|
AS210558
|
asn
|
High volume of WordPress vulnerability scanning attempts, multiple WAF rule violations including 'BOT-BROWSER-IMPERSONATOR', and existing WAF denial a...
|
2026-02-17 12:16:09
|
1
|
NL
|
AS210558
|
['akamai.darcherif.fr']
|
['sito/wp-includes/wlwmanifest.xml', 'wp2/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'shop/wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', '2019/wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
149.102.230.119
|
ip
|
All requests (100%) were detected as threats, triggering security rule 3990001. This indicates highly malicious activity.
|
2026-02-17 09:15:37
|
1
|
DE
|
AS212238
|
['akamai.darcherif.fr:443']
|
['']
|
{"alert": ["3990001"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
173.216.166.129
|
ip
|
Multiple requests were flagged by the WAF and the IP was denied due to a burst of requests (IPBLOCK-BURST4-318403), suggesting automated scanning or a...
|
2026-02-17 09:15:37
|
1
|
US
|
AS19108
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'favicon.ico', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.8999999761581421
|
severity: Severity.critical
|
|
185.226.197.27
|
ip
|
High number of detected threat requests (8) and hits on multiple security rules, including BOT-BROWSER-IMPERSONATOR, indicating malicious bot activity...
|
2026-02-17 01:54:14
|
1
|
NL
|
AS21859
|
['akamai.darcherif.fr']
|
['']
|
{"alert": ["3904000", "3904004", "3904006", "3904013", "3904020", "3904036", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
124.156.226.179
|
ip
|
Detected threat requests and WAF flagged path 'akam/13/51626d4a'. Security rule 3900999 was alerted.
|
2026-02-16 20:13:15
|
1
|
JP
|
AS132203
|
['www.darcherif.fr']
|
['akam/13/51626d4a']
|
{"alert": ["3900999"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
AS51167
|
asn
|
Active exploitation attempts targeting sensitive files like .env and SQL backups, with multiple critical WAF deny rules triggered, including Local Fil...
|
2026-02-16 18:52:58
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.9800000190734863
|
severity: Severity.critical
|
|
45.94.31.224
|
ip
|
Repeated WordPress enumeration attempts, high percentage of detected threat requests, and identified as a bot by security rules, including WAF deny hi...
|
2026-02-16 18:52:58
|
1
|
NL
|
AS210558
|
['akamai.darcherif.fr']
|
['sito/wp-includes/wlwmanifest.xml', 'wp2/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'shop/wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', '2019/wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
109.205.180.195
|
ip
|
Multiple attempts to access sensitive configuration files (.env, mysql.sql) and Local File Inclusion (LFI) attempts, evidenced by WAF rule hits (LFI-A...
|
2026-02-16 17:52:42
|
1
|
DE
|
AS51167
|
['akamai.darcherif.fr', 'www.darcherif.fr']
|
['postfixadmin/.env', '.env.dev.local', 'examples/sdl-first/.env', 'server-status', 'rust-backend/dao/.env', 'option/.env', 'wp-content/mysql.sql', 'env/.env', '.env.swp', 'mail/.env']
|
{"alert": ["3000126", "3000508"], "deny": ["IPBLOCK-BURST4-318403", "LFI-ANOMALY", "REP_1654536", "REP_1654542"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
2600:1700:f6aa:2c10:dd5c:8d0c:3fa5:8dba
|
ip
|
This IP address generated a high percentage of threat requests (7 out of 19) and triggered a 'deny' rule specifically for 'IPBLOCK-BURST4-318403', ind...
|
2026-02-16 10:20:41
|
1
|
US
|
AS7018
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'akam/13/pixel_1d52e375', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'favicon.ico', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": ["3910002"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
167.172.221.95
|
ip
|
IP detected making numerous threat requests targeting WordPress paths like xmlrpc.php, flagged by WAF on all access attempts, and identified as a bot ...
|
2026-02-16 06:49:50
|
1
|
US
|
AS14061
|
['akamai.darcherif.fr']
|
['', 'blog/', 'wordpress/', 'wp/', 'xmlrpc.php', 'blog/robots.txt']
|
{"alert": ["3904003", "3904013", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2600:3c03::2000:ebff:fe62:f006
|
ip
|
Access to highly suspicious and obfuscated path 'y40cf0A0/u29/CD-/fDKig86kEF/V7imftL3YLEpDwp3iz/ZxJDZw/eBUXI/RQvYA8B', indicating a potential exploit ...
|
2026-02-16 00:48:15
|
1
|
US
|
AS63949
|
['', 'www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
34.41.205.200
|
ip
|
WAF denied access due to Local File Inclusion (LFI) anomaly and attempted access to sensitive .env configuration file.
|
2026-02-15 22:27:24
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr', 'www.darcherif.fr']
|
['.env']
|
{"alert": ["3000508"], "deny": ["LFI-ANOMALY"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
216.73.216.97
|
ip
|
High ratio of detected threat requests (4/6) and suspicious, obfuscated path access indicative of malicious scanning or exploit attempts.
|
2026-02-15 22:27:24
|
1
|
US
|
AS16509
|
['', 'www.darcherif.fr']
|
['', 'robots.txt']
|
{"alert": ["3991023"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
74.7.244.33
|
ip
|
All requests were detected as threats, flagged by WAF, and triggered an IPBLOCK security rule, indicating critical malicious activity.
|
2026-02-15 15:06:03
|
1
|
US
|
AS8075
|
['akamai.darcherif.fr']
|
['robots.txt']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
160.250.132.165
|
ip
|
Repeated access to sensitive WordPress enumeration and login paths (wp-json/wp/v2/users, wp-admin/, wp-login.php) from an IP (VN) inconsistent with th...
|
2026-02-15 14:45:48
|
1
|
VN
|
AS150895
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
174.68.176.172
|
ip
|
IP blocked by WAF rule 'IPBLOCK-BURST4-318403' and associated with multiple detected threat requests (5 out of 19 total requests).
|
2026-02-15 11:15:08
|
1
|
US
|
AS22773
|
['', 'akamai.darcherif.fr']
|
['assets/img/portfolio/submarine.png', 'akam/13/pixel_6c0c82b', 'assets/img/portfolio/safe.png', 'favicon.ico']
|
{"alert": ["3910006", "3910009"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
34.9.48.95
|
ip
|
High number of detected threat requests (9 out of 19), multiple WAF flags, security rule hits including BOT-BROWSER-IMPERSONATOR, and an IPBLOCK-BURST...
|
2026-02-15 07:44:25
|
1
|
US
|
AS396982
|
['akamai.darcherif.fr']
|
['', 'assets/img/portfolio/submarine.png', 'favicon.ico', 'assets/img/portfolio/safe.png']
|
{"alert": ["3904006", "3904013", "3904028", "3990001", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
107.172.195.126
|
ip
|
Repeated malicious activity including browser impersonation and a high volume of detected threat requests (31 out of 7 total requests, suggesting mult...
|
2026-02-15 01:33:22
|
1
|
US
|
AS36352
|
['akamai.darcherif.fr']
|
['', 'assets/mail/contact_me.js', 'https%3A/www.facebook.com/StartBootstrap', '%23portfolio', '%23page-top', 'https%3A/www.twitter.com/sbootstrap']
|
{"alert": ["3904005", "3904006", "3904013", "3904020", "3904042", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7eaa744a72243fb39f
|
tls
|
WAF flagged suspicious paths and detected threat requests (2/16). Security rule 3900999 was triggered, indicating malicious activity.
|
2026-02-15 01:03:09
|
1
|
FR
|
N/A
|
['akamai.darcherif.fr', 'www.darcherif.fr']
|
['akam/13/146bbf50', 'akam/13/6a79a3ba']
|
{"alert": ["3900999"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e415f6cb3e8aefec4
|
tls
|
Critical malicious activity detected. Attempted access to highly sensitive files and directories (e.g., .env.old, wp-config.php.txt, .git/config, admi...
|
2026-02-15 00:32:51
|
1
|
FR
|
N/A
|
['akamai.darcherif.fr']
|
['payment.js', 'stripe.js', 'sitemap.xml', '.env.old', 'wp-config.php.txt', '_wdt', '.git/config', 'v1/actuator/env', 'admin/settings', 'settings']
|
{"alert": ["3000126", "3000508", "950204"], "deny": ["IPBLOCK-BURST4-318403", "LFI-ANOMALY", "REP_1654542"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
103.4.250.171
|
ip
|
Multiple WAF alerts, including 'BOT-BROWSER-IMPERSONATOR', and a very high ratio of detected threat requests (54) to total requests (13) indicate seve...
|
2026-02-15 00:22:41
|
1
|
US
|
AS9009
|
['akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'https%3A/www.linkedin.com/in/startbootstrap', 'https%3A/www.facebook.com/StartBootstrap', '%23portfolio', '%23page-top', 'https%3A/www.dribble.com/startbootstrap', 'js/mpulse.js', 'https%3A/www.twitter.com/sbootstrap']
|
{"alert": ["3904005", "3904006", "3904013", "3904020", "3904042", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.9800000190734863
|
severity: Severity.critical
|
|
104.164.173.104
|
ip
|
High number of detected threat requests, multiple WAF flags, and identification as a bot impersonator, indicating automated malicious activity.
|
2026-02-15 00:12:30
|
1
|
US
|
AS18779
|
['akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'https%3A/www.linkedin.com/in/startbootstrap', 'https%3A/www.facebook.com/StartBootstrap', '%23portfolio', '%23page-top', 'https%3A/www.dribble.com/startbootstrap', 'js/mpulse.js', 'https%3A/www.twitter.com/sbootstrap']
|
{"alert": ["3904005", "3904006", "3904013", "3904020", "3904042", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
165.22.34.189
|
ip
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File I...
|
2026-02-15 00:12:30
|
1
|
US
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', '.env', 'v2/api-docs', 'swagger/swagger-ui.html', 'webjars/swagger-ui/index.html', '.vscode/sftp.json']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
165.22.235.3
|
ip
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File I...
|
2026-02-15 00:12:30
|
1
|
CA
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', '.env', 'v2/api-docs', 'swagger/swagger-ui.html', 'webjars/swagger-ui/index.html', '.vscode/sftp.json']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
207.154.197.113
|
ip
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File I...
|
2026-02-15 00:12:30
|
1
|
DE
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', '.env', 'v2/api-docs', 'swagger/swagger-ui.html', '.vscode/sftp.json', 'webjars/swagger-ui/index.html']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
159.65.18.197
|
ip
|
Consistent vulnerability scanning attempts, including accessing sensitive paths like .git/config, .env, and API documentation. WAF denied Local File I...
|
2026-02-15 00:12:30
|
1
|
GB
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'graphql', 'server', 'v3/api-docs', '.env', 'v2/api-docs', 'swagger/swagger-ui.html', '.vscode/sftp.json', 'webjars/swagger-ui/index.html']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac1:7680:450::2e9:a3
|
ip
|
Critical threat detected: 100% of requests (42/42) flagged by WAF and triggered security rule 3990001 (Generic Web Application Attack). This IPv6 addr...
|
2026-02-14 14:40:09
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
104.28.235.59
|
ip
|
Critical threat detected: 100% of requests (42/42) flagged by WAF and triggered security rule 3990001 (Generic Web Application Attack). Accessing susp...
|
2026-02-14 14:40:09
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'ahax.php', 'zwso.php', 'wp-admin/txets.php', 'wp-content/themes/style.php', 'bolt.php']
|
{"alert": ["3990001"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
98.144.155.254
|
ip
|
High number of detected threat requests and triggered WAF deny rule 'IPBLOCK-BURST4-318403' for a burst attack.
|
2026-02-14 12:39:29
|
1
|
US
|
AS10796
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'akam/13/pixel_4b56d2d8', 'favicon.ico', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": ["3910002"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.8999999761581421
|
severity: Severity.critical
|
|
20.199.186.0
|
ip
|
All requests to suspicious PHP paths were flagged by WAF, indicating active exploitation attempts. Security rule hits show IPBLOCK.
|
2026-02-14 08:08:31
|
1
|
CH
|
AS8075
|
['akamai.darcherif.fr']
|
['php.php', 'mcs.php', 'wp-blogs.php', 'wp-includes/Requests/index.php', 'xxw.php', 't.php', 'asax.php', 'wp-admin.php', 'bolt.php', '155.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
144.124.246.157
|
ip
|
This IP address generated 100% detected threat requests, triggered a WAF denial with rule 'REP_1654538', and attempted to access suspicious WordPress ...
|
2026-02-14 07:28:14
|
1
|
NL
|
AS216071
|
['www.darcherif.fr']
|
['', 'index.php/author/admin3157/']
|
{"alert": [], "deny": ["REP_1654538"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
68.221.137.8
|
ip
|
All 145 requests from this IP were detected as threats by the WAF and subsequently denied by an IP blocking security rule, indicating active malicious...
|
2026-02-13 23:26:17
|
1
|
ES
|
AS8075
|
['akamai.darcherif.fr']
|
['class.1.php', 'license.php', 'admin/function.php', 'it/name.php', 'gettest.php', 'op.php', 'luuf.php', 'doc.php', 'X7x.php', 'blog.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9900000095367432
|
severity: Severity.critical
|
|
178.128.59.205
|
ip
|
IP address engaged in WordPress vulnerability scanning, brute-force attempts, detected as a bot impersonator, and has triggered WAF denial rules indic...
|
2026-02-13 21:45:57
|
1
|
SG
|
AS14061
|
['akamai.darcherif.fr']
|
['blog/wp-includes/wlwmanifest.xml', 'wp/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', 'website/wp-includes/wlwmanifest.xml', 'xmlrpc.php', 'news/wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "3904021", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
54.162.205.66
|
ip
|
All 5 requests from this IP were detected as threats and blocked by an 'IPBLOCK' security rule, indicating malicious activity.
|
2026-02-13 20:45:43
|
1
|
US
|
AS14618
|
['akamai.darcherif.fr']
|
['', 'favicon.png', 'favicon.ico']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
157.230.96.220
|
ip
|
IP address identified as a BOT-BROWSER-IMPERSONATOR, exhibiting aggressive WordPress scanning activity (wp-includes/wlwmanifest.xml), and actively den...
|
2026-02-13 15:14:40
|
1
|
DE
|
AS14061
|
['akamai.darcherif.fr']
|
['wp1/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'wordpress/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904013", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403", "IPBLOCK-SUMMARY8-318403"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
2600:8805:5201:1900:7b6b:a09a:eddf:c0ba
|
ip
|
The IP address triggered WAF deny rule 'IPBLOCK-BURST4-318403' and had 4 detected threat requests out of 19 total, indicating malicious activity.
|
2026-02-13 12:54:11
|
1
|
US
|
AS22773
|
['', 'akamai.darcherif.fr']
|
['akam/13/pixel_489bf130', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png', 'favicon.ico']
|
{"alert": ["3910009"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
104.28.235.58
|
ip
|
100% of requests from this IP were flagged by WAF and triggered security rule 3990001, indicating highly malicious activity targeting common web appli...
|
2026-02-13 12:44:06
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
2a09:bac5:cad6:154b::21f:108
|
ip
|
100% of requests from this IP were flagged by WAF and triggered security rule 3990001, indicating highly malicious activity targeting common web appli...
|
2026-02-13 12:44:06
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
104.28.214.117
|
ip
|
All requests were flagged as threats, accessing suspicious PHP files that mimic web shell or backdoor attempts, and triggered WAF deny rules. This ind...
|
2026-02-13 12:13:56
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['shlo.php', 'class-t.api.php', 'chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php']
|
{"alert": ["3990001"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a09:bac5:9529:3af::5e:1f
|
ip
|
All requests were flagged as threats, accessing suspicious PHP files in administrative and theme directories typical of web shell or backdoor activity...
|
2026-02-13 12:13:56
|
1
|
US
|
AS13335
|
['akamai.darcherif.fr']
|
['chosen.php', 'dex.php', 'akcc.php', 'file2.php', 'wp-admin/css/index.php', 'zwso.php', 'ahax.php', 'bolt.php', 'wp-content/themes/style.php', 'wp-admin/txets.php']
|
{"alert": ["3990001"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
148.153.56.170
|
ip
|
This IP initiated 2 detected threat requests and triggered WAF alerts (rules 3910001, 3910004) against a WordPress site, indicating active exploitatio...
|
2026-02-12 17:19:43
|
1
|
US
|
AS63199
|
['', 'www.darcherif.fr']
|
['akam/13/pixel_661b66b2']
|
{"alert": ["3910001", "3910004"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7ec09a36bb1168dd08
|
tls
|
This TLS fingerprint is directly associated with the same detected threat requests and WAF alerts as the malicious IP 148.153.56.170, indicating its u...
|
2026-02-12 17:19:43
|
1
|
US
|
N/A
|
['', 'www.darcherif.fr']
|
['akam/13/pixel_661b66b2']
|
{"alert": ["3910001", "3910004"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
89.110.69.19
|
ip
|
Repeated attempts to access various WordPress login and admin paths ('wp-login.php', 'wp-admin/', 'login'), highly indicative of a brute-force or cred...
|
2026-02-12 15:19:17
|
1
|
NL
|
AS216071
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
73.213.221.128
|
ip
|
WAF already triggered an IP block due to a burst of activity (IPBLOCK-BURST4-318403), and a high percentage of requests (9 out of 21) were detected as...
|
2026-02-12 15:19:17
|
1
|
US
|
AS33657
|
['', 'akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'favicon.ico', 'akam/13/pixel_71452a2f', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png']
|
{"alert": ["3910002"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.9800000190734863
|
severity: Severity.critical
|
|
2a00:f2a0:0:f783:ca1f:66ff:fef3:e641
|
ip
|
High number of detected threat requests (6 detections for 5 total requests), bot browser impersonation, and multiple security rule alerts originating ...
|
2026-02-12 15:19:17
|
1
|
RU
|
AS12555
|
['akamai.darcherif.fr']
|
['']
|
{"alert": ["3904004", "3904006", "3904020", "3904042", "3904052", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
172.114.67.124
|
ip
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', detected a high percentage of threat requests (36.8%), accessed multiple WAF-flagged paths i...
|
2026-02-11 14:09:49
|
1
|
US
|
AS20001
|
['', 'akamai.darcherif.fr']
|
['js/scripts.js', 'assets/mail/jqBootstrapValidation.js', 'favicon.ico', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/safe.png', 'assets/img/portfolio/game.png', 'akam/13/pixel_3654e3']
|
{"alert": ["3910006"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
52.167.144.202
|
ip
|
High percentage of detected threat requests (87.5%), triggered WAF alert '3991006' for multiple paths, and belongs to ASN AS8075 which is extensively ...
|
2026-02-11 11:39:43
|
1
|
US
|
AS8075
|
['', 'www.darcherif.fr']
|
['', 'wp-content/themes/mesmerize/assets/fonts/fontawesome-webfont.woff2', 'wp-includes/js/wp-emoji-release.min.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/themes/mesmerize/style.min.css', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'wp-content/themes/mesmerize/assets/fonts/fontawesome-webfont.ttf']
|
{"alert": ["3991006"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
2a01:e0a:e19:5b00:2417:bf0e:958d:4188
|
ip
|
Triggered critical WAF deny rule 'IPBLOCK-BURST4-318403', indicating a burst of malicious activity, with 21% of requests detected as threats and belon...
|
2026-02-11 10:19:30
|
1
|
FR
|
AS12322
|
['', 'akamai.darcherif.fr']
|
['netstorage/chanel-video.mp4', 'favicon.ico', 'customer_journey/product.imviewer']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
185.117.225.97
|
ip
|
Extremely high percentage of detected threat requests (96%), numerous WAF flagged paths, and multiple security alerts (3990001, 3990004, 3990011) indi...
|
2026-02-11 05:39:10
|
1
|
US
|
AS14618
|
['akamai.darcherif.fr']
|
['css/heading.css', 'js/mpulse.js', 'css/styles.css', 'assets/img/avataaars.svg', 'assets/img/portfolio/submarine.png', 'assets/img/portfolio/circus.png', 'assets/img/portfolio/cake.png', 'assets/img/portfolio/safe.png', 'assets/img/portfolio/cabin.png', 'assets/img/portfolio/game.png']
|
{"alert": ["3990001", "3990004", "3990011"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
2.58.56.55
|
ip
|
IP accessed highly suspicious web shell paths ending in '.php.suspected', strongly indicating web shell upload or exploitation attempts. This is criti...
|
2026-02-10 23:58:52
|
1
|
NL
|
AS210558
|
['www.darcherif.fr']
|
[]
|
{"alert": [], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|