SCARD

Suspicious activity by IP address 163.7.1.156

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Jul 2026 05:48:42 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 163.7.1.156

Description Count
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 9
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body 8
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) 8
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) 8
ET WEB_SERVER auto_prepend_file PHP config option in uri 8
ET WEB_SERVER allow_url_include PHP config option in uri 8
ET WEB_SERVER PHP.//Input in HTTP POST 8
SERVER-WEBAPP PHP PHP-CGI command execution attempt 8
ET WEB_SERVER Generic PHP Remote File Include 8
ET WEB_SERVER PHP tags in HTTP POST 8
SERVER-WEBAPP PHPUnit PHP remote code execution attempt 2

Detailed activity by IP address 163.7.1.156

Timestamp Description Protocol Destination Port
2026-07-14 05:48:42 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-06-29 17:59:09 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-06-29 17:59:09 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-06-10 06:11:36 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-06-08 22:04:12 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 18:53:57 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 18:53:57 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 18:53:57 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-05-10 18:53:57 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 18:53:57 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 18:53:57 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-10 18:53:57 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-10 18:53:57 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-10 18:53:57 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 18:53:57 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 18:53:57 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 18:53:57 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 18:53:57 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 18:53:57 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-10 18:53:57 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 18:53:57 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 18:53:57 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 18:53:57 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 18:53:57 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 18:53:57 SERVER-WEBAPP PHPUnit PHP remote code execution attempt TCP 80
2026-05-10 18:53:57 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 18:53:57 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 18:53:57 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 18:53:57 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 18:53:56 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-10 18:53:56 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-10 08:29:36 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-10 08:29:36 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 08:29:36 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 08:29:36 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 08:29:36 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 08:29:36 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 08:29:36 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 08:29:36 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 08:29:36 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 08:29:35 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 08:29:35 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 08:29:35 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-10 08:29:35 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 08:29:35 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 08:29:35 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 08:29:35 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 08:29:35 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 08:29:35 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 07:28:34 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-10 07:28:34 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-10 07:28:33 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 07:28:33 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 07:28:33 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 07:28:33 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-10 07:28:33 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 07:28:33 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 07:28:33 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-10 07:28:33 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-10 07:28:33 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 07:28:33 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 07:28:33 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-10 07:28:33 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 07:28:33 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-10 07:28:33 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-10 07:28:33 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-10 07:28:33 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-10 07:28:33 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-10 07:28:33 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80

 

Back to top