SCARD

Suspicious activity by IP address 120.241.79.66

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Apr 2026 08:36:24 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 120.241.79.66

Description Count
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 16
SERVER-WEBAPP PHP PHP-CGI command execution attempt 2
ET WEB_SERVER allow_url_include PHP config option in uri 2
ET WEB_SERVER auto_prepend_file PHP config option in uri 2
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) 2
ET WEB_SERVER PHP tags in HTTP POST 2
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) 2
ET WEB_SERVER PHP.//Input in HTTP POST 2
ET WEB_SERVER Generic PHP Remote File Include 2
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body 2

Detailed activity by IP address 120.241.79.66

Timestamp Description Protocol Destination Port
2026-04-14 08:36:24 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-11 11:40:15 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-10 16:58:58 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-10 16:58:58 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-08 12:11:19 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-08 12:11:19 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-05 17:53:37 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-05 17:53:37 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-04 06:37:15 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-04 06:37:15 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-02 08:57:19 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-04-02 08:57:19 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-04-02 08:57:19 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-04-02 08:57:19 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-02 08:57:19 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-04-02 08:57:19 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-04-02 08:57:19 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-04-02 08:57:19 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-04-02 08:57:19 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-04-02 08:57:18 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-04-02 08:57:18 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-04-02 08:57:18 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-02 08:57:18 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-04-02 08:57:18 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-04-02 08:57:18 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-04-02 08:57:18 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-04-02 08:57:18 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-04-02 08:57:18 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-04-02 07:56:17 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-02 07:56:17 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-03-29 16:44:39 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-03-29 16:44:39 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-03-27 13:40:24 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-03-27 13:40:24 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80

 

Back to top