SCARD

Suspicious activity by IP address 222.89.169.98

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Thu, 28 May 2026 04:08:22 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 222.89.169.98

Description Count
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 23
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) 6
ET WEB_SERVER auto_prepend_file PHP config option in uri 6
ET WEB_SERVER PHP tags in HTTP POST 6
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) 6
ET WEB_SERVER allow_url_include PHP config option in uri 6
ET WEB_SERVER Generic PHP Remote File Include 6
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body 6
ET WEB_SERVER PHP.//Input in HTTP POST 6
SERVER-WEBAPP PHP PHP-CGI command execution attempt 6

Detailed activity by IP address 222.89.169.98

Timestamp Description Protocol Destination Port
2026-05-28 04:08:22 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-28 04:08:22 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-28 04:08:22 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-28 04:08:22 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-28 04:08:22 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-28 04:08:22 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-28 04:08:22 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-28 04:08:22 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-28 04:08:22 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-28 04:08:21 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-28 04:08:21 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-28 04:08:21 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-28 04:08:21 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-28 04:08:21 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-28 04:08:21 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-28 04:08:21 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-28 04:08:21 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-28 04:08:21 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-28 03:07:14 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-28 03:07:14 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-27 04:37:32 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-27 04:37:32 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-27 04:37:32 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-05-27 04:37:32 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-27 04:37:32 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-27 04:37:32 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-27 04:37:32 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-27 04:37:32 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-05-27 04:37:32 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-05-27 04:37:32 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-27 04:37:32 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-05-27 04:37:32 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-27 04:37:32 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-05-27 04:37:32 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-27 04:37:32 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-05-27 04:37:32 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-05-27 04:37:32 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-05-27 04:37:32 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-05-27 03:36:17 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-27 03:36:17 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 16:34:54 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 16:34:54 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 12:09:47 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-16 12:09:47 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-08 12:34:11 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-08 12:34:11 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-08 08:31:14 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-05-08 08:31:13 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-21 19:09:41 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-21 19:09:41 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-15 02:52:17 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-04-15 02:52:17 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-04-15 02:52:17 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-04-15 02:52:17 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-04-15 02:52:17 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-04-15 02:52:17 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-04-15 02:52:17 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-04-15 02:52:17 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-15 02:52:17 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-04-15 02:52:16 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-04-15 02:52:16 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-04-15 02:52:16 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-04-15 02:52:16 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-04-15 02:52:16 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-04-15 02:52:16 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-04-15 02:52:16 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-04-15 02:52:16 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-04-15 02:52:16 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-04-15 01:50:50 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-15 01:50:50 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-13 19:32:25 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-13 19:32:25 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-08 08:49:43 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-02 11:58:56 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-04-02 11:58:54 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-03-26 23:31:29 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-03-26 23:31:29 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80

 

Back to top