SCARD

Suspicious activity by IP address 104.22.66.167

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Jul 2026 13:13:40 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 104.22.66.167

Description Count
ET SCAN LeakIX Inbound User-Agent 6
ET WEB_SERVER PHP tags in HTTP POST 4
SERVER-WEBAPP PHPUnit PHP remote code execution attempt 4
ET SCAN SFTP/FTP Password Exposure via sftp-config.json 2
ET WEB_SERVER WEB-PHP phpinfo access 2

Detailed activity by IP address 104.22.66.167

Timestamp Description Protocol Destination Port
2026-07-14 13:13:40 ET SCAN LeakIX Inbound User-Agent TCP 80
2026-07-14 13:13:39 ET SCAN LeakIX Inbound User-Agent TCP 80
2026-07-14 12:13:12 ET SCAN LeakIX Inbound User-Agent TCP 80
2026-07-14 12:13:12 ET SCAN LeakIX Inbound User-Agent TCP 80
2026-04-18 02:53:34 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-04-18 02:53:34 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-18 02:53:33 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-18 02:53:33 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-04-18 01:53:06 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-04-18 01:53:06 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-18 01:53:06 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-18 01:53:06 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-04-16 21:56:34 ET SCAN LeakIX Inbound User-Agent TCP 80
2026-04-16 21:56:34 ET SCAN LeakIX Inbound User-Agent TCP 80
2026-04-15 14:40:04 ET WEB_SERVER WEB-PHP phpinfo access TCP 80
2026-04-15 14:40:04 ET WEB_SERVER WEB-PHP phpinfo access TCP 80
2026-04-13 03:35:42 ET SCAN SFTP/FTP Password Exposure via sftp-config.json TCP 80
2026-04-13 03:35:42 ET SCAN SFTP/FTP Password Exposure via sftp-config.json TCP 80

 

Back to top