|
216.73.216.213
|
ip
|
All requests (100%) from this IP were flagged by WAF, indicating persistent malicious probing targeting WordPress endpoints and triggering security al...
|
2025-12-05 18:50:26
|
1
|
US
|
AS16509
|
['www.darcherif.fr']
|
['index.php/tag/iot/', 'index.php/tag/iot', 'index.php/tag/cyber-security', 'index.php/wp-json/wp/v2/pages/%22https:/www.linkedin.com/in/alexandre-darcherif/%22', 'index.php/tag/cyber-security/', 'index.php/wp-json/wp/v2/pages/%22']
|
{"alert": ["3991023"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
45.148.10.246
|
ip
|
Extensive probing of sensitive configuration files and backups (e.g., .env, config/mail), all requests (100%) flagged by WAF, and multiple critical de...
|
2025-12-04 12:34:38
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['./.env.test.backup', 'config/mail.yml/', 'config/mail.php.save/', 'config/email.php.save/', 'app/Config/email.php', './.env.demo', '.env.local.backup/', 'config/mail_backup.php/', 'config/email.php%7e', 'config/email.temp']
|
{"alert": ["3000508", "950204"], "deny": ["IPBLOCK-BURST4-318403", "IPBLOCK-SUMMARY8-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
AS48090
|
asn
|
Associated with IP 45.148.10.246, which demonstrated extensive probing of sensitive files, had all requests flagged by WAF, and triggered critical den...
|
2025-12-04 12:34:38
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['./.env.test.backup', 'config/mail.yml/', 'config/mail.php.save/', 'config/email.php.save/', 'app/Config/email.php', './.env.demo', '.env.local.backup/', 'config/mail_backup.php/', 'config/email.php%7e', 'config/email.temp']
|
{"alert": ["3000508", "950204"], "deny": ["IPBLOCK-BURST4-318403", "IPBLOCK-SUMMARY8-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
62.60.130.210
|
ip
|
All requests (100%) were flagged by WAF and targeted 'wp-login.php', triggering security alerts indicative of a brute-force or credential stuffing att...
|
2025-12-02 14:22:25
|
1
|
LT
|
AS215930
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
3%7e67c0ea0c99e03401
|
tls
|
TLS fingerprint associated with an IP (4.189.168.36) that had all requests flagged by WAF, bot impersonation, and probing of sensitive paths. Associat...
|
2025-11-30 15:39:51
|
1
|
JP
|
N/A
|
['akamai.darcherif.fr']
|
['wp-includes/ID3/index.php', 'goods.php', 'wp-includes/Requests/', 'about/function.php', 'functions.php', 'wp-includes/certificates/', 'templates/beez3/error.php', 'wp-admin/css/colors/midnight/', 'index/function.php', '.well-known/admin.php']
|
{"alert": ["3904001", "3904002", "3904003", "3904004", "3904013", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
4.189.168.36
|
ip
|
All requests (100%) flagged by WAF with bot impersonation and probing of sensitive paths. Associated ASN AS8075 is already blocklisted for persistent ...
|
2025-11-30 15:39:50
|
1
|
JP
|
AS8075
|
['akamai.darcherif.fr']
|
['wp-includes/ID3/index.php', 'goods.php', 'wp-includes/Requests/', 'about/function.php', 'functions.php', 'wp-includes/certificates/', 'templates/beez3/error.php', 'wp-admin/css/colors/midnight/', 'index/function.php', '.well-known/admin.php']
|
{"alert": ["3904001", "3904002", "3904003", "3904004", "3904013", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
AS152194
|
asn
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All ...
|
2025-11-30 14:03:57
|
1
|
JP
|
AS152194
|
['www.darcherif.fr']
|
['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings']
|
{"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
134.122.136.96
|
ip
|
Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and expl...
|
2025-11-30 14:03:57
|
1
|
JP
|
AS152194
|
['www.darcherif.fr']
|
['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings']
|
{"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
3%7ed09afd3ffe9bdf7b
|
tls
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This...
|
2025-11-30 14:03:57
|
1
|
JP
|
N/A
|
['www.darcherif.fr']
|
['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings']
|
{"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
43.163.127.190
|
ip
|
Repeated, targeted access attempts to sensitive Spring Boot actuator and mapping endpoints. All 13 requests flagged by WAF, with bot impersonation det...
|
2025-11-20 15:39:02
|
1
|
SG
|
AS132203
|
['akamai.darcherif.fr']
|
['actuator/env', 'actuator/;/env', 'staging/mappings', 'test/actuator/mappings', 'v2/actuator/env', 'test/mappings', 'staging/actuator/env', 'v2/actuator/mappings', 'api/actuator/', 'test/actuator/env']
|
{"alert": ["3904000", "3904003", "3904004", "3904006", "3904013", "3904035", "3904042", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
20.37.96.143
|
ip
|
All requests from this IP were flagged by WAF, accessing suspicious PHP files including known exploit paths like 'wp-filemanager.php', and triggered a...
|
2025-11-10 22:07:17
|
1
|
JP
|
AS8075
|
['www.darcherif.fr']
|
['kki.php', 'asas.php', 'ze.php', 'dd1.php', 'e.php', 'shoha.php', 'wp-the1me.php', 'wp-content/plugins/hellopress/wp_filemanager.php', 'card.php', 'm.php']
|
{"alert": [], "deny": ["REP_1654538"]}
|
1.0
|
severity: Severity.critical
|
|
AS15169
|
asn
|
48% of requests were threatening, all accessed paths flagged by WAF, and a burst-rate IP block rule (IPBLOCK-BURST4-318403) was triggered.
|
2025-11-04 15:46:51
|
1
|
US
|
AS15169
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['wp-includes/css/dist/block-library/style.min.css', 'robots.txt', 'wp-includes/js/jquery/jquery-migrate.min.js', 'index.php/tag/cyber-security/', 'wp-content/themes/highlight/assets/js/theme-child.js', 'wp-includes/js/imagesloaded.min.js', 'assets/mail/jqBootstrapValidation.js', 'js/mpulse.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css']
|
{"alert": ["3900005", "3900006", "3900020", "3991006"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
74.176.185.3
|
ip
|
Extensive probing of suspicious PHP files, 100% of requests flagged by WAF with IPBLOCK deny rule, and associated ASN is already blocked for persisten...
|
2025-11-01 13:06:18
|
1
|
JP
|
AS8075
|
['akamai.darcherif.fr']
|
['warm.PhP7', 'ayk.php', 'mari.php', 'category.tokens.php', 'uana.php', 'inc.php', 'a.php', 'mlex.php', 'million.php', 'info.php', 'file1.php', 'ioxi-rex4.php7', 'wp-wso.php', 'gawean.PhP7', 'api.php', 'include.php', 'zxl.php', '11.php', 'bala.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
3%7efe38c35477967146
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:03
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7ee35ec11fcbea7346
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:03
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ede8d6a84fab8672b
|
tls
|
Confirmed common malicious client fingerprint associated with suspicious access patterns and reconnaissance.
|
2025-10-31 13:37:03
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede29393936a8dc4153
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:03
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ede293936a8dc4153
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:03
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.949999988079071
|
severity: Severity.critical
|
|
UNKNOWN
|
tls
|
Confirmed persistent malicious activity detected using an unknown TLS fingerprint.
|
2025-10-31 13:37:03
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
66.249.70.200
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
185.177.72.204
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
AS132203
|
asn
|
Confirmed persistent malicious activity detected from this ASN.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
85.204.70.106
|
ip
|
Confirmed extensive scanning and attack attempts against sensitive WordPress paths.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
81.17.20.98
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.949999988079071
|
severity: Severity.critical
|
|
AS211590
|
asn
|
Confirmed persistent malicious activity detected from this ASN.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
66.249.77.104
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.949999988079071
|
severity: Severity.critical
|
|
AS8075
|
asn
|
Confirmed persistent malicious activity detected from this ASN.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
66.249.69.35
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.68.133
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.medium
|
|
66.249.66.40
|
ip
|
Confirmed consistent malicious probing observed, triggering WAF alerts.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.800000011920929
|
severity: Severity.medium
|
|
62.60.130.211
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7e2faa3a9db1c111de
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
3%7e788289bd73e01aa4
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
51.38.105.105
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
48.210.236.214
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
45.153.163.23
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e7bcf51bfc0d0b65f
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
3%7ea97fdb0b70d4a7b7
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7ebaae1457ad64ff16
|
tls
|
Confirmed persistent malicious activity detected using this TLS fingerprint.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.116.246.85
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.116.172.61
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.1.27.103
|
ip
|
Confirmed associated with a known malicious TLS fingerprint, indicating coordinated malicious activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.1.26.204
|
ip
|
Confirmed active malicious scanning detected, triggering multiple WAF alerts.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.medium
|
|
34.1.23.207
|
ip
|
Confirmed burst of activity detected by WAF, suggesting automated malicious behavior.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.1.21.203
|
ip
|
Confirmed burst of activity detected by WAF, suggesting automated malicious behavior.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.1.16.79
|
ip
|
Confirmed active malicious scanning detected, triggering multiple WAF alerts.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8500000238418579
|
severity: Severity.medium
|
|
3.92.177.104
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|
|
2604:a880:400:d1:0:1:4cea:4001
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8500000238418579
|
severity: Severity.medium
|
|
34.1.17.182
|
ip
|
Confirmed burst of activity detected by WAF, suggesting automated malicious behavior.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.177.72.16
|
ip
|
Confirmed persistent malicious IP activity.
|
2025-10-31 13:37:02
|
1
|
N/A
|
N/A
|
[]
|
[]
|
N/A
|
1.0
|
severity: Severity.critical
|