|
2a10:3c0:5:0:1:22:0:5
|
ip
|
2026-03-05 02:23:42
|
block
|
This IP initiated 12 requests, all of which were detected as threats and flagged by WAF across all accessed paths. Multiple security rules (3990001, 3990011) were hit, indicating highly malicious activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
192.109.200.129
|
ip
|
2026-03-04 18:02:21
|
block
|
Attempted WordPress user enumeration and login brute-force reconnaissance via 'wp-json/wp/v2/users' and 'wp-login.php'.
|
0.8999999761581421
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-04 13:41:39
|
ignore
|
No suspicious activity detected, no WAF alerts, and zero detected threat requests. Previous AI confidence was low.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.83.184.153
|
ip
|
2026-03-04 13:41:39
|
block
|
High volume of suspicious WordPress vulnerability scans and bot-like activity detected, including browser impersonation and multiple WAF denials due to burst activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-04 08:50:45
|
watchlist
|
No direct threats detected (0 detected_threat_requests, no WAF flags, no security rule hits); however, the 'last_seen' timestamp is in the future (2026-03-02T05:23:11), which is anomalous and suggests a potential data integrity issue or system misconfiguration warranting minor monitoring.
|
0.30000001192092896
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 08:40:32
|
ignore
|
Analysis of the IP address found no malicious indicators. All accessed paths are standard WordPress files, with no detected threat requests, WAF flags, or security rule hits. The entity does not warrant placement or continued tracking on a watchlist.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 08:30:20
|
ignore
|
The IP accessed common WordPress files without triggering any WAF flags, detected threats, or security rule hits. The activity appears benign and consistent with normal website browsing or crawling.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 08:20:12
|
ignore
|
No malicious activity detected based on WAF logs, threat detection, or security rule hits. All accessed paths are typical for a WordPress site.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 08:10:05
|
ignore
|
No malicious activity detected; all requests were normal and no WAF flags or security alerts were triggered.
|
0.8999999761581421
|
severity: Severity.low
|
|
66.249.66.8
|
ip
|
2026-03-04 08:10:05
|
block
|
All 5 requests from this IP were flagged by WAF as detected threats, triggering security rule '3991006'.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-04 07:09:49
|
ignore
|
No malicious activity detected. The IP accessed standard WordPress paths without triggering WAF or security rules.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 05:19:25
|
ignore
|
No evidence of malicious activity or suspicious behavior detected. All security indicators are clear, and accessed paths are common for a WordPress site.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 03:59:01
|
ignore
|
No suspicious activity detected. All requests are for legitimate WordPress files and no WAF flags or security rule hits were recorded.
|
0.8999999761581421
|
severity: Severity.low
|
|
34.142.251.255
|
ip
|
2026-03-04 03:59:01
|
block
|
Attempted access to sensitive configuration files (.env) and server information (phpinfo), triggering multiple WAF deny rules including LFI-ANOMALY.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-04 02:48:44
|
ignore
|
No malicious activity detected. The IP address accessed standard WordPress assets, had no WAF flags, no security rule hits, and zero detected threat requests out of 27 total requests. The associated hostname www.darcherif.fr is a legitimate domain.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 02:18:34
|
ignore
|
No malicious activity detected. The IP accessed standard WordPress paths, had no WAF flags, no detected threat requests, and no security rule hits. Activity appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-04 00:58:15
|
ignore
|
No malicious activity detected by WAF or security rules, and all accessed paths are benign WordPress files. The AI's low severity and moderate confidence are not supported by empirical evidence.
|
0.8999999761581421
|
severity: Severity.low
|
|
36.77.30.228
|
ip
|
2026-03-04 00:58:15
|
block
|
Multiple attempts to access sensitive configuration files (`.aws/credentials`, `.env/.env.bak`), `phpinfo` pages, and a Local File Inclusion (LFI) anomaly detected by WAF. High percentage of detected threat requests.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 23:27:51
|
watchlist
|
Entity exhibits normal web browsing activity (WordPress paths, low requests, no WAF/security rule hits), but the 'last_seen' timestamp is set to a future date (2026-03-02T05:23:11), which is an anomaly. This suggests a potential data integrity issue or unusual tracking, warranting further observation.
|
0.699999988079071
|
severity: Severity.low
|
|
137.116.32.109
|
ip
|
2026-03-03 23:07:34
|
block
|
Multiple attempts to access sensitive WordPress files and exploit vulnerabilities (e.g., wp_filemanager.php), confirmed bot activity, and multiple WAF security rule hits including deny policies.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 23:07:34
|
ignore
|
No suspicious activity detected; all accessed paths are legitimate website resources, no WAF flags, no detected threats, and no security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 19:46:52
|
watchlist
|
IP accessed standard WordPress paths without any detected threats, WAF flags, or security rule hits. However, the 'last_seen' timestamp is in the future (2026-03-02T05:23:11), which is anomalous and warrants continued monitoring.
|
0.6000000238418579
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 19:26:44
|
ignore
|
No malicious activity detected. All security indicators are clear: zero threat requests, no WAF flags, and no security rule hits. Accessing standard WordPress paths on a seemingly legitimate domain (www.darcherif.fr).
|
0.949999988079071
|
severity: Severity.low
|
|
20.169.219.136
|
ip
|
2026-03-03 19:16:37
|
block
|
Repeated access to sensitive or vulnerable paths like 'cgi-bin/', 'wp-content/plugins/WordPressCore/', and 'wp-trackback.php', indicative of reconnaissance or exploit attempts. This IP shares a hostname 'www.darcherif.fr' with an existing watchlist item, suggesting a coordinated or targeted attack.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 19:16:37
|
ignore
|
Activity consists primarily of accessing standard WordPress static assets (CSS, JS, images). There are no detected threat requests or security rule hits associated with this IP's specific actions, despite sharing a hostname with another suspicious entity.
|
0.699999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 17:36:13
|
watchlist
|
The 'last_seen' timestamp is set in the future, indicating a data integrity anomaly that makes reliable threat assessment difficult and warrants further investigation into the source of this entity's information.
|
0.800000011920929
|
severity: Severity.medium
|
|
20.78.169.245
|
ip
|
2026-03-03 17:26:03
|
block
|
Accessed multiple highly suspicious PHP files (e.g., moon.php, xx.php, wp_filemanager.php, wp-content/plugin.php) commonly associated with webshells, backdoor attempts, and WordPress exploitation.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 17:26:03
|
ignore
|
Accessed only legitimate WordPress theme assets, plugins, and uploaded content. No suspicious activity observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 17:15:57
|
ignore
|
The IP accessed standard WordPress files and common assets, with no detected threat requests, WAF flags, or security rule hits. All observed activity is consistent with benign web browsing or legitimate web crawling.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 17:05:46
|
ignore
|
No malicious activity, WAF flags, or security rule hits detected; access patterns are consistent with benign WordPress site interaction.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 16:55:36
|
ignore
|
No malicious activity, detected threats, WAF flags, or security rule hits observed during analysis. Entity appears benign.
|
0.949999988079071
|
severity: Severity.low
|
|
152.42.227.161
|
ip
|
2026-03-03 16:45:26
|
block
|
Repeated WAF alerts, bot impersonation, multiple threat detections, and attempts to access WordPress enumeration paths (wlwmanifest.xml).
|
1.0
|
severity: Severity.critical
|
|
20.203.144.173
|
ip
|
2026-03-03 16:45:26
|
block
|
All requests (169 out of 169) were flagged as threats and denied by IPBLOCK rule. Attempted access to highly suspicious PHP files indicative of web shell or malicious script exploitation.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 16:45:26
|
ignore
|
No malicious activity detected during the observed session. All accessed paths are standard WordPress theme and plugin files, with no WAF flags, detected threats, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 12:34:40
|
watchlist
|
Anomaly detected: 'last_seen' timestamp is in the future (2026-03-02T05:23:11). This requires further investigation to determine if it's a data error or an indicator of unusual activity, despite no other immediate threat indicators.
|
0.699999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 12:24:27
|
ignore
|
Entity appears benign; no malicious activity detected. All accessed paths are standard WordPress resources, and the associated hostname 'www.darcherif.fr' belongs to a legitimate website. No WAF flags, detected threats, or security rule hits were observed.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 12:14:13
|
ignore
|
Analysis shows no detected threat requests, no WAF flags, and no security rule hits. The accessed paths are standard for a WordPress site, and the associated hostname (www.darcherif.fr) appears legitimate. The future timestamp for 'last_seen' is likely a data error and not indicative of malicious activity given other benign indicators.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 12:04:06
|
ignore
|
No malicious activity detected. All security indicators are clean: zero threat requests, no WAF flags, and no security rule hits. Accessed paths are standard for WordPress sites.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 11:53:59
|
ignore
|
No malicious activity detected. Accessed paths are typical for WordPress sites. Discrepancy in 'last_seen' date (future timestamp) and conflicting GEO/hostname are likely data quality issues, not indicators of a threat.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 11:43:48
|
ignore
|
No suspicious activity, WAF flags, or security rule hits detected. All accessed paths are consistent with benign WordPress site interaction.
|
1.0
|
severity: Severity.low
|
|
20.63.96.50
|
ip
|
2026-03-03 11:33:37
|
block
|
100% of requests are detected threats, accessing known webshell/backdoor paths ('wp-admin/maint/bal.php', 'info.php', 'wp-content/cc13.php', etc.), and already hit an IPBLOCK security rule. This indicates highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 11:33:37
|
ignore
|
Despite a previous high AI confidence score and critical severity, the latest observed activity shows 0 detected threat requests, no WAF flags, and access to typical, benign website resources. Current behavior does not warrant continued watchlist status.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 10:53:20
|
watchlist
|
Entity's 'last_seen' timestamp is in the future (2026-03-02T05:23:11), indicating a critical data anomaly, potential system misconfiguration, or malicious log manipulation. This requires immediate investigation into the data source and the entity's activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 10:43:10
|
ignore
|
No malicious activity detected. IP accessed standard WordPress paths, no WAF flags, no detected threat requests, and no security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 10:33:04
|
ignore
|
Analysis indicates no malicious activity. All accessed paths are consistent with typical WordPress site interaction, and there are no detected threat requests, WAF flags, or security rule hits. The entity does not warrant inclusion in a watchlist.
|
1.0
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 10:22:50
|
ignore
|
Analysis shows no indicators of malicious activity. The IP accessed common WordPress paths, with no WAF flags, detected threat requests, or security rule hits. The associated hostname 'www.darcherif.fr' appears to be a legitimate website.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-03 10:12:42
|
ignore
|
No threat requests detected (0/27), no WAF flags, and no security rule hits during recent activity. Current operational data does not support keeping it in the watchlist despite a previous AI assessment.
|
0.8999999761581421
|
severity: Severity.low
|
|
74.7.175.191
|
ip
|
2026-03-03 10:12:42
|
block
|
All requests were detected as threats (5/5) and a WAF flagged a probing attempt on robots.txt. A security alert was also triggered.
|
1.0
|
severity: Severity.critical
|
|
172.59.155.234
|
ip
|
2026-03-03 08:02:12
|
block
|
Exhibiting confirmed malicious activity including WAF flags ('akam/13/pixel_d6b97e'), detected threat requests, and security rule hits (3910006 alert).
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 08:02:12
|
watchlist
|
Associated with domain darcherif.fr, which is linked to another IP (172.59.155.234) exhibiting confirmed malicious activity and is on the watchlist with medium severity. Further monitoring required.
|
0.800000011920929
|
severity: Severity.medium
|