Https Phpunit Eval Stdin Rce Probe

Matches an HTTPS request targeting the exposed PHPUnit utility script vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php. This file has been widely abused in real-world attacks to achieve remote code execution when PHPUnit is left accessible in production environments. Attackers leverage this endpoint to submit arbitrary PHP code via the request body for execution. Requests to this path are strong indicators of automated exploitation scanning targeting misconfigured or development-deployed PHP applications.

Observed IPs

873

Avg Confidence

80%

Protocol

HTTPS

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
79.124.40.174	100%	86,440	73,130	🇧🇬 BG	AS50360	2026-03-02
185.177.72.38	95%	31,099	846	🇫🇷 FR	AS211590	2026-03-02
185.177.72.30	93%	25,983	688	🇫🇷 FR	AS211590	2026-03-02
185.177.72.52	93%	23,394	550	🇫🇷 FR	AS211590	2026-03-02
185.177.72.49	92%	20,126	532	🇫🇷 FR	AS211590	2026-03-02
185.177.72.22	91%	19,762	458	🇫🇷 FR	AS211590	2026-03-02
185.177.72.51	90%	16,743	652	🇫🇷 FR	AS211590	2026-03-02
185.177.72.13	93%	16,675	546	🇫🇷 FR	AS211590	2026-03-01
185.177.72.23	90%	14,415	586	🇫🇷 FR	AS211590	2026-03-01
185.177.72.56	93%	13,792	522	🇫🇷 FR	AS211590	2026-03-02
82.165.66.87	100%	6,040	367	🇩🇪 DE	AS8560	2026-03-02
45.83.31.168	100%	4,525	2,034	🇺🇸 US	AS210558	2026-02-23
101.36.104.242	100%	3,328	267	🇯🇵 JP	AS135377	2026-03-02
47.253.183.81	99%	3,155	512	🇺🇸 US	AS45102	2026-03-02
165.154.227.13	100%	2,993	196	🇹🇼 TW	AS142002	2026-02-25
23.111.157.206	97%	2,982	1,463	🇺🇸 US	AS29802	2026-02-20
61.245.11.87	100%	2,595	375	🇵🇭 PH	AS19970	2026-03-02
157.173.199.44	100%	2,574	139	🇺🇸 US	AS40021	2026-02-17
47.236.78.62	92%	2,568	1,254	🇸🇬 SG	AS45102	2026-02-28
47.252.34.1	99%	2,476	332	🇺🇸 US	AS45102	2026-02-08

Loading threats