SCARD

Suspicious activity by IP address 76.30.18.165

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 14 Apr 2026 13:47:32 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 76.30.18.165

Description Count
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 11
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) 6
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt 6
ET EXPLOIT D-Link DSL-2750B - OS Command Injection 6
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) 5

Detailed activity by IP address 76.30.18.165

Timestamp Description Protocol Destination Port
2026-04-14 13:47:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-14 13:47:32 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-14 13:47:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-14 13:47:32 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-14 13:47:32 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-14 13:47:32 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-14 13:47:32 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-14 13:47:32 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-12 21:33:28 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-12 21:33:28 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-11 15:41:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-11 15:41:32 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-11 15:41:32 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-11 15:41:32 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-09 17:32:14 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-09 17:32:14 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-09 17:32:14 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-09 17:32:14 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-09 17:32:14 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-09 17:32:14 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-09 17:32:14 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-09 17:32:14 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 05:13:01 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 05:13:01 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 05:13:01 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-06 05:13:01 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-05 16:02:17 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-05 16:02:17 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-05 16:02:17 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-05 16:02:17 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-05 16:02:17 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-05 16:02:17 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-05 16:02:17 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-05 16:02:17 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80

 

Back to top