738
96.0%
50
IP: 45 ASN: 2 TLS: 3
| Entity | Type | Hostnames | Reason | Blocked At | AI Confidence | AI Details |
|---|---|---|---|---|---|---|
| 104.28.246.114 | IP | akamai.darcherif.fr | All requests detected as threats and flagged by WAF, indicating a high-confidence attack attempting to exploit common web vulnerabilities. | 2026-02-17 13:06:28 | 95.0% | Critical |
| AS210558 | ASN | akamai.darcherif.fr | High volume of WordPress vulnerability scanning attempts, multiple WAF rule violations including 'BOT-BROWSER-IMPERSONATOR', and existing WAF denial actions due to burst requests. | 2026-02-17 12:16:09 | 95.0% | Critical |
| 149.102.230.119 | IP | akamai.darcherif.fr:443 | All requests (100%) were detected as threats, triggering security rule 3990001. This indicates highly malicious activity. | 2026-02-17 09:15:37 | 95.0% | Critical |
| 173.216.166.129 | IP | akamai.darcherif.fr | Multiple requests were flagged by the WAF and the IP was denied due to a burst of requests (IPBLOCK-BURST4-318403), suggesting automated scanning or attack attempts. | 2026-02-17 09:15:37 | 90.0% | Critical |
| 185.226.197.27 | IP | akamai.darcherif.fr | High number of detected threat requests (8) and hits on multiple security rules, including BOT-BROWSER-IMPERSONATOR, indicating malicious bot activity and potential impersonation. | 2026-02-17 01:54:14 | 90.0% | Critical |
| 124.156.226.179 | IP | www.darcherif.fr | Detected threat requests and WAF flagged path 'akam/13/51626d4a'. Security rule 3900999 was alerted. | 2026-02-16 20:13:15 | 90.0% | Critical |
| AS51167 | ASN | - | Active exploitation attempts targeting sensitive files like .env and SQL backups, with multiple critical WAF deny rules triggered, including Local File Inclusion (LFI) anomalies. | 2026-02-16 18:52:58 | 98.0% | Critical |
| 45.94.31.224 | IP | akamai.darcherif.fr | Repeated WordPress enumeration attempts, high percentage of detected threat requests, and identified as a bot by security rules, including WAF deny hits. | 2026-02-16 18:52:58 | 95.0% | Critical |
| 109.205.180.195 | IP | akamai.darcherif.fr www.darcherif.fr | Multiple attempts to access sensitive configuration files (.env, mysql.sql) and Local File Inclusion (LFI) attempts, evidenced by WAF rule hits (LFI-ANOMALY) and a high ratio of detected threat requests. | 2026-02-16 17:52:42 | 98.0% | Critical |
| 2600:1700:f6aa:2c10:dd5c:8d0c:3fa5:8dba | IP | akamai.darcherif.fr | This IP address generated a high percentage of threat requests (7 out of 19) and triggered a 'deny' rule specifically for 'IPBLOCK-BURST4-318403', indicating malicious burst activity or an attempted denial-of-service attack. | 2026-02-16 10:20:41 | 95.0% | Critical |
| 167.172.221.95 | IP | akamai.darcherif.fr | IP detected making numerous threat requests targeting WordPress paths like xmlrpc.php, flagged by WAF on all access attempts, and identified as a bot browser impersonator. | 2026-02-16 06:49:50 | 95.0% | Critical |
| 2600:3c03::2000:ebff:fe62:f006 | IP | www.darcherif.fr | Access to highly suspicious and obfuscated path 'y40cf0A0/u29/CD-/fDKig86kEF/V7imftL3YLEpDwp3iz/ZxJDZw/eBUXI/RQvYA8B', indicating a potential exploit attempt or backdoor access. Although no WAF flags were triggered, the path pattern is indicative of malicious intent. | 2026-02-16 00:48:15 | 95.0% | Critical |
| 34.41.205.200 | IP | akamai.darcherif.fr www.darcherif.fr | WAF denied access due to Local File Inclusion (LFI) anomaly and attempted access to sensitive .env configuration file. | 2026-02-15 22:27:24 | 99.0% | Critical |
| 216.73.216.97 | IP | www.darcherif.fr | High ratio of detected threat requests (4/6) and suspicious, obfuscated path access indicative of malicious scanning or exploit attempts. | 2026-02-15 22:27:24 | 95.0% | Critical |
| 74.7.244.33 | IP | akamai.darcherif.fr | All requests were detected as threats, flagged by WAF, and triggered an IPBLOCK security rule, indicating critical malicious activity. | 2026-02-15 15:06:03 | 95.0% | Critical |
| 160.250.132.165 | IP | www.darcherif.fr | Repeated access to sensitive WordPress enumeration and login paths (wp-json/wp/v2/users, wp-admin/, wp-login.php) from an IP (VN) inconsistent with the website's likely geographic location (FR hostname), indicating potential credential stuffing or reconnaissance. | 2026-02-15 14:45:48 | 95.0% | Critical |
| 174.68.176.172 | IP | akamai.darcherif.fr | IP blocked by WAF rule 'IPBLOCK-BURST4-318403' and associated with multiple detected threat requests (5 out of 19 total requests). | 2026-02-15 11:15:08 | 95.0% | Critical |
| 34.9.48.95 | IP | akamai.darcherif.fr | High number of detected threat requests (9 out of 19), multiple WAF flags, security rule hits including BOT-BROWSER-IMPERSONATOR, and an IPBLOCK-BURST4-318403 deny rule hit. | 2026-02-15 07:44:25 | 95.0% | Critical |
| 107.172.195.126 | IP | akamai.darcherif.fr | Repeated malicious activity including browser impersonation and a high volume of detected threat requests (31 out of 7 total requests, suggesting multiple threat detections per attempt). WAF rules indicate active bot activity. | 2026-02-15 01:33:22 | 95.0% | Critical |
| 3%7eaa744a72243fb39f | TLS | akamai.darcherif.fr www.darcherif.fr | WAF flagged suspicious paths and detected threat requests (2/16). Security rule 3900999 was triggered, indicating malicious activity. | 2026-02-15 01:03:09 | 95.0% | Critical |
| 3%7e415f6cb3e8aefec4 | TLS | akamai.darcherif.fr | Critical malicious activity detected. Attempted access to highly sensitive files and directories (e.g., .env.old, wp-config.php.txt, .git/config, admin/settings, payment.js, stripe.js). All suspicious paths were flagged by WAF, and multiple security rules were triggered, including Local File Inclusion (LFI) anomalies and high-volume burst blocking. Extremely high number of detected threat requests (552). | 2026-02-15 00:32:51 | 99.0% | Critical |
| 103.4.250.171 | IP | akamai.darcherif.fr | Multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', and a very high ratio of detected threat requests (54) to total requests (13) indicate severe malicious bot activity targeting the web application. | 2026-02-15 00:22:41 | 98.0% | Critical |
| 207.154.197.113 | IP | akamai.darcherif.fr | Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules. | 2026-02-15 00:12:30 | 95.0% | Critical |
| 159.65.18.197 | IP | akamai.darcherif.fr | Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules. | 2026-02-15 00:12:30 | 95.0% | Critical |
| 165.22.235.3 | IP | akamai.darcherif.fr | Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules. | 2026-02-15 00:12:30 | 95.0% | Critical |
| 165.22.34.189 | IP | akamai.darcherif.fr | Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File Inclusion (LFI) anomalies and triggered penalty box rules. | 2026-02-15 00:12:30 | 95.0% | Critical |
| 104.164.173.104 | IP | akamai.darcherif.fr | High number of detected threat requests, multiple WAF flags, and identification as a bot impersonator, indicating automated malicious activity. | 2026-02-15 00:12:30 | 90.0% | Critical |
| 104.28.235.59 | IP | akamai.darcherif.fr | Critical threat detected: 100% of requests (42/42) flagged by WAF and triggered security rule 3990001 (Generic Web Application Attack). Accessing suspicious PHP files commonly associated with web shells and compromised WordPress sites (e.g., wp-admin/css/index.php, akcc.php). | 2026-02-14 14:40:09 | 100.0% | Critical |
| 2a09:bac1:7680:450::2e9:a3 | IP | akamai.darcherif.fr | Critical threat detected: 100% of requests (42/42) flagged by WAF and triggered security rule 3990001 (Generic Web Application Attack). This IPv6 address exhibits identical malicious behavior to a related IPv4 address (104.28.235.59), targeting the same suspicious PHP files. | 2026-02-14 14:40:09 | 100.0% | Critical |
| 98.144.155.254 | IP | akamai.darcherif.fr | High number of detected threat requests and triggered WAF deny rule 'IPBLOCK-BURST4-318403' for a burst attack. | 2026-02-14 12:39:29 | 90.0% | Critical |
| 20.199.186.0 | IP | akamai.darcherif.fr | All requests to suspicious PHP paths were flagged by WAF, indicating active exploitation attempts. Security rule hits show IPBLOCK. | 2026-02-14 08:08:31 | 95.0% | Critical |
| 144.124.246.157 | IP | www.darcherif.fr | This IP address generated 100% detected threat requests, triggered a WAF denial with rule 'REP_1654538', and attempted to access suspicious WordPress admin paths, indicating malicious activity. | 2026-02-14 07:28:14 | 95.0% | Critical |
| 68.221.137.8 | IP | akamai.darcherif.fr | All 145 requests from this IP were detected as threats by the WAF and subsequently denied by an IP blocking security rule, indicating active malicious scanning or exploitation attempts against various PHP paths. | 2026-02-13 23:26:17 | 99.0% | Critical |
| 178.128.59.205 | IP | akamai.darcherif.fr | IP address engaged in WordPress vulnerability scanning, brute-force attempts, detected as a bot impersonator, and has triggered WAF denial rules indicating malicious activity. | 2026-02-13 21:45:57 | 95.0% | Critical |
| 54.162.205.66 | IP | akamai.darcherif.fr | All 5 requests from this IP were detected as threats and blocked by an 'IPBLOCK' security rule, indicating malicious activity. | 2026-02-13 20:45:43 | 98.0% | Critical |
| 157.230.96.220 | IP | akamai.darcherif.fr | IP address identified as a BOT-BROWSER-IMPERSONATOR, exhibiting aggressive WordPress scanning activity (wp-includes/wlwmanifest.xml), and actively denied by WAF IPBLOCK rules due to numerous detected threat requests. | 2026-02-13 15:14:40 | 98.0% | Critical |
| 2600:8805:5201:1900:7b6b:a09a:eddf:c0ba | IP | akamai.darcherif.fr | The IP address triggered WAF deny rule 'IPBLOCK-BURST4-318403' and had 4 detected threat requests out of 19 total, indicating malicious activity. | 2026-02-13 12:54:11 | 95.0% | Critical |
| 2a09:bac5:cad6:154b::21f:108 | IP | akamai.darcherif.fr | 100% of requests from this IP were flagged by WAF and triggered security rule 3990001, indicating highly malicious activity targeting common web application exploit paths (WordPress). | 2026-02-13 12:44:06 | 100.0% | Critical |
| 104.28.235.58 | IP | akamai.darcherif.fr | 100% of requests from this IP were flagged by WAF and triggered security rule 3990001, indicating highly malicious activity targeting common web application exploit paths (WordPress). | 2026-02-13 12:44:06 | 100.0% | Critical |
| 2a09:bac5:9529:3af::5e:1f | IP | akamai.darcherif.fr | All requests were flagged as threats, accessing suspicious PHP files in administrative and theme directories typical of web shell or backdoor activity, and triggered WAF deny rules. This indicates active, malicious exploitation attempts. | 2026-02-13 12:13:56 | 95.0% | Critical |
| 104.28.214.117 | IP | akamai.darcherif.fr | All requests were flagged as threats, accessing suspicious PHP files that mimic web shell or backdoor attempts, and triggered WAF deny rules. This indicates active, malicious exploitation attempts. | 2026-02-13 12:13:56 | 95.0% | Critical |
| 3%7ec09a36bb1168dd08 | TLS | www.darcherif.fr | This TLS fingerprint is directly associated with the same detected threat requests and WAF alerts as the malicious IP 148.153.56.170, indicating its use in active exploitation attempts. | 2026-02-12 17:19:43 | 90.0% | Critical |
| 148.153.56.170 | IP | www.darcherif.fr | This IP initiated 2 detected threat requests and triggered WAF alerts (rules 3910001, 3910004) against a WordPress site, indicating active exploitation attempts. The unusual path accessed also raises suspicion. | 2026-02-12 17:19:43 | 90.0% | Critical |
| 89.110.69.19 | IP | www.darcherif.fr | Repeated attempts to access various WordPress login and admin paths ('wp-login.php', 'wp-admin/', 'login'), highly indicative of a brute-force or credential stuffing attack, despite no explicit WAF alerts. | 2026-02-12 15:19:17 | 90.0% | Critical |
| 73.213.221.128 | IP | akamai.darcherif.fr | WAF already triggered an IP block due to a burst of activity (IPBLOCK-BURST4-318403), and a high percentage of requests (9 out of 21) were detected as threats, indicating continued malicious intent. | 2026-02-12 15:19:17 | 98.0% | Critical |
| 2a00:f2a0:0:f783:ca1f:66ff:fef3:e641 | IP | akamai.darcherif.fr | High number of detected threat requests (6 detections for 5 total requests), bot browser impersonation, and multiple security rule alerts originating from a high-risk geography (RU). | 2026-02-12 15:19:17 | 95.0% | Critical |
| 172.114.67.124 | IP | akamai.darcherif.fr | Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', detected a high percentage of threat requests (36.8%), accessed multiple WAF-flagged paths including an obfuscated one, and triggered security alert '3910006'. This pattern is consistent with other blocklisted malicious IPs exhibiting burst attacks and reconnaissance. | 2026-02-11 14:09:49 | 100.0% | Critical |
| 52.167.144.202 | IP | www.darcherif.fr | High percentage of detected threat requests (87.5%), triggered WAF alert '3991006' for multiple paths, and belongs to ASN AS8075 which is extensively blocklisted for persistent malicious activity with identical attack patterns. The IP also accessed a highly obfuscated path. | 2026-02-11 11:39:43 | 100.0% | Critical |
| 2a01:e0a:e19:5b00:2417:bf0e:958d:4188 | IP | akamai.darcherif.fr | Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', indicating a burst of malicious activity, with 21% of requests detected as threats and belongs to blocklisted ASN AS12322, which is known for persistent malicious probing. | 2026-02-11 10:19:30 | 100.0% | Critical |
| 185.117.225.97 | IP | akamai.darcherif.fr | Extremely high percentage of detected threat requests (96%), numerous WAF flagged paths, and multiple security alerts (3990001, 3990004, 3990011) indicative of severe malicious probing. Its associated ASN (AS14618) has other IPs blocklisted for identical critical malicious activity. | 2026-02-11 05:39:10 | 100.0% | Critical |