Investigation Workspace

Entity: AS51396 (Asn)

Entity Details
Type
Asn
ASN
AS51396 - Pfcloud UG
Threat Intelligence
All requests from this ASN targeted highly sensitive files and known exploit paths (.env, .git/config, server.js), triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, and showed bot impersonation, indicating severe malicious activity.
Linked Entities
TLS Fingerprints (5)
Hostnames Targeted
Hostname Request Count
akamai.darcherif.fr 185
www.darcherif.fr 94
Paths Targeted (with Hostname Counts)
Path Distinct Hostnames
.env 2
.gitignore 2
phpinfo.php 2
.env.bak 2
_sec/cp_challenge/challenge 1
server_info.php 1
portal/phpinfo.php 1
docker-compose.yml 1
config/application.yml 1
debug/default/view 1
php_info.php 1
config/parameters.yml 1
backend/.env 1
twilio.env 1
API/.env 1
sendgrid.env 1
pinfo.php 1
.aws/credentials 1
.env.example 1
phpinfo/info.php 1
functions.php 1
app/config/parameters.yml 1
.config.yaml 1
secrets.env 1
config.json 1
admin/.env 1
appsettings.json 1
core/.env 1
.env-config.js 1
app_dev.php/_profiler/phpinfo 1
database.php 1
composer.json 1
.gitconfig 1
server.js 1
db.php 1
test.php 1
phpinfo/ 1
web/.env 1
app/.env 1
api/.env 1
info/ 1
.env.js 1
test 1
app.js 1
dev/.env 1
config.php 1
_next 1
index.php 1
info.php 1
configuration.php 1
🚫

Block

All requests from this ASN targeted highly sensitive files and known exploit paths (.env, .git/config, server.js), triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, and showed bot impersonation, indicating severe malicious activity.

2025-12-24 18:20:08