SCARD

Suspicious activity by IP address 172.2.5.212

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Sat, 30 May 2026 10:37:50 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 172.2.5.212

Description Count
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 34
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) 18
ET EXPLOIT D-Link DSL-2750B - OS Command Injection 18
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) 16
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt 16

Detailed activity by IP address 172.2.5.212

Timestamp Description Protocol Destination Port
2026-05-30 10:37:50 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-30 10:37:50 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-30 10:37:50 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-05-30 10:37:50 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-05-28 18:15:14 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-28 18:15:14 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-28 18:15:14 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-28 18:15:14 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-28 18:15:14 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-28 18:15:14 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-28 18:15:14 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-28 18:15:14 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-19 18:13:47 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-05-19 18:13:47 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-19 18:13:47 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-05-19 18:13:47 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-17 20:29:28 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-17 20:29:28 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-17 20:29:28 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-17 20:29:28 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-17 20:29:28 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-17 20:29:28 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-17 20:29:28 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-17 20:29:28 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-17 09:16:42 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 8080
2026-05-17 09:16:42 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 8080
2026-05-17 09:16:42 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 8080
2026-05-17 09:16:42 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 8080
2026-05-17 09:16:42 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 8080
2026-05-17 09:16:42 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 8080
2026-05-15 08:03:11 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-15 08:03:11 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-15 08:03:11 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-15 08:03:11 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-15 08:03:11 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-15 08:03:11 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-15 08:03:11 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-15 08:03:11 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-04 18:58:43 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-04 18:58:43 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-05-04 18:58:43 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-04 18:58:43 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-05-04 09:40:15 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-04 09:40:15 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-04 09:40:15 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-04 09:40:15 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-04 09:40:15 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-04 09:40:15 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-04 09:40:15 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-04 09:40:15 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-03 17:11:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-03 17:11:32 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-03 17:11:32 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-03 17:11:32 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-03 17:11:32 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-03 17:11:32 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-03 17:11:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-03 17:11:32 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-02 09:57:58 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-02 09:57:58 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-02 09:57:58 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-02 09:57:58 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-05-02 09:57:58 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-05-02 09:57:58 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-05-02 09:57:58 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-05-02 09:57:58 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-24 20:26:40 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-24 20:26:40 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-24 20:26:40 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-24 20:26:40 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-22 02:36:05 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-22 02:36:05 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-20 06:11:04 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-20 06:11:04 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-20 06:11:04 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-20 06:11:04 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-20 06:11:04 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-20 06:11:04 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-20 06:11:04 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-20 06:11:04 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-18 00:12:46 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-18 00:12:46 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-15 18:26:40 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-15 18:26:40 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-15 18:26:40 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-15 18:26:40 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-06 12:39:18 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-06 12:39:18 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 11:25:13 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 11:25:13 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-04 16:11:43 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-04 16:11:43 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-04 16:11:43 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-04 16:11:43 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-04 11:40:44 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-04 11:40:44 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-04 11:40:44 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-04 11:40:44 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-04 11:40:44 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-04 11:40:44 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-04 11:40:44 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-04 11:40:44 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80

 

Back to top