|
2a09:bac5:cad2:1541::21e:163
|
ip
|
All requests flagged by WAF as threats, indicating active malicious activity likely web shell or backdoor attempts.
|
2026-02-23 08:51:55
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
104.210.140.137
|
ip
|
All requests detected as threats; WAF flagged suspicious access to robots.txt; Security rule 3991023 hit.
|
2026-02-23 05:40:19
|
1
|
US
|
AS8075
|
['www.darcherif.fr']
|
['robots.txt']
|
{"alert": ["3991023"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
89.187.187.74
|
ip
|
Engaged in extensive WordPress vulnerability scanning attempts (wlwmanifest.xml), triggered multiple WAF flags, identified as a bot impersonator, and ...
|
2026-02-23 04:19:57
|
1
|
US
|
AS60068
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "3904041", "3904058", "3904065", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
68.221.129.30
|
ip
|
All 92 requests from this IP were flagged by WAF as threats and hit an IPBLOCK deny rule. The accessed paths indicate potential web shell activity or ...
|
2026-02-23 02:49:28
|
1
|
ES
|
AS8075
|
['akamai.darcherif.fr']
|
['s1.php', 'knmt.php', 'maraz.php', 'akhvg.php', 'f2.php', 'bzjdlofz.php', 'wp-blogs.php', 't00l.php', 'gettest.php', '35.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
20.89.40.149
|
ip
|
Engaging in highly suspicious reconnaissance and potential exploitation attempts, indicated by requests to non-standard PHP files (e.g., 'ioxi-o.php',...
|
2026-02-22 23:28:45
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
104.46.226.22
|
ip
|
100% of requests are flagged as threats and hit an IPBLOCK rule. All accessed paths are suspicious and flagged by WAF.
|
2026-02-22 22:18:19
|
1
|
JP
|
AS8075
|
['akamai.darcherif.fr']
|
['sc.php', 'wp-content/themes/twentytwentytwo/index.php', 'content.php', 'wp-content/plugins/index.php', '503.php', 'X57.php', 'chosen.php', 'sx.php', 'gettest.php', 'wp-admin/maint/admin.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
172.213.17.83
|
ip
|
Extremely high number of detected threat requests (766 detected threats for 176 requests), multiple WAF alerts, IPBLOCK rule hit, and identified as a ...
|
2026-02-22 22:18:19
|
1
|
IT
|
AS8075
|
['akamai.darcherif.fr']
|
['bnm.php', 'aboutc.php', 'a4.php', 'lib.php', 'sc.php', 'kbfr.php', 'click.php', 'logs.php', 'wp-blogs.php', 'gettest.php']
|
{"alert": ["3904001", "3904002", "3904003", "3904004", "3904006", "3904013", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
52.141.18.191
|
ip
|
Attempted access to common exploit paths and directories (e.g., cgi-bin/, suspicious PHP files like ioxi-o.php, chosen.php, sf.php, and non-existent W...
|
2026-02-22 08:02:19
|
1
|
KR
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
47.128.35.25
|
ip
|
All requests (9 out of 9) were flagged by the WAF and detected as threats (WAF rule 3991023 alerted), indicating highly suspicious or malicious automa...
|
2026-02-22 05:11:32
|
1
|
SG
|
AS16509
|
['www.darcherif.fr']
|
['', 'wp-content/themes/highlight/customizer/sections/content.css', 'wp-content/themes/mesmerize/assets/css/theme.bundle.min.css', 'wp-content/uploads/2020/05/ConferenceIndiaCropped.png', 'wp-content/themes/mesmerize/style.min.css', 'wp-content/themes/highlight/style.min.css', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'wp-includes/css/dist/block-library/style.min.css', 'wp-content/uploads/2020/01/Czech-Republic-operation-Temelin-Nuclear-Power-Plant-2003-768x502.jpg']
|
{"alert": ["3991023"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
216.73.216.154
|
ip
|
Accessed highly suspicious and obfuscated paths, triggered WAF alerts, and has a high ratio of detected threat requests, indicating potential maliciou...
|
2026-02-21 22:49:54
|
1
|
US
|
AS16509
|
['', 'www.darcherif.fr']
|
['', 'robots.txt']
|
{"alert": ["3991023"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a10:3c0:101:0:1:42:0:5
|
ip
|
All accessed paths were flagged by WAF, an extremely high number of detected threat requests (more than total requests), and multiple WAF alerts inclu...
|
2026-02-21 22:49:54
|
1
|
NL
|
AS211680
|
['akamai.darcherif.fr']
|
['', 'sse', 'mcp']
|
{"alert": ["3904000", "3904004", "3904006", "3904020", "3904036", "3904042", "3904053", "3990001", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.9800000190734863
|
severity: Severity.critical
|
|
66.249.66.12
|
ip
|
All requests (10 out of 10) were detected as threats, flagged by WAF, and triggered a security alert (3991006). This indicates active malicious activi...
|
2026-02-21 17:18:25
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['wp-includes/js/wp-emoji-release.min.js', 'wp-includes/js/jquery/jquery.min.js', 'wp-includes/js/masonry.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/js/companion.bundle.min.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/themes/highlight/style.min.css', 'wp-includes/js/jquery/jquery-migrate.min.js', 'wp-includes/css/dist/block-library/style.min.css']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
34.173.96.22
|
ip
|
Multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', and denial rules ('IPBLOCK-BURST4') triggered. Repeated attempts to access 'wlwmanifest.xml...
|
2026-02-21 16:37:47
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
40.69.66.178
|
ip
|
All requests were flagged by WAF and hit 'IPBLOCK' security rule, attempting access to known malicious paths like 'admin.php' and 'wp_filemanager.php'...
|
2026-02-21 16:27:40
|
1
|
IE
|
AS8075
|
['akamai.darcherif.fr']
|
['sc.php', 'admin.php', 'sm.php', 'ioxi-o.php', 'wp-content/plugins/hellopress/wp_filemanager.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
2a10:3c0:101:0:1:12:0:5
|
ip
|
All requests flagged by WAF and detected as threats. High confidence in malicious activity requiring immediate blocking.
|
2026-02-21 14:16:53
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
170.64.198.170
|
ip
|
Multiple high-severity WAF rule hits including command injection, LFI, and attempts to access sensitive configuration files like .env and .git/config,...
|
2026-02-21 14:06:35
|
1
|
AU
|
AS14061
|
['akamai.darcherif.fr']
|
['new', 'wordpress', 'blog', '_sec/cp_challenge/challenge', 'vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php', '_ignition/execute-solution', '.git/config', 'demo', 'public/vendor/laravel-filemanager/js/script.js', '.env']
|
{"alert": ["3000171", "3000508", "3904000", "3904005", "3904006", "3904013", "3904042", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["CMD-INJECTION-ANOMALY", "IPBLOCK-BURST4-318403", "LFI-ANOMALY"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
20.187.125.76
|
ip
|
All requests (100%) were detected as threats, flagged by WAF, and denied by an IPBLOCK rule. Accessed suspicious PHP paths indicative of web shell or ...
|
2026-02-21 12:55:37
|
1
|
HK
|
AS8075
|
['akamai.darcherif.fr']
|
['system.php', 'info.php', 'chosen.php', 'hehe.php', 'wp-admin/css/colors/blue/file.php', 'vanda.php', 'admin/function.php', 'asd.php', 'okxh.php', 'x.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
172.232.36.208
|
ip
|
Multiple severe security rule violations including SQL Injection attempts, accessing sensitive .git directory, and triggering IPBLOCK-PENALTY-BOX rule...
|
2026-02-21 12:35:31
|
1
|
FR
|
AS63949
|
['akamai.darcherif.fr', 'www.darcherif.fr']
|
['', '.git/']
|
{"alert": ["3000100", "3990001", "950902", "IPBLOCK-PENALTY-BOX"], "deny": ["3990001", "IPBLOCK-PENALTY-BOX", "SQL-INJECTION-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
20.53.240.38
|
ip
|
Suspicious file access patterns indicative of web shell activity or server compromise. Observed access to generic .php files like 'file.php', 'file2.p...
|
2026-02-21 12:15:24
|
1
|
AU
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
70.123.97.128
|
ip
|
IP triggered WAF deny rule 'IPBLOCK-BURST4-318403' and made 6 threat-detected requests out of 19 total, indicating automated or malicious activity.
|
2026-02-21 06:24:10
|
1
|
US
|
AS11427
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'favicon.ico', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
20.214.159.60
|
ip
|
Multiple suspicious paths accessed consistent with web application scanning and exploitation attempts (e.g., ioxi-o.php, wp-content/plugins/WordPressC...
|
2026-02-21 01:33:21
|
1
|
KR
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
207.46.13.18
|
ip
|
All requests flagged as threats by WAF (Rule 3991006). High likelihood of reconnaissance or automated attack due to 100% threat rate.
|
2026-02-20 20:52:23
|
1
|
US
|
AS8075
|
['www.darcherif.fr']
|
['wp-includes/js/wp-emoji-release.min.js', 'wp-includes/js/jquery/jquery.min.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/themes/mesmerize/style.min.css', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css']
|
{"alert": ["3991006"], "deny": []}
|
0.8999999761581421
|
severity: Severity.medium
|
|
207.46.13.168
|
ip
|
Multiple WAF alerts (Rule 3991006) and access to a highly suspicious, obfuscated path. High ratio of detected threat requests (7 out of 8).
|
2026-02-20 20:52:23
|
1
|
US
|
AS8075
|
['', 'www.darcherif.fr']
|
['wp-includes/js/imagesloaded.min.js', 'wp-includes/js/masonry.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/js/companion.bundle.min.js', 'wp-content/themes/highlight/style.min.css', 'wp-includes/js/jquery/jquery-migrate.min.js', 'wp-includes/css/dist/block-library/style.min.css', 'wp-content/themes/highlight/assets/js/theme-child.js']
|
{"alert": ["3991006"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
35.245.125.98
|
ip
|
Engaging in widespread WordPress vulnerability scanning attempts (wlwmanifest.xml), flagged by WAF on multiple paths, detected as a bot browser impers...
|
2026-02-20 17:01:21
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "3904058", "3904065", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ef4680262e7deb748
|
tls
|
Multiple WAF rule hits indicating SQL injection attempts, access to sensitive paths (.git/), and triggering of IP blocking penalties.
|
2026-02-20 11:50:14
|
1
|
FR
|
N/A
|
['akamai.darcherif.fr', 'www.darcherif.fr']
|
['', '.git/']
|
{"alert": ["3000100", "3990001", "950902", "IPBLOCK-PENALTY-BOX"], "deny": ["3990001", "IPBLOCK-PENALTY-BOX", "SQL-INJECTION-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
2001:861:5860:e460:3c39:ee45:8634:30ee
|
ip
|
The IP attempted SQL injection, accessed sensitive .git paths, triggered multiple security alerts, and is in an IP block penalty box. A high ratio of ...
|
2026-02-20 11:40:08
|
1
|
FR
|
AS5410
|
['akamai.darcherif.fr']
|
['', '.git/']
|
{"alert": ["3000100", "3990001", "950902", "IPBLOCK-PENALTY-BOX"], "deny": ["SQL-INJECTION-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
170.64.40.138
|
ip
|
IP triggered a deny rule (IPBLOCK-BURST4-318403) and had multiple detected threat requests flagged by WAF, indicating malicious activity.
|
2026-02-20 06:59:16
|
1
|
US
|
AS15108
|
['', 'akamai.darcherif.fr']
|
['akam/13/pixel_323435c5', 'favicon.ico']
|
{"alert": ["3910002", "3910006"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
AS23470
|
asn
|
High volume of detected threat requests (456), multiple WAF rule hits including bot impersonation and suspicious path access patterns, indicating auto...
|
2026-02-20 06:39:10
|
1
|
US
|
AS23470
|
['akamai.darcherif.fr']
|
['TEST', 'Test', 'www', 'OLD', 'WP', 'bc', '2017', '2020', '2022', 'demo']
|
{"alert": ["3904000", "3904006", "3904010", "3904013", "3904020", "3904042", "3904044", "3904047", "3904049", "3904052", "3904056", "3904058", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.195.100.207
|
ip
|
This IP exhibits highly malicious behavior with a high number of detected threat requests (61 out of 8 total), numerous WAF rule hits including 'BOT-B...
|
2026-02-20 05:59:01
|
1
|
US
|
AS23470
|
['akamai.darcherif.fr']
|
['', 'wordpress', 'WORDPRESS', 'Wordpress']
|
{"alert": ["3904000", "3904006", "3904010", "3904013", "3904020", "3904042", "3904044", "3904047", "3904049", "3904052", "3904056", "3904058", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
146.70.59.42
|
ip
|
IP blocked by WAF rule 'IPBLOCK-BURST4-318403' due to burst activity, with 35% of total requests detected as threats and multiple paths flagged.
|
2026-02-20 04:48:46
|
1
|
PT
|
AS9009
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
179.43.159.170
|
ip
|
Repeated access to wp-login.php, indicative of a brute-force or credential stuffing attempt.
|
2026-02-20 03:58:35
|
1
|
CH
|
AS51852
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.800000011920929
|
severity: Severity.medium
|
|
2409:8a34:4071:5b10:a00:27ff:fea2:560b
|
ip
|
Detected multiple threat requests and accessed highly suspicious, obfuscated paths indicating potential exploitation or attack attempts from a Chinese...
|
2026-02-19 20:17:11
|
1
|
CN
|
AS9808
|
['', 'www.darcherif.fr']
|
['akam/13/pixel_6bab17ee']
|
{"alert": ["3910001", "3910006"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
20.205.120.43
|
ip
|
Multiple highly suspicious path accesses, including `wp-content/cong.php` (likely a typo for config.php probe) and an unusual `.well-known/classwithto...
|
2026-02-19 19:16:55
|
1
|
HK
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
20.24.197.43
|
ip
|
Detected access to known malicious web shell pattern 'ioxi-o.php' and suspicious 'wp-content/plugins/WordPressCore/' path, indicating potential exploi...
|
2026-02-19 17:16:27
|
1
|
HK
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
74.7.241.43
|
ip
|
Almost all requests (45 out of 46) from this IP were flagged as threats by the WAF, indicating highly malicious activity.
|
2026-02-19 13:05:31
|
1
|
US
|
AS8075
|
['', 'www.darcherif.fr']
|
['wp-content/themes/highlight/style.min.css', 'wp-includes/js/jquery/jquery-migrate.min.js', 'wp-content/themes/highlight/assets/js/theme-child.js', 'index.php/2020/01/24/industry-4-0-corrupted-smart-factories-examples/', 'wp-includes/js/imagesloaded.min.js', 'wp-content/themes/mesmerize/assets/css/theme.bundle.min.css', 'index.php/2023/04/27/ddos-what-is-it-how-does-it-work-and-how-to-be-protected/', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'index.php/category/cybersecurity/', 'index.php/wp-json/wp/v2/pages/25']
|
{"alert": ["3991023"], "deny": []}
|
0.9800000190734863
|
severity: Severity.critical
|
|
45.149.173.195
|
ip
|
IP engaged in extensive WordPress vulnerability scanning targeting 'wlwmanifest.xml', flagged by WAF as a 'BOT-BROWSER-IMPERSONATOR', and previously d...
|
2026-02-19 08:14:39
|
1
|
US
|
AS62240
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
130.12.180.90
|
ip
|
Repeated suspicious access to wp-login.php flagged by WAF and triggered security alerts, indicating potential brute-force or credential stuffing attac...
|
2026-02-19 07:34:29
|
1
|
GB
|
AS202412
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
99.24.217.1
|
ip
|
The WAF already denied requests from this IP due to a 'burst' rule (IPBLOCK-BURST4-318403), indicating automated, excessive activity. This behavior is...
|
2026-02-19 07:24:23
|
1
|
US
|
AS7018
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'favicon.ico', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.800000011920929
|
severity: Severity.medium
|
|
66.249.66.45
|
ip
|
All requests from this IP address triggered WAF alerts (rule 3991006) on WordPress core and plugin files, similar to 66.249.66.161. This indicates a h...
|
2026-02-19 07:24:23
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['', 'wp-includes/js/wp-emoji-release.min.js', 'wp-includes/js/jquery/jquery.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/js/companion.bundle.min.js', 'wp-includes/css/dist/block-library/style.min.css']
|
{"alert": ["3991006"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
66.249.66.161
|
ip
|
All requests from this IP address triggered WAF alerts (rule 3991006) on WordPress core and theme files. This indicates a high probability of maliciou...
|
2026-02-19 07:24:23
|
1
|
US
|
AS15169
|
['www.darcherif.fr']
|
['wp-content/themes/highlight/customizer/sections/content.css', 'wp-includes/js/imagesloaded.min.js', 'wp-content/themes/mesmerize/assets/css/theme.bundle.min.css', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/js/companion.bundle.min.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/themes/highlight/style.min.css', 'wp-includes/js/jquery/jquery-migrate.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'wp-content/themes/highlight/assets/js/theme-child.js']
|
{"alert": ["3991006"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
158.158.51.6
|
ip
|
All 20 requests from this IP address were flagged by the WAF as threats, including attempts to access sensitive WordPress configuration files and know...
|
2026-02-19 03:33:25
|
1
|
ES
|
AS8075
|
['akamai.darcherif.fr']
|
['wp-admin/wp-conflg.php', 'e.php', 'file9.php', 'a4.php', 'wp-includes/ID3/index.php', 'lp6.php', 'wp-content/plugins/hellopress/wp_filemanager.php', 'file3.php', '404.php', 'file2.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
192.161.169.184
|
ip
|
IP was blocked by WAF rule 'IPBLOCK-BURST4-318403' indicating burst activity and a detected threat request.
|
2026-02-19 00:22:54
|
1
|
US
|
AS203020
|
['akamai.darcherif.fr']
|
['assets/img/portfolio/game.png']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.8999999761581421
|
severity: Severity.critical
|
|
40.115.138.121
|
ip
|
Accessed multiple highly suspicious PHP paths commonly associated with web shell uploads or compromise attempts (e.g., hehe.php, wp-content/cong.php, ...
|
2026-02-18 12:20:45
|
1
|
JP
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
72.226.126.223
|
ip
|
IP address triggered WAF deny rule 'IPBLOCK-BURST4-318403' and registered a detected threat request.
|
2026-02-18 08:20:01
|
1
|
US
|
AS12271
|
['', 'akamai.darcherif.fr']
|
['favicon.ico']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
93.123.109.214
|
ip
|
Multiple attempts to access sensitive configuration files (.aws/credentials, .env, .git/config), detected Local File Inclusion (LFI) anomaly, and nume...
|
2026-02-18 02:29:04
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['.aws/config', 'debug/', 'assets/mail/jqBootstrapValidation.js', '.aws/credentials', 'js/mpulse.js', '.git/config', '_sec/cp_challenge/challenge', '.s3cfg', '.env', 'debugbar/']
|
{"alert": ["3000126", "3000508", "3904000", "3904001", "3904004", "3904005", "3904006", "3904020", "3904023", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["IPBLOCK-BURST4-318403", "LFI-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
36.81.233.175
|
ip
|
Repeated attempts to access sensitive system files (.aws/credentials, .env/.env.bak, phpinfo) and exploitation attempts via Local File Inclusion (LFI)...
|
2026-02-18 01:28:49
|
1
|
ID
|
AS7713
|
['akamai.darcherif.fr']
|
['', 'test.php', 'assets/mail/contact_me.js', '.aws/credentials', '_profiler/phpinfo', 'js/scripts.js', 'index.php', 'js/mpulse.js', '.env/.env.bak', 'phpinfo.php']
|
{"alert": ["3000508", "3904000", "3904020", "3904036", "3904042", "3990001", "BOT-BROWSER-IMPERSONATOR", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
74.248.34.156
|
ip
|
All requests (43/43) from this IP were flagged by WAF and triggered security rules (IPBLOCK), indicating highly malicious activity such as web shell o...
|
2026-02-17 21:17:59
|
1
|
PL
|
AS8075
|
['akamai.darcherif.fr']
|
['s.php', 'wefile.php', 'wp-blogs.php', 'amp.php', 't.php', 'dox.php', 'asax.php', 'bolt.php', 'vx.php', '155.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
20.219.8.79
|
ip
|
Repeated access to highly suspicious PHP file names and paths (e.g., wxo.php, hehe.php, alfa-rex.php, wp-includes/*.php) commonly associated with web ...
|
2026-02-17 13:16:33
|
1
|
IN
|
AS8075
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
104.28.246.114
|
ip
|
All requests detected as threats and flagged by WAF, indicating a high-confidence attack attempting to exploit common web vulnerabilities.
|
2026-02-17 13:06:28
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac5:9529:3af::5e:28
|
ip
|
All requests detected as threats and flagged by WAF, indicating a high-confidence attack attempting to exploit common web vulnerabilities.
|
2026-02-17 13:06:28
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|