SCARD

Suspicious activity by IP address 139.135.42.149

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Jul 2026 09:10:53 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 139.135.42.149

Description Count
ET SCAN Mirai Variant User-Agent (Inbound) 4
ET EXPLOIT Netgear DGN Remote Command Execution 2
ET EXPLOIT HackingTrio UA (Hello, World) 2
ET WEB_SERVER WebShell Generic - wget http - POST 2
ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) 2
ET EXPLOIT MVPower DVR Shell UCE 2
SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt 2
ET SCAN JAWS Webserver Unauthenticated Shell Command Execution 2
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 2

Detailed activity by IP address 139.135.42.149

Timestamp Description Protocol Destination Port
2026-07-14 09:10:53 ET EXPLOIT Netgear DGN Remote Command Execution TCP 80
2026-07-14 09:10:53 SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt TCP 80
2026-07-14 09:10:53 SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt TCP 80
2026-07-14 09:10:53 ET EXPLOIT Netgear DGN Remote Command Execution TCP 80
2026-07-05 06:08:38 ET SCAN Mirai Variant User-Agent (Inbound) TCP 80
2026-07-05 06:08:38 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-05 06:08:38 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-05 06:08:38 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-07-05 06:08:38 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-05 06:08:38 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-05 06:08:38 ET SCAN Mirai Variant User-Agent (Inbound) TCP 80
2026-07-05 06:08:38 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-07-05 06:08:38 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-07-05 06:08:38 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-21 04:59:35 ET WEB_SERVER WebShell Generic - wget http - POST TCP 80
2026-04-21 04:59:35 ET WEB_SERVER WebShell Generic - wget http - POST TCP 80
2026-04-21 04:59:33 ET SCAN Mirai Variant User-Agent (Inbound) TCP 80
2026-04-21 04:59:33 ET SCAN Mirai Variant User-Agent (Inbound) TCP 80
2026-04-21 04:59:33 ET EXPLOIT HackingTrio UA (Hello, World) TCP 80
2026-04-21 04:59:33 ET EXPLOIT HackingTrio UA (Hello, World) TCP 80

 

Back to top