Investigation Workspace

Entity: 23.180.120.244 (Ip)

Entity Details
Type
Ip
ASN
AS53514 - UHQ Services LLC
Threat Intelligence
Aggressively targeted highly sensitive configuration files (.env, .env.example) and PHP information disclosure paths (phpinfo, info). All requests triggered critical WAF deny rules, specifically 'LFI-ANOMALY' and a reputation-based block ('REP_1654536'). The ratio of detected threat requests (32) to total requests (21) is extremely high, indicating severe malicious probing and exploitation attempts, consistent with previously blocklisted IPs.
Linked Entities
TLS Fingerprints (3)
Hostnames Targeted
Hostname Request Count
www.darcherif.fr 43
akamai.darcherif.fr 26
Paths Targeted (with Hostname Counts)
Path Distinct Hostnames
info 2
api/.env 2
phpinfo 2
.env 2
dev/.env 2
.env.save 2
application/.env 2
.env.prod 2
admin/.env 2
phpinfo.php 2
.env.example 2
sendgrid.env 2
backend/.env 2
php_info.php 2
_profiler/phpinfo 2
app/.env 1
.git/config 1
.env.production 1
.env.local 1
config/.env 1
js/mpulse.js 1
.env.development 1
assets/mail/contact_me.js 1
assets/mail/jqBootstrapValidation.js 1
🚫

Block

Aggressively targeted highly sensitive configuration files (.env, .env.example) and PHP information disclosure paths (phpinfo, info). All requests triggered critical WAF deny rules, specifically 'LFI-ANOMALY' and a reputation-based block ('REP_1654536'). The ratio of detected threat requests (32) to total requests (21) is extremely high, indicating severe malicious probing and exploitation attempts, consistent with previously blocklisted IPs.

2025-12-28 06:15:11