753
98.0%
49
ASN: 8 IP: 28 TLS: 14
| Entity | Type | Hostnames | Reason | Blocked At | AI Confidence | AI Details |
|---|---|---|---|---|---|---|
| AS14061 | ASN | akamai.darcherif.fr | All requests from IPs associated with this ASN were flagged by WAF, extensively probing sensitive configurations and known exploit paths (including LFI and Jira exploits), and consistently triggered critical 'LFI-ANOMALY' deny rules. This ASN is confirmed to be highly malicious and is already in the blocklist. | 2025-12-12 00:08:31 | 100.0% | Critical |
| 147.182.149.75 | IP | akamai.darcherif.fr | All requests were flagged by WAF, targeting sensitive files (.git/config, .env, config.json) and known exploit paths (LFI, Jira exploit), and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity. | 2025-12-12 00:08:31 | 100.0% | Critical |
| 159.89.174.87 | IP | akamai.darcherif.fr | All requests were flagged by WAF, targeting sensitive files (.env, api-docs/swagger.json, .vscode/sftp.json) and common admin/info paths, and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity. | 2025-12-12 00:08:31 | 100.0% | Critical |
| 3%7ebb4be091c5dc4153 | TLS | akamai.darcherif.fr | All requests associated with this TLS fingerprint were flagged by WAF, targeting sensitive files (.DS_Store, .env, .git/config) and common admin/info paths, and triggered a critical 'LFI-ANOMALY' deny rule. This fingerprint is indicative of a highly malicious client. | 2025-12-12 00:08:31 | 100.0% | Critical |
| 167.71.81.114 | IP | akamai.darcherif.fr | All requests were flagged by WAF, targeting sensitive endpoints (actuator/env, api/swagger.json, .env, .vscode/sftp.json) and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity. | 2025-12-12 00:08:31 | 100.0% | Critical |
| 159.89.12.166 | IP | akamai.darcherif.fr | All requests were flagged by WAF, targeting sensitive files (.git/config, .env, .vscode/sftp.json) and known exploit paths (LFI, Jira exploit), and triggered a critical 'LFI-ANOMALY' deny rule. Its associated ASN (AS14061) is already blocklisted for persistent malicious activity. | 2025-12-12 00:08:31 | 100.0% | Critical |
| 40.83.76.149 | IP | akamai.darcherif.fr | All requests (100%) from this IP were flagged by WAF, accessing suspicious PHP files, and triggered an 'IPBLOCK' deny rule. Its associated ASN (AS8075) is already blocklisted for persistent malicious activity. | 2025-12-10 00:46:02 | 100.0% | Critical |
| 37.228.254.154 | IP | www.darcherif.fr | High ratio of detected threat requests (60%), including access to an extremely suspicious and obfuscated path 'NqKXrfXQ/UVmgosN/YjdiKN1/-J/EYm94maubaDicN/RiQhYUIC/fGlT/I3ESewcB', indicating malicious probing and potential exploit attempts. A WAF alert rule '3900999' was also triggered. | 2025-12-09 12:55:20 | 95.0% | Critical |
| 2a07:e05:3:1b::1 | IP | akamai.darcherif.fr | All requests (100%) from this IP were flagged by WAF, triggering multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and demonstrating a high ratio of detected threat requests to total requests, indicating automated malicious probing. | 2025-12-08 08:23:25 | 100.0% | Critical |
| 213.35.103.66 | IP | akamai.darcherif.fr | All requests from this IP targeted sensitive WordPress admin/login paths, were flagged by WAF, and triggered multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating automated malicious probing. | 2025-12-06 13:41:21 | 100.0% | Critical |
| 216.73.216.213 | IP | www.darcherif.fr | All requests (100%) from this IP were flagged by WAF, indicating persistent malicious probing targeting WordPress endpoints and triggering security alerts. | 2025-12-05 18:50:26 | 100.0% | Critical |
| 45.148.10.246 | IP | akamai.darcherif.fr | Extensive probing of sensitive configuration files and backups (e.g., .env, config/mail), all requests (100%) flagged by WAF, and multiple critical deny rules triggered including LFI-ANOMALY and IPBLOCK. | 2025-12-04 12:34:38 | 100.0% | Critical |
| AS48090 | ASN | akamai.darcherif.fr | Associated with IP 45.148.10.246, which demonstrated extensive probing of sensitive files, had all requests flagged by WAF, and triggered critical deny rules including LFI-ANOMALY and IPBLOCK. | 2025-12-04 12:34:38 | 100.0% | Critical |
| 62.60.130.210 | IP | www.darcherif.fr | All requests (100%) were flagged by WAF and targeted 'wp-login.php', triggering security alerts indicative of a brute-force or credential stuffing attack. | 2025-12-02 14:22:25 | 100.0% | Critical |
| 3%7e67c0ea0c99e03401 | TLS | akamai.darcherif.fr | TLS fingerprint associated with an IP (4.189.168.36) that had all requests flagged by WAF, bot impersonation, and probing of sensitive paths. Associated ASN AS8075 is blocklisted. | 2025-11-30 15:39:51 | 100.0% | Critical |
| 4.189.168.36 | IP | akamai.darcherif.fr | All requests (100%) flagged by WAF with bot impersonation and probing of sensitive paths. Associated ASN AS8075 is already blocklisted for persistent malicious activity. | 2025-11-30 15:39:50 | 100.0% | Critical |
| 3%7ed09afd3ffe9bdf7b | TLS | www.darcherif.fr | Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This TLS fingerprint is used by a highly malicious client. | 2025-11-30 14:03:57 | 100.0% | Critical |
| 134.122.136.96 | IP | www.darcherif.fr | Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and exploit attempts. All accessed paths were flagged. | 2025-11-30 14:03:57 | 100.0% | Critical |
| AS152194 | ASN | www.darcherif.fr | Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All accessed paths from this ASN were flagged as malicious. | 2025-11-30 14:03:57 | 100.0% | Critical |
| 43.163.127.190 | IP | akamai.darcherif.fr | Repeated, targeted access attempts to sensitive Spring Boot actuator and mapping endpoints. All 13 requests flagged by WAF, with bot impersonation detected, indicating high-confidence malicious activity. | 2025-11-20 15:39:02 | 100.0% | Critical |
| 20.37.96.143 | IP | www.darcherif.fr | All requests from this IP were flagged by WAF, accessing suspicious PHP files including known exploit paths like 'wp-filemanager.php', and triggered a deny security rule (REP_1654538). | 2025-11-10 22:07:17 | 100.0% | Critical |
| AS15169 | ASN | www.darcherif.fr akamai.darcherif.fr | 48% of requests were threatening, all accessed paths flagged by WAF, and a burst-rate IP block rule (IPBLOCK-BURST4-318403) was triggered. | 2025-11-04 15:46:51 | 95.0% | Critical |
| 74.176.185.3 | IP | akamai.darcherif.fr | Extensive probing of suspicious PHP files, 100% of requests flagged by WAF with IPBLOCK deny rule, and associated ASN is already blocked for persistent malicious activity. | 2025-11-01 13:06:18 | 100.0% | Critical |
| 3%7ede293936a8dc4153 | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:03 | 95.0% | Critical |
| 3%7efe38c35477967146 | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:03 | 98.0% | Critical |
| 3%7ee35ec11fcbea7346 | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:03 | 90.0% | Critical |
| 3%7ede8d6a84fab8672b | TLS | - | Confirmed common malicious client fingerprint associated with suspicious access patterns and reconnaissance. | 2025-10-31 13:37:03 | 95.0% | Critical |
| 3%7ede29393936a8dc4153 | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:03 | 95.0% | Critical |
| UNKNOWN | TLS | - | Confirmed persistent malicious activity detected using an unknown TLS fingerprint. | 2025-10-31 13:37:03 | 100.0% | Critical |
| 3%7e7bcf51bfc0d0b65f | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 178.33.134.25 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 90.0% | Critical |
| 123.6.49.50 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 90.0% | Critical |
| 185.177.72.104 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 172.190.142.176 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 185.177.72.106 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 100.0% | Critical |
| AS132203 | ASN | - | Confirmed persistent malicious activity detected from this ASN. | 2025-10-31 13:37:02 | 90.0% | Critical |
| AS211590 | ASN | - | Confirmed persistent malicious activity detected from this ASN. | 2025-10-31 13:37:02 | 100.0% | Critical |
| AS16276 | ASN | - | Confirmed persistent malicious activity detected from this ASN. | 2025-10-31 13:37:02 | 100.0% | Critical |
| AS8075 | ASN | - | Confirmed persistent malicious activity detected from this ASN. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 3%7ea97fdb0b70d4a7b7 | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:02 | 98.0% | Critical |
| 3%7e2faa3a9db1c111de | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 185.177.72.3 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 172.192.3.69 | IP | - | Confirmed suspicious PHP file probing, WAF deny rule triggered, and associated ASN is blocked. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 185.177.72.205 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 157.180.49.118 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 85.0% | Medium |
| 3%7ebaae1457ad64ff16 | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:02 | 90.0% | Critical |
| 141.98.11.115 | IP | - | Confirmed highly malicious automated activity and bot impersonation. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 185.177.72.107 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 3%7e788289bd73e01aa4 | TLS | - | Confirmed persistent malicious activity detected using this TLS fingerprint. | 2025-10-31 13:37:02 | 100.0% | Critical |
| 185.177.72.11 | IP | - | Confirmed persistent malicious IP activity. | 2025-10-31 13:37:02 | 100.0% | Critical |