|
2a10:3c0:3:0:1:28:0:5
|
ip
|
Extremely high detected threat requests (26/14), multiple WAF alerts including bot impersonation, and access to suspicious flagged paths ("mcp", "sse"...
|
2026-01-15 08:10:12
|
1
|
NL
|
AS21859
|
['akamai.darcherif.fr']
|
['', 'mcp', 'sse']
|
{"alert": ["3904000", "3904004", "3904006", "3904013", "3904020", "3904036", "3904053", "3990001", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a10:3c0:3:0:1:28:0:3
|
ip
|
Extremely high detected threat requests (18/5), multiple WAF alerts including bot impersonation, indicating severe automated malicious probing.
|
2026-01-15 08:10:12
|
1
|
NL
|
AS21859
|
['akamai.darcherif.fr']
|
['']
|
{"alert": ["3904000", "3904004", "3904006", "3904013", "3904020", "3904036", "3904042", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
208.84.101.102
|
ip
|
High percentage of threat requests (45%), bot impersonation, active WordPress enumeration (wlwmanifest.xml scans), and triggered a critical WAF deny r...
|
2026-01-15 08:10:12
|
1
|
US
|
AS22295
|
['akamai.darcherif.fr']
|
['site/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'wp2/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'shop/wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', '2019/wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
104.28.203.60
|
ip
|
All requests (100%) were detected as threats, almost all accessed paths flagged by WAF, triggered a critical 'IPBLOCK-BURST4-318403' deny rule, and it...
|
2026-01-14 13:09:09
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
23.180.120.131
|
ip
|
Extremely high ratio of detected threat requests (117/37), all accessed paths flagged by WAF, multiple critical security alerts including 'BOT-BROWSER...
|
2026-01-14 11:28:57
|
1
|
FR
|
AS53514
|
['akamai.darcherif.fr']
|
['', '_next/', 'en/', 'api/', 'app/']
|
{"alert": ["3000180", "3000958", "3904000", "3904006", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR", "POLICY-ANOMALY"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
205.169.39.57
|
ip
|
Associated with blocklisted ASN AS3356, which has a history of widespread malicious activity.
|
2026-01-14 10:08:59
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.123.170.104
|
ip
|
Associated with blocklisted ASN AS396982, which has a history of extensive malicious activity.
|
2026-01-14 10:08:59
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.122.147.229
|
ip
|
Associated with blocklisted ASN AS396982, which has a history of extensive malicious activity.
|
2026-01-14 10:08:59
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.1.19.191
|
ip
|
AI identified as critical severity with high confidence, despite no recent activity.
|
2026-01-14 10:08:59
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.800000011920929
|
severity: Severity.critical
|
|
205.169.39.218
|
ip
|
Multiple detected threat requests, WAF flagged paths, several security alerts, and associated with blocklisted ASN AS3356.
|
2026-01-14 09:59:06
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
34.116.248.149
|
ip
|
Detected threat requests, WAF flagged paths, security alerts, and associated with blocklisted ASN AS396982.
|
2026-01-14 09:59:06
|
1
|
PL
|
AS396982
|
['', 'www.darcherif.fr']
|
['akam/13/pixel_5c45ae37']
|
{"alert": ["3910002"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
68.183.9.16
|
ip
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot imp...
|
2026-01-14 09:49:05
|
1
|
NL
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', 'v2/api-docs', '.env', 'swagger/swagger-ui.html', 'webjars/swagger-ui/index.html', '.vscode/sftp.json']
|
{"alert": ["3000508", "3904001", "3904002", "3904003", "3904006", "3904007", "3904013", "3904053", "3990011", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
165.227.173.41
|
ip
|
Actively targeting sensitive configuration files (.git/config, .env, info.php) and known exploits (Jira exploit). All requests flagged by WAF, trigger...
|
2026-01-14 09:49:05
|
1
|
DE
|
AS14061
|
['www.darcherif.fr']
|
['', 'telescope/requests', '.git/config', 'info.php', 's/4373e2430323e26313e223/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties', '.env']
|
{"alert": ["3000508"], "deny": ["3990011", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
134.209.25.199
|
ip
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot imp...
|
2026-01-14 09:49:05
|
1
|
GB
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', 'v2/api-docs', '.env', 'swagger/swagger-ui.html', 'webjars/swagger-ui/index.html', '.vscode/sftp.json']
|
{"alert": ["3000508", "3904001", "3904002", "3904003", "3904006", "3904007", "3904013", "3904053", "3990011", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
178.128.207.138
|
ip
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot imp...
|
2026-01-14 09:49:05
|
1
|
DE
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', 'v2/api-docs', '.env', 'swagger/swagger-ui.html', 'webjars/swagger-ui/index.html', 's/2393e2430323e26313e223/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties']
|
{"alert": ["3000508", "3904001", "3904002", "3904003", "3904006", "3904007", "3904013", "3904053", "3990011", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
46.101.1.225
|
ip
|
Aggressive reconnaissance for sensitive files and API documentation, all requests flagged by WAF, multiple critical security alerts (including bot imp...
|
2026-01-14 09:49:05
|
1
|
GB
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', '.env', 'v2/api-docs', 'swagger/swagger-ui.html', '.vscode/sftp.json', 'webjars/swagger-ui/index.html']
|
{"alert": ["3000508", "3904001", "3904002", "3904003", "3904006", "3904007", "3904013", "3904053", "3990011", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
154.28.229.89
|
ip
|
Extremely high ratio of detected threat requests (54/13), with multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', indicating persistent au...
|
2026-01-14 09:49:05
|
1
|
US
|
AS46261
|
['akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'https%3A/www.linkedin.com/in/startbootstrap', 'https%3A/www.facebook.com/StartBootstrap', '%23portfolio', '%23page-top', 'https%3A/www.dribble.com/startbootstrap', 'js/mpulse.js', 'https%3A/www.twitter.com/sbootstrap']
|
{"alert": ["3904005", "3904006", "3904013", "3904020", "3904042", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.5
|
ip
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its ass...
|
2026-01-13 18:07:57
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['wp-includes/js/jquery/jquery.min.js', 'robots.txt', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'wp-includes/js/masonry.min.js']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
66.249.66.68
|
ip
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its ass...
|
2026-01-13 18:07:57
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['wp-includes/js/imagesloaded.min.js', 'wp-includes/css/dist/block-library/style.min.css', 'wp-includes/js/masonry.min.js']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
66.249.66.164
|
ip
|
All requests (100%) from this IP were detected as threats, all accessed paths were flagged by WAF, and security alert '3991006' was triggered. Its ass...
|
2026-01-13 18:07:57
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'wp-content/themes/highlight/assets/js/theme-child.js', 'wp-includes/js/wp-emoji-release.min.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
3%7e56c3ba2d23a6c2fe
|
tls
|
All requests associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering security alert '3991006'. Its behavior is id...
|
2026-01-13 15:27:48
|
1
|
UA
|
N/A
|
['www.darcherif.fr']
|
['index.php/tag/cps/feed/', 'index.php/category/non-classe/feed/', 'index.php/comments/feed/', 'index.php/author/admin3157/feed/', 'index.php/feed/', 'index.php/tag/cyber-security/feed/', 'index.php/category/cloud-security/feed/', 'index.php/category/cyberattacks/feed/', 'index.php/tag/industry-4-0/feed/', 'index.php/category/cybercrime/feed/']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
104.28.224.94
|
ip
|
All requests from this IP were detected as threats and flagged by WAF, triggering security alert '3991006'. Its associated ASN AS13335 is already bloc...
|
2026-01-13 15:27:48
|
1
|
UA
|
AS13335
|
['www.darcherif.fr']
|
['index.php/tag/cps/feed/', 'index.php/category/non-classe/feed/', 'index.php/comments/feed/', 'index.php/author/admin3157/feed/', 'index.php/feed/', 'index.php/tag/cyber-security/feed/', 'index.php/category/cloud-security/feed/', 'index.php/category/cyberattacks/feed/', 'index.php/tag/industry-4-0/feed/', 'index.php/category/cybercrime/feed/']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
35.196.98.70
|
ip
|
Extensive WordPress enumeration and bot impersonation attempts detected, with all accessed paths flagged by WAF, multiple security alerts, and a criti...
|
2026-01-13 08:57:29
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
34.23.95.230
|
ip
|
Extensive WordPress enumeration and bot impersonation, triggered a critical WAF deny rule (IPBLOCK-BURST4-318403), and its ASN (AS396982) is blocklist...
|
2026-01-13 08:27:38
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
80.94.92.21
|
ip
|
Extremely high number of detected threat requests (36/6), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPER...
|
2026-01-13 08:27:38
|
1
|
HU
|
AS47890
|
['akamai.darcherif.fr']
|
['']
|
{"alert": ["3904000", "3904004", "3904006", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
3%7eff9e7c847339adbd
|
tls
|
All requests (100%) associated with this TLS fingerprint were detected as threats and flagged by WAF, triggering security alert '3991008', indicating ...
|
2026-01-13 08:27:38
|
1
|
US
|
N/A
|
['www.darcherif.fr']
|
['index.php/category/cloud-security/', 'robots.txt', 'index.php/tag/cps/', 'index.php/tag/smart-cities/', 'index.php/category/education/', 'index.php/category/cybercrime/', 'index.php/tag/learning/', 'index.php/category/learning/', 'index.php/category/cyberattacks/', 'index.php/tag/society/']
|
{"alert": ["3991008"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
138.197.136.144
|
ip
|
Aggressive probing of suspicious PHP files and WordPress admin paths, triggered critical LFI-ANOMALY and reputation-based WAF deny rules, and its ASN ...
|
2026-01-13 08:27:38
|
1
|
CA
|
AS14061
|
['www.darcherif.fr']
|
['alfa-rex.php', '.tmb/class_api.php', 'wso112233.php', 'nf_tracking.php', 'doc.php', 'wp-admin/user/xmrlpc.php', 'wp-includes/images/about.php', 'blog.php', 'wp-includes/assets/wp-trackback.php', 'wp-content/ccx/index.php']
|
{"alert": ["3000126"], "deny": ["LFI-ANOMALY", "REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
45.156.129.67
|
ip
|
High number of detected threat requests (7/5), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPERSONATOR'. A...
|
2026-01-12 08:16:11
|
1
|
US
|
AS211680
|
['akamai.darcherif.fr']
|
['']
|
{"alert": ["3904000", "3904004", "3904006", "3904020", "3904036", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
80.94.92.9
|
ip
|
Extremely high number of detected threat requests (30/5), all accessed paths flagged by WAF, and multiple security alerts including 'BOT-BROWSER-IMPER...
|
2026-01-12 08:16:11
|
1
|
HU
|
AS47890
|
['akamai.darcherif.fr']
|
['']
|
{"alert": ["3904000", "3904004", "3904006", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
40.160.13.219
|
ip
|
IP belongs to blocklisted ASN AS16276, known for persistent malicious activity. Accessed a highly obfuscated path, indicating potential malicious prob...
|
2026-01-11 13:24:35
|
1
|
US
|
AS16276
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
129.212.226.110
|
ip
|
Extensive WordPress enumeration and bot impersonation attempts detected, with all requests flagged by WAF, and its associated ASN AS14061 is already b...
|
2026-01-11 08:04:18
|
1
|
SG
|
AS14061
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
94.26.106.103
|
ip
|
High percentage of threat requests (83.3%) specifically targeting 'wp-login.php' and 'admin3157', flagged by WAF, and triggered a security alert (3900...
|
2026-01-11 08:04:18
|
1
|
DE
|
AS215607
|
['www.darcherif.fr']
|
['', 'wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
185.177.72.60
|
ip
|
Actively probed sensitive configuration and credential files with all requests flagged by WAF, triggered critical LFI-ANOMALY and reputation-based den...
|
2026-01-10 07:03:00
|
1
|
FR
|
AS211590
|
['akamai.darcherif.fr']
|
['wp/.env', 'info', 'application.yml', 'appsettings.json', 'i.php', 'server.js', '.env.save', '.env', 'wp-content/plugins/wp-mail-smtp/.env', '.env.backup']
|
{"alert": ["3000508"], "deny": ["LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
45.148.10.158
|
ip
|
Aggressively probed sensitive configuration and credential files, with all requests flagged by WAF, triggered critical LFI-ANOMALY and reputation-base...
|
2026-01-10 06:33:02
|
1
|
AD
|
AS48090
|
['www.darcherif.fr']
|
['.aws/credentials', 'phpinfo', 'api/swagger.json', '.gitconfig', 'info', 'wp-config.php.txt', 'config/env/production/database.js', 'config.php.bak', 'bootstrap/.env', '.env']
|
{"alert": ["3000126", "3000508"], "deny": ["LFI-ANOMALY", "REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
4.241.228.159
|
ip
|
All requests (100%) from this IP were flagged by WAF, accessed suspicious PHP files and WordPress admin paths, and triggered a critical 'IPBLOCK' deny...
|
2026-01-10 05:12:52
|
1
|
JP
|
AS8075
|
['akamai.darcherif.fr']
|
['sx.php', 'ha.php', 'plugins/Cache/footer.php', 'admin/function.php', 'css/colors/blue/index.php', 'htaccess.php', 'zwso.php', 'lv.php', 'wp-admin/maint/admin.php', 'x.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
185.177.72.61
|
ip
|
Actively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggered critical LFI and reputation-based deny ...
|
2026-01-10 03:02:41
|
1
|
FR
|
AS211590
|
['www.darcherif.fr']
|
['.env.development', 'i.php', 'wp-config.php.bak', '.env.old', 'secrets.json', 'info', 'wp-config.php.txt', '.gitconfig', 'config/env/production/database.js', 'config.php.bak']
|
{"alert": ["3000126", "3000508"], "deny": ["LFI-ANOMALY", "REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
185.209.196.229
|
ip
|
Accessed highly suspicious '.suspected' web shell paths, indicating critical web shell upload or exploitation attempts.
|
2026-01-09 21:42:26
|
1
|
DE
|
AS39351
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
195.24.236.78
|
ip
|
IP attempted to access highly suspicious paths like 'plugins/content/apismtp/apismtp.php.suspected' and 'wp-content/plugins/apikey/apikey.php.suspecte...
|
2026-01-09 17:22:03
|
1
|
NL
|
AS60223
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
217.113.194.103
|
ip
|
All requests (100%) were detected as threats and flagged by WAF, triggering security alert '3991020'. This behavior is consistent with other blocklist...
|
2026-01-09 11:51:43
|
1
|
FR
|
AS210743
|
['www.darcherif.fr']
|
['', 'index.php/category/cloud-security/', 'index.php/author/admin3157/feed/', 'index.php/category/cyberattacks/feed/', 'index.php/category/cybersecurity/']
|
{"alert": ["3991020"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
185.177.72.67
|
ip
|
IP is aggressively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggering critical 'LFI-ANOMALY' and r...
|
2026-01-09 10:21:40
|
1
|
FR
|
AS211590
|
['akamai.darcherif.fr']
|
['test.php', '.env.development', 'configuration.php.bak', 'wp-config.php.bak', 'php.php', 'phpinfo', 'info', '.gitconfig', '.git/config', '.env']
|
{"alert": ["3000126", "3000508"], "deny": ["LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e9b3e34567f4e1910
|
tls
|
All requests (100%) associated with this TLS fingerprint targeted highly sensitive configuration files and triggered critical LFI-ANOMALY and reputati...
|
2026-01-09 10:01:37
|
1
|
SE
|
N/A
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['.env.staging', 'configuration.php.bak', 'wp-config.php.bak', '.env.old', 'php.php', 'api/swagger.json', '.gitconfig', 'config.php.bak', 'bootstrap/.env', '.env']
|
{"alert": ["3000126", "3000508"], "deny": ["LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
205.169.39.200
|
ip
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and multiple alerts. Associated ASN AS3356 has multiple blocklisted IPs showing similar malic...
|
2026-01-09 07:51:34
|
1
|
US
|
AS3356
|
['', 'akamai.darcherif.fr']
|
['assets/img/portfolio/submarine.png', 'assets/img/portfolio/cake.png', 'akam/13/pixel_6bfa91ac']
|
{"alert": ["3910001", "3910002", "3910004"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
205.169.39.8
|
ip
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403' and has a high percentage of detected threat requests. Associated ASN AS3356 is blocklisted f...
|
2026-01-09 07:51:34
|
1
|
US
|
AS3356
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
185.177.72.69
|
ip
|
IP is aggressively probing for sensitive configuration and credential files, with all requests flagged by WAF, triggering critical 'LFI-ANOMALY' and r...
|
2026-01-08 22:51:10
|
1
|
FR
|
AS211590
|
['www.darcherif.fr']
|
['wp-config.php.bak', '.env.old', 'secrets.json', '.aws/credentials', '.secrets', 'api/swagger.json', 'info', '.git/config', 'pi.php', '.env']
|
{"alert": ["3000126", "3000508"], "deny": ["LFI-ANOMALY", "REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
195.178.110.54
|
ip
|
IP belongs to blocklisted ASN AS48090, shows a high ratio of detected threat requests (22/10), and triggered multiple critical WAF alerts including 'B...
|
2026-01-08 17:20:49
|
1
|
AD
|
AS48090
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['mpulse.js', 'cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js', 'scripts.js', 'mail/contact_me.js']
|
{"alert": ["3904000", "3904001", "3904005", "3904007", "3904020", "3904036", "3990011", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
195.178.110.132
|
ip
|
Actively probing for sensitive configuration files, detected as a bot impersonator, triggered critical LFI and IPBLOCK burst WAF deny rules, and its A...
|
2026-01-08 15:40:46
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['config.php', 'aws.config.js', 'backend/.env', '.env.save', 'assets/mail/jqBootstrapValidation.js', 'config.php.bak', 'js/mpulse.js', '_sec/cp_challenge/challenge', '.git/config', '.env']
|
{"alert": ["3000126", "3000508", "3904000", "3904001", "3904004", "3904005", "3904006", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["IPBLOCK-BURST4-318403", "LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
4.190.211.79
|
ip
|
All requests were detected as threats, targeted known malicious PHP files including a 'wp_filemanager.php' exploit, triggered a critical 'IPBLOCK' WAF...
|
2026-01-08 15:40:46
|
1
|
JP
|
AS8075
|
['akamai.darcherif.fr']
|
['baee.php', 'bnnof6.php', 'bgymj.php', 'motu.php', 'iov.php', 'rendi59.php', 'monso.php', 'wp-content/plugins/hellopress/wp_filemanager.php', 'assacc.php', 'mds.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
13.55.232.71
|
ip
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. It...
|
2026-01-08 09:00:18
|
1
|
AU
|
AS16509
|
['akamai.darcherif.fr']
|
['', 'apps', '_next/data', 'api/actions', 'api/action']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
52.64.60.91
|
ip
|
All requests (100%) from this IP were flagged as threats, all accessed paths were flagged by WAF, and a critical 'IPBLOCK' deny rule was triggered. It...
|
2026-01-08 06:20:12
|
1
|
AU
|
AS16509
|
['akamai.darcherif.fr']
|
['', 'apps', '_next/data', 'api/actions', 'api/action']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
141.98.11.120
|
ip
|
IP is performing WordPress brute-force attempts targeting 'wp-login.php', flagged by WAF and triggered security alert '3900998'. Its associated ASN (A...
|
2026-01-07 21:29:48
|
1
|
LT
|
AS209605
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
1.0
|
severity: Severity.critical
|