SCARD

Suspicious activity by IP address 96.29.213.148

Below is a list of the last 500 suspicious interactions with this IP.

Last observed Tue, 21 Apr 2026 12:23:06 (Australia/Brisbane)

Back to main list

Summary of suspicious activity by IP address 96.29.213.148

Description Count
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 18
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) 12
ET EXPLOIT D-Link DSL-2750B - OS Command Injection 8
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) 8
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt 6

Detailed activity by IP address 96.29.213.148

Timestamp Description Protocol Destination Port
2026-04-21 12:23:06 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-21 12:23:06 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-20 23:44:53 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-20 23:44:53 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-20 23:44:53 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-20 23:44:53 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-20 23:44:53 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-20 23:44:53 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-20 23:44:53 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-20 23:44:53 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-19 13:22:19 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-19 13:22:19 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-19 13:22:19 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-19 13:22:19 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-18 21:10:40 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-18 21:10:40 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-18 21:10:40 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-18 21:10:40 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-18 02:07:57 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-18 02:07:57 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-18 02:07:57 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-18 02:07:57 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-18 02:07:57 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-18 02:07:57 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-18 02:07:57 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-18 02:07:57 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-17 05:30:09 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-17 05:30:09 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-17 05:30:09 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-17 05:30:09 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-17 05:30:09 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-17 05:30:09 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-17 05:30:09 SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt TCP 80
2026-04-17 05:30:09 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-15 13:52:43 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-15 13:52:43 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-15 13:52:43 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-15 13:52:43 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-11 19:45:06 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-11 19:45:06 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-11 19:45:06 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-11 19:45:06 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-08 01:26:05 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-08 01:26:05 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-08 01:26:05 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-08 01:26:05 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-05 15:32:22 ET EXPLOIT D-Link DSL-2750B - OS Command Injection TCP 80
2026-04-05 15:32:22 ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) TCP 80
2026-04-04 03:03:29 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-04 03:03:29 ET HUNTING Suspicious Chmod Usage in URI (Inbound) TCP 80
2026-04-04 03:03:29 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80
2026-04-04 03:03:29 ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) TCP 80

 

Back to top