SCARD

Suspicious activity by IP address 72.94.12.28

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Thu, 30 Apr 2026 00:27:16 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 72.94.12.28

Description Count
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 20
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) 15
ET EXPLOIT D-Link DSL-2750B - OS Command Injection 5
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) 5
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt 4

Detailed activity by IP address 72.94.12.28

Timestamp Description Protocol Destination Port
2026-04-30 00:27:16 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-30 00:27:16 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-30 00:27:16 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-30 00:27:16 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-25 12:08:32 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-25 12:08:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-25 12:08:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-25 12:08:32 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-22 18:01:44 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-22 18:01:44 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-22 18:01:44 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-22 18:01:44 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-22 18:01:44 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-22 18:01:44 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-22 18:01:44 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-22 18:01:44 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-21 03:19:21 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-21 03:19:21 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-21 03:19:21 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-21 03:19:21 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-18 23:24:07 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-18 23:24:07 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-18 23:24:07 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-18 23:24:07 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-18 23:24:07 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-18 23:24:07 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-18 23:24:07 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-18 23:24:07 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-17 12:46:48 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-17 12:46:48 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-17 12:46:48 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-17 12:46:48 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-17 10:16:43 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-17 10:16:43 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-17 10:16:43 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-16 08:57:22 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-16 08:57:22 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-16 08:57:22 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-16 08:57:22 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-07 16:09:52 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-07 16:09:52 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-07 16:09:52 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-07 16:09:52 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 22:10:30 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-06 22:10:30 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 22:10:30 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-06 22:10:30 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-04 09:40:29 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-04 09:40:29 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80

 

Back to top