Loading threats
HTTP query string containing a lang= parameter with multi-level directory traversal targeting usr/local/lib/php/pearcmd, followed by a config-create invocation and inline PHP code (<?echo(md5("hi"));?>) intended to be written to a temporary file (e.g., /tmp/index1.php). Represents a direct PEAR pearcmd.php abuse attempt combining path traversal, configuration command execution, and PHP payload file creation within the query string.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 82.165.66.87 | 100% | 6,097 | 424 | 🇩🇪 DE | AS8560 | 2026-03-10 |
| 101.36.104.242 | 100% | 3,375 | 314 | 🇯🇵 JP | AS135377 | 2026-03-09 |
| 165.154.227.13 | 100% | 2,993 | 196 | 🇹🇼 TW | AS142002 | 2026-02-25 |
| 61.245.11.87 | 100% | 2,623 | 403 | 🇵🇭 PH | AS19970 | 2026-03-09 |
| 157.173.199.44 | 100% | 2,574 | 139 | 🇺🇸 US | AS40021 | 2026-02-17 |
| 180.76.172.156 | 100% | 2,331 | 686 | 🇨🇳 CN | AS38365 | 2026-03-09 |
| 103.40.61.98 | 100% | 2,310 | 269 | 🇮🇳 IN | AS133700 | 2026-03-10 |
| 62.171.164.240 | 100% | 2,257 | 95 | 🇫🇷 FR | AS51167 | 2026-02-09 |
| 106.54.176.158 | 100% | 2,209 | 206 | 🇨🇳 CN | AS45090 | 2026-02-09 |
| 34.60.107.64 | 100% | 2,151 | 151 | 🇺🇸 US | AS396982 | 2026-02-21 |
| 128.199.103.139 | 100% | 2,085 | 184 | 🇸🇬 SG | AS14061 | 2026-03-08 |
| 178.17.58.122 | 96% | 2,037 | 1,995 | 🇩🇪 DE | AS215540 | 2026-02-18 |
| 114.220.75.156 | 100% | 1,976 | 557 | 🇨🇳 CN | AS4134 | 2026-03-10 |
| 47.85.49.48 | 99% | 1,664 | 325 | 🇺🇸 US | AS45102 | 2026-02-26 |
| 159.65.119.52 | 100% | 1,656 | 268 | 🇩🇪 DE | AS14061 | 2026-03-09 |
| 217.154.69.208 | 100% | 1,650 | 160 | 🇩🇪 DE | AS8560 | 2026-03-09 |
| 103.232.121.71 | 100% | 1,634 | 102 | 🇻🇳 VN | AS56150 | 2026-02-22 |
| 101.36.107.228 | 100% | 1,503 | 144 | 🇭🇰 HK | AS135377 | 2026-03-10 |
| 181.176.14.90 | 100% | 1,435 | 117 | 🇵🇪 PE | AS262210 | 2026-03-10 |
| 161.248.162.15 | 100% | 1,417 | 60 | 🇮🇳 IN | AS152565 | 2026-02-13 |