SCARD

Suspicious activity by IP address 174.171.52.9

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Apr 2026 07:08:06 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 174.171.52.9

Description	Count
ET HUNTING Suspicious Chmod Usage in URI (Inbound)	5
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)	3
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt	2
ET EXPLOIT D-Link DSL-2750B - OS Command Injection	2
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)	2

Detailed activity by IP address 174.171.52.9

Timestamp	Description	Protocol	Destination Port
2026-04-14 07:08:06	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80
2026-04-14 07:08:06	ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)	TCP	80
2026-04-12 21:03:06	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80
2026-04-12 21:03:06	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80
2026-04-12 21:03:06	ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)	TCP	80
2026-04-12 21:03:06	ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)	TCP	80
2026-04-10 13:17:40	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80
2026-04-10 13:17:40	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt	TCP	80
2026-04-10 13:17:40	ET EXPLOIT D-Link DSL-2750B - OS Command Injection	TCP	80
2026-04-10 13:17:40	ET EXPLOIT D-Link DSL-2750B - OS Command Injection	TCP	80
2026-04-10 13:17:40	ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)	TCP	80
2026-04-10 13:17:40	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt	TCP	80
2026-04-10 13:17:40	ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)	TCP	80
2026-04-10 13:17:40	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80