Table: Entity_blocklist

Displaying rows 651 - 700 of 737 (Page 14 / 15)
Entity Type Reason Blocked at Ai decision Geo Asn Hostnames Paths flagged by waf Security rule hits Ai confidence score Ai details
AS152194 asn Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All ... 2025-11-30 14:03:57 1 JP AS152194 ['www.darcherif.fr'] ['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings'] {"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]} 1.0 severity: Severity.critical
134.122.136.96 ip Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and expl... 2025-11-30 14:03:57 1 JP AS152194 ['www.darcherif.fr'] ['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings'] {"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]} 1.0 severity: Severity.critical
3%7ed09afd3ffe9bdf7b tls Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This... 2025-11-30 14:03:57 1 JP N/A ['www.darcherif.fr'] ['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings'] {"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]} 1.0 severity: Severity.critical
43.163.127.190 ip Repeated, targeted access attempts to sensitive Spring Boot actuator and mapping endpoints. All 13 requests flagged by WAF, with bot impersonation det... 2025-11-20 15:39:02 1 SG AS132203 ['akamai.darcherif.fr'] ['actuator/env', 'actuator/;/env', 'staging/mappings', 'test/actuator/mappings', 'v2/actuator/env', 'test/mappings', 'staging/actuator/env', 'v2/actuator/mappings', 'api/actuator/', 'test/actuator/env'] {"alert": ["3904000", "3904003", "3904004", "3904006", "3904013", "3904035", "3904042", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []} 1.0 severity: Severity.critical
20.37.96.143 ip All requests from this IP were flagged by WAF, accessing suspicious PHP files including known exploit paths like 'wp-filemanager.php', and triggered a... 2025-11-10 22:07:17 1 JP AS8075 ['www.darcherif.fr'] ['kki.php', 'asas.php', 'ze.php', 'dd1.php', 'e.php', 'shoha.php', 'wp-the1me.php', 'wp-content/plugins/hellopress/wp_filemanager.php', 'card.php', 'm.php'] {"alert": [], "deny": ["REP_1654538"]} 1.0 severity: Severity.critical
AS15169 asn 48% of requests were threatening, all accessed paths flagged by WAF, and a burst-rate IP block rule (IPBLOCK-BURST4-318403) was triggered. 2025-11-04 15:46:51 1 US AS15169 ['www.darcherif.fr', 'akamai.darcherif.fr'] ['wp-includes/css/dist/block-library/style.min.css', 'robots.txt', 'wp-includes/js/jquery/jquery-migrate.min.js', 'index.php/tag/cyber-security/', 'wp-content/themes/highlight/assets/js/theme-child.js', 'wp-includes/js/imagesloaded.min.js', 'assets/mail/jqBootstrapValidation.js', 'js/mpulse.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css'] {"alert": ["3900005", "3900006", "3900020", "3991006"], "deny": ["IPBLOCK-BURST4-318403"]} 0.949999988079071 severity: Severity.critical
74.176.185.3 ip Extensive probing of suspicious PHP files, 100% of requests flagged by WAF with IPBLOCK deny rule, and associated ASN is already blocked for persisten... 2025-11-01 13:06:18 1 JP AS8075 ['akamai.darcherif.fr'] ['warm.PhP7', 'ayk.php', 'mari.php', 'category.tokens.php', 'uana.php', 'inc.php', 'a.php', 'mlex.php', 'million.php', 'info.php', 'file1.php', 'ioxi-rex4.php7', 'wp-wso.php', 'gawean.PhP7', 'api.php', 'include.php', 'zxl.php', '11.php', 'bala.php'] {"alert": [], "deny": ["IPBLOCK"]} 1.0 severity: Severity.critical
3%7ede293936a8dc4153 tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:03 1 N/A N/A [] [] N/A 0.949999988079071 severity: Severity.critical
3%7ede29393936a8dc4153 tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:03 1 N/A N/A [] [] N/A 0.949999988079071 severity: Severity.critical
3%7ede8d6a84fab8672b tls Confirmed common malicious client fingerprint associated with suspicious access patterns and reconnaissance. 2025-10-31 13:37:03 1 N/A N/A [] [] N/A 0.949999988079071 severity: Severity.critical
3%7ee35ec11fcbea7346 tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:03 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
3%7efe38c35477967146 tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:03 1 N/A N/A [] [] N/A 0.9800000190734863 severity: Severity.critical
UNKNOWN tls Confirmed persistent malicious activity detected using an unknown TLS fingerprint. 2025-10-31 13:37:03 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
3%7ea97fdb0b70d4a7b7 tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.9800000190734863 severity: Severity.critical
34.1.16.79 ip Confirmed active malicious scanning detected, triggering multiple WAF alerts. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8500000238418579 severity: Severity.medium
AS211590 asn Confirmed persistent malicious activity detected from this ASN. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
3%7e7bcf51bfc0d0b65f tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
3%7e2faa3a9db1c111de tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
178.33.134.25 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
AS8075 asn Confirmed persistent malicious activity detected from this ASN. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
172.192.3.69 ip Confirmed suspicious PHP file probing, WAF deny rule triggered, and associated ASN is blocked. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
172.190.142.176 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.104 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.106 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
157.180.49.118 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8500000238418579 severity: Severity.medium
185.177.72.11 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.12 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.144 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.16 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
3%7ebaae1457ad64ff16 tls Confirmed persistent malicious activity detected using this TLS fingerprint. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
185.177.72.2 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.204 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.205 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
185.177.72.3 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
141.98.11.115 ip Confirmed highly malicious automated activity and bot impersonation. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
123.6.49.50 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
194.50.16.252 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
195.178.110.161 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
185.177.72.107 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
2604:a880:0:202a::bd93:3000 ip Confirmed multiple WAF alerts and deny rules triggered, including bot impersonation and burst activity, with 100% of requests flagged as threats. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
34.116.246.85 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8500000238418579 severity: Severity.medium
34.116.172.61 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8500000238418579 severity: Severity.medium
34.1.27.103 ip Confirmed associated with a known malicious TLS fingerprint, indicating coordinated malicious activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
34.1.26.204 ip Confirmed active malicious scanning detected, triggering multiple WAF alerts. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.medium
34.1.23.207 ip Confirmed burst of activity detected by WAF, suggesting automated malicious behavior. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
195.178.110.201 ip Confirmed severe reconnaissance and potential exploit attempts (LFI anomaly, sensitive file access). 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
34.1.17.182 ip Confirmed burst of activity detected by WAF, suggesting automated malicious behavior. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
2604:a880:400:d1:0:1:4cea:4001 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8500000238418579 severity: Severity.medium
3.92.177.104 ip Confirmed persistent malicious IP activity. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 1.0 severity: Severity.critical
34.1.21.203 ip Confirmed burst of activity detected by WAF, suggesting automated malicious behavior. 2025-10-31 13:37:02 1 N/A N/A [] [] N/A 0.8999999761581421 severity: Severity.critical
← Back to Tables