SCARD

Suspicious activity by IP address 222.212.83.51

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Jul 2026 03:00:49 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 222.212.83.51

Description Count
ET EXPLOIT MVPower DVR Shell UCE 12
ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) 12
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 12
ET SCAN JAWS Webserver Unauthenticated Shell Command Execution 12
ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1 5
ET WORM TheMoon.linksys.router 2 5
ET EXPLOIT Linksys E-Series Device RCE Attempt 5
ET WEB_SERVER ThinkPHP RCE Exploitation Attempt 5
SURICATA HTTP URI terminated by non-compliant character 4
ET WEB_SERVER WebShell Generic - wget http - POST 4

Detailed activity by IP address 222.212.83.51

Timestamp Description Protocol Destination Port
2026-07-14 03:00:49 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-14 03:00:49 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-07-14 03:00:49 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-14 03:00:49 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-07-14 03:00:49 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-14 03:00:49 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-07-14 03:00:49 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-07-14 03:00:49 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-13 17:46:14 ET WEB_SERVER ThinkPHP RCE Exploitation Attempt TCP 80
2026-07-10 20:35:54 ET WORM TheMoon.linksys.router 2 TCP 8080
2026-07-10 20:35:54 ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1 TCP 8080
2026-07-10 20:35:54 ET EXPLOIT Linksys E-Series Device RCE Attempt TCP 8080
2026-07-08 10:18:45 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-08 10:18:45 ET WEB_SERVER ThinkPHP RCE Exploitation Attempt TCP 80
2026-07-08 10:18:45 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-07-08 10:18:45 ET WEB_SERVER ThinkPHP RCE Exploitation Attempt TCP 80
2026-07-08 10:18:45 SURICATA HTTP URI terminated by non-compliant character TCP 80
2026-07-08 10:18:45 SURICATA HTTP URI terminated by non-compliant character TCP 80
2026-07-08 10:18:45 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-08 10:18:45 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-07-08 10:18:45 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-07-08 10:18:45 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-08 10:18:45 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-07-08 10:18:45 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-05 10:56:40 ET WORM TheMoon.linksys.router 2 TCP 8080
2026-07-05 10:56:40 ET EXPLOIT Linksys E-Series Device RCE Attempt TCP 8080
2026-07-05 10:56:40 ET WEB_SERVER WebShell Generic - wget http - POST TCP 8080
2026-07-05 10:56:40 ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1 TCP 8080
2026-07-05 10:56:40 ET WEB_SERVER WebShell Generic - wget http - POST TCP 8080
2026-07-05 10:56:40 ET EXPLOIT Linksys E-Series Device RCE Attempt TCP 8080
2026-07-05 10:56:40 ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1 TCP 8080
2026-07-05 10:56:40 ET WORM TheMoon.linksys.router 2 TCP 8080
2026-07-02 03:07:11 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-07-02 03:07:11 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-07-02 03:07:11 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-02 03:07:11 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-02 03:07:11 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-07-02 03:07:11 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-07-02 03:07:11 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-07-02 03:07:11 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-06-28 17:38:33 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-06-28 17:38:33 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-06-28 17:38:33 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-06-28 17:38:33 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-06-28 17:38:33 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-06-28 17:38:33 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-06-28 17:38:33 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-06-28 17:38:33 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-06-22 00:00:09 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-06-22 00:00:09 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-06-22 00:00:09 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-06-22 00:00:09 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-06-22 00:00:09 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-06-22 00:00:09 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-06-22 00:00:09 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-06-22 00:00:09 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-06-11 08:12:02 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-06-11 08:12:02 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-06-11 08:12:02 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-06-11 08:12:02 SURICATA HTTP URI terminated by non-compliant character TCP 80
2026-06-11 08:12:02 ET SCAN JAWS Webserver Unauthenticated Shell Command Execution TCP 80
2026-06-11 08:12:02 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-06-11 08:12:02 SURICATA HTTP URI terminated by non-compliant character TCP 80
2026-06-11 08:12:02 ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) TCP 80
2026-06-11 08:12:02 ET WEB_SERVER ThinkPHP RCE Exploitation Attempt TCP 80
2026-06-11 08:12:02 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-06-11 08:12:02 ET WEB_SERVER ThinkPHP RCE Exploitation Attempt TCP 80
2026-06-11 08:12:02 ET EXPLOIT MVPower DVR Shell UCE TCP 80
2026-06-07 18:22:04 ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1 TCP 8080
2026-06-07 18:22:04 ET WORM TheMoon.linksys.router 2 TCP 8080
2026-06-07 18:22:04 ET WEB_SERVER WebShell Generic - wget http - POST TCP 8080
2026-06-07 18:22:04 ET EXPLOIT Linksys E-Series Device RCE Attempt TCP 8080
2026-06-07 18:22:04 ET WORM TheMoon.linksys.router 2 TCP 8080
2026-06-07 18:22:04 ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1 TCP 8080
2026-06-07 18:22:04 ET EXPLOIT Linksys E-Series Device RCE Attempt TCP 8080
2026-06-07 18:22:04 ET WEB_SERVER WebShell Generic - wget http - POST TCP 8080

 

Back to top