Threat LevelHIGH70/1003 rule types across 2 attack categories
7 incidents on record · 3 rule types · active attack detected · persistent 12-day campaign · last seen 1d ago
| PTR | N/A |
| Org / ASN | Microsoft Azure Cloud (westcentralus) |
| Country | 🇺🇸 United States |
| City | Cheyenne, Wyoming |
| Timezone | America/Denver |
Attack Analysis
Git Repository Exposure Probe
This IP requested the /.git/ directory, attempting to download source code, commit history, database credentials, and API keys from an accidentally exposed Git repository. Automated tools can reconstruct an entire codebase from an exposed .git folder. No legitimate client ever requests this path.
Backup & Database File Probe
This IP requested common backup file paths (.bak, .sql, .zip, wp-config.bak), hunting for database dumps or config files containing plaintext credentials. A single exposed wp-config.bak can hand an attacker full database access. This attack is automated and deliberate.
Webshell Upload Scan
This IP rapidly probed multiple non-existent PHP paths in under 60 seconds — a hallmark of automated webshell scanning tools hunting for previously uploaded backdoors or vulnerable file-upload endpoints. If successful, a webshell grants the attacker full remote code execution on the server.
Reports (7)
| Date | Severity | Description |
|---|---|---|
| 18 Jun 2026 - 00:05 | high | Web: Backup/database file probe |
| 17 Jun 2026 - 00:25 | high | Web: Git repo exposure probe |
| 15 Jun 2026 - 00:34 | high | Web: Git repo exposure probe |
| 8 Jun 2026 - 00:08 | high | Web: Git repo exposure probe |
| 8 Jun 2026 - 00:08 | high | Web: Backup/database file probe |
| 8 Jun 2026 - 00:08 | high | Web: Webshell scan — 3+ unknown PHP probes in 60s |
| 6 Jun 2026 - 00:32 | high | Web: Git repo exposure probe |
EagleEye Intelligence