|
20.220.232.240
|
ip
|
All 141 requests were flagged as threats and denied by WAF's IPBLOCK rule, accessing multiple suspicious PHP files. Indicates highly malicious activit...
|
2026-02-28 07:50:20
|
1
|
CA
|
AS8075
|
['akamai.darcherif.fr']
|
['snq.php', 'X57.php', 'nhr.php', 'mcs.php', 'gool.php', 'ebahvhhh.php', 'zxin.php', 'ws60.php', 'X7x.php', 'public/hi.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
69.234.95.143
|
ip
|
Detected threat requests account for 43% of total requests and WAF denied with an IPBLOCK-BURST rule, indicating a malicious burst or automated attack...
|
2026-02-28 07:50:20
|
1
|
US
|
AS7018
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'favicon.ico', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png', 'akam/13/pixel_45f4c']
|
{"alert": ["3910002"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.8500000238418579
|
severity: Severity.critical
|
|
149.102.230.117
|
ip
|
All 8 requests from this IP were flagged as detected threats, triggering WAF alert rule 3990001. This indicates highly malicious activity.
|
2026-02-28 07:19:55
|
1
|
DE
|
AS212238
|
['akamai.darcherif.fr', 'akamai.darcherif.fr:80']
|
['']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac1:76c0:780::5e:41
|
ip
|
100% of requests are threats, targeting suspicious PHP files, and was already denied by a WAF IP blocking rule (IPBLOCK-BURST4-318403).
|
2026-02-28 02:38:55
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['wp-content/plugins/index.php', 'wp-admin/zwso.php', 'shlo.php', 'ioxi-o.php', 'file2.php', 'wp-admin/css/index.php', 'ahax.php', 'zwso.php', 'wp-admin/txets.php', 'bolt.php']
|
{"alert": ["3990001"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
104.28.214.114
|
ip
|
Multiple suspicious PHP file access attempts, 100% of requests flagged by WAF, indicating web shell or backdoor activity.
|
2026-02-28 02:38:55
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
20.151.107.14
|
ip
|
Exhibits highly suspicious behavior by attempting to access numerous sensitive paths and common exploit targets, indicative of malicious reconnaissanc...
|
2026-02-27 22:48:10
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
176.65.132.19
|
ip
|
Multiple requests to wp-login.php flagged by WAF and security rule alerts indicate potential brute-force or credential stuffing attempt.
|
2026-02-27 22:07:52
|
1
|
NL
|
AS51396
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7eac3fac91d0eea84d
|
tls
|
High percentage of detected threat requests (66%), WAF flags on security.txt paths, and detection as a 'BOT-BROWSER-IMPERSONATOR' from a suspicious ge...
|
2026-02-27 19:17:19
|
1
|
RU
|
N/A
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['', '.well-known/security.txt', 'security.txt']
|
{"alert": ["3904004", "3904006", "3904020", "3904042", "3904052", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
104.220.83.18
|
ip
|
IP address triggered multiple WAF alerts, detected 3 threat requests out of 19, and was explicitly blocked by WAF rule 'IPBLOCK-BURST4-318403' for bur...
|
2026-02-27 08:45:16
|
1
|
US
|
AS11404
|
['', 'akamai.darcherif.fr']
|
['akam/13/pixel_200ee588', 'favicon.ico']
|
{"alert": ["3910006", "3910009"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
172.245.155.97
|
ip
|
Observed multiple severe web attack attempts, including SQL injection and directory traversal, flagged by WAF and security rules. Identified as a bot ...
|
2026-02-27 07:14:53
|
1
|
US
|
AS36352
|
['www.darcherif.fr']
|
['upload/mobile/index.php', 'api.php', 'index.php', 'a/sys/user/resetPassword', 'admin/cms_channel.php', 'product-details.php', 'user/City_ajax.aspx', 'ebvp/infopub/show_download_content;.js', 'config/fillbacksetting.php', 'w_selfservice/oauthservlet/%2e./.%2e/servlet/sduty/getSdutyTree']
|
{"alert": ["3000015", "3000017", "3000100", "3000101", "3904000", "3904001", "3904005", "3904006", "3904007", "3904013", "3904038", "3904042", "3904052", "950007", "959073", "981240", "981243", "981247", "981254", "981255", "981300", "981320"], "deny": ["BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX", "SQL-INJECTION-ANOMALY"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
20.104.124.39
|
ip
|
All 151 requests were flagged by WAF for suspicious paths indicating active compromise attempts or vulnerability scanning, and the IP was already deni...
|
2026-02-27 03:14:05
|
1
|
CA
|
AS8075
|
['akamai.darcherif.fr']
|
['sx.php', 'ha.php', 'plugins/Cache/footer.php', 'admin/function.php', 'css/colors/blue/index.php', 'htaccess.php', 'zwso.php', 'lv.php', 'wp-admin/maint/admin.php', 'x.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
35.212.235.164
|
ip
|
Access to highly suspicious, long, and obfuscated path ('x8U4ppL5uvXI_/sYO8bI0q/J7lP70/Nia3SmzY3i9z2S/TgxyDCYfAw/P1wCfA/MqRHQB') indicative of reconna...
|
2026-02-26 23:02:36
|
1
|
US
|
AS15169
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
34.187.164.65
|
ip
|
Confirmed malicious activity including WAF denial, multiple security rule hits (including bot detection), and scanning for WordPress vulnerabilities (...
|
2026-02-26 22:32:20
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "3904058", "3904065", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
158.94.208.134
|
ip
|
High number of threat requests (81%) targeting wp-login.php, indicating brute-force or credential stuffing attempt. WAF triggered alerts.
|
2026-02-26 22:32:20
|
1
|
DE
|
AS202412
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
143.198.86.151
|
ip
|
High number of detected threat requests (34), multiple paths flagged by WAF, and security rule hits for bot impersonation (BOT-BROWSER-IMPERSONATOR) a...
|
2026-02-26 18:21:13
|
1
|
SG
|
AS14061
|
['akamai.darcherif.fr']
|
['', 'blog/', 'wordpress/', 'wp/', 'xmlrpc.php', 'blog/robots.txt']
|
{"alert": ["3904003", "3904013", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
20.151.224.126
|
ip
|
All requests (100%) from this IP were detected as threats, flagged by WAF, and explicitly denied by an IPBLOCK rule. Accessed paths indicate potential...
|
2026-02-26 15:30:27
|
1
|
CA
|
AS8075
|
['akamai.darcherif.fr']
|
['ha.php', 'plugins/Cache/footer.php', 'admin/function.php', 'scripts/wpup.php', 'css/colors/blue/index.php', 'htaccess.php', 'zwso.php', 'lv.php', 'wp-admin/maint/admin.php', 'x.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
20.63.98.207
|
ip
|
Attempted to access multiple suspicious .php files indicative of web shell activity, 100% of requests were flagged by WAF and explicitly denied by IPB...
|
2026-02-26 11:09:19
|
1
|
CA
|
AS8075
|
['akamai.darcherif.fr']
|
['ms.php', 'wp-access.php', 'god.php', 'nw.php', 'motu.php', 'xqq.php', 'ws60.php', 'work.php', 'seetox.php', 'vx.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
172.56.209.134
|
ip
|
Multiple security alerts detected, including WAF flags for 'akam/13/pixel_c4e2ce', two detected threat requests, and hits on security rules '3910002' ...
|
2026-02-26 09:27:44
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.699999988079071
|
severity: Severity.medium
|
|
45.156.128.58
|
ip
|
All requests flagged by WAF with a security alert, indicating malicious scanning or bot activity.
|
2026-02-26 06:25:47
|
1
|
NL
|
AS211680
|
['akamai.darcherif.fr']
|
['', 'favicon.ico']
|
{"alert": ["3990011"], "deny": []}
|
0.8999999761581421
|
severity: Severity.medium
|
|
104.28.214.54
|
ip
|
All requests detected as threats, accessing suspicious PHP files indicative of web shell activity.
|
2026-02-26 06:25:46
|
1
|
BG
|
AS13335
|
['akamai.darcherif.fr']
|
['bless.php', 'wp-content/style.php', 'wp-admin/style.php', 'flower.php', 'style.php', 'file.php', 'gifclass.php', 'wp-includes/style.php', 'wp-content/themes/style.php', 'chosen.php']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
104.28.246.54
|
ip
|
All requests detected as threats, WAF rules explicitly denied activity, and attempts to access suspicious PHP files and admin paths.
|
2026-02-26 06:25:46
|
1
|
BG
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-admin/txets.php', 'wp-content/themes/style.php']
|
{"alert": ["3990001"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
2001:bc8:1f90:21:da5e:d3ff:fe6c:80eb
|
ip
|
Accessed a highly suspicious and obfuscated path 'x8U4ppL5uvXI_/sYO8bI0q/J7lP70/Nia3SmzY3i9z2S/TgxyDCYfAw/P1wCfA/MqRHQB' indicative of potential web s...
|
2026-02-26 04:35:18
|
1
|
PL
|
AS12876
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
195.154.173.217
|
ip
|
All requests were detected as threats, targeting WordPress enumeration paths, and denied by WAF rule REP_1654536.
|
2026-02-26 01:54:37
|
1
|
FR
|
AS12876
|
['www.darcherif.fr']
|
['shop/wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', '2020/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": [], "deny": ["REP_1654536"]}
|
1.0
|
severity: Severity.critical
|
|
4.204.200.32
|
ip
|
All requests detected as threats, all accessed paths flagged by WAF, and security rules explicitly denied with an IPBLOCK. Indicates highly malicious ...
|
2026-02-25 22:13:42
|
1
|
CA
|
AS8075
|
['akamai.darcherif.fr']
|
['motu.php', 'ffd.php', 'nw.php', 'dom.php', 'ws60.php', 'xqq.php', 'login8.php', 'work.php', 'seetox.php', 'vx.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
34.69.56.249
|
ip
|
Highly suspicious activity including extensive 'wlwmanifest.xml' scanning, numerous WAF flags, 'BOT-BROWSER-IMPERSONATOR' alerts, and an IP burst bloc...
|
2026-02-25 18:42:51
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "3904058", "3904065", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
40.80.89.74
|
ip
|
Accessed highly suspicious and non-standard PHP files (e.g., 'alfa-rex1.php', 'spip.php', 'root.php', 'wp-admin.php') indicative of reconnaissance or ...
|
2026-02-25 13:30:55
|
1
|
IN
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
AS201814
|
asn
|
Extremely high number of detected threat requests (68 out of 74 total) from this ASN, targeting critical paths like 'wp-login.php' and '.git/HEAD', an...
|
2026-02-25 13:20:45
|
1
|
PL
|
AS201814
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['wp-login.php', '.git/HEAD']
|
{"alert": ["3900998", "3990001"], "deny": []}
|
0.9800000190734863
|
severity: Severity.critical
|
|
109.205.211.39
|
ip
|
Highly suspicious IP with 26 out of 29 requests flagged as threats, specifically targeting 'wp-login.php' and triggering WAF rule '3900998', indicatin...
|
2026-02-25 13:20:45
|
1
|
GB
|
AS201814
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
34.182.92.11
|
ip
|
Repeated access attempts to WordPress configuration files (wlwmanifest.xml) across multiple paths, all flagged by WAF and multiple security rules hit,...
|
2026-02-25 12:30:00
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "3904058", "3904065", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2001:41d0:303:5899::1
|
ip
|
All requests were flagged by WAF and detected as threats, hitting security rule 3991006, indicating malicious activity like SQL injection attempts.
|
2026-02-25 08:08:08
|
1
|
FR
|
AS16276
|
['www.darcherif.fr']
|
['robots.txt', 'index.php/tag/cps/', 'index.php/tag/iot/', 'index.php/tag/industry-4-0/', 'index.php/tag/cyber-security/']
|
{"alert": ["3991006"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
85.11.167.79
|
ip
|
Multiple detected threat requests, WAF flagged 'wp-login.php' access, and a security alert (3900998) was triggered. This indicates a high probability ...
|
2026-02-25 04:37:18
|
1
|
BG
|
AS213438
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
35.175.103.28
|
ip
|
All requests were flagged by WAF, detected as threats, and an IPBLOCK security rule was hit.
|
2026-02-24 23:35:55
|
1
|
US
|
AS14618
|
['akamai.darcherif.fr']
|
['', 'favicon.png', 'favicon.ico']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
194.26.192.238
|
ip
|
Highly suspicious access patterns to common WordPress directories with unusual PHP filenames (e.g., 'txets.php', 'schallfuns.php'), indicating potenti...
|
2026-02-24 18:34:35
|
1
|
NL
|
AS210558
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
104.28.246.116
|
ip
|
All requests to suspicious paths flagged by WAF, indicating potential web shell or backdoor activity.
|
2026-02-24 16:53:03
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['wp-content/style.php', 'wp-admin/style.php', 'flower.php', 'style.php', 'file.php', 'wp-includes/style.php', 'wp-content/themes/style.php', 'chosen.php']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac5:952b:3af::5e:3b
|
ip
|
All requests to highly suspicious paths flagged by WAF and triggered deny rules, indicating active malicious exploit attempts.
|
2026-02-24 16:53:03
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
205.169.39.24
|
ip
|
This IP address exhibited highly suspicious behavior, including 5 detected threat requests out of 19 total requests, multiple paths flagged by WAF, an...
|
2026-02-24 10:20:58
|
1
|
US
|
AS3356
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
34.138.168.131
|
ip
|
Repeated scanning attempts for WordPress vulnerabilities across multiple paths, detected bot browser impersonation, and multiple WAF rules triggered i...
|
2026-02-24 10:00:45
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "3904058", "3904065", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
18.237.91.58
|
ip
|
Detected highly suspicious and obfuscated paths consistent with attempted exploits or reconnaissance. AI also flagged as medium severity, but the path...
|
2026-02-24 08:20:04
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
195.178.110.242
|
ip
|
High number of detected threat requests, all accessed paths flagged by WAF, and hits on security rules including bot impersonation.
|
2026-02-24 08:09:50
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['', 'assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'js/mpulse.js']
|
{"alert": ["3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904020", "3904044", "3904045", "3904047", "3904049", "3904052", "3904053", "3904058", "3904062", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
45.141.233.196
|
ip
|
High number of detected threat requests (41/44) targeting wp-login.php, flagged by WAF with an alert, indicating a likely brute-force or credential st...
|
2026-02-24 03:38:44
|
1
|
NL
|
AS201814
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
51.107.182.56
|
ip
|
All requests (81/81) were detected as threats, all paths were flagged by WAF, and an 'IPBLOCK' deny rule was triggered, indicating active malicious ex...
|
2026-02-24 03:38:44
|
1
|
SE
|
AS8075
|
['akamai.darcherif.fr']
|
['click.php', 'bzjdlofz.php', 'mcs.php', 'wp-blogs.php', 't00l.php', 'gettest.php', 'nZILpby53HV.php', '35.php', 'x.php', 'eursi.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
20.78.146.86
|
ip
|
Accessed suspicious PHP files and WordPress plugin directories commonly used in exploit attempts and reconnaissance, indicating malicious intent despi...
|
2026-02-23 21:37:08
|
1
|
JP
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.800000011920929
|
severity: Severity.critical
|
|
20.89.58.48
|
ip
|
Engaged in highly malicious activity, with all accessed paths flagged by WAF, numerous detected threat requests, and triggered WAF deny rules includin...
|
2026-02-23 21:37:08
|
1
|
JP
|
AS8075
|
['akamai.darcherif.fr']
|
['system.php', 'chosen.php', 'wp-admin/css/colors/blue/file.php', 'admin/function.php', 'asd.php', 'gettest.php', 'doc.php', 'ahax.php', 'zwso.php', 'x.php']
|
{"alert": ["3904001", "3904002", "3904003", "3904004", "3904006", "3904013", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
20.100.195.34
|
ip
|
Engaged in highly suspicious activity, attempting to access multiple potentially vulnerable PHP files. All requests were flagged as threats by the WAF...
|
2026-02-23 13:55:06
|
1
|
NO
|
AS8075
|
['akamai.darcherif.fr']
|
['ioxi.php', 'elp.php', 'wp-content/themes/about.php', 'wp-admin/css/colors/blue/index.php', 'sx.php', 'classwithtostring.php', '404.php', 'gettest.php', '35.php', 'wp-includes/fonts/index.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
3%7eeebdc6ca9733c8c8
|
tls
|
TLS certificate associated with numerous WAF-flagged paths, including '.git/', indicating potential source code exposure attempts. High number of dete...
|
2026-02-23 09:32:31
|
1
|
FR
|
N/A
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['', '.git/', 'robots.txt']
|
{"alert": ["3000100", "3990001", "950902", "IPBLOCK-PENALTY-BOX"], "deny": ["3990001", "IPBLOCK-PENALTY-BOX", "SQL-INJECTION-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
199.127.56.236
|
ip
|
WAF flagged suspicious 'akam' path, security rule 3910001 triggered, and accessed a highly obfuscated/suspicious path. Clear indicators of malicious a...
|
2026-02-23 09:02:14
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac5:cad2:1541::21e:163
|
ip
|
All requests flagged by WAF as threats, indicating active malicious activity likely web shell or backdoor attempts.
|
2026-02-23 08:51:55
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
104.210.140.137
|
ip
|
All requests detected as threats; WAF flagged suspicious access to robots.txt; Security rule 3991023 hit.
|
2026-02-23 05:40:19
|
1
|
US
|
AS8075
|
['www.darcherif.fr']
|
['robots.txt']
|
{"alert": ["3991023"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
89.187.187.74
|
ip
|
Engaged in extensive WordPress vulnerability scanning attempts (wlwmanifest.xml), triggered multiple WAF flags, identified as a bot impersonator, and ...
|
2026-02-23 04:19:57
|
1
|
US
|
AS60068
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "3904041", "3904058", "3904065", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
68.221.129.30
|
ip
|
All 92 requests from this IP were flagged by WAF as threats and hit an IPBLOCK deny rule. The accessed paths indicate potential web shell activity or ...
|
2026-02-23 02:49:28
|
1
|
ES
|
AS8075
|
['akamai.darcherif.fr']
|
['s1.php', 'knmt.php', 'maraz.php', 'akhvg.php', 'f2.php', 'bzjdlofz.php', 'wp-blogs.php', 't00l.php', 'gettest.php', '35.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9800000190734863
|
severity: Severity.critical
|