734
95.0%
47
IP: 47 TLS: 2 ASN: 1
| Entity | Type | Hostnames | Reason | Blocked At | AI Confidence | AI Details |
|---|---|---|---|---|---|---|
| 20.199.107.90 | IP | akamai.darcherif.fr | All 91 requests from this IP were flagged by WAF and denied by an IPBLOCK security rule, indicating highly malicious activity targeting suspicious PHP paths. | 2026-03-14 05:18:52 | 100.0% | Critical |
| 216.73.216.218 | IP | www.darcherif.fr | High proportion of detected threat requests (4 out of 6), access to suspicious obfuscated paths, and WAF alert for security rule 3991023 indicating potential RFI/LFI or command injection attempts. This IP is actively engaged in malicious activity. | 2026-03-14 03:58:36 | 95.0% | Critical |
| 4.205.16.4 | IP | akamai.darcherif.fr | All requests detected as threats, probing for common web shell locations and WordPress vulnerabilities. IP has triggered IPBLOCK deny rules, indicating previous malicious activity. | 2026-03-13 23:57:50 | 100.0% | Critical |
| 45.156.87.198 | IP | www.darcherif.fr | IP engaged in suspicious activity targeting wp-login.php, flagged by WAF, with 50% of requests detected as threats. | 2026-03-12 22:13:31 | 95.0% | Critical |
| 2.22.226.14 | IP | www.darcherif.fr | Entity shows a 'last_seen' timestamp in the future, indicating data integrity issues or a sophisticated attempt to evade detection, combined with access to a highly anomalous and obfuscated-looking path (RUug7/gyu/sD-F/cT/Nb_-bi/7bw3bJb9uwf56VXuwa/GSQqEQE/GmkhP/EYCbwwC) commonly associated with vulnerability scanning or exploitation attempts. | 2026-03-12 20:13:10 | 90.0% | Critical |
| 216.73.216.133 | IP | www.darcherif.fr | Observed highly suspicious and obfuscated path requests, 4 out of 6 requests detected as threats, and triggered security rule '3991023'. This indicates active malicious activity. | 2026-03-12 20:03:03 | 95.0% | Critical |
| 185.193.156.155 | IP | akamai.darcherif.fr | This IP address exhibits highly suspicious behavior, including numerous attempts to access WordPress enumeration paths ('wlwmanifest.xml'), a significantly high number of detected threat requests, and multiple WAF rule hits such as 'BOT-BROWSER-IMPERSONATOR' and 'IPBLOCK-BURST4-318403'. This indicates active malicious scanning and potential exploitation attempts. | 2026-03-12 17:32:34 | 95.0% | Critical |
| 47.128.16.18 | IP | www.darcherif.fr | All requests from this IP address were flagged by WAF and triggered security alerts (rule 3991023), indicating highly malicious activity targeting WordPress vulnerabilities. | 2026-03-12 10:31:23 | 95.0% | Critical |
| 124.198.132.28 | IP | www.darcherif.fr | All 19 requests from this IP address were flagged by WAF, hitting a deny rule (REP_1654538), and involved scanning common WordPress manifest files (wlwmanifest.xml). This indicates a highly confident malicious reconnaissance or attack attempt. | 2026-03-12 09:21:05 | 100.0% | Critical |
| 20.119.217.110 | IP | www.darcherif.fr | Multiple suspicious WordPress-related paths accessed, including potential web shell (sf.php), unauthorized admin access attempts (wp-admin.php, wp-content/edit.php, wp-admin/css/index.php), and anomalous file in content directory (wp-content/1.php). This indicates an active attempt to compromise or exploit a WordPress site. | 2026-03-12 09:10:55 | 90.0% | Critical |
| 74.7.227.173 | IP | www.darcherif.fr | This IP exhibits critical malicious activity with 30 out of 31 requests flagged as threats, multiple WAF rule hits, and access to highly suspicious, obfuscated paths. | 2026-03-12 07:10:26 | 98.0% | Critical |
| 45.156.87.11 | IP | www.darcherif.fr | Observed high number of threat requests (34 out of 37 total) targeting 'wp-login.php' and flagged by WAF, strongly indicating brute-force or credential stuffing attacks. | 2026-03-12 06:40:15 | 95.0% | Critical |
| 159.54.151.59 | IP | www.darcherif.fr | This IP address has engaged in suspicious activity, targeting wp-login.php with multiple detected threat requests and triggering a security alert rule. | 2026-03-11 18:07:48 | 95.0% | Critical |
| 91.132.139.11 | IP | www.darcherif.fr | Accessed and flagged '.env' file, indicating potential sensitive information disclosure or configuration exposure attempt. WAF also denied requests due to LFI-ANOMALY rule, indicating a critical vulnerability exploit attempt. | 2026-03-11 13:56:58 | 98.0% | Critical |
| 2001:4878:a216:3000:7d60:d1f2:13b7:4d95 | IP | www.darcherif.fr | Exhibited critical malicious behavior with 18 out of 19 requests detected as threats, multiple WAF flags on accessed paths, and triggered a security alert while accessing a highly obfuscated malicious path. | 2026-03-11 10:56:19 | 95.0% | Critical |
| 76.186.108.43 | IP | akamai.darcherif.fr | Multiple detected threat requests, WAF flags, and a security rule deny hit (IPBLOCK-BURST4-318403) indicating a burst attack or malicious activity. | 2026-03-11 00:14:29 | 98.0% | Critical |
| 158.158.32.105 | IP | akamai.darcherif.fr | All requests flagged by WAF, accessing highly suspicious PHP files (e.g., webshells), and already subject to an IPBLOCK security rule. This indicates severe malicious activity. | 2026-03-10 18:13:03 | 99.0% | Critical |
| 207.46.13.9 | IP | www.darcherif.fr | All 7 requests made by this IP were flagged by WAF with security rule '3991006', indicating malicious activity or a web attack. | 2026-03-10 15:12:20 | 90.0% | Medium |
| 2600:1f28:365:80b0:ac56:4a:ab84:dcd6 | IP | www.darcherif.fr | All 18 requests from this IP were flagged by WAF with security rule '3991023', indicating suspicious bot activity despite accessing seemingly legitimate content paths. This suggests an aggressive or malicious bot. | 2026-03-10 15:12:20 | 90.0% | Medium |
| 216.73.216.6 | IP | www.darcherif.fr | A very high percentage (4 out of 5) of requests were detected as threats. The presence of a highly suspicious, obfuscated-looking path 'ATNFpI/99R4/SoOp/SSYb/...' and WAF alerts for bot activity (rule 3991023) points to a targeted malicious probe. | 2026-03-10 15:12:20 | 98.0% | Critical |
| 3%7e462712aa36a1f7a1 | TLS | www.darcherif.fr | This TLS entity is strongly associated with an IP address (2600:1f28:365:80b0:ac56:4a:ab84:dcd6) that exhibited 100% threat requests and triggered WAF alerts for suspicious bot activity (rule 3991023). | 2026-03-10 15:12:20 | 90.0% | Medium |
| 52.167.144.209 | IP | www.darcherif.fr | High percentage of threat requests (6 out of 7) and access to a highly suspicious, obfuscated-looking path 'ATNFpI/99R4/SoOp/SSYb/...' flagged by WAF with rule '3991006'. This suggests targeted malicious activity. | 2026-03-10 15:12:20 | 98.0% | Critical |
| 165.22.210.209 | IP | akamai.darcherif.fr | High number of detected threat requests (155) and all requests targeting WordPress manifest files (wlwmanifest.xml), combined with WAF alerts including BOT-BROWSER-IMPERSONATOR. This indicates a highly malicious automated attack or reconnaissance attempt. | 2026-03-10 15:12:20 | 98.0% | Critical |
| 74.125.209.129 | IP | www.darcherif.fr | All 100% of requests triggered WAF alerts (rule 3991005), indicating malicious activity. | 2026-03-10 10:10:37 | 95.0% | Critical |
| 64.233.172.197 | IP | www.darcherif.fr | High percentage of requests (81.8%) flagged by WAF and access to a highly suspicious, obfuscated path. | 2026-03-10 10:10:37 | 90.0% | Critical |
| 64.233.172.196 | IP | www.darcherif.fr | All 100% of requests triggered WAF alerts (rule 3991005), indicating malicious activity. | 2026-03-10 10:10:37 | 95.0% | Critical |
| 3%7ebf5f8b11f93240e2 | TLS | www.darcherif.fr | High percentage of requests (87.7%) flagged by WAF and access to a highly suspicious, obfuscated path. | 2026-03-10 10:10:37 | 95.0% | Critical |
| 74.125.209.137 | IP | www.darcherif.fr | High percentage of requests (80%) flagged by WAF and access to a highly suspicious, obfuscated path. | 2026-03-10 10:10:37 | 90.0% | Critical |
| 89.187.187.72 | IP | akamai.darcherif.fr | This IP is highly suspicious: it has a high number of detected threat requests (119), triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and was denied by WAF for burst activity (IPBLOCK-BURST4-318403) while scanning for WordPress manifest files. | 2026-03-10 07:48:06 | 99.0% | Critical |
| 45.94.31.197 | IP | akamai.darcherif.fr | This IP is actively engaging in WordPress enumeration attempts by repeatedly accessing 'wlwmanifest.xml' paths across various directories. It has triggered multiple WAF alerts, including bot impersonation, and has been subject to IP blocking due to suspicious activity bursts. | 2026-03-10 07:07:17 | 95.0% | Critical |
| 138.201.83.102 | IP | www.darcherif.fr | Access to 'wp-login.php' endpoint is highly suspicious and often indicates brute-force attempts or credential stuffing. Even with low requests, this specific access pattern is a common attack vector. | 2026-03-10 04:26:42 | 80.0% | Critical |
| 20.219.138.200 | IP | www.darcherif.fr | Accessing highly suspicious paths indicative of scanning, backdoor attempts, and vulnerability probing (e.g., info.php, db.php, upload.php, sx.php, htaccess.php, admin directories, wp-content/themes/haha.php). | 2026-03-10 01:15:57 | 95.0% | Critical |
| 205.220.242.185 | IP | akamai.darcherif.fr | Multiple WAF deny hits (IPBLOCK-BURST4-318403) and a high proportion (10 out of 21) of detected threat requests. | 2026-03-10 01:15:57 | 99.0% | Critical |
| 47.128.121.167 | IP | www.darcherif.fr | All requests (9/9) were flagged by WAF, detected as threats, and triggered a security rule (3991023). | 2026-03-09 17:54:23 | 100.0% | Critical |
| 35.227.64.178 | IP | akamai.darcherif.fr | Extensive scanning for wlwmanifest.xml across multiple directories, high number of detected threat requests (135), multiple WAF alerts including 'BOT-BROWSER-IMPERSONATOR', and a WAF deny rule hit. | 2026-03-09 16:44:03 | 100.0% | Critical |
| 216.73.216.158 | IP | www.darcherif.fr | High number of detected threat requests (4 out of 5), WAF alert for security rule 3991023, and access to highly suspicious, non-standard paths. | 2026-03-09 16:44:03 | 95.0% | Critical |
| 205.169.39.104 | IP | - | Multiple detected threat requests and security rule alerts, alongside WAF flagged paths, indicate active malicious activity. | 2026-03-09 07:19:20 | 90.0% | Critical |
| 20.211.123.94 | IP | www.darcherif.fr | Accessed highly suspicious paths indicative of web shell uploads, backdoors, or crypto mining attempts (xmr.php, upload.php, cgi-bin/). | 2026-03-09 07:09:11 | 90.0% | Critical |
| 169.150.203.237 | IP | akamai.darcherif.fr | High volume of detected threat requests, repeated attempts to access WordPress manifest files, WAF denial rules hit, and bot impersonation detected. | 2026-03-09 07:09:11 | 95.0% | Critical |
| 73.128.201.25 | IP | akamai.darcherif.fr | Detected 7 threat requests out of 19 total, triggered multiple WAF flags, and was denied by an 'IPBLOCK-BURST4' security rule indicating suspicious activity or an attempted attack. | 2026-03-09 04:18:34 | 95.0% | Critical |
| 74.7.227.25 | IP | www.darcherif.fr | High number of WAF alerts (19 out of 20 requests) with rule '3991023' hit, indicating potential malicious scanning or attempted exploitation. | 2026-03-09 00:37:47 | 95.0% | Critical |
| 153.33.99.33 | IP | www.darcherif.fr | WAF flagged a path ('akam/13/5602dcb8') and security rule '3900999' was alerted, indicating potential malicious activity. | 2026-03-08 21:37:04 | 95.0% | Critical |
| 91.92.242.199 | IP | www.darcherif.fr | Repeated attempts to access 'wp-login.php', high number of detected threat requests (9/13), and WAF flagging with a security alert, strongly indicating a brute-force or credential stuffing attack. | 2026-03-08 19:26:00 | 95.0% | Critical |
| 2604:a880:0:202a::ee37:a000 | IP | akamai.darcherif.fr akamai.darcherif.fr:80 akamai.darcherif.fr:443 | Multiple WAF alerts including 'BOT-BROWSER-IMPERSONATOR' rule hit, 25% detected threat requests, and all accessed paths flagged by WAF. Strong indicators of malicious bot activity. | 2026-03-08 11:33:41 | 98.0% | Critical |
| 20.214.142.73 | IP | www.darcherif.fr | Attempted access to multiple highly suspicious paths indicative of webshells, cryptocurrency miners (xmr.php), and unauthorized file uploads like bolt.php and upload.php. This behavior strongly suggests compromise attempts or active malicious activity. | 2026-03-08 05:29:44 | 95.0% | Critical |
| 54.145.16.22 | IP | akamai.darcherif.fr | All 5 requests from this IP were detected as threats and explicitly denied by an IPBLOCK security rule. | 2026-03-07 21:55:50 | 95.0% | Critical |
| 192.109.200.92 | IP | www.darcherif.fr | Multiple detected threat requests targeting wp-login.php and flagged by WAF with a security rule hit (3900998), indicating a brute-force or credential stuffing attack. | 2026-03-07 09:33:44 | 95.0% | Critical |
| 13.75.194.66 | IP | www.darcherif.fr | Actively probing for web shells, admin interfaces, and potentially crypto miners with multiple suspicious path accesses (e.g., xmr.php, upload.php, bolt.php). | 2026-03-07 09:33:44 | 90.0% | Critical |
| AS198953 | ASN | www.darcherif.fr | Suspicious activity detected from AS198953 including WAF flags on xmlrpc.php, multiple detected threat requests, and a 'PLATFORM-ANOMALY' security rule hit from a high-risk geographical location (RU). | 2026-03-07 08:23:27 | 90.0% | Critical |
| 45.153.34.154 | IP | akamai.darcherif.fr www.darcherif.fr | Multiple severe security rule hits including a 'CMD-INJECTION-ANOMALY' deny action, 'BOT-BROWSER-IMPERSONATOR' alert, and access to sensitive '.git/config' path. This indicates active, high-severity attack attempts. | 2026-03-07 01:52:23 | 98.0% | Critical |