Investigation Workspace

Entity: AS51396 (Asn)

Entity Details
Type
Asn
ASN
AS51396 - Pfcloud UG
Threat Intelligence
All requests from this ASN targeted highly sensitive files and known exploit paths (.env, .git/config, server.js), triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, and showed bot impersonation, indicating severe malicious activity.
Linked Entities
TLS Fingerprints (9)
Hostnames Targeted
Hostname Request Count
www.darcherif.fr 282
akamai.darcherif.fr 262
Paths Targeted (with Request Counts)
Path Request Count
/ 133
wp-login.php 124
.env 58
_sec/cp_challenge/challenge 39
_next 18
.git/config 16
phpinfo.php 5
wp-json/wp/v2/users 5
index.php/author/admin3157/ 4
.env.bak 4
.aws/credentials 3
db.php 3
.gitconfig 3
appsettings.json 3
.env-config.js 3
.gitignore 3
database.php 3
php_info.php 3
composer.json 3
config/application.yml 3
server.js 3
docker-compose.yml 3
server_info.php 3
settings.py 3
settings.php 3
portal/phpinfo.php 3
config.js 3
application.yml 3
.env.js 3
app.js 3
phpinfo/info.php 3
info.php 3
app/config/parameters.yml 2
configuration.php 2
test.php 2
phpinfo/ 2
config/parameters.yml 2
debug/default/view 2
app_dev.php/_profiler/phpinfo 2
web/.env 2
app/.env 2
backend/.env 2
wp-admin/ 2
twilio.env 2
api/.env 2
sendgrid.env 2
pinfo.php 2
API/.env 2
images/.env 2
info/ 2
🚫

Block

All requests from this ASN targeted highly sensitive files and known exploit paths (.env, .git/config, server.js), triggered multiple critical WAF deny rules including LFI-ANOMALY and IPBLOCK-BURST4, and showed bot impersonation, indicating severe malicious activity.

2025-12-24 18:20:08