| 2026-02-27 21:28 |
172.190.142.176 |
+13
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 21:28 |
| webshell-probe |
post-exploitation |
1 |
2026-02-27 21:28 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 21:28 |
| php-known-backdoor |
web-exploitation |
1 |
2026-02-27 21:28 |
| php-backdoor-generic |
web-exploitation |
1 |
2026-02-27 21:28 |
| crowdsecurity/http-crawl-non_statics |
other |
1 |
2026-02-27 21:28 |
| crowdsecurity/nginx-req-limit-exceeded |
other |
1 |
2026-02-27 21:28 |
| wp-obscure-nested-php |
web-exploitation |
1 |
2026-02-27 21:28 |
| wp-nested-backdoor |
web-exploitation |
1 |
2026-02-27 21:28 |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 21:28 |
| generic-backdoor-detection |
other |
1 |
2026-02-27 21:28 |
| crowdsecurity/http-backdoors-attempts |
other |
1 |
2026-02-27 21:28 |
| php-obscure-path-backdoor |
web-exploitation |
1 |
2026-02-27 21:28 |
|
| 2026-02-27 21:00 |
51.68.107.156 |
crowdsecurity/http-bad-user-agent |
Iris |
Fleet |
| 2026-02-27 20:52 |
91.224.92.164 |
suspicious-probe |
Iris |
Fleet |
| 2026-02-27 20:22 |
167.94.138.171 |
protocol-mismatch |
Ares |
Fleet |
| 2026-02-27 20:20 |
158.158.96.194 |
+5
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 20:20 |
| crowdsecurity/http-wordpress-scan |
web-exploitation |
1 |
2026-02-27 20:20 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 20:20 |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 20:20 |
| crowdsecurity/http-probing |
other |
1 |
2026-02-27 20:20 |
|
| 2026-02-27 20:10 |
20.234.20.103 |
+3
|
Multiple (2) |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 20:10 |
| webshell-probe |
post-exploitation |
1 |
2026-02-26 11:43 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-26 11:43 |
|
| 2026-02-27 20:02 |
51.12.82.80 |
+13
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 20:02 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 20:02 |
| generic-backdoor-detection |
other |
1 |
2026-02-27 20:02 |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 20:02 |
| wp-obscure-nested-php |
web-exploitation |
1 |
2026-02-27 20:02 |
| wp-obscure-path-backdoor |
web-exploitation |
1 |
2026-02-27 20:02 |
| php-obscure-path-backdoor |
web-exploitation |
1 |
2026-02-27 20:02 |
| wp-nested-backdoor |
web-exploitation |
1 |
2026-02-27 20:02 |
| crowdsecurity/http-backdoors-attempts |
other |
1 |
2026-02-27 20:02 |
| crowdsecurity/http-admin-interface-probing |
reconnaissance |
1 |
2026-02-27 20:02 |
| crowdsecurity/http-crawl-non_statics |
other |
1 |
2026-02-27 20:02 |
| crowdsecurity/http-wordpress-scan |
web-exploitation |
1 |
2026-02-27 20:02 |
| crowdsecurity/http-probing |
other |
1 |
2026-02-27 20:02 |
|
| 2026-02-27 18:45 |
40.69.66.178 |
+3
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 18:45 |
| webshell-probe |
post-exploitation |
1 |
2026-02-27 18:45 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 18:45 |
|
| 2026-02-27 18:16 |
8.209.246.104 |
crowdsecurity/http-cve-2021-41773 |
Ares |
Fleet |
| 2026-02-27 18:11 |
20.220.232.240 |
+2
|
Zephyrus |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 18:11 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 18:11 |
|
| 2026-02-27 18:01 |
20.203.149.15 |
+3
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 18:01 |
| crowdsecurity/http-probing |
other |
1 |
2026-02-27 18:01 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 18:01 |
|
| 2026-02-27 17:06 |
178.128.213.139 |
+2
|
Zephyrus |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 17:06 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 17:06 |
|
| 2026-02-27 16:46 |
176.65.148.74 |
crowdsecurity/http-open-proxy |
Ares |
Fleet |
| 2026-02-27 16:41 |
46.101.130.26 |
protocol-mismatch |
Ares |
Fleet |
| 2026-02-27 16:09 |
159.89.205.54 |
+3
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 16:09 |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 16:09 |
| crowdsecurity/http-probing |
other |
1 |
2026-02-27 16:09 |
|
| 2026-02-27 15:48 |
206.168.34.200 |
crowdsecurity/http-bad-user-agent |
Zephyrus |
Fleet |
| 2026-02-27 15:19 |
20.104.16.102 |
+3
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 15:19 |
| webshell-probe |
post-exploitation |
1 |
2026-02-27 15:18 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 15:18 |
|
| 2026-02-27 14:54 |
54.37.252.152 |
crowdsecurity/http-bad-user-agent |
Ares |
Fleet |
| 2026-02-27 14:24 |
34.158.168.101 |
protocol-mismatch |
Ares |
Fleet |
| 2026-02-27 14:09 |
176.65.148.19 |
crowdsecurity/http-open-proxy |
Ares |
Fleet |
| 2026-02-27 13:58 |
159.223.72.38 |
crowdsecurity/http-open-proxy |
Ares |
Fleet |
| 2026-02-27 13:47 |
13.71.191.191 |
+17
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| php-backdoor-generic |
web-exploitation |
1 |
2026-02-27 13:47 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 13:47 |
| webshell-probe |
post-exploitation |
1 |
2026-02-27 13:47 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 13:47 |
| wp-obscure-nested-php |
web-exploitation |
1 |
2026-02-27 13:47 |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 13:47 |
| php-known-backdoor |
web-exploitation |
1 |
2026-02-27 13:47 |
| php-obscure-path-backdoor |
web-exploitation |
1 |
2026-02-27 13:47 |
| wp-nested-backdoor |
web-exploitation |
1 |
2026-02-27 13:47 |
| generic-backdoor-detection |
other |
1 |
2026-02-27 13:47 |
| wp-obscure-path-backdoor |
web-exploitation |
1 |
2026-02-27 13:47 |
| php-suspicious-name |
web-exploitation |
1 |
2026-02-27 13:47 |
| php-any-suspicious |
web-exploitation |
1 |
2026-02-27 13:47 |
| crowdsecurity/http-backdoors-attempts |
other |
1 |
2026-02-27 13:47 |
| crowdsecurity/http-crawl-non_statics |
other |
1 |
2026-02-27 13:47 |
| crowdsecurity/http-probing |
other |
1 |
2026-02-27 13:47 |
| crowdsecurity/http-wordpress-scan |
web-exploitation |
1 |
2026-02-27 13:47 |
|
| 2026-02-27 13:30 |
13.70.40.215 |
+6
|
Iris |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 13:30 |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 13:30 |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 13:30 |
| crowdsecurity/http-admin-interface-probing |
reconnaissance |
1 |
2026-02-27 13:30 |
| generic-backdoor-detection |
other |
1 |
2026-02-27 13:30 |
| crowdsecurity/http-probing |
other |
1 |
2026-02-27 13:30 |
|
| 2026-02-27 13:03 |
74.248.138.165 |
+6
|
Triton |
Fleet |
| Scenario |
Category |
Hits |
Last Seen |
| webshell-high-confidence |
post-exploitation |
1 |
2026-02-27 13:03 |
| webshell-probe |
post-exploitation |
1 |
2026-02-27 13:03 |
| wp-obscure-nested-php |
web-exploitation |
1 |
2026-02-27 13:03 |
| wordpress-probe |
web-exploitation |
1 |
2026-02-27 13:03 |
| wp-sensitive-paths |
web-exploitation |
1 |
2026-02-27 13:03 |
| crowdsecurity/http-probing |
other |
1 |
2026-02-27 13:03 |
|
| 2026-02-27 12:31 |
20.220.148.100 |
webshell-high-confidence |
Iris |
Fleet |