SCARD

Suspicious activity by IP address 103.118.28.17

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Thu, 28 May 2026 02:42:23 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 103.118.28.17

Description Count
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 28
ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) 7
ET WEB_SERVER PHP tags in HTTP POST 2
SERVER-WEBAPP PHP PHP-CGI command execution attempt 2
ET WEB_SERVER PHP.//Input in HTTP POST 2
ET WEB_SERVER Generic PHP Remote File Include 2
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) 2
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body 2
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) 2
ET WEB_SERVER allow_url_include PHP config option in uri 2
ET WEB_SERVER auto_prepend_file PHP config option in uri 2

Detailed activity by IP address 103.118.28.17

Timestamp Description Protocol Destination Port
2026-05-28 02:42:23 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-28 02:42:23 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-26 07:19:22 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-26 07:19:22 ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) TCP 80
2026-05-25 02:19:04 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-25 02:19:02 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-24 00:03:42 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-24 00:03:42 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-23 21:49:12 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-23 21:49:12 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-20 18:18:33 ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) TCP 80
2026-05-20 18:18:33 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-18 13:32:34 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-18 13:32:34 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-18 01:54:53 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-18 01:54:53 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-17 21:09:43 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-17 21:09:43 ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) TCP 80
2026-05-16 12:08:00 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-16 12:08:00 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-16 12:08:00 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-16 12:08:00 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-16 12:08:00 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-16 12:08:00 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-16 12:08:00 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-16 12:08:00 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-16 12:08:00 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-16 12:08:00 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-16 12:08:00 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-16 12:08:00 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-16 12:08:00 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-16 12:08:00 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-16 12:08:00 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-16 12:08:00 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-16 12:08:00 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-16 12:08:00 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-16 11:06:58 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 11:06:58 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-15 04:06:41 ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) TCP 80
2026-05-15 04:06:40 ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) TCP 80
2026-05-15 04:06:39 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-14 05:29:02 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-14 05:29:00 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-14 04:09:15 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-14 04:09:14 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-12 07:07:15 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-12 07:07:15 ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) TCP 80
2026-05-11 16:38:26 ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) TCP 80
2026-05-11 16:38:25 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-11 12:08:34 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-11 12:08:32 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-11 10:28:46 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-11 10:28:46 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80

 

Back to top