SCARD

Suspicious activity by IP address 156.245.207.80

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Sun, 24 May 2026 07:25:24 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 156.245.207.80

Description Count
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 13
ET WEB_SERVER PHP.//Input in HTTP POST 5
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) 5
ET WEB_SERVER PHP tags in HTTP POST 5
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) 5
ET WEB_SERVER auto_prepend_file PHP config option in uri 5
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body 5
ET WEB_SERVER Generic PHP Remote File Include 5
ET WEB_SERVER allow_url_include PHP config option in uri 5
SERVER-WEBAPP PHP PHP-CGI command execution attempt 4

Detailed activity by IP address 156.245.207.80

Timestamp Description Protocol Destination Port
2026-05-24 07:25:24 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-24 07:25:24 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-23 13:47:19 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-23 06:54:10 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-23 06:54:08 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-22 15:25:28 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-22 15:25:28 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-22 15:25:28 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-22 15:25:28 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-22 15:25:28 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-22 15:25:28 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-22 15:25:28 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-22 15:25:28 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-22 14:24:26 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-20 13:23:31 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-20 13:23:29 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-20 00:40:46 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-18 03:45:28 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-18 03:45:28 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 20:26:40 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-16 20:26:40 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-16 20:26:40 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-16 20:26:40 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-16 20:26:40 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-16 20:26:40 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-16 20:26:40 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-16 20:26:40 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-16 20:26:40 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-16 20:26:39 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-16 20:26:39 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-16 20:26:39 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-16 20:26:39 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-16 20:26:39 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-16 20:26:39 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-16 20:26:39 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-16 20:26:39 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-16 20:26:39 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-16 19:26:36 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-16 19:26:36 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-16 19:26:36 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-16 19:26:36 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-16 19:26:36 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-16 19:26:36 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-16 19:26:36 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-16 19:26:36 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-16 19:26:36 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-16 19:26:36 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 19:26:36 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 19:26:36 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-16 19:26:36 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-16 19:26:36 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-16 19:26:36 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-16 19:26:36 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-16 19:26:36 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-16 19:26:36 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-16 19:26:36 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-16 19:26:36 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80

 

Back to top