SCARD

Suspicious activity by IP address 76.38.153.145

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Mon, 13 Apr 2026 22:39:26 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 76.38.153.145

Description Count
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 18
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) 11
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) 7
ET EXPLOIT D-Link DSL-2750B - OS Command Injection 7
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt 6

Detailed activity by IP address 76.38.153.145

Timestamp Description Protocol Destination Port
2026-04-13 22:39:26 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-13 22:39:26 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-13 22:39:26 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-13 22:39:26 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-13 03:50:44 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-13 03:50:44 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-13 03:50:44 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-13 03:50:44 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-13 03:50:44 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-13 03:50:44 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-13 03:50:44 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-13 03:50:44 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-13 01:22:23 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-13 01:22:23 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-13 01:22:23 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-13 01:22:23 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-10 21:29:38 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-10 21:29:38 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-10 21:29:38 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-10 21:29:38 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-10 01:58:11 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-10 01:58:11 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-10 01:58:11 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-10 01:58:11 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-10 01:58:11 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-10 01:58:11 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-10 01:58:11 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-10 01:58:11 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-08 19:19:22 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-08 19:19:22 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-08 19:19:22 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-08 19:19:22 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-08 07:58:09 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-08 07:58:09 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-08 07:58:09 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-08 07:58:09 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-08 07:58:09 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-08 07:58:09 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-08 07:58:09 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-08 07:58:09 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-06 14:35:59 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 14:35:59 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-06 14:35:59 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-06 11:28:21 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-06 11:28:21 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-06 11:28:21 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-06 11:28:21 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-05 14:00:54 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-05 14:00:54 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80

 

Back to top