| 2026-03-01 11:36 |
152.42.200.86 |
crowdsecurity/http-open-proxy |
Ares |
Fleet |
| 2026-03-01 10:54 |
34.158.168.101 |
protocol-mismatch |
Ares |
Fleet |
| 2026-03-01 10:26 |
45.149.173.201 |
+3
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 10:26 |
| wordpress-probe |
web-exploitation |
1 |
2026-03-01 10:26 |
| crowdsecurity/http-probing |
other |
1 |
2026-03-01 10:26 |
|
| 2026-03-01 10:22 |
176.65.134.45 |
suspicious-probe |
Iris |
Fleet |
| 2026-03-01 10:10 |
23.226.135.18 |
+2
|
Ares |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| crowdsecurity/http-cve-2021-42013 |
cve-exploit |
1 |
2026-03-01 10:10 |
| crowdsecurity/http-cve-2021-41773 |
cve-exploit |
1 |
2026-03-01 10:10 |
|
| 2026-03-01 09:07 |
20.41.98.49 |
+10
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 09:07 |
| wordpress-probe |
web-exploitation |
1 |
2026-03-01 09:07 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 09:07 |
| wp-nested-backdoor |
web-exploitation |
1 |
2026-03-01 09:07 |
| wp-obscure-nested-php |
web-exploitation |
1 |
2026-03-01 09:07 |
| webshell-probe |
post-exploitation |
1 |
2026-03-01 09:07 |
| php-backdoor-generic |
web-exploitation |
1 |
2026-03-01 09:07 |
| generic-backdoor-detection |
other |
1 |
2026-03-01 09:07 |
| crowdsecurity/http-wordpress-scan |
web-exploitation |
1 |
2026-03-01 09:07 |
| crowdsecurity/http-probing |
other |
1 |
2026-03-01 09:07 |
|
| 2026-03-01 09:00 |
2602:80d:1006::24 |
protocol-mismatch |
Ares |
Fleet |
| 2026-03-01 08:44 |
64.227.186.216 |
wp-sensitive-paths |
Zephyrus |
Fleet |
| 2026-03-01 08:15 |
24.83.200.235 |
+2
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 08:15 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 08:15 |
|
| 2026-03-01 08:15 |
195.154.184.117 |
+2
|
Ares |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| crowdsecurity/http-open-proxy |
other |
1 |
2026-03-01 08:15 |
| protocol-mismatch |
other |
1 |
2026-03-01 08:10 |
|
| 2026-03-01 08:13 |
20.151.11.87 |
+13
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 08:13 |
| wp-nested-backdoor |
web-exploitation |
1 |
2026-03-01 08:13 |
| wp-obscure-nested-php |
web-exploitation |
1 |
2026-03-01 08:13 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 08:13 |
| wp-obscure-path-backdoor |
web-exploitation |
1 |
2026-03-01 08:13 |
| wordpress-probe |
web-exploitation |
1 |
2026-03-01 08:13 |
| php-known-backdoor |
web-exploitation |
1 |
2026-03-01 08:13 |
| php-obscure-path-backdoor |
web-exploitation |
1 |
2026-03-01 08:13 |
| crowdsecurity/http-admin-interface-probing |
reconnaissance |
1 |
2026-03-01 08:13 |
| crowdsecurity/http-wordpress-scan |
web-exploitation |
1 |
2026-03-01 08:13 |
| crowdsecurity/http-crawl-non_statics |
other |
1 |
2026-03-01 08:13 |
| generic-backdoor-detection |
other |
1 |
2026-03-01 08:13 |
| crowdsecurity/http-probing |
other |
1 |
2026-03-01 08:13 |
|
| 2026-03-01 07:45 |
158.220.100.71 |
+2
|
Ares |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| crowdsecurity/http-cve-2021-42013 |
cve-exploit |
1 |
2026-03-01 07:45 |
| crowdsecurity/http-cve-2021-41773 |
cve-exploit |
1 |
2026-03-01 07:45 |
|
| 2026-03-01 07:18 |
185.177.72.52 |
+7
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| mgmt-path-probe |
reconnaissance |
1 |
2026-03-01 07:18 |
| suspicious-probe |
reconnaissance |
1 |
2026-03-01 07:18 |
| crowdsecurity/http-admin-interface-probing |
reconnaissance |
1 |
2026-03-01 07:18 |
| crowdsecurity/http-crawl-non_statics |
other |
1 |
2026-03-01 07:18 |
| crowdsecurity/http-sensitive-files |
other |
1 |
2026-03-01 07:18 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 07:18 |
| crowdsecurity/http-probing |
other |
1 |
2026-03-01 07:18 |
|
| 2026-03-01 07:17 |
185.177.72.22 |
+7
|
Multiple (2) |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| suspicious-probe |
reconnaissance |
1 |
2026-03-01 07:17 |
| mgmt-path-probe |
reconnaissance |
1 |
2026-03-01 07:17 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 07:17 |
| crowdsecurity/http-sensitive-files |
other |
1 |
2026-03-01 07:17 |
| crowdsecurity/http-admin-interface-probing |
reconnaissance |
1 |
2026-03-01 07:17 |
| crowdsecurity/http-probing |
other |
1 |
2026-03-01 07:17 |
| crowdsecurity/http-generic-bf |
other |
1 |
2026-02-27 10:47 |
|
| 2026-03-01 07:07 |
167.94.138.174 |
crowdsecurity/http-bad-user-agent |
Argus |
Fleet |
| 2026-03-01 06:54 |
77.90.185.115 |
suspicious-probe |
Hermes |
Fleet |
| 2026-03-01 06:46 |
208.84.101.102 |
+2
|
Zephyrus |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 06:46 |
| wordpress-probe |
web-exploitation |
1 |
2026-03-01 06:46 |
|
| 2026-03-01 06:31 |
52.138.3.9 |
+14
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| php-known-backdoor |
web-exploitation |
1 |
2026-03-01 06:31 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 06:31 |
| wp-nested-backdoor |
web-exploitation |
1 |
2026-03-01 06:31 |
| wp-obscure-nested-php |
web-exploitation |
1 |
2026-03-01 06:31 |
| wordpress-probe |
web-exploitation |
1 |
2026-03-01 06:31 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 06:31 |
| webshell-probe |
post-exploitation |
1 |
2026-03-01 06:31 |
| wp-obscure-path-backdoor |
web-exploitation |
1 |
2026-03-01 06:31 |
| php-backdoor-generic |
web-exploitation |
1 |
2026-03-01 06:31 |
| php-obscure-path-backdoor |
web-exploitation |
1 |
2026-03-01 06:31 |
| php-suspicious-name |
web-exploitation |
1 |
2026-03-01 06:31 |
| php-any-suspicious |
web-exploitation |
1 |
2026-03-01 06:31 |
| crowdsecurity/http-backdoors-attempts |
other |
1 |
2026-03-01 06:31 |
| php-suspicious-enum |
web-exploitation |
1 |
2026-03-01 06:31 |
|
| 2026-03-01 06:13 |
89.187.187.79 |
+3
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 06:13 |
| wordpress-probe |
web-exploitation |
1 |
2026-03-01 06:13 |
| crowdsecurity/http-probing |
other |
1 |
2026-03-01 06:13 |
|
| 2026-03-01 05:13 |
35.190.176.124 |
+2
|
Zephyrus |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 05:13 |
| wordpress-probe |
web-exploitation |
1 |
2026-03-01 05:13 |
|
| 2026-03-01 04:58 |
213.209.159.55 |
suspicious-probe |
Triton |
Fleet |
| 2026-03-01 02:12 |
20.203.144.173 |
+3
|
Zephyrus |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| php-known-backdoor |
web-exploitation |
1 |
2026-03-01 02:12 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 02:12 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-03-01 02:12 |
|
| 2026-03-01 01:33 |
192.109.200.27 |
+2
|
Ares |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| protocol-mismatch |
other |
1 |
2026-03-01 01:33 |
| crowdsecurity/http-open-proxy |
other |
1 |
2026-03-01 01:33 |
|
| 2026-03-01 01:31 |
2.57.122.103 |
crowdsecurity/http-open-proxy |
Ares |
Fleet |
| 2026-03-01 01:18 |
45.148.10.244 |
+7
|
Multiple (2) |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| suspicious-probe |
reconnaissance |
1 |
2026-03-01 01:18 |
| mgmt-path-probe |
reconnaissance |
1 |
2026-03-01 01:18 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-03-01 01:18 |
| crowdsecurity/http-probing |
other |
1 |
2026-03-01 01:18 |
| php-known-backdoor |
web-exploitation |
1 |
2026-02-28 09:19 |
| crowdsecurity/http-admin-interface-probing |
reconnaissance |
1 |
2026-02-28 09:19 |
| crowdsecurity/http-sensitive-files |
other |
1 |
2026-02-28 09:19 |
|