2.58.56.155

Threat LevelCRITICAL74/1002 rule types across 2 attack categories
2 incidents on record · 2 rule types · active attacker + blocklisted · seen 16h ago
PTR 2.58.56.155.powered.by.rdp.sh
Org / ASN Mifsud Florian
Country 🇫🇷 France
City Bavilliers, Bourgogne-Franche-Comté
Timezone Europe/Paris

Attack Analysis

IDS: Blocklist — Spamhaus DROP
This IP is on the Spamhaus DROP list — a dataset of netblocks hijacked or leased by professional spam and cybercrime operations with no legitimate users. Traffic from DROP-listed ranges is considered hostile by design. Blocking is unconditional.
Webshell Upload Scan
This IP rapidly probed multiple non-existent PHP paths in under 60 seconds — a hallmark of automated webshell scanning tools hunting for previously uploaded backdoors or vulnerable file-upload endpoints. If successful, a webshell grants the attacker full remote code execution on the server.

Reports (2)

Date Severity Description
4 Jun 2026 - 01:09 high Web: Webshell scan — 3+ unknown PHP probes in 60s
4 Jun 2026 - 01:06 high IDS: Blocklist — Spamhaus DROP listed IP

Related IPs — Same /24 Block (2.58.56.0/24)

2.58.56.163HIGH16 reports2.58.56.61ELEVATED2 reports2.58.56.131ELEVATED1 report2.58.56.55ELEVATED1 report
Part of EagleEye Intelligence