Threat LevelCRITICAL72/1003 rule types across 2 attack categories
4 incidents on record · 3 rule types · active attack detected · last seen 2d ago
| PTR | ec2-16-170-224-49.eu-north-1.compute.amazonaws.com |
| Org / ASN | AWS EC2 (eu-north-1) |
| Country | 🇸🇪 Sweden |
| City | Stockholm, Stockholm |
| Timezone | Europe/Stockholm |
Attack Analysis
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Git Repository Exposure Probe
This IP requested the /.git/ directory, attempting to download source code, commit history, database credentials, and API keys from an accidentally exposed Git repository. Automated tools can reconstruct an entire codebase from an exposed .git folder. No legitimate client ever requests this path.
Backup & Database File Probe
This IP requested common backup file paths (.bak, .sql, .zip, wp-config.bak), hunting for database dumps or config files containing plaintext credentials. A single exposed wp-config.bak can hand an attacker full database access. This attack is automated and deliberate.
Reports (4)
| Date | Severity | Description |
|---|---|---|
| 18 Jun 2026 - 00:13 | high | Web: Git repo exposure probe |
| 18 Jun 2026 - 00:13 | medium | IDS: Suricata alert — ET INFO Request to Hidden Environment File - Inbound |
| 18 Jun 2026 - 00:13 | high | Web: Backup/database file probe |
| 18 Jun 2026 - 00:13 | high | IDS: Suricata alert |
EagleEye Intelligence