|
45.148.10.159
|
ip
|
All requests (100%) from this IP were detected as threats, targeted sensitive version control system files ('.git/config', '.svn/entries'), and trigge...
|
2026-01-24 12:06:51
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['', '.git/config', '.svn/entries', '.svn/wc.db']
|
{"alert": [], "deny": ["REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
205.169.39.3
|
ip
|
IP belongs to blocklisted ASN AS3356, which has multiple IPs blocklisted for similar malicious activity including accessing highly obfuscated paths. T...
|
2026-01-23 15:25:23
|
1
|
US
|
AS3356
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
192.109.200.72
|
ip
|
Detected WordPress brute-force attempts targeting 'wp-login.php', with the path flagged by WAF and security alert '3900998' triggered. This behavior i...
|
2026-01-23 12:45:14
|
1
|
SE
|
N/A
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.41
|
ip
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its ass...
|
2026-01-22 17:03:51
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['wp-content/themes/highlight/customizer/sections/content.css', 'wp-content/themes/highlight/style.min.css', 'wp-content/themes/highlight/assets/js/theme-child.js', 'wp-includes/js/jquery/jquery.min.js']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
66.249.66.1
|
ip
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its ass...
|
2026-01-22 17:03:51
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['wp-includes/js/imagesloaded.min.js', 'wp-content/themes/mesmerize/assets/css/theme.bundle.min.css', 'favicon.ico', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/js/companion.bundle.min.js', 'wp-content/themes/mesmerize/style.min.css']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
67.227.1.140
|
ip
|
Accessed a highly obfuscated and suspicious path ('TXopfWNANuR3i/si/1SETC7qsZnKc/3cp5fp1mD3Lif4OJ/PD1OGXQoKgE/dTch/U2dsdHkB'), indicating malicious pr...
|
2026-01-22 16:24:04
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
4.217.180.34
|
ip
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule w...
|
2026-01-22 13:53:29
|
1
|
KR
|
AS8075
|
['akamai.darcherif.fr']
|
['qaez.php56', 'lib.php', 'hehe.php', 'sx.php', 'vanda.php', 'asd.php', 'okxh.php', 'FII.php', 'ahax.php', 'x.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
94.26.106.114
|
ip
|
IP is performing WordPress enumeration and brute-force attempts against 'wp-login.php', with WAF flagging and triggering a security alert, consistent ...
|
2026-01-22 00:21:50
|
1
|
DE
|
AS215607
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
185.193.157.209
|
ip
|
IP is performing extensive WordPress enumeration and bot impersonation, has an exceptionally high number of detected threat requests (95/31), and trig...
|
2026-01-21 21:01:36
|
1
|
US
|
AS62240
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e2d6b59b088802a54
|
tls
|
All requests (100%) associated with this TLS fingerprint were detected as threats and triggered a critical reputation-based WAF deny rule (REP_1654536...
|
2026-01-21 19:11:16
|
1
|
FR
|
N/A
|
['www.darcherif.fr']
|
['']
|
{"alert": [], "deny": ["REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
20.205.96.233
|
ip
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files, and triggered a critical 'IPBLOCK' deny rule. Its associated ASN ...
|
2026-01-21 18:01:04
|
1
|
HK
|
AS8075
|
['akamai.darcherif.fr']
|
['shell.php', 'lala.php', '111.php', 'moon3.php', 'file1.php', 'cc.php', 'he.php', '2.php', 'wfile.php', 'x.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e9d029ea544b45c6f
|
tls
|
High percentage (90.9%) of requests associated with this TLS fingerprint were detected as threats and flagged by WAF, triggered security alert '399100...
|
2026-01-21 11:40:28
|
1
|
US
|
N/A
|
['', 'www.darcherif.fr']
|
['robots.txt', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/js/companion.bundle.min.js', 'wp-content/themes/mesmerize/style.min.css', 'wp-content/themes/highlight/style.min.css', 'wp-includes/js/jquery/jquery-migrate.min.js', 'wp-content/themes/highlight/assets/js/theme-child.js', 'wp-includes/js/imagesloaded.min.js', 'wp-content/themes/mesmerize/assets/css/theme.bundle.min.css', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
185.177.72.13
|
ip
|
Aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected threat requests exceeding total requests, and trigge...
|
2026-01-21 11:20:27
|
1
|
FR
|
AS211590
|
['akamai.darcherif.fr']
|
['info.php', 'config/smtp.php', 'admin/', '.env.old', 'adminphp.php%27', 'app/config.php', 'release_info.php', '.git/config', 'actuator/', '09-managing-state/end/vue-heroes/.env']
|
{"alert": ["3000126", "3000508", "950203"], "deny": ["IPBLOCK-BURST4-128987", "IPBLOCK-BURST4-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
185.177.72.38
|
ip
|
Aggressively probed sensitive configuration and credential files, with all requests flagged by WAF, triggered multiple critical LFI-ANOMALY, IPBLOCK-B...
|
2026-01-21 04:09:46
|
1
|
FR
|
AS211590
|
['akamai.darcherif.fr']
|
['src/.env', 'production/.env', 'main/.env', 'siteinfo.php', 'portal/.env', 'dbinfo.php', 'crm/.env', 'cron/.env', 'mail/.env', '.pam_environment']
|
{"alert": ["3000126", "3000508", "950203"], "deny": ["IPBLOCK-BURST4-128987", "IPBLOCK-BURST4-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
2600:3c03::2000:fcff:fe11:a64e
|
ip
|
Accessed a highly obfuscated and suspicious path, consistent with other blocklisted IPs from ASN AS63949 exhibiting similar malicious probing for expl...
|
2026-01-21 03:09:37
|
1
|
US
|
AS63949
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.49
|
ip
|
IP with 100% detected threat requests and triggered a critical WAF deny rule (REP_1654536). Its associated ASN (AS211590) is already blocklisted for p...
|
2026-01-21 02:19:33
|
1
|
FR
|
AS211590
|
['www.darcherif.fr']
|
['']
|
{"alert": [], "deny": ["REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
149.102.225.179
|
ip
|
IP exhibiting aggressive WordPress enumeration, bot impersonation, high threat requests (95/31), all accessed paths flagged by WAF, and triggered a cr...
|
2026-01-21 01:59:39
|
1
|
US
|
AS212238
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
AS12322
|
asn
|
ASN associated with blocklisted IP '2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0', which accessed highly obfuscated and suspicious paths, indicative of mali...
|
2026-01-21 01:59:39
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.30
|
ip
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected thre...
|
2026-01-21 01:39:33
|
1
|
FR
|
AS211590
|
['www.darcherif.fr']
|
['api/files.remote.share', 'vendor/drupal/coder/.git/objects/info', 'phpinfomolten.php', 'config/env/sendgrid_keys.env', '.aws/secrets/', 'sendgrid.env', 'swagger/', 'actuator/', 'boxes/oracle-vagrant-boxes/ContainerRegistry/.env', 'default/.env']
|
{"alert": ["3000126", "3000508", "950203"], "deny": ["IPBLOCK-BURST4-128987", "LFI-ANOMALY", "REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
2a09:bac1:76a0:1378::b:2f9
|
ip
|
This IP shows 100% detected threat requests, all accessed paths were flagged by WAF (including suspicious PHP files and WordPress admin paths), and it...
|
2026-01-20 17:38:39
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
185.177.72.51
|
ip
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected thre...
|
2026-01-20 16:48:38
|
1
|
FR
|
AS211590
|
['akamai.darcherif.fr']
|
['adminphp.php%27', 'env.template', 'app/config.php', 'release_info.php', '.git/config', 'actuator/', '09-managing-state/end/vue-heroes/.env', 'boxes/oracle-vagrant-boxes/ContainerRegistry/.env', 'developerslv/.env', 'default/.env']
|
{"alert": ["3000126", "3000508", "950203"], "deny": ["IPBLOCK-BURST4-128987", "IPBLOCK-BURST4-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
185.177.72.23
|
ip
|
IP from blocklisted ASN AS211590, demonstrating aggressive probing of sensitive files and admin paths, all requests flagged by WAF, with detected thre...
|
2026-01-20 14:18:28
|
1
|
FR
|
AS211590
|
['www.darcherif.fr']
|
['config/smtp.php', 'admin/', '.env.old', 'adminphp.php%27', 'app/config.php', 'release_info.php', '.git/config', 'actuator/', '09-managing-state/end/vue-heroes/.env', 'boxes/oracle-vagrant-boxes/ContainerRegistry/.env']
|
{"alert": ["3000126", "3000508", "950203"], "deny": ["IPBLOCK-BURST4-128987", "LFI-ANOMALY", "REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
85.11.167.3
|
ip
|
IP engaged in WordPress brute-force attempts targeting 'wp-login.php', triggered security alert '3900998', and its ASN AS213438 is blocklisted for ide...
|
2026-01-20 07:07:53
|
1
|
BG
|
AS213438
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
34.133.255.234
|
ip
|
All requests (100% threat rate) targeted sensitive configuration and credential files (.aws/credentials, .env/.env.bak, phpinfo.php), triggered critic...
|
2026-01-19 20:37:16
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['', 'test.php', '.aws/credentials', '_profiler/phpinfo', 'index.php', '.env/.env.bak', 'phpinfo.php']
|
{"alert": ["3000508"], "deny": ["LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
68.155.153.238
|
ip
|
All requests (100%) from this IP were detected as threats, all accessed suspicious PHP files including a 'wp_filemanager.php' exploit were flagged by ...
|
2026-01-19 15:37:01
|
1
|
MX
|
AS8075
|
['akamai.darcherif.fr']
|
['css.php', 'xxxx.php', 'wp-configs.php', 'fm.php', 'wp-good.php', 'wp-content/plugins/hellopress/wp_filemanager.php', 'ws.php', 'file22.php', 'ver.php', 'check.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
47.128.57.40
|
ip
|
All requests (100%) from this IP were detected as threats and flagged by WAF, triggering alert '3991023'. Its associated ASN (AS16509) is already bloc...
|
2026-01-18 09:04:33
|
1
|
SG
|
AS16509
|
['www.darcherif.fr']
|
['', 'wp-content/themes/highlight/customizer/sections/content.css', 'wp-content/themes/mesmerize/assets/css/theme.bundle.min.css', 'wp-content/uploads/2020/05/ConferenceIndiaCropped.png', 'wp-content/themes/mesmerize/style.min.css', 'wp-content/themes/highlight/style.min.css', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'wp-includes/css/dist/block-library/style.min.css', 'wp-content/uploads/2020/01/Czech-Republic-operation-Temelin-Nuclear-Power-Plant-2003-768x502.jpg']
|
{"alert": ["3991023"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
45.149.173.233
|
ip
|
Extensive WordPress enumeration and bot impersonation detected, with a high number of detected threat events (96 events for 32 requests) and a critica...
|
2026-01-18 08:14:30
|
1
|
US
|
AS62240
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e32bee0f5e54580be
|
tls
|
Associated with IP 2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0 which accessed a highly obfuscated and suspicious path, indicating a malicious client finger...
|
2026-01-17 15:53:44
|
1
|
FR
|
N/A
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a01:e34:ec44:99d0:8c2f:82c6:25b6:fab0
|
ip
|
Accessed a highly obfuscated and suspicious path (Lk4TRUPUqhrDr/tAn/f7XLQlaR8xY/ri1hVDa9akG7VcaLV9/YyZNWVcPAQ/HAYUASFM/PisB), strongly indicating mali...
|
2026-01-17 15:53:44
|
1
|
FR
|
AS12322
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
52.167.144.203
|
ip
|
High percentage of threat requests (83.3%), all accessed paths flagged by WAF, triggered security alert '3991006', and belongs to blocklisted ASN AS80...
|
2026-01-17 15:43:37
|
1
|
US
|
AS8075
|
['', 'www.darcherif.fr']
|
['', 'wp-content/themes/mesmerize/assets/fonts/fontawesome-webfont.woff2', 'wp-content/themes/mesmerize/style.min.css', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'wp-content/themes/mesmerize/assets/fonts/fontawesome-webfont.ttf']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
16.176.147.22
|
ip
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. It...
|
2026-01-17 11:23:09
|
1
|
AU
|
AS16509
|
['akamai.darcherif.fr']
|
['', 'apps', '_next/data', 'api/actions', 'api/action']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
45.148.10.238
|
ip
|
IP from blocklisted ASN AS48090 performing aggressive reconnaissance, detected bot impersonation, targeted sensitive configuration/credential files (....
|
2026-01-17 10:13:01
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr', 'www.darcherif.fr']
|
['.env', 'aws.env']
|
{"alert": ["3000508", "3904000", "3904001", "3904006", "3904007", "3904023", "3904037", "BOT-BROWSER-IMPERSONATOR"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
4.147.187.31
|
ip
|
All requests (100%) were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered....
|
2026-01-17 08:43:02
|
1
|
AU
|
AS8075
|
['akamai.darcherif.fr']
|
['ha.php', 'ea.php', '1100.php', 'columns.php', 'doc.php', 'lv.php', 'zwso.php', 'x.php', '87.php', 'bala.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
40.69.27.251
|
ip
|
All requests (100%) were detected as threats, all accessed suspicious PHP files were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered....
|
2026-01-17 00:02:19
|
1
|
IE
|
AS8075
|
['akamai.darcherif.fr']
|
['pn.php', 'class.1.php', 'ha.php', 'admins.php', 'acacia.php', 'doc.php', 'lv.php', 'X7x.php', 'x.php', 'zwso.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
45.139.104.168
|
ip
|
Extremely high ratio of detected threat requests (85/25), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPER...
|
2026-01-16 22:52:18
|
1
|
DE
|
AS399979
|
['akamai.darcherif.fr']
|
['', 'stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.bundle.min.js', 'cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js', 'scripts.js', 'mail/jqBootstrapValidation.js', 'mpulse.js', 'cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js', 'mail/contact_me.js', 'cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/js/all.min.js']
|
{"alert": ["3904000", "3904001", "3904005", "3904006", "3904007", "3904020", "3904021", "3904023", "3904036", "3904037", "3991008", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
185.117.225.139
|
ip
|
Extremely high percentage of detected threat requests (~94.7%), numerous WAF flagged paths, and multiple security alerts ('3990001', '3990011') indica...
|
2026-01-16 17:11:44
|
1
|
US
|
AS14618
|
['akamai.darcherif.fr']
|
['css/heading.css', 'js/mpulse.js', 'css/styles.css', 'assets/img/avataaars.svg', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/circus.png', 'assets/img/portfolio/cake.png', 'assets/img/portfolio/safe.png', 'assets/img/portfolio/cabin.png', 'assets/img/portfolio/game.png']
|
{"alert": ["3990001", "3990011"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
37.77.150.123
|
ip
|
High percentage of detected threat requests (83.3%), all accessed paths ('xmlrpc.php', 'wp-login.php') flagged by WAF, and triggered critical WAF deny...
|
2026-01-16 14:41:30
|
1
|
RU
|
N/A
|
['www.darcherif.fr']
|
['xmlrpc.php', 'wp-login.php']
|
{"alert": ["3000136"], "deny": ["IPBLOCK-PENALTY-BOX", "PLATFORM-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
209.38.65.47
|
ip
|
All accessed paths flagged by WAF, extremely high number of detected threat events (34) compared to total requests (6), multiple critical security ale...
|
2026-01-16 12:41:19
|
1
|
US
|
AS14061
|
['akamai.darcherif.fr']
|
['', 'blog/', 'wordpress/', 'wp/', 'xmlrpc.php', 'blog/robots.txt']
|
{"alert": ["3904003", "3904013", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:100:0:1:38:0:5
|
ip
|
High percentage of detected threat requests (~90.9%), multiple WAF flagged paths (mcp, sse), and an associated ASN (AS211680) is already blocklisted f...
|
2026-01-16 12:01:16
|
1
|
US
|
AS211680
|
['akamai.darcherif.fr']
|
['mcp', 'sse']
|
{"alert": ["3990001"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
3%7e91b41c1481268bfe
|
tls
|
All requests (100%) were detected as threats, all accessed paths were flagged by WAF including highly sensitive '.git/HEAD', and a security alert (399...
|
2026-01-16 12:01:16
|
1
|
US
|
N/A
|
['akamai.darcherif.fr']
|
['mcp', 'sse', '.git/HEAD']
|
{"alert": ["3990001"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
205.169.39.49
|
ip
|
IP belongs to ASN AS3356, which is blocklisted for widespread malicious activity and persistent threats, warranting blocking of all associated IPs.
|
2026-01-16 05:40:53
|
1
|
US
|
AS3356
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
43.157.149.188
|
ip
|
IP is part of ASN AS132203, which is blocklisted for confirmed persistent malicious activity, indicating a high-risk association.
|
2026-01-15 19:50:28
|
1
|
BR
|
AS132203
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
34.116.155.95
|
ip
|
IP associated with blocklisted ASN AS396982, which is known for extensive WordPress enumeration and bot impersonation. Detected threat request with WA...
|
2026-01-15 13:00:17
|
1
|
PL
|
AS396982
|
['', 'www.darcherif.fr']
|
['akam/13/pixel_45a77f5e']
|
{"alert": ["3910002"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
175.44.42.104
|
ip
|
IP with multiple WAF alerts (3910001, 3910006), detected threat requests (2/12), and access to a highly obfuscated path, indicating escalating malicio...
|
2026-01-15 13:00:17
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8500000238418579
|
severity: Severity.critical
|
|
141.98.11.44
|
ip
|
IP performing WordPress brute-force attempts targeting 'wp-login.php', with high threat request ratio (84.2%), and belonging to ASN AS209605 which is ...
|
2026-01-15 12:40:10
|
1
|
LT
|
AS209605
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
2001:bc8:701:51:da5e:d3ff:fe49:a574
|
ip
|
Accessed a highly obfuscated and suspicious path, strongly indicating malicious probing or attempted exploitation, consistent with previously blocklis...
|
2026-01-15 08:20:04
|
1
|
FR
|
AS12876
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e010387cc36ee791e
|
tls
|
Associated with an IP accessing a highly obfuscated path, indicating a malicious client fingerprint consistent with previously blocklisted TLS fingerp...
|
2026-01-15 08:20:04
|
1
|
FR
|
N/A
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:28:0:5
|
ip
|
Extremely high detected threat requests (26/14), multiple WAF alerts including bot impersonation, and access to suspicious flagged paths ("mcp", "sse"...
|
2026-01-15 08:10:12
|
1
|
NL
|
AS21859
|
['akamai.darcherif.fr']
|
['', 'mcp', 'sse']
|
{"alert": ["3904000", "3904004", "3904006", "3904013", "3904020", "3904036", "3904053", "3990001", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
208.84.101.102
|
ip
|
High percentage of threat requests (45%), bot impersonation, active WordPress enumeration (wlwmanifest.xml scans), and triggered a critical WAF deny r...
|
2026-01-15 08:10:12
|
1
|
US
|
AS22295
|
['akamai.darcherif.fr']
|
['site/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'wp2/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'shop/wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', '2019/wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:28:0:3
|
ip
|
Extremely high detected threat requests (18/5), multiple WAF alerts including bot impersonation, indicating severe automated malicious probing.
|
2026-01-15 08:10:12
|
1
|
NL
|
AS21859
|
['akamai.darcherif.fr']
|
['']
|
{"alert": ["3904000", "3904004", "3904006", "3904013", "3904020", "3904036", "3904042", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|