|
205.169.39.5
|
ip
|
2026-03-03 08:02:12
|
watchlist
|
Associated with domain darcherif.fr, which is linked to another IP (172.59.155.234) exhibiting confirmed malicious activity and is on the watchlist with medium severity. Further monitoring required.
|
0.800000011920929
|
severity: Severity.medium
|
|
172.59.155.234
|
ip
|
2026-03-03 06:11:41
|
watchlist
|
Single WAF alert (rule 3910006) for a suspicious path 'akam/13/pixel_d6b97e' and one detected threat request. Further monitoring is required.
|
0.6000000238418579
|
severity: Severity.medium
|
|
205.169.39.5
|
ip
|
2026-03-03 06:11:41
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All accessed paths are legitimate for a WordPress site.
|
0.8999999761581421
|
severity: Severity.low
|
|
74.7.243.214
|
ip
|
2026-03-03 06:11:41
|
block
|
Extremely high ratio of detected threat requests (13 out of 14), multiple WAF flags, and access to highly suspicious, obfuscated paths indicating potential exploitation attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
158.158.41.149
|
ip
|
2026-03-03 03:51:07
|
block
|
All 115 requests from this IP address were detected as threats, accessing suspicious PHP files commonly associated with web shell activities or malicious scripts. The WAF flagged all accessed paths, and a security rule already triggered an IPBLOCK.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-03 03:51:07
|
ignore
|
This IP address has made 27 requests, none of which were detected as threats or flagged by the WAF. The accessed paths correspond to legitimate WordPress theme, plugin, and media files. There are no security rule hits indicating malicious activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 23:00:13
|
ignore
|
IP accessing common WordPress paths on 'www.darcherif.fr'. No detected threats, WAF flags, or security rule hits. Activity appears benign and consistent with normal website interaction.
|
0.8999999761581421
|
severity: Severity.low
|
|
13.71.189.74
|
ip
|
2026-03-02 19:19:26
|
block
|
Repeated attempts to access known web shell paths and vulnerable plugin files. All requests (100%) were detected as threats, flagged by WAF, and the IP was previously denied by an IPBLOCK rule.
|
0.9800000190734863
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-02 19:19:26
|
ignore
|
All requests are for standard WordPress assets (CSS, JS, images). No detected threats, WAF flags, or security rule hits. Entity appears benign.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 15:58:40
|
ignore
|
No malicious activity detected. IP associated with a legitimate ISP (AS3356 - Lumen Technologies) and accessing common WordPress paths for www.darcherif.fr without triggering any security alerts or WAF flags. Appears to be benign web traffic or a search engine crawler.
|
1.0
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 15:28:31
|
ignore
|
No malicious activity detected. All accessed paths are standard WordPress files, and there are no WAF flags, detected threat requests, or security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 15:18:25
|
ignore
|
No malicious activity detected. The IP accessed standard WordPress paths, had no WAF flags, no detected threat requests, and no security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 15:08:17
|
ignore
|
No detected threats, WAF flags, or security rule hits. Accessed paths are typical for a legitimate WordPress website, and the IP is associated with a major ISP. No malicious activity observed.
|
0.949999988079071
|
severity: Severity.low
|
|
20.220.211.108
|
ip
|
2026-03-02 14:58:10
|
block
|
Accessed multiple suspicious paths commonly associated with vulnerability scanning or exploitation attempts on a WordPress site (e.g., classwithtostring.php, wp-content/1.php, sf.php).
|
0.8999999761581421
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-02 14:58:10
|
ignore
|
No malicious activity detected; accessed paths are benign WordPress theme and plugin assets. No WAF flags or security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 12:07:39
|
watchlist
|
Entity exhibits an anomalous 'last_seen' timestamp in the future (2026-03-02), suggesting a potential data integrity issue or system misconfiguration. While no immediate malicious activity was detected, this anomaly warrants further investigation.
|
0.699999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 11:57:30
|
ignore
|
IP accessed standard WordPress paths; no WAF flags, detected threat requests, or security rule hits observed. Activity appears benign.
|
1.0
|
severity: Severity.low
|
|
20.104.206.150
|
ip
|
2026-03-02 11:47:24
|
block
|
All 41 requests were detected as threats, all accessed paths were flagged by WAF, and the IP hit a security 'IPBLOCK' deny rule. Paths accessed are indicative of WordPress exploitation attempts.
|
1.0
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-02 11:47:24
|
ignore
|
This IP shows no detected threat requests, no WAF flags, and no security rule hits. All requests appear to be benign traffic accessing standard WordPress theme and content files, contradicting its presence on the watchlist.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 11:07:14
|
watchlist
|
Anomalous 'last_seen' timestamp in the future (2026-03-02T05:23:11) warrants further monitoring, despite no direct threat indicators. The discrepancy between US IP geolocation and French hostname (www.darcherif.fr) is also noted.
|
0.4000000059604645
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 10:57:04
|
ignore
|
Analysis shows no suspicious activity. All accessed paths are typical WordPress files, with no WAF flags, no detected threat requests, and no security rule hits. The entity appears to be a legitimate user or bot accessing a website.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 10:46:59
|
ignore
|
No evidence of malicious activity detected. All accessed paths are standard WordPress static assets or theme files. No WAF flags, security rule hits, or detected threats. Total requests are low.
|
0.8999999761581421
|
severity: Severity.low
|
|
2.58.56.62
|
ip
|
2026-03-02 10:36:52
|
block
|
This IP is identified as a bot impersonator actively scanning for WordPress vulnerabilities (wlwmanifest.xml). It has a high percentage of threat-detected requests (14 out of 31) and was previously denied by an IP block rule (IPBLOCK-BURST4-318403).
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-02 10:36:52
|
ignore
|
This IP shows no evidence of malicious activity. All accessed paths are legitimate WordPress theme and plugin assets, and there were no WAF flags, detected threat requests, or security rule hits. The entity was only seen once.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 09:26:33
|
watchlist
|
Suspicious future 'last_seen' timestamp and geolocation mismatch (US IP for French hostname 'www.darcherif.fr'). No direct malicious activity detected, but warrants further monitoring for unusual behavior.
|
0.6000000238418579
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 09:16:23
|
ignore
|
Analysis shows no indicators of compromise or malicious activity. All accessed paths correspond to legitimate WordPress assets, and there were no WAF flags, security rule hits, or detected threats. The IP appears to be a normal visitor.
|
1.0
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 09:06:17
|
ignore
|
No malicious activity detected. IP accessed common WordPress resources without triggering WAF flags or security rules, and has no recorded threat requests. Low total requests.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 08:56:09
|
ignore
|
No suspicious activity detected; accessed common WordPress paths without triggering security rules or WAF. Entity appears benign.
|
0.8999999761581421
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 08:46:03
|
ignore
|
No malicious activity detected. All accessed paths are consistent with normal WordPress website browsing, and there were no WAF flags or security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 08:35:57
|
ignore
|
The IP accessed common WordPress assets; no security rule hits, WAF flags, or detected threats were observed. Total requests are low and typical for a legitimate website visitor. No indicators of compromise found.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 08:25:44
|
ignore
|
Entity exhibits no indicators of compromise, suspicious activity, WAF flags, or security rule hits. Observed traffic involves standard WordPress file access.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 08:15:35
|
ignore
|
No detected malicious activity. The IP accessed standard WordPress paths on a legitimate domain, with no WAF flags, no detected threat requests, and no security rule hits.
|
1.0
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 08:05:30
|
ignore
|
Analysis shows standard WordPress activity accessing common paths. No detected threat requests, WAF flags, or security rule hits. The associated hostname points to a legitimate personal website. No indicators of compromise or malicious behavior were observed.
|
0.949999988079071
|
severity: Severity.low
|
|
205.169.39.5
|
ip
|
2026-03-02 07:45:20
|
ignore
|
No detected threat requests, no WAF flags, and no security rule hits. Observed activity is consistent with normal website browsing of a WordPress site.
|
0.8999999761581421
|
severity: Severity.low
|
|
75.245.42.183
|
ip
|
2026-03-02 07:45:20
|
block
|
Multiple WAF flags on accessed paths, 6 out of 19 requests detected as threats, and triggered an IPBLOCK-BURST4 security rule indicating automated malicious activity or scanning attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
205.169.39.5
|
ip
|
2026-03-02 05:34:51
|
ignore
|
No suspicious activity, WAF flags, or security alerts detected. Appears to be a legitimate visitor accessing standard content.
|
0.8999999761581421
|
severity: Severity.low
|
|
45.156.87.52
|
ip
|
2026-03-02 05:34:51
|
block
|
Accessing sensitive WordPress paths like '/wp-json/wp/v2/users' and '/wp-login.php' suggests user enumeration and brute-force attempts.
|
0.8500000238418579
|
severity: Severity.critical
|
|
34.118.53.115
|
ip
|
2026-03-02 05:34:51
|
block
|
WAF flagged path 'akam/13/pixel_45aa0933' and triggered security alert 3910002. Detected 1 threat request.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-03-02 01:04:01
|
ignore
|
No malicious activity, threat requests, WAF flags, or security rule hits detected. Entity appears benign.
|
1.0
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 21:03:04
|
ignore
|
No suspicious activity detected. Low request count and paths accessed appear to be normal website browsing or analytics. No WAF flags or security rule hits reported.
|
0.8999999761581421
|
severity: Severity.low
|
|
20.219.132.149
|
ip
|
2026-03-01 21:03:04
|
block
|
This IP is actively accessing multiple highly suspicious PHP file names and WordPress-related paths commonly associated with web shells, backdoors, or vulnerability scanning attempts (e.g., 'ms.php', 'wp-access.php', 'yas.php', 'vx.php'). This pattern indicates potential malicious activity despite no explicit WAF flags.
|
0.8500000238418579
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-03-01 19:02:33
|
ignore
|
No malicious activity detected. This IP address shows no threat requests, WAF flags, or security rule hits. It appears to be a legitimate web server for www.darcherif.fr.
|
1.0
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 17:42:15
|
ignore
|
No malicious activity detected. Analysis shows a low volume of benign requests to a legitimate website with no WAF flags or security rule hits.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 17:12:07
|
ignore
|
This IP address shows no signs of malicious activity. Its requests are for legitimate WordPress categories and Akamai tracking pixels, with zero detected threat requests and no WAF flags.
|
0.8999999761581421
|
severity: Severity.low
|
|
104.28.246.113
|
ip
|
2026-03-01 17:12:07
|
block
|
This IP address is associated with highly suspicious activity, including requests to common web shell paths and 100% detected threat requests. WAF rules actively denied its traffic.
|
1.0
|
severity: Severity.critical
|
|
2a09:bac5:952b:1cd2::2df:73
|
ip
|
2026-03-01 17:12:07
|
block
|
This IPv6 address exhibits highly malicious behavior, accessing numerous suspicious PHP paths indicative of web shell activity or exploitation attempts. All requests were flagged as threats and actively denied by WAF rules, suggesting an ongoing attack, likely from the same source as 104.28.246.113.
|
1.0
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-03-01 16:11:49
|
ignore
|
No malicious activity detected. Entity shows zero detected threat requests, no flagged paths by WAF, and no security rule hits. The accessed paths and hostnames appear benign.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 16:01:37
|
ignore
|
Analysis indicates no malicious activity: 0 detected threat requests, no WAF flags, and no security rule hits. Entity appears benign.
|
1.0
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 15:51:29
|
ignore
|
No suspicious activity detected for this IP address. It has no WAF flags, security rule hits, or detected threat requests. The accessed paths suggest benign web browsing activity on a public-facing website. Although not explicitly on the watchlist, this action signifies it poses no current threat.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 15:41:18
|
ignore
|
No malicious activity detected since being added to the watchlist; zero requests, threat requests, and security rule hits observed.
|
0.800000011920929
|
severity: Severity.low
|