Threat LevelCRITICAL80/1004 rule types across 3 attack categories
5 incidents on record · 4 rule types · active attack detected · last seen 3d ago
| PTR | 194.207.20.34.bc.googleusercontent.com |
| Org / ASN | Google Cloud (us-west2) |
| Country | 🇺🇸 United States |
| City | Los Angeles, California |
| Timezone | America/Los_Angeles |
Attack Analysis
Bad Bot Flood
This IP generated over 20 HTTP 4xx errors in 60 seconds using a User-Agent identified as a bad bot (scraper, headless browser, or attack proxy). The high error rate indicates automated probing for vulnerabilities while trying to appear as generic traffic. Legitimate services respect robots.txt and do not flood servers with errors.
Webshell Upload Scan
This IP rapidly probed multiple non-existent PHP paths in under 60 seconds — a hallmark of automated webshell scanning tools hunting for previously uploaded backdoors or vulnerable file-upload endpoints. If successful, a webshell grants the attacker full remote code execution on the server.
Drupal: Admin Path Probe
This IP probed Drupal administrative paths and received 4xx errors — a reconnaissance technique to map the CMS structure before a targeted attack. Automated scanners cycle through common admin paths to find unprotected entry points.
Backup & Database File Probe
This IP requested common backup file paths (.bak, .sql, .zip, wp-config.bak), hunting for database dumps or config files containing plaintext credentials. A single exposed wp-config.bak can hand an attacker full database access. This attack is automated and deliberate.
Reports (5)
| Date | Severity | Description |
|---|---|---|
| 10 Jun 2026 - 20:37 | high | Web: Backup/database file probe |
| 10 Jun 2026 - 20:22 | medium | Drupal: Admin path probe (4xx) |
| 10 Jun 2026 - 20:22 | high | Web: Backup/database file probe |
| 10 Jun 2026 - 20:22 | high | Web: Webshell scan — 3+ unknown PHP probes in 60s |
| 10 Jun 2026 - 20:22 | high | Web: Bad bot 4xx flood — 20+ errors in 60s |
EagleEye Intelligence