|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:42:10
|
ignore
|
Entity currently shows no signs of malicious behavior, no WAF flags, and accessed paths are benign. Previous medium confidence score is no longer supported by current data.
|
0.800000011920929
|
severity: Severity.low
|
|
205.169.39.22
|
ip
|
2026-01-02 10:32:10
|
ignore
|
No new activity detected and no malicious behavior observed since being added to watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:32:10
|
watchlist
|
IP belongs to blocklisted ASN AS43357, which has shown critical malicious activity from other IPs. Current activity is benign, but warrants monitoring due to ASN reputation.
|
0.699999988079071
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-01-02 10:22:06
|
ignore
|
No detected malicious activity, WAF not triggered, and no security rule hits for this IP. Appears to be benign traffic.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:22:06
|
ignore
|
No current malicious activity detected for this specific IP; accessing benign WordPress assets. While its ASN includes a blocklisted IP, this entity shows no suspicious behavior.
|
0.800000011920929
|
severity: Severity.low
|
|
141.98.11.52
|
ip
|
2026-01-02 10:12:10
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-02 10:12:10
|
ignore
|
No current malicious activity detected, no WAF flags or security rule hits, and low AI confidence score. Behavior no longer warrants watchlist inclusion.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.22
|
ip
|
2026-01-02 10:12:10
|
watchlist
|
Although no new WAF flags or threat requests, the associated ASN (AS3356) is blocklisted for widespread malicious activity including accessing suspicious paths ('akam/13/2f321ee0' in this case). Medium AI confidence suggests continued monitoring.
|
0.75
|
severity: Severity.medium
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 10:12:10
|
ignore
|
No current malicious activity detected, no WAF flags or security rule hits. All accessed paths appear benign. Despite previous medium AI confidence, current behavior does not warrant watchlist inclusion.
|
0.8500000238418579
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-01-02 06:51:56
|
watchlist
|
Accessed unusual 'akam' paths which can sometimes be associated with tracking or malicious activity, despite no direct WAF flags or detected threats yet. Warrants further monitoring.
|
0.30000001192092896
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 06:51:56
|
watchlist
|
Associated with ASN AS43357, which is blocklisted due to high percentage of threat requests and suspicious activity (including obfuscated paths and WAF alerts) from other IPs. This IP's current requests are benign but it warrants monitoring due to its ASN.
|
0.699999988079071
|
severity: Severity.medium
|
|
104.197.69.115
|
ip
|
2026-01-02 06:42:08
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and associated ASN AS396982 is already blocklisted for similar malicious activity, indicating active threat.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent malicious activity detected; no WAF flags, threat requests, or security rule hits observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
185.220.101.18
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent activity or malicious behavior detected.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.22
|
ip
|
2026-01-02 06:42:08
|
watchlist
|
Associated with ASN AS3356, which has multiple IPs blocklisted for suspicious activity. While this specific IP shows no direct malicious hits, its proximity to other threats from the same ASN warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
205.169.39.126
|
ip
|
2026-01-02 06:42:08
|
block
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and multiple alerts. Associated ASN AS3356 has multiple blocklisted IPs showing similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent malicious activity detected; no WAF flags, threat requests, or security rule hits observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-02 06:42:08
|
ignore
|
No recent malicious activity detected; no WAF flags, threat requests, or security rule hits observed.
|
0.8999999761581421
|
severity: Severity.low
|
|
AS3356
|
asn
|
2026-01-02 06:42:08
|
block
|
Multiple IPs within this ASN exhibit malicious behavior, including triggering critical WAF deny rules like 'IPBLOCK-BURST4-318403' and accessing suspicious paths, indicating persistent and widespread threat activity from this network.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-01-02 04:51:46
|
watchlist
|
Accessed obfuscated and suspicious paths (e.g., 'akam/13/a6b6d26', 'akam/13/pixel_a6b6d26'), indicating potential malicious probing.
|
0.699999988079071
|
severity: Severity.medium
|
|
35.79.222.149
|
ip
|
2026-01-02 01:31:44
|
block
|
IP 35.79.222.149 targeted highly sensitive configuration files (e.g., .env) with all requests flagged by WAF and triggered multiple critical deny rules including LFI-ANOMALY, IPBLOCK-BURST4, and BOT-BROWSER-IMPERSONATOR. Its associated ASN (AS16509) is already blocklisted for persistent malicious activity, with many other IPs from this ASN also blocklisted for identical severe behavior.
|
1.0
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-01 23:21:31
|
watchlist
|
New IP from ASN AS43357, which has a correlated IP (194.36.25.27) blocklisted for critical malicious probing and automated attacks. Current activity is clean but limited, requiring further monitoring.
|
0.6000000238418579
|
severity: Severity.medium
|
|
194.36.25.27
|
ip
|
2026-01-01 23:11:35
|
block
|
High percentage of detected threat requests (76.9%) including access to a highly obfuscated path, and triggered security alert '3900999', indicating persistent malicious probing or automated attacks.
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:fe00:1::a24e
|
ip
|
2026-01-01 23:11:35
|
ignore
|
No detected threat requests, no WAF flags, and all accessed paths appear legitimate. No signs of malicious behavior.
|
1.0
|
severity: Severity.low
|
|
141.98.11.189
|
ip
|
2026-01-01 22:01:23
|
block
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', which was flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
91.224.92.182
|
ip
|
2026-01-01 21:51:19
|
block
|
IP performed a WordPress brute-force attempt targeting 'wp-login.php', which was flagged by WAF and triggered security alert '3900998'. Its associated ASN (AS209605) is already blocklisted for similar critical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
35.215.69.228
|
ip
|
2026-01-01 10:30:51
|
block
|
IP belongs to blocklisted ASN AS15169, which is associated with threatening requests and burst attacks. This IP also accessed a highly obfuscated and suspicious path, indicating malicious probing.
|
0.949999988079071
|
severity: Severity.critical
|
|
161.118.250.104
|
ip
|
2026-01-01 08:50:41
|
block
|
Actively targeting sensitive WordPress admin and login paths, 100% of requests flagged by WAF with critical deny rules (IPBLOCK-BURST4, REP_1654544), and associated ASN AS31898 is already blocklisted for similar malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2607:9000:7000:35:198:44:133:150
|
ip
|
2025-12-31 17:29:53
|
block
|
Accessed a highly obfuscated and suspicious path ('nUgzRQGQiVNp_UhOzggZItsrtwk/uzV1bNt3t53Dz2V9JY/NncmY3J3Bw/FR/cfdjtBZG8'), strongly indicating malicious probing or attempted exploitation, consistent with other blocklisted entities showing similar behavior.
|
0.949999988079071
|
severity: Severity.critical
|
|
144.217.135.240
|
ip
|
2025-12-31 11:49:33
|
block
|
Very high percentage of detected threat requests (~88.9%), all accessed paths flagged by WAF, and its associated ASN (AS16276) is already blocklisted for persistent malicious activity. Consistent with other blocklisted entities showing similar behavior.
|
1.0
|
severity: Severity.critical
|
|
3%7e03c384726f922644
|
tls
|
2025-12-31 11:49:33
|
block
|
Very high percentage of detected threat requests (~87%), all accessed paths flagged by WAF, and triggered security alert '3991017', indicating highly malicious activity. This TLS fingerprint's behavior is consistent with other blocklisted entities from the same malicious campaign.
|
1.0
|
severity: Severity.critical
|
|
149.56.150.7
|
ip
|
2025-12-31 09:19:19
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering a security alert. Its associated ASN (AS16276) is already blocklisted for persistent malicious activity.
|
1.0
|
severity: Severity.critical
|
|
3%7e265cf3d41dd8d729
|
tls
|
2025-12-31 09:19:19
|
block
|
All requests (100%) associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering a security alert, indicating highly malicious activity.
|
1.0
|
severity: Severity.critical
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:38:47
|
watchlist
|
IP accessed a hostname (www.darcherif.fr) that is a frequent target for WordPress enumeration and attacks by multiple blocklisted entities, indicating potential reconnaissance despite no direct WAF flags.
|
0.6499999761581421
|
severity: Severity.medium
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:28:38
|
ignore
|
No suspicious activity detected. All 24 requests were legitimate, with no WAF flags, detected threat requests, or security rule hits. The entity or its ASN is not currently on the watchlist or blocklist.
|
0.8999999761581421
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:18:40
|
ignore
|
No malicious activity detected. All requests are legitimate for public WordPress resources, with no WAF flags or security rule hits.
|
1.0
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 18:08:40
|
ignore
|
No suspicious activity detected. All requests were for legitimate website resources, with no WAF flags, detected threat requests, or security rule hits.
|
1.0
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:58:33
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. All requests appear to be legitimate.
|
0.949999988079071
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:48:36
|
ignore
|
No detected malicious activity, WAF flags, or security rule hits. Observed traffic consists of normal website asset requests, indicating legitimate browsing behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:38:31
|
ignore
|
No malicious activity detected. Zero threat requests, no WAF flags, and no security rule hits. All accessed paths are legitimate WordPress files.
|
0.949999988079071
|
severity: Severity.low
|
|
2a02:6ea0:c71b:0:1011:6020:837e:f4b5
|
ip
|
2025-12-30 17:28:41
|
ignore
|
No malicious activity detected during analysis. All requests were for benign web assets, and no WAF flags or security alerts were triggered.
|
1.0
|
severity: Severity.low
|
|
152.32.192.241
|
ip
|
2025-12-30 16:18:31
|
block
|
Extremely high number of detected threat events (50) across all 9 requests, all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
185.220.101.18
|
ip
|
2025-12-30 16:18:31
|
watchlist
|
Previously flagged for probing sensitive admin paths ('index.php/author/admin3157/'). No new malicious activity detected since last review, but the original suspicious behavior warrants continued monitoring.
|
0.699999988079071
|
severity: Severity.medium
|
|
45.142.154.66
|
ip
|
2025-12-30 16:18:31
|
block
|
Extremely high number of detected threat events (29) across all 5 requests, all accessed paths flagged by WAF, and multiple critical security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating severe automated malicious probing and exploit attempts.
|
1.0
|
severity: Severity.critical
|
|
185.220.101.18
|
ip
|
2025-12-30 13:08:19
|
watchlist
|
Detected WordPress author enumeration attempt, a common reconnaissance technique, without triggering immediate WAF alerts or threat detections. Further monitoring is required.
|
0.699999988079071
|
severity: Severity.medium
|
|
185.220.101.18
|
ip
|
2025-12-30 12:58:19
|
ignore
|
No malicious activity (0 detected threat requests, no WAF flags, no security rule hits) observed since it was added to the watchlist.
|
0.8999999761581421
|
severity: Severity.low
|
|
217.113.194.106
|
ip
|
2025-12-30 12:58:19
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991020'. This IP belongs to ASN AS210743, which has other IPs blocklisted for identical malicious activity.
|
1.0
|
severity: Severity.critical
|
|
185.220.101.18
|
ip
|
2025-12-29 06:56:34
|
watchlist
|
IP accessed a suspicious WordPress author enumeration path ('index.php/author/admin3157/'), a common target for malicious reconnaissance, correlating with similar activity from other blocklisted IPs. While no direct WAF flags or threat requests were triggered yet, further monitoring is warranted.
|
0.699999988079071
|
severity: Severity.medium
|
|
74.7.241.140
|
ip
|
2025-12-28 22:16:07
|
block
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering security alert '3991023'. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|
|
74.7.175.135
|
ip
|
2025-12-28 21:35:59
|
block
|
All requests from this IP were detected as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity, with multiple other IPs from this ASN also blocklisted for identical behavior.
|
1.0
|
severity: Severity.critical
|