Threat LevelCRITICAL80/1003 rule types across 3 attack categories
5 incidents on record · 3 rule types · active attack detected · active over 2 days · last seen 3d ago
| PTR | 120.139.199.104.bc.googleusercontent.com |
| Org / ASN | Google Cloud (asia-east1) |
| Country | 🇹🇼 Taiwan |
| City | Taipei, Taiwan |
| Timezone | Asia/Taipei |
Attack Analysis
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Backup & Database File Probe
This IP requested common backup file paths (.bak, .sql, .zip, wp-config.bak), hunting for database dumps or config files containing plaintext credentials. A single exposed wp-config.bak can hand an attacker full database access. This attack is automated and deliberate.
Bad Bot Flood
This IP generated over 20 HTTP 4xx errors in 60 seconds using a User-Agent identified as a bad bot (scraper, headless browser, or attack proxy). The high error rate indicates automated probing for vulnerabilities while trying to appear as generic traffic. Legitimate services respect robots.txt and do not flood servers with errors.
Reports (5)
| Date | Severity | Description |
|---|---|---|
| 10 Jun 2026 - 23:23 | high | Web: Backup/database file probe |
| 10 Jun 2026 - 23:23 | high | Web: Bad bot 4xx flood — 20+ errors in 60s |
| 8 Jun 2026 - 16:32 | medium | IDS: Suricata alert — ET INFO Request to Hidden Environment File - Inbound |
| 8 Jun 2026 - 16:32 | high | Web: Backup/database file probe |
| 8 Jun 2026 - 16:32 | high | IDS: Suricata alert |
EagleEye Intelligence