SCARD

Suspicious activity by IP address 45.230.66.98

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Sun, 12 Apr 2026 05:08:52 (Australia/Brisbane)

Summary of suspicious activity by IP address 45.230.66.98

Description	Count
ET SCAN Mirai Variant User-Agent (Inbound)	9
ET WEB_SERVER WebShell Generic - wget http - POST	6
ET EXPLOIT HackingTrio UA (Hello, World)	6
ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	3
ET HUNTING Suspicious Chmod Usage in URI (Inbound)	3
ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	3
ET EXPLOIT MVPower DVR Shell UCE	3
ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution	2
ET WEB_SERVER WGET Command Specifying Output in HTTP Headers	2
ET INFO Netlink GPON Login Attempt (GET)	1

Detailed activity by IP address 45.230.66.98

Timestamp	Description	Protocol	Destination Port
2026-04-12 05:08:52	ET WEB_SERVER WGET Command Specifying Output in HTTP Headers	TCP	80
2026-04-12 05:08:52	ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution	TCP	80
2026-04-12 05:08:52	ET WEB_SERVER WGET Command Specifying Output in HTTP Headers	TCP	80
2026-04-12 05:08:52	ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution	TCP	80
2026-04-11 00:36:48	ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	TCP	80
2026-04-11 00:36:48	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-04-11 00:36:48	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80
2026-04-11 00:36:48	ET EXPLOIT MVPower DVR Shell UCE	TCP	80
2026-04-11 00:36:48	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-04-11 00:36:48	ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	TCP	80
2026-04-11 00:36:48	ET EXPLOIT MVPower DVR Shell UCE	TCP	80
2026-04-11 00:36:48	ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	TCP	80
2026-04-11 00:36:48	ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	TCP	80
2026-04-11 00:36:48	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80
2026-04-10 20:55:36	ET EXPLOIT HackingTrio UA (Hello, World)	TCP	80
2026-04-10 20:55:36	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-04-10 20:55:36	ET WEB_SERVER WebShell Generic - wget http - POST	TCP	80
2026-04-10 20:55:35	ET WEB_SERVER WebShell Generic - wget http - POST	TCP	80
2026-04-10 20:55:35	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-04-10 20:55:35	ET EXPLOIT HackingTrio UA (Hello, World)	TCP	80
2026-04-09 02:23:49	ET HUNTING Suspicious Chmod Usage in URI (Inbound)	TCP	80
2026-04-09 02:23:49	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-04-09 02:23:49	ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	TCP	80
2026-04-09 02:23:49	ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	TCP	80
2026-04-09 02:23:49	ET EXPLOIT MVPower DVR Shell UCE	TCP	80
2026-04-09 01:30:30	ET WEB_SERVER WebShell Generic - wget http - POST	TCP	80
2026-04-09 01:30:30	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-04-09 01:30:30	ET EXPLOIT HackingTrio UA (Hello, World)	TCP	80
2026-04-09 01:30:28	ET EXPLOIT HackingTrio UA (Hello, World)	TCP	80
2026-04-09 01:30:28	ET WEB_SERVER WebShell Generic - wget http - POST	TCP	80
2026-04-09 01:30:28	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-04-06 14:15:57	ET INFO Netlink GPON Login Attempt (GET)	TCP	80
2026-03-30 06:56:59	ET EXPLOIT HackingTrio UA (Hello, World)	TCP	80
2026-03-30 06:56:59	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-03-30 06:56:59	ET SCAN Mirai Variant User-Agent (Inbound)	TCP	80
2026-03-30 06:56:59	ET WEB_SERVER WebShell Generic - wget http - POST	TCP	80
2026-03-30 06:56:59	ET EXPLOIT HackingTrio UA (Hello, World)	TCP	80
2026-03-30 06:56:59	ET WEB_SERVER WebShell Generic - wget http - POST	TCP	80