flagged by WAF. Triggered critical 'IPBLOCK-BURST4' deny rule and 'BOT-BROWSER-IMPERSONATOR' alert. Its ASN (AS31898) is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-06 08:37:58
|
watchlist
|
New IP address exhibiting benign behavior, no detected threats or WAF flags. Placed on watchlist for initial observation.
|
0.10000000149011612
|
severity: Severity.low
|
|
91.92.241.119
|
ip
|
2026-01-06 08:37:58
|
block
|
Extremely high number of detected threat requests (64 over 17), numerous WAF flags on all accessed paths, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious activity similar to previously blocklisted IPs.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-06 08:27:54
|
ignore
|
The entity exhibits no detected threat requests, WAF flags, or security rule hits. All accessed paths are benign static content, indicating normal user behavior. Therefore, it is safe and should not be on a watchlist.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-06 08:17:54
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All accessed paths were static and benign content. Entity shows no signs of malicious activity.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-06 08:07:49
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All accessed paths are consistent with normal web traffic.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 21:07:17
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits, indicating benign web traffic.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:57:14
|
ignore
|
No detected threat requests, no WAF flags, and only accessed standard website assets.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:47:19
|
ignore
|
No suspicious activity detected; observed normal web traffic patterns and no WAF flags or threat requests.
|
0.8999999761581421
|
severity: Severity.low
|
|
65.111.27.46
|
ip
|
2026-01-05 20:47:19
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, including probing sensitive WordPress paths like 'xmlrpc.php', and triggered security alert '3900999', indicating active malicious probing.
|
1.0
|
severity: Severity.critical
|
|
192.161.58.113
|
ip
|
2026-01-05 20:37:18
|
ignore
|
No malicious activity detected: 0 out of 11 requests were threats, no WAF rules triggered, and all accessed paths are benign. The associated ASN (AS203020) is not on the blocklist.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:27:15
|
ignore
|
No malicious activity detected. This IP accessed only standard web assets, triggered no security alerts or WAF flags, and shows no signs of suspicious behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:17:09
|
ignore
|
No malicious activity detected; accessed only static website assets and triggered no security alerts or WAF flags. This IP shows benign browsing behavior.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 20:07:13
|
ignore
|
No malicious activity or suspicious patterns detected. All requests are for static, benign web assets, with zero threat detections, WAF flags, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:57:13
|
ignore
|
No suspicious activity detected. All requests were for static web assets, with no WAF flags, detected threats, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:47:12
|
ignore
|
Entity performed only benign requests for static website assets, with no detected threat requests, no WAF flags, and no security rule hits. No malicious activity observed.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:37:14
|
ignore
|
No malicious activity detected, no WAF flags, and only accessed static content. Behaves as benign.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:27:15
|
ignore
|
Entity shows no signs of malicious behavior; all requests were for legitimate static assets, with no WAF flags or detected threat requests.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:17:17
|
ignore
|
No suspicious activity detected; accessed only static web assets, no WAF flags or threat requests.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 19:07:10
|
ignore
|
No malicious activity detected: 0 out of 11 total requests were identified as threats, no paths were flagged by WAF, and no security rule alerts or denies were triggered. The accessed paths consist of benign static web assets (CSS and images).
|
0.949999988079071
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:57:15
|
ignore
|
No malicious activity detected. All requests were for normal web assets, with no WAF flags or security rule hits. The entity is not currently on the watchlist or blocklist.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:47:08
|
ignore
|
No detected threat requests, no WAF flags, and only accessed standard web assets. Entity shows no signs of malicious activity.
|
0.949999988079071
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:37:13
|
ignore
|
Entity exhibits no malicious activity, no WAF flags, and only accessed static web assets. No detected threat requests (0/11) or security rule hits. This IP is benign and does not warrant observation.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:27:07
|
ignore
|
No detected threat requests, no WAF flags, no security rule hits, and accessed only normal static web assets. Its ASN is not blocklisted.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:17:12
|
ignore
|
Entity accessed only static content, showed no detected threat requests, and triggered no WAF flags or security alerts. No malicious activity identified.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 18:07:09
|
ignore
|
No malicious activity or suspicious patterns detected; all requests are for standard web assets and passed WAF without alerts or denies.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 17:57:07
|
ignore
|
All requests were for static web assets (CSS, images), with no detected threats, WAF flags, or security rule hits. Behavior is entirely benign and not indicative of any malicious activity.
|
1.0
|
severity: Severity.low
|
|
192.161.58.113
|
ip
|
2026-01-05 17:47:04
|
ignore
|
No detected threat requests, no WAF flags, no security rule hits, and only accessed benign static web assets. The IP and its ASN are not present in the blocklist.
|
1.0
|
severity: Severity.low
|
|
3%7e5280136f5f66ec7b
|
tls
|
2026-01-05 00:05:22
|
block
|
Extremely high threat request ratio (39/15), all accessed paths flagged by WAF including WordPress sensitive paths ('xmlrpc.php', 'wp-login.php'), multiple security alerts (e.g., 'BOT-BROWSER-IMPERSONATOR'), and critical WAF deny rules ('IPBLOCK-PENALTY-BOX', 'PLATFORM-ANOMALY') were triggered. This pattern is consistent with other blocklisted malicious entities.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-04 23:15:24
|
ignore
|
No recent detected threat requests, WAF flags, or security rule hits. Behavior no longer appears suspicious.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-04 23:15:24
|
ignore
|
No recent detected threat requests, WAF flags, or security rule hits. Current behavior does not align with the malicious activity of other IPs from its blocklisted ASN.
|
0.8500000238418579
|
severity: Severity.low
|
|
74.7.228.51
|
ip
|
2026-01-04 23:15:24
|
block
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and it triggered security alert '3991023'. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity with identical behavior.
|
1.0
|
severity: Severity.critical
|
|
152.69.210.5
|
ip
|
2026-01-03 05:23:12
|
block
|
The IP is actively targeting sensitive WordPress admin and login paths, with all requests (100%) flagged by WAF and multiple security alerts (including bot impersonation). Its associated ASN (AS31898) is already blocklisted for similar malicious activity from other IPs.
|
1.0
|
severity: Severity.critical
|
|
66.249.66.64
|
ip
|
2026-01-03 04:23:08
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991006'. Its associated ASN (AS15169) and multiple other IPs from the same subnet are already blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
104.28.203.58
|
ip
|
2026-01-03 01:12:54
|
block
|
All requests (100%) from this IP were flagged by WAF, accessing suspicious PHP files and WordPress admin paths, and triggered a security alert, indicating active malicious probing or exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
AS13335
|
asn
|
2026-01-03 01:12:54
|
block
|
All requests (100%) associated with this ASN were flagged by WAF, accessing suspicious PHP files and WordPress admin paths, and triggered a security alert, indicating widespread malicious probing or exploitation attempts from this network.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-02 22:42:53
|
watchlist
|
Accessed suspicious 'akam' paths which are similar in pattern to those found in blocklisted entities. While no direct WAF flags or security rules were triggered for this specific IP, the pattern warrants further monitoring.
|
0.75
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 22:32:52
|
ignore
|
Entity previously added to watchlist showed no actual malicious activity, with 0 detected threat requests, no WAF flags, and no security rule hits observed since being placed on the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 22:32:52
|
watchlist
|
IP belongs to an ASN (AS43357) from which another IP was recently blocked for critical malicious activity, but this specific IP shows no direct malicious signs yet.
|
0.699999988079071
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 22:22:48
|
watchlist
|
Accessed obfuscated 'akam' paths similar to those seen in blocklisted IPs, suggesting potential malicious probing, though no direct WAF flags or threat requests detected yet.
|
0.6000000238418579
|
severity: Severity.medium
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 22:22:48
|
ignore
|
All requests were to legitimate WordPress paths, with no detected threat requests, WAF flags, or security rule hits. No signs of malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-01-02 22:12:51
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed, indicating the entity no longer exhibits suspicious behavior.
|
0.75
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 22:12:51
|
ignore
|
No detected threat requests, WAF flags, or security rule hits observed, indicating the entity no longer exhibits suspicious behavior.
|
0.800000011920929
|
severity: Severity.low
|
|
43.135.145.117
|
ip
|
2026-01-02 22:12:51
|
block
|
High percentage of detected threat requests (40%), WAF-flagged obfuscated paths, and triggered security alert '3900999', consistent with blocklisted ASN AS132203 and correlated TLS fingerprints exhibiting similar critical malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
20.205.118.141
|
ip
|
2026-01-02 19:32:38
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
20.239.67.81
|
ip
|
2026-01-02 15:02:19
|
block
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and admin paths, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:52:07
|
watchlist
|
IP's ASN (AS43357) is associated with another blocklisted IP (194.36.25.27) that exhibited critical malicious probing. This IP currently shows no direct threats but warrants monitoring.
|
0.5
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 10:42:10
|
watchlist
|
IP accessed obfuscated 'akam' paths, which is suspicious and similar to patterns observed in other blocklisted entities. Lacks direct WAF flags for immediate blocking.
|
0.6000000238418579
|
severity: Severity.medium
|
|
205.169.39.22
|
ip
|
2026-01-02 10:42:10
|
block
|
IP from blocklisted ASN AS3356, accessing an obfuscated path ('akam/13/2f321ee0'), consistent with other blocklisted IPs from this ASN exhibiting malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|