|
135.181.246.140
|
ip
|
2026-03-01 15:41:18
|
ignore
|
No malicious activity detected since being added to the watchlist; zero requests, threat requests, and security rule hits observed.
|
0.800000011920929
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 11:00:29
|
watchlist
|
This IP shares the hostname 'www.darcherif.fr' with a newly identified critical threat (40.85.219.62) that is actively performing malicious activities. Further investigation is warranted to understand the correlation.
|
0.75
|
severity: Severity.medium
|
|
40.85.219.62
|
ip
|
2026-03-01 11:00:29
|
block
|
Accessed multiple suspicious web application paths (e.g., PHP backdoors, WordPress exploit attempts) on www.darcherif.fr, indicating potential reconnaissance or compromise attempts.
|
0.8999999761581421
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-03-01 10:40:21
|
watchlist
|
Anomalous future timestamp ('last_seen': 2026-02-27T22:40:24) identified. This could indicate a data integrity issue or a sophisticated attempt to evade detection, warranting further monitoring despite the absence of other direct threat indicators.
|
0.699999988079071
|
severity: Severity.medium
|
|
135.181.246.140
|
ip
|
2026-03-01 10:30:06
|
ignore
|
No malicious activity detected. All security indicators are clean (no WAF flags, no detected threat requests, no security rule hits). Activity consists of low volume legitimate-looking web requests.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 10:19:59
|
ignore
|
No malicious indicators found. Entity appears benign and is not currently in the watchlist. WAF logs, detected threat requests, and security rule hits are all clear. The associated hostname `www.darcherif.fr` suggests a legitimate website. Therefore, no action is required to add or keep this entity in the watchlist.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 10:09:47
|
ignore
|
Analysis shows no detected threat requests, WAF flags, or security rule hits. Observed activity (low request count, common paths, legitimate hostname) appears benign. No indicators of compromise found.
|
1.0
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 09:59:38
|
ignore
|
No suspicious activity detected, zero threat requests, and no WAF flags. The entity exhibits low request volume to a hostname associated with a legitimate website. It does not warrant further monitoring at this time.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 09:49:31
|
ignore
|
No suspicious activity detected, no security rule hits, and zero detected threat requests. The accessed paths and hostnames appear benign.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 09:39:23
|
ignore
|
No detected threat requests, WAF flags, or security rule hits. All observed activity appears benign.
|
1.0
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 09:29:15
|
ignore
|
No suspicious activity detected. The IP shows no WAF flags, no security rule hits, and no detected threat requests. Activity appears to be benign web browsing.
|
1.0
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 09:19:07
|
ignore
|
No malicious activity detected. The entity shows a low number of requests (5), no WAF flags, and no security rule hits. Associated hostname 'www.darcherif.fr' appears to be a legitimate website, and the ASN belongs to a common hosting provider without specific threat indicators in this context.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 09:08:56
|
ignore
|
No malicious activity detected; zero threat requests, WAF flags, or security rule hits. Low volume of benign requests observed across standard paths.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 08:58:45
|
ignore
|
No suspicious activity detected. The IP address shows normal web traffic, no WAF flags, no detected threat requests, and no security rule hits.
|
0.9800000190734863
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 08:48:38
|
ignore
|
No malicious activity detected, zero threat requests, no WAF flags, and no security rule hits. Observed traffic patterns are consistent with normal web browsing.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 08:38:31
|
ignore
|
Entity exhibits no malicious activity. No WAF flags, security rule hits, or detected threat requests were observed. Accessed paths appear consistent with benign web browsing.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 08:28:23
|
ignore
|
Analysis shows no detected threat requests, no WAF flags, and no security rule hits. All observed activity, including accessed paths and hostnames, appears legitimate and non-malicious. This entity is deemed benign.
|
0.9800000190734863
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 08:18:11
|
ignore
|
No security rule hits, WAF flags, or detected threats. Low request volume (5) to a seemingly legitimate website. Akamai-related paths are likely benign CDN/tracking elements.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 08:07:54
|
ignore
|
No malicious activity detected: zero WAF flags, zero threat requests, and no security rule hits over a low number of total requests. Appears to be benign traffic.
|
0.8999999761581421
|
severity: Severity.low
|
|
169.150.203.202
|
ip
|
2026-03-01 08:07:54
|
block
|
Highly malicious activity detected: numerous WAF flags for WordPress enumeration attempts ('wlwmanifest.xml'), a very high number of detected threat requests (102 vs 31 total requests), multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and a 'deny' rule hit ('IPBLOCK-BURST4-318403'). This indicates a sophisticated automated attack or bot activity.
|
0.9800000190734863
|
severity: Severity.critical
|
|
45.141.233.210
|
ip
|
2026-03-01 08:07:54
|
block
|
Suspicious activity detected: attempted access to 'wp-login.php' which was flagged by WAF, a high proportion of threat requests (4 out of 7 total), and a security alert hit. This pattern suggests an attempted brute-force or credential stuffing attack.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-03-01 05:57:17
|
ignore
|
No malicious activity detected, zero threat requests, no WAF flags, and no security rule hits. The IP hosts a legitimate website and shows no signs of compromise or malicious intent.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-03-01 05:47:09
|
ignore
|
No threat requests detected (0 out of 5 total requests), no paths flagged by WAF, and no security rule hits. The accessed paths appear benign and consistent with normal website browsing. Existing AI confidence and severity are low.
|
0.8999999761581421
|
severity: Severity.low
|
|
20.151.2.242
|
ip
|
2026-03-01 05:47:09
|
block
|
All 143 requests detected as threats, accessing highly suspicious PHP files indicative of webshells or malicious scripts, and previously denied by an IPBLOCK security rule. This indicates active, severe malicious intent.
|
0.9800000190734863
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-03-01 02:26:33
|
watchlist
|
No direct threats detected, but accessed paths include generic Akamai-related resources which can sometimes be associated with bot activity. Further monitoring is warranted.
|
0.5
|
severity: Severity.low
|
|
144.217.135.151
|
ip
|
2026-03-01 01:16:18
|
block
|
All requests (19/19) were flagged by WAF and detected as threats (rule 3991017), indicating highly malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
144.217.135.195
|
ip
|
2026-03-01 01:16:18
|
block
|
A high percentage of requests (24/27) were flagged by WAF and detected as threats (rule 3991017), including access to suspicious obfuscated paths.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-03-01 01:16:18
|
ignore
|
No detected threat requests or security rule hits observed, indicating benign activity.
|
0.8999999761581421
|
severity: Severity.low
|
|
216.73.216.189
|
ip
|
2026-03-01 01:16:18
|
block
|
A significant portion of requests (4/6) were detected as threats by WAF (rule 3991023) and involved access to highly suspicious obfuscated paths.
|
0.8999999761581421
|
severity: Severity.critical
|
|
74.7.244.27
|
ip
|
2026-03-01 01:16:18
|
block
|
All requests (5/5) were flagged by WAF and detected as threats (rule 3991023), indicating highly malicious activity.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-28 21:35:30
|
ignore
|
Analysis shows no suspicious activity: 0 detected threat requests, no WAF flags, and no security rule hits. The hostname 'www.darcherif.fr' appears legitimate, and paths accessed are consistent with normal website browsing or tracking. The low request count (5) also suggests no unusual activity.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 20:55:12
|
ignore
|
No new suspicious activity detected. All 5 requests had 0 detected threats, and no WAF rules were triggered. The initial watchlist entry seems to be a false positive or the threat has subsided.
|
0.800000011920929
|
severity: Severity.low
|
|
45.156.129.176
|
ip
|
2026-02-28 20:55:12
|
block
|
All 8 requests triggered WAF alerts, targeting sensitive paths like cgi-bin, console, and solr. This indicates malicious scanning or exploitation attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
45.156.129.177
|
ip
|
2026-02-28 20:55:12
|
block
|
All 7 requests triggered WAF alerts, targeting common exploitation paths like wp-json, solr, and cgi-bin. This suggests aggressive scanning or attack attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
45.156.129.178
|
ip
|
2026-02-28 20:55:12
|
block
|
All 9 requests triggered WAF alerts, indicating malicious activity targeting system files and login interfaces. This points to reconnaissance and potential brute-force attempts.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-28 19:34:53
|
watchlist
|
Although no direct malicious activity (threat requests, WAF flags, security rule hits) was observed, the 'last_seen' timestamp of '2026-02-27T22:40:24' is in the future, indicating a potential data anomaly that warrants further investigation into the data source.
|
0.699999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 19:24:37
|
ignore
|
No malicious activity detected. All requests appear legitimate, with no WAF flags, detected threat requests, or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 19:14:31
|
ignore
|
No detected threats, WAF flags, or security rule hits. Low total requests and clean paths accessed.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 19:04:25
|
ignore
|
IP shows no detected threats, WAF flags, or security rule hits. Activity appears to be benign web traffic accessing standard website paths and CDN resources. Although not currently in the watchlist, analysis confirms it is not suspicious and does not warrant monitoring.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 18:54:10
|
ignore
|
No suspicious activity, WAF flags, or security rule hits detected. Entity exhibits benign browsing behavior (low requests, common paths, legitimate hostname). There is no indication of malicious intent or compromise, therefore it does not warrant inclusion on a watchlist.
|
0.9800000190734863
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 18:43:59
|
ignore
|
No suspicious activity detected; accessed paths appear legitimate, no WAF flags or security rule hits.
|
0.8999999761581421
|
severity: Severity.low
|
|
64.89.163.10
|
ip
|
2026-02-28 18:43:59
|
block
|
Repeated attempts to access non-standard PHP files (e.g., 'txets.php', 'schallfuns.php') in WordPress core directories, indicative of web shell access attempts or vulnerability scanning.
|
0.949999988079071
|
severity: Severity.critical
|
|
135.181.246.140
|
ip
|
2026-02-28 18:33:51
|
ignore
|
No detected threats, WAF flags, or security rule hits. Accessed paths are benign and related to a legitimate website. Entity exhibits no malicious behavior.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 18:23:44
|
ignore
|
No suspicious activity or threat indicators detected. The IP accessed standard web paths of a legitimate domain, and no WAF flags or security rule hits were recorded.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 18:13:35
|
ignore
|
No malicious activity detected. The IP shows no WAF flags, no detected threat requests, and no security rule hits. Accessed paths appear benign, and the hostname 'www.darcherif.fr' seems legitimate.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 18:03:27
|
ignore
|
No security rule hits, WAF flags, or detected threat requests. Entity's activity appears benign with low request volume.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 17:53:18
|
ignore
|
No suspicious activity detected: low request count, no WAF flags, no security rule hits, and access to standard website paths. Entity appears benign.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 17:43:07
|
ignore
|
No malicious activity detected. All security indicators, including WAF flags, detected threat requests, and security rule hits, are clear. Accessed hostnames and paths appear benign.
|
0.949999988079071
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 17:32:57
|
ignore
|
No malicious activity detected, no WAF flags, and no security rule hits. Low request count to legitimate-looking paths.
|
0.8999999761581421
|
severity: Severity.low
|
|
135.181.246.140
|
ip
|
2026-02-28 17:22:51
|
ignore
|
No malicious activity detected. All accessed paths are benign, no WAF flags, detected threat requests, or security rule hits. The IP resolves to a legitimate domain.
|
1.0
|
severity: Severity.low
|