SCARD

Suspicious activity by IP address 89.126.211.166

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Jul 2026 10:05:09 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 89.126.211.166

Description Count
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 25
ET WEB_SERVER Generic PHP Remote File Include 2
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) 2
ET WEB_SERVER auto_prepend_file PHP config option in uri 2
SERVER-WEBAPP PHP PHP-CGI command execution attempt 2
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) 2
ET WEB_SERVER PHP tags in HTTP POST 2
ET WEB_SERVER allow_url_include PHP config option in uri 2
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body 2
ET WEB_SERVER PHP.//Input in HTTP POST 2

Detailed activity by IP address 89.126.211.166

Timestamp Description Protocol Destination Port
2026-07-14 10:05:09 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-07-14 10:05:09 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-07-14 10:05:09 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-07-14 10:05:09 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-07-14 10:05:09 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-07-14 10:05:09 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-07-14 10:05:09 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-07-14 10:05:09 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-07-14 10:05:09 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-07-14 10:05:08 SERVER-WEBAPP PHP PHP-CGI command execution attempt TCP 80
2026-07-14 10:05:08 ET WEB_SERVER allow_url_include PHP config option in uri TCP 80
2026-07-14 10:05:08 ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body TCP 80
2026-07-14 10:05:08 ET WEB_SERVER PHP.//Input in HTTP POST TCP 80
2026-07-14 10:05:08 ET WEB_SERVER auto_prepend_file PHP config option in uri TCP 80
2026-07-14 10:05:08 ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) TCP 80
2026-07-14 10:05:08 ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) TCP 80
2026-07-14 10:05:08 ET WEB_SERVER PHP tags in HTTP POST TCP 80
2026-07-14 10:05:08 ET WEB_SERVER Generic PHP Remote File Include TCP 80
2026-07-14 09:03:36 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-14 09:03:36 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-12 18:31:48 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-12 18:31:46 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-12 07:26:54 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-12 07:26:54 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-11 17:02:09 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-11 17:02:07 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-10 01:45:58 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-10 01:45:58 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-08 00:36:19 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-08 00:36:19 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-07 17:06:36 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-05 17:34:00 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-05 17:33:59 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-05 07:41:53 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-05 07:41:53 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-05 02:21:07 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-05 02:21:07 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-03 04:24:48 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-03 04:24:48 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-02 18:18:32 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-02 18:18:32 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-02 15:00:33 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80
2026-07-02 15:00:31 ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 TCP 80

 

Back to top