|
47.128.19.44
|
ip
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
2025-12-16 16:38:53
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8500000238418579
|
severity: Severity.medium
|
|
3%7eeb4f52e1e9bd4579
|
tls
|
Over 90% of requests associated with this TLS fingerprint were detected as threats, indicating persistent malicious activity.
|
2025-12-16 16:38:53
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
114.119.141.35
|
ip
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
2025-12-16 16:38:53
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
114.119.142.93
|
ip
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
2025-12-16 16:38:53
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
114.119.129.175
|
ip
|
All requests (100%) from this IP were detected as threats and flagged by WAF.
|
2025-12-16 16:38:53
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
103.141.144.222
|
ip
|
Multiple WordPress enumeration/brute-force attempts detected, with critical WAF deny rules (IPBLOCK-PENALTY-BOX, PLATFORM-ANOMALY) triggered and a hig...
|
2025-12-16 16:38:53
|
1
|
VN
|
AS140818
|
['www.darcherif.fr']
|
['xmlrpc.php', 'wp-login.php']
|
{"alert": ["3000136"], "deny": ["IPBLOCK-PENALTY-BOX", "PLATFORM-ANOMALY"]}
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7e038225e54eaf0990
|
tls
|
All requests (100%) associated with this TLS fingerprint were detected as threats and flagged by WAF.
|
2025-12-16 16:38:53
|
1
|
N/A
|
N/A
|
[]
|
[]
|
{"alert": [], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
3.112.5.185
|
ip
|
All requests (100%) from this IP were flagged as threats and triggered a critical 'IPBLOCK' WAF deny rule.
|
2025-12-16 16:38:53
|
1
|
JP
|
AS16509
|
['akamai.darcherif.fr']
|
['', 'apps', '_next/data', 'api/actions', 'api/action']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e407f950e81268bfe
|
tls
|
High percentage of detected threat requests (57/72) specifically targeting 'wp-login.php' and triggering an alert indicative of brute-force attempts.
|
2025-12-16 15:59:12
|
1
|
NL
|
N/A
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
AS22295
|
asn
|
Detected bot-browser impersonation and extensive WordPress enumeration, triggering a critical 'IPBLOCK-BURST4' WAF deny rule. This ASN is already asso...
|
2025-12-16 15:59:12
|
1
|
US
|
AS22295
|
['akamai.darcherif.fr']
|
['sito/wp-includes/wlwmanifest.xml', 'wp2/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'shop/wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', '2019/wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', '2018/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
77.90.185.240
|
ip
|
High percentage of detected threat requests (33/36) specifically targeting 'wp-login.php' and triggering an alert indicative of brute-force attempts.
|
2025-12-16 15:59:12
|
1
|
LT
|
AS215476
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
194.180.49.169
|
ip
|
Aggressively targeted highly sensitive configuration and information files, triggering critical WAF deny rules including IPBLOCK-BURST4, LFI-ANOMALY, ...
|
2025-12-16 15:59:12
|
1
|
PL
|
AS201814
|
['akamai.darcherif.fr']
|
['info.php', '.env.production', 'dashboard/info.php', '.aws/credentials', '_profiler/phpinfo', 'phpinfo', '.env.example', '.git/config', '.env', 'index.php/phpinfo']
|
{"alert": ["3000508"], "deny": ["IPBLOCK-BURST4-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e305534a7233fb39f
|
tls
|
Aggressively targeted highly sensitive configuration files (e.g., .env, .git/config) and triggered multiple critical WAF deny rules, including IPBLOCK...
|
2025-12-16 15:59:12
|
1
|
US
|
N/A
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['%22https:/stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.bundle.min.js%22', 'aws.config.js', 'backend/.env', '.env.save', 'config.json', '.npmrc', 'js/mpulse.js', '.git/config', '%22https:/cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js%22', '.env']
|
{"alert": ["3000126", "3000508", "3990001", "IPBLOCK-PENALTY-BOX"], "deny": ["IPBLOCK", "LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
AS140818
|
asn
|
High volume of requests targeting WordPress enumeration and login paths, triggering critical WAF deny rules including IPBLOCK-PENALTY-BOX and PLATFORM...
|
2025-12-16 15:59:12
|
1
|
VN
|
AS140818
|
['www.darcherif.fr']
|
['xmlrpc.php', 'wp-login.php']
|
{"alert": ["3000136"], "deny": ["IPBLOCK-PENALTY-BOX", "PLATFORM-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e7d37a809e7e56fbe
|
tls
|
Aggressively targeted highly sensitive configuration and information files, triggering critical WAF deny rules including IPBLOCK-BURST4, LFI-ANOMALY, ...
|
2025-12-16 15:59:12
|
1
|
PL
|
N/A
|
['akamai.darcherif.fr']
|
['.env.dev', '.env.production', 'dashboard/info.php', '.aws/credentials', '_profiler/phpinfo', 'phpinfo', '.env.example', '.git/config', '.env', 'index.php/phpinfo']
|
{"alert": ["3000508"], "deny": ["IPBLOCK-BURST4-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
107.172.195.91
|
ip
|
High number of detected threat requests and multiple WAF alerts, including bot impersonation, indicating automated malicious probing.
|
2025-12-16 15:59:12
|
1
|
US
|
AS36352
|
['akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'https%3A/www.linkedin.com/in/startbootstrap', 'https%3A/www.facebook.com/StartBootstrap', '%23portfolio', '%23page-top', 'https%3A/www.dribble.com/startbootstrap', 'js/mpulse.js', 'https%3A/www.twitter.com/sbootstrap']
|
{"alert": ["3904005", "3904006", "3904013", "3904020", "3904042", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
62.60.130.228
|
ip
|
High percentage of detected threat requests (13/16) specifically targeting 'wp-login.php' and triggering an alert indicative of brute-force attempts.
|
2025-12-16 15:59:12
|
1
|
LT
|
AS215930
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
0.8999999761581421
|
severity: Severity.critical
|
|
3%7e01ca4d1c280cf0ab
|
tls
|
Very high percentage of detected threat requests (52/54) with multiple WAF alerts and a critical 'IPBLOCK' deny rule triggered, indicating malicious a...
|
2025-12-16 15:59:12
|
1
|
US
|
N/A
|
['', 'akamai.darcherif.fr', 'www.darcherif.fr']
|
['wp-includes/js/imagesloaded.min.js', 'wp-content/uploads/2020/05/ConferenceIndiaCropped.png', 'index.php/tag/industry-4-0/', 'index.php/2023/04/27/ddos-what-is-it-how-does-it-work-and-how-to-be-protected/', 'index.php/wp-json/wp/v2/tags/5', 'index.php/category/industry-4-0/feed/', 'index.php/wp-json/wp/v2/tags/4', 'index.php/category/cybersecurity/', 'wp-content/themes/mesmerize/assets/fonts/fontawesome-webfont.ttf', 'wp-content/themes/mesmerize/assets/fonts/fontawesome-webfont.svg']
|
{"alert": ["3991006", "3991023"], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
104.244.74.39
|
ip
|
All requests targeted sensitive configuration files and triggered critical LFI-ANOMALY and reputation-based WAF deny rules.
|
2025-12-16 15:59:12
|
1
|
LU
|
AS53667
|
['akamai.darcherif.fr']
|
['.env.local', '.env', '.env.dev', '.env.prod']
|
{"alert": ["3000508"], "deny": ["LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
AS16509
|
asn
|
High ratio of detected threat requests and a critical 'IPBLOCK' WAF deny rule was triggered. This ASN is already in the blocklist for persistent malic...
|
2025-12-16 15:59:12
|
1
|
US
|
AS16509
|
['', 'akamai.darcherif.fr', 'www.darcherif.fr']
|
['wp-content/themes/mesmerize/assets/css/theme.bundle.min.css', 'favicon.ico', 'wp-content/uploads/2020/05/ConferenceIndiaCropped.png', 'api/actions', 'wp-content/themes/mesmerize/style.min.css', 'wp-content/themes/highlight/style.min.css', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css', 'akam/13/pixel_60afa1b7', 'wp-includes/css/dist/block-library/style.min.css', 'wp-content/uploads/2020/01/Czech-Republic-operation-Temelin-Nuclear-Power-Plant-2003-768x502.jpg']
|
{"alert": ["3910001", "3991023"], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
141.98.11.181
|
ip
|
Detected bot-browser impersonation, extensive WordPress enumeration, and triggered a critical 'IPBLOCK-BURST4' WAF deny rule due to a high rate of mal...
|
2025-12-16 15:59:12
|
1
|
LT
|
AS209605
|
['akamai.darcherif.fr']
|
['cms/wp-includes/wlwmanifest.xml', 'shop/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'wp1/wp-includes/wlwmanifest.xml', 'feed/', '2020/wp-includes/wlwmanifest.xml', 'xmlrpc.php', '2019/wp-includes/wlwmanifest.xml', 'test/wp-includes/wlwmanifest.xml', '2021/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904006", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
3%7e2891d83539e8d2fd
|
tls
|
Extremely high number of detected threat requests and extensive WordPress enumeration, triggering multiple WAF alerts, bot impersonation, and a critic...
|
2025-12-16 15:59:12
|
1
|
US
|
N/A
|
['akamai.darcherif.fr']
|
['wordpress/wp-includes/wlwmanifest.xml', '2020/wp-includes/wlwmanifest.xml', 'news/wp-includes/wlwmanifest.xml', 'media/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml', 'web/wp-includes/wlwmanifest.xml', 'feed/', 'test/wp-includes/wlwmanifest.xml', '2021/wp-includes/wlwmanifest.xml']
|
{"alert": ["3904003", "3904020", "3904052", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
3%7edf1fada1233fb39f
|
tls
|
High number of detected threat requests (20/22) including access to a highly obfuscated and suspicious path, indicating malicious probing or exploit a...
|
2025-12-16 15:59:12
|
1
|
SG
|
N/A
|
['', 'www.darcherif.fr']
|
['index.php/category/non-classe/', 'index.php/tag/cyber-security/feed/', 'index.php/2020/01/22/industry-4-0-concept-threat-landscape-and-security-challenges-of-smart-factories/', 'index.php/category/cloud-security/feed/', 'index.php/category/cyberattacks/feed/', 'index.php/tag/industry-4-0/feed/', 'index.php/category/cyberattacks/', 'index.php/category/cybersecurity/feed/', 'index.php/category/cybersecurity/', 'index.php/category/cybercrime/feed/']
|
{"alert": ["3991008"], "deny": []}
|
0.9800000190734863
|
severity: Severity.critical
|
|
3%7e24e11312e419fb9c
|
tls
|
Extremely high number of detected threat requests and multiple WAF alerts, including bot impersonation, indicating severe automated malicious activity...
|
2025-12-16 15:59:12
|
1
|
US
|
N/A
|
['akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'https%3A/www.linkedin.com/in/startbootstrap', 'https%3A/www.facebook.com/StartBootstrap', '%23portfolio', '%23page-top', 'https%3A/www.dribble.com/startbootstrap', 'js/mpulse.js', 'https%3A/www.twitter.com/sbootstrap']
|
{"alert": ["3904005", "3904006", "3904013", "3904020", "3904042", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
0.9800000190734863
|
severity: Severity.critical
|
|
193.142.147.57
|
ip
|
All requests (100%) from this IP were detected as threats, specifically targeting 'wp-login.php' and triggering a security alert indicative of a brute...
|
2025-12-16 06:13:43
|
1
|
NL
|
AS213438
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
208.84.101.251
|
ip
|
50% of requests were detected as threats, targeting sensitive WordPress enumeration paths and triggering a critical IP block deny rule due to a burst ...
|
2025-12-15 22:03:11
|
1
|
US
|
AS22295
|
['akamai.darcherif.fr']
|
['site/wp-includes/wlwmanifest.xml', 'wp2/wp-includes/wlwmanifest.xml', 'sito/wp-includes/wlwmanifest.xml', 'cms/wp-includes/wlwmanifest.xml']
|
{"alert": [], "deny": ["IPBLOCK-BURST4-318403"]}
|
1.0
|
severity: Severity.critical
|
|
103.4.251.152
|
ip
|
All requests (100%) from this IP were flagged by WAF, with a high number of detected threat requests, and triggered multiple security alerts including...
|
2025-12-12 06:58:39
|
1
|
US
|
AS9009
|
['akamai.darcherif.fr']
|
['assets/mail/contact_me.js', 'js/scripts.js', 'assets/mail/jqBootstrapValidation.js', '%23page-top', 'https%3A/www.dribble.com/startbootstrap', 'https%3A/www.twitter.com/sbootstrap']
|
{"alert": ["3904005", "3904013", "3904020", "3904042", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
65.87.7.112
|
ip
|
All requests (100%) from this IP were flagged by WAF, triggering security alert "3990011", and all accessed paths were marked as threats, indicating m...
|
2025-12-12 00:48:21
|
1
|
US
|
AS215659
|
['akamai.darcherif.fr']
|
['', '_next']
|
{"alert": ["3990011"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
3%7ebb4be091c5dc4153
|
tls
|
All requests associated with this TLS fingerprint were flagged by WAF, targeting sensitive files (.DS_Store, .env, .git/config) and common admin/info ...
|
2025-12-12 00:08:31
|
1
|
IN
|
N/A
|
['akamai.darcherif.fr']
|
['.DS_Store', 'info.php', 'login.action', 'about', 'server-status', '.git/config', 'server', 'v3/api-docs', '.env', '.vscode/sftp.json']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
147.182.149.75
|
ip
|
All requests were flagged by WAF, targeting sensitive files (.git/config, .env, config.json) and known exploit paths (LFI, Jira exploit), and triggere...
|
2025-12-12 00:08:31
|
1
|
CA
|
AS14061
|
['akamai.darcherif.fr']
|
['server-status', '.git/config', 'v2/_catalog', 'info.php', '_all_dbs', 'config.json', 'login.action', 'ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application', '.env', 's/7313e2031313e2030313e25393/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
AS14061
|
asn
|
All requests from IPs associated with this ASN were flagged by WAF, extensively probing sensitive configurations and known exploit paths (including LF...
|
2025-12-12 00:08:31
|
1
|
US
|
AS14061
|
['akamai.darcherif.fr']
|
['login.action', 'api/swagger.json', 'about', 'server-status', '.git/config', 'server', 'v3/api-docs', 'v2/api-docs', '.env', '.vscode/sftp.json']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
159.89.12.166
|
ip
|
All requests were flagged by WAF, targeting sensitive files (.git/config, .env, .vscode/sftp.json) and known exploit paths (LFI, Jira exploit), and tr...
|
2025-12-12 00:08:31
|
1
|
DE
|
AS14061
|
['akamai.darcherif.fr']
|
['about', 'server-status', '.git/config', 'v2/_catalog', '_all_dbs', 'login.action', 'ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application', '.env', 's/7313e2031313e2030313e25393/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties', '.vscode/sftp.json']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
159.89.174.87
|
ip
|
All requests were flagged by WAF, targeting sensitive files (.env, api-docs/swagger.json, .vscode/sftp.json) and common admin/info paths, and triggere...
|
2025-12-12 00:08:31
|
1
|
IN
|
AS14061
|
['akamai.darcherif.fr']
|
['v2/_catalog', 'info.php', '_all_dbs', 'server', 'login.action', 'ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application', 'v3/api-docs', '.env', 'api-docs/swagger.json', '.vscode/sftp.json']
|
{"alert": ["3000508", "3990011", "IPBLOCK-PENALTY-BOX"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
167.71.81.114
|
ip
|
All requests were flagged by WAF, targeting sensitive endpoints (actuator/env, api/swagger.json, .env, .vscode/sftp.json) and triggered a critical 'LF...
|
2025-12-12 00:08:31
|
1
|
US
|
AS14061
|
['akamai.darcherif.fr']
|
['actuator/env', 'login.action', 'api/swagger.json', 'about', 'server-status', 'server', 'v3/api-docs', 'v2/api-docs', '.env', '.vscode/sftp.json']
|
{"alert": ["3000508", "3990011"], "deny": ["LFI-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
40.83.76.149
|
ip
|
All requests (100%) from this IP were flagged by WAF, accessing suspicious PHP files, and triggered an 'IPBLOCK' deny rule. Its associated ASN (AS8075...
|
2025-12-10 00:46:02
|
1
|
HK
|
AS8075
|
['akamai.darcherif.fr']
|
['bless.php', 'xo.php', 'cloud.php', 'chosen.php', 'classwithtostring.php', 'num.php', 'bak.php', 'radio.php', '404.php', 'buy.php']
|
{"alert": [], "deny": ["IPBLOCK"]}
|
1.0
|
severity: Severity.critical
|
|
37.228.254.154
|
ip
|
High ratio of detected threat requests (60%), including access to an extremely suspicious and obfuscated path 'NqKXrfXQ/UVmgosN/YjdiKN1/-J/EYm94maubaD...
|
2025-12-09 12:55:20
|
1
|
IE
|
AS6830
|
['www.darcherif.fr']
|
['wp-includes/js/wp-emoji-release.min.js', 'favicon.ico', 'wp-content/themes/highlight/assets/images/hero-4.jpg', 'wp-content/themes/highlight/assets/images/hero-1.jpg', 'wp-content/themes/highlight/assets/images/hero-2.jpg', 'wp-content/themes/highlight/assets/images/hero-3.jpg']
|
{"alert": ["3900999"], "deny": []}
|
0.949999988079071
|
severity: Severity.critical
|
|
2a07:e05:3:1b::1
|
ip
|
All requests (100%) from this IP were flagged by WAF, triggering multiple security alerts including 'BOT-BROWSER-IMPERSONATOR', and demonstrating a hi...
|
2025-12-08 08:23:25
|
1
|
US
|
AS400587
|
['akamai.darcherif.fr']
|
['', 'assets/mail/contact_me.js', 'assets/mail/jqBootstrapValidation.js', 'js/scripts.js', 'js/mpulse.js']
|
{"alert": ["3904003", "3904004", "3904005", "3904006", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
213.35.103.66
|
ip
|
All requests from this IP targeted sensitive WordPress admin/login paths, were flagged by WAF, and triggered multiple security alerts including 'BOT-B...
|
2025-12-06 13:41:21
|
1
|
SG
|
AS31898
|
['akamai.darcherif.fr']
|
['', 'login', 'wp-admin/', 'admin', 'administrator/', 'register', 'wp-login.php', 'user/login']
|
{"alert": ["3904000", "3904001", "3904013", "3904052", "3904053", "3990001", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
216.73.216.213
|
ip
|
All requests (100%) from this IP were flagged by WAF, indicating persistent malicious probing targeting WordPress endpoints and triggering security al...
|
2025-12-05 18:50:26
|
1
|
US
|
AS16509
|
['www.darcherif.fr']
|
['index.php/tag/iot/', 'index.php/tag/iot', 'index.php/tag/cyber-security', 'index.php/wp-json/wp/v2/pages/%22https:/www.linkedin.com/in/alexandre-darcherif/%22', 'index.php/tag/cyber-security/', 'index.php/wp-json/wp/v2/pages/%22']
|
{"alert": ["3991023"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
AS48090
|
asn
|
Associated with IP 45.148.10.246, which demonstrated extensive probing of sensitive files, had all requests flagged by WAF, and triggered critical den...
|
2025-12-04 12:34:38
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['./.env.test.backup', 'config/mail.yml/', 'config/mail.php.save/', 'config/email.php.save/', 'app/Config/email.php', './.env.demo', '.env.local.backup/', 'config/mail_backup.php/', 'config/email.php%7e', 'config/email.temp']
|
{"alert": ["3000508", "950204"], "deny": ["IPBLOCK-BURST4-318403", "IPBLOCK-SUMMARY8-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
45.148.10.246
|
ip
|
Extensive probing of sensitive configuration files and backups (e.g., .env, config/mail), all requests (100%) flagged by WAF, and multiple critical de...
|
2025-12-04 12:34:38
|
1
|
AD
|
AS48090
|
['akamai.darcherif.fr']
|
['./.env.test.backup', 'config/mail.yml/', 'config/mail.php.save/', 'config/email.php.save/', 'app/Config/email.php', './.env.demo', '.env.local.backup/', 'config/mail_backup.php/', 'config/email.php%7e', 'config/email.temp']
|
{"alert": ["3000508", "950204"], "deny": ["IPBLOCK-BURST4-318403", "IPBLOCK-SUMMARY8-318403", "LFI-ANOMALY", "REP_1654542"]}
|
1.0
|
severity: Severity.critical
|
|
62.60.130.210
|
ip
|
All requests (100%) were flagged by WAF and targeted 'wp-login.php', triggering security alerts indicative of a brute-force or credential stuffing att...
|
2025-12-02 14:22:25
|
1
|
LT
|
AS215930
|
['www.darcherif.fr']
|
['wp-login.php']
|
{"alert": ["3900998"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
3%7e67c0ea0c99e03401
|
tls
|
TLS fingerprint associated with an IP (4.189.168.36) that had all requests flagged by WAF, bot impersonation, and probing of sensitive paths. Associat...
|
2025-11-30 15:39:51
|
1
|
JP
|
N/A
|
['akamai.darcherif.fr']
|
['wp-includes/ID3/index.php', 'goods.php', 'wp-includes/Requests/', 'about/function.php', 'functions.php', 'wp-includes/certificates/', 'templates/beez3/error.php', 'wp-admin/css/colors/midnight/', 'index/function.php', '.well-known/admin.php']
|
{"alert": ["3904001", "3904002", "3904003", "3904004", "3904013", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
4.189.168.36
|
ip
|
All requests (100%) flagged by WAF with bot impersonation and probing of sensitive paths. Associated ASN AS8075 is already blocklisted for persistent ...
|
2025-11-30 15:39:50
|
1
|
JP
|
AS8075
|
['akamai.darcherif.fr']
|
['wp-includes/ID3/index.php', 'goods.php', 'wp-includes/Requests/', 'about/function.php', 'functions.php', 'wp-includes/certificates/', 'templates/beez3/error.php', 'wp-admin/css/colors/midnight/', 'index/function.php', '.well-known/admin.php']
|
{"alert": ["3904001", "3904002", "3904003", "3904004", "3904013", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
134.122.136.96
|
ip
|
Multiple critical WAF deny rules triggered, including LFI, command injection, XSS, and bot impersonation, indicating severe malicious probing and expl...
|
2025-11-30 14:03:57
|
1
|
JP
|
AS152194
|
['www.darcherif.fr']
|
['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings']
|
{"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
AS152194
|
asn
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. All ...
|
2025-11-30 14:03:57
|
1
|
JP
|
AS152194
|
['www.darcherif.fr']
|
['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings']
|
{"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
3%7ed09afd3ffe9bdf7b
|
tls
|
Associated with IP 134.122.136.96, which triggered multiple critical WAF deny rules including LFI, command injection, XSS, and bot impersonation. This...
|
2025-11-30 14:03:57
|
1
|
JP
|
N/A
|
['www.darcherif.fr']
|
['install', 'invoker/readonly', 'GallerySite/filesrc/fotoilan/388/middle/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd', 'fmangersub', 'public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd', 'icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd', 'content/crx/de/setPreferences.jsp;%0A.html', 'api/get-users', 'ajax/api/user/save', 'settings']
|
{"alert": ["3000005", "3000014", "3000025", "3000037", "3000039", "3000080", "3000081", "3000110", "3000111", "3000116", "3000119", "3000120", "3000122", "3000142", "3000153", "3000161", "3000196", "3000500", "3000503", "3904000", "3904001", "3904002", "3904003", "3904004", "3904005", "3904006", "3904007", "3904009", "3904020", "3904023", "3904024", "3904036", "3904037", "3904038", "3904042", "3904052", "3904053", "950203", "950204", "958052", "973335"], "deny": ["3990007", "BOT-BROWSER-IMPERSONATOR", "CMD-INJECTION-ANOMALY", "IPBLOCK-PENALTY-BOX", "LFI-ANOMALY", "WAT-ANOMALY", "XSS-ANOMALY"]}
|
1.0
|
severity: Severity.critical
|
|
43.163.127.190
|
ip
|
Repeated, targeted access attempts to sensitive Spring Boot actuator and mapping endpoints. All 13 requests flagged by WAF, with bot impersonation det...
|
2025-11-20 15:39:02
|
1
|
SG
|
AS132203
|
['akamai.darcherif.fr']
|
['actuator/env', 'actuator/;/env', 'staging/mappings', 'test/actuator/mappings', 'v2/actuator/env', 'test/mappings', 'staging/actuator/env', 'v2/actuator/mappings', 'api/actuator/', 'test/actuator/env']
|
{"alert": ["3904000", "3904003", "3904004", "3904006", "3904013", "3904035", "3904042", "3904053", "BOT-BROWSER-IMPERSONATOR"], "deny": []}
|
1.0
|
severity: Severity.critical
|
|
20.37.96.143
|
ip
|
All requests from this IP were flagged by WAF, accessing suspicious PHP files including known exploit paths like 'wp-filemanager.php', and triggered a...
|
2025-11-10 22:07:17
|
1
|
JP
|
AS8075
|
['www.darcherif.fr']
|
['kki.php', 'asas.php', 'ze.php', 'dd1.php', 'e.php', 'shoha.php', 'wp-the1me.php', 'wp-content/plugins/hellopress/wp_filemanager.php', 'card.php', 'm.php']
|
{"alert": [], "deny": ["REP_1654538"]}
|
1.0
|
severity: Severity.critical
|
|
AS15169
|
asn
|
48% of requests were threatening, all accessed paths flagged by WAF, and a burst-rate IP block rule (IPBLOCK-BURST4-318403) was triggered.
|
2025-11-04 15:46:51
|
1
|
US
|
AS15169
|
['www.darcherif.fr', 'akamai.darcherif.fr']
|
['wp-includes/css/dist/block-library/style.min.css', 'robots.txt', 'wp-includes/js/jquery/jquery-migrate.min.js', 'index.php/tag/cyber-security/', 'wp-content/themes/highlight/assets/js/theme-child.js', 'wp-includes/js/imagesloaded.min.js', 'assets/mail/jqBootstrapValidation.js', 'js/mpulse.js', 'wp-content/themes/mesmerize/assets/js/theme.bundle.min.js', 'wp-content/plugins/mesmerize-companion/theme-data/mesmerize/assets/css/companion.bundle.min.css']
|
{"alert": ["3900005", "3900006", "3900020", "3991006"], "deny": ["IPBLOCK-BURST4-318403"]}
|
0.949999988079071
|
severity: Severity.critical
|