Behavioral Threat Detection

Real-time malicious activity detection across your WordPress hosting infrastructure

Sites Monitored

12,847

↓ 23 offline

Active Threats

↑ 3 new today

Anomalies Detected

Under investigation

Auto-Contained

156

↓ 12% this week

High-Risk Sites

Site	Risk Level	Outbound/hr	CPU	Flagged File
petstore-online.com Hosting ID: wp-8847	Critical	127,431	94%	`helper.php`
luxurywatches.shop Hosting ID: wp-2293	Critical	89,223	87%	`class-loader.php`
healthyfoodtips.net Hosting ID: wp-5512	Warning	23,847	72%	`functions.php`
localcoffeeroasters.com Hosting ID: wp-1104	Warning	18,392	68%	`widget.php`
fitnessgear-pro.com Hosting ID: wp-9921	Safe	1,247	23%	—

petstore-online.com

Detected 23 minutes ago

AI Analysis

Claude Analysis

This site contains obfuscated PHP code making 127K+ hourly requests to a known cryptomining pool. The malicious payload was injected via a compromised Contact Form 7 update 3 days ago.

Threat Metrics

Outbound requests/hour127,431

Destinationpool.crypto-mine.cc

CPU utilization94%

File modifiedJan 11, 2026 04:23

Malicious Code

/wp-content/plugins/contact-form-7/includes/helper.php

// Injected payload - Line 847
if(isset($_GET['cf7_cache'])) {
  $d = base64_decode('ZXZhbChnemluZmxhdGUoYmFz...');
  eval(gzinflate($d));
}
// Connects to pool.crypto-mine.cc:3333

Activity Timeline

Today 14:37

Anomaly detected by behavior engine

Today 14:38

AI analysis completed

Jan 11, 04:23

helper.php modified

Jan 11, 04:20

Plugin update: Contact Form 7

Incident History

Complete audit trail of detected threats and response actions

All Incidents

Incident ID	Site	Threat Type	Status	Detected	Response Time
`INC-2026-0147`	petstore-online.com	Cryptomining	Active	Jan 14, 14:37	—
`INC-2026-0146`	luxurywatches.shop	Spam Relay	Active	Jan 14, 13:22	—
`INC-2026-0145`	healthyfoodtips.net	DDoS Botnet	Investigating	Jan 14, 11:45	—
`INC-2026-0144`	gardensupplies.co	Cryptomining	Contained	Jan 13, 22:18	4m 23s
`INC-2026-0143`	techblog-daily.com	Data Exfiltration	Resolved	Jan 13, 16:42	2m 11s

Showing 5 of 156 incidents

Threat Intelligence

Known malicious endpoints, attack patterns, and behavioral signatures

Blocked Endpoints

2,847

↑ 127 this week

Attack Patterns

342

Last updated 2h ago

Obfuscation Signatures

1,204

↑ 34 new patterns

Community Reports

Pending review

Malicious Endpoints

Endpoint	Category	Hits (24h)	First Seen
`pool.crypto-mine.cc`	Cryptomining	47,832	Dec 2, 2025
`smtp-relay.spam-net.ru`	Spam Relay	23,441	Jan 8, 2026
`c2.botnet.cc`	C2 Server	12,847	Jan 10, 2026

Detection Patterns

CODE OBFUSCATION

eval(base64_decode(...))
eval(gzinflate(str_rot13(...)))
preg_replace('/.*/e', ...)

BEHAVIORAL THRESHOLDS

Outbound > 5,000/hrWarning

Outbound > 50,000/hrCritical

Connection to known C2Critical

Settings

Configure detection thresholds, notifications, and automated responses

Detection Thresholds

Outbound Request Warning

Trigger warning at this threshold

req/hr

Outbound Request Critical

Trigger critical alert

req/hr

CPU Spike Threshold

CPU % that triggers investigation

Automated Responses

Auto-Quarantine Critical Threats

Automatically quarantine confirmed threats

Auto-Block Malicious IPs

Block known malicious endpoints

Auto-Notify Customer

Send notification when threat detected

Notifications

Email Alerts

Send email for critical threats

Slack Integration

Post alerts to Slack channel

Alert Recipients

Email addresses for alerts

API Configuration

Claude API Key

For AI-powered threat analysis

Welcome back

Behavioral Threat Detection

Incident History

Threat Intelligence

Settings

Confirm Quarantine

Customer Notification