Report for IP: 2.58.56.44

Threat LevelCRITICAL77/1002 rule types across 2 attack categories
4 incidents on record · 2 rule types · active attacker + blocklisted · active over 5 days · seen 21h ago
PTR 2.58.56.44.powered.by.rdp.sh
Org / ASN Mifsud Florian
Country 🇫🇷 France
City Bavilliers, Bourgogne-Franche-Comté
Timezone Europe/Paris

Attack Analysis

🇳🇱 Netherlands · Lelystad · 210558 · 1 Services GmbH
IDS: Blocklist — Spamhaus DROP
This IP is on the Spamhaus DROP list — a dataset of netblocks hijacked or leased by professional spam and cybercrime operations with no legitimate users. Traffic from DROP-listed ranges is considered hostile by design. Blocking is unconditional.
Webshell Upload Scan
This IP rapidly probed multiple non-existent PHP paths in under 60 seconds — a hallmark of automated webshell scanning tools hunting for previously uploaded backdoors or vulnerable file-upload endpoints. If successful, a webshell grants the attacker full remote code execution on the server.

Reports (4)

Date Severity Description
12 Jun 2026 - 12:50 high Web: Webshell scan — 3+ unknown PHP probes in 60s
12 Jun 2026 - 12:42 high IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 1
7 Jun 2026 - 04:58 high Web: Webshell scan — 3+ unknown PHP probes in 60s
7 Jun 2026 - 04:56 high IDS: Blocklist — Spamhaus DROP listed IP — ET DROP Spamhaus DROP Listed Traffic Inbound group 1

Related IPs — Same /24 Block (2.58.56.0/24)

2.58.56.163HIGH17 reports2.58.56.61HIGH11 reports2.58.56.131HIGH7 reports2.58.56.155ELEVATED2 reports2.58.56.55MEDIUM1 report
Part of EagleEye Intelligence