SCARD

Last updated Tue, 14 Jul 2026 23:04:25 (Australia/Brisbane)

List of suspicious activity by IP addresses

Below is a list of the top 500 IP addresses with suspicious activity observed by SCARD. Click on an IP address below for more information about its activity.

Note: Due to the overwhelming number of common scan types, this list omits typical scan types in favour of less-seen threat types.

IPs by timestamp - or - IPs by incident count
IP Address Incidence
139.162.116.160 16139
94.154.43.12 906
221.159.119.6 3091
72.255.3.136 2
175.107.1.125 1
139.28.219.70 32
34.139.34.153 1
198.44.133.101 1
2001 5694
45.225.135.171 8212
172.68.245.126 1
225.91.181.91 1
103.54.101.248 1713
158.94.209.22 2
172.70.189.158 6
172.69.176.138 6
144.31.156.249 1
103.18.14.24 2
101.53.225.41 2
165.154.172.111 32
205.210.31.84 2
223.123.73.186 5
103.74.20.141 8
141.98.11.134 138
81.16.152.2 73
222.134.147.66 33
34.19.6.108 2
84.17.43.213 89
162.43.180.31 8501
47.93.126.28 62
101.53.233.13 1
175.100.59.96 10
193.32.162.60 801
81.19.219.213 4
178.128.126.146 18
172.71.98.77 4
184.105.139.69 10
172.71.146.50 10
144.48.36.141 1060
104.28.197.13 8
83.97.78.224 17
8.8.4.4 1548
172.71.120.69 20
172.70.189.157 2
172.70.189.139 12
172.69.176.106 12
91.224.92.82 144
190.196.253.118 10
172.71.99.79 4
104.23.168.108 6
175.107.2.26 2
8.8.8.8 1595
160.119.76.10 65
47.251.90.48 178
8.215.61.37 6
47.84.187.122 8
31.132.90.3 184
47.237.195.136 10
43.98.184.77 14
78.128.114.174 39
43.112.79.206 10
37.19.210.7 12
163.142.92.181 4
171.222.253.226 1
195.222.59.154 12
91.92.41.115 14
34.139.62.241 2
172.71.120.8 8
34.26.86.246 2
177.22.44.30 151
110.35.80.116 313
159.255.34.139 5
47.245.135.136 2
172.94.9.203 72
34.148.146.220 2
108.181.56.189 93
121.44.80.145 4
103.221.72.58 5
165.227.171.230 37
42.234.246.215 6
94.154.43.90 1
159.223.69.158 4
109.77.76.174 3
141.98.11.34 32
170.155.2.13 100
103.148.128.157 2
223.123.124.123 15
153.117.41.5 2
103.188.38.178 7
14.1.106.5 2
91.90.120.216 2
187.17.224.139 256
1.53.36.82 41
103.252.34.133 1
103.252.34.131 1
103.252.34.130 1
103.252.34.132 1
103.252.34.134 1
103.167.88.166 2
103.99.196.0 67
72.255.19.210 2
212.32.76.54 2
103.179.190.58 574
34.23.160.215 2
202.174.110.71 2159
143.110.217.244 57
167.71.81.114 59
46.101.1.225 36
64.226.65.160 59
207.154.197.113 57
157.245.36.108 87
164.92.107.174 53
203.121.106.56 104
164.92.244.132 53
139.59.132.8 34
142.93.0.66 63
167.172.232.142 64
165.227.84.14 63
157.245.113.227 64
139.59.136.184 41
143.244.168.161 58
206.189.95.232 66
104.23.225.187 8
104.23.225.21 2
104.23.225.186 4
106.255.253.74 44
103.159.251.81 2
203.159.90.218 22
134.199.224.97 2
117.177.102.79 5
164.52.0.92 316
175.107.205.211 8
89.7.182.123 2
200.255.205.162 2
157.10.7.196 4
123.14.115.105 2
34.21.37.186 2
223.123.72.219 6
96.9.148.126 2
172.71.120.7 8
172.71.120.70 14
176.195.111.62 2
152.32.206.83 24
104.23.229.13 12
104.23.229.74 40
104.23.229.12 12
91.92.240.157 6
101.36.106.89 12
162.158.170.236 6
91.92.42.120 133
188.253.214.98 2
101.115.164.151 24
46.174.127.245 2
47.245.128.96 2
34.62.67.150 2
45.91.20.242 2
103.1.210.25 163
103.174.243.203 4
47.86.1.131 1
154.13.197.65 14
204.217.209.22 10
154.13.197.64 14
188.241.126.54 10
188.241.126.53 10
188.214.199.68 10
188.241.126.52 10
188.214.199.70 10
188.214.199.67 10
188.214.199.69 8
212.237.122.203 2
103.26.86.241 9
103.98.189.69 4
108.17.61.64 65
85.11.167.203 141
158.94.210.15 561
157.85.211.112 4
101.47.8.187 507
172.68.14.25 2
103.153.3.85 18
113.25.249.100 4
31.77.145.225 3
82.102.18.180 103
45.153.34.231 266
103.98.151.140 1
36.38.56.82 26
67.199.248.11 34
67.199.248.10 38
66.78.57.59 6
66.78.27.96 4
175.119.225.92 19
172.70.135.217 2
172.70.134.118 2
35.202.89.233 2
206.189.19.19 70
45.198.224.244 1792
141.95.170.83 8
69.5.169.103 2
96.126.106.7 29
47.84.137.3 2
79.127.254.133 24
104.22.93.114 2
104.22.93.103 4
138.197.39.208 8
45.134.20.162 6
109.95.96.241 2
101.36.118.148 32
34.76.1.251 2
103.141.5.140 3
103.26.108.3 3
190.103.186.106 2
103.168.29.205 2
82.102.18.190 58
45.198.224.5 236
163.7.11.71 2
173.249.37.183 1
104.22.66.154 4
172.64.192.24 16
172.70.90.124 4
172.69.43.169 4
172.69.165.61 4
104.22.127.49 6
172.68.229.75 8
172.71.81.25 14
172.70.86.198 6
104.22.66.155 4
162.158.88.75 18
172.70.86.197 6
172.64.192.25 14
172.71.124.151 10
172.71.178.102 4
172.69.176.98 22
172.71.241.77 4
141.101.99.19 8
172.70.188.11 8
172.70.90.125 4
172.69.43.168 4
172.69.165.60 4
172.70.93.78 4
172.68.34.158 6
165.120.231.59 2
162.158.48.224 4
223.123.125.8 5
152.32.247.22 32
157.230.19.140 75
159.89.127.165 79
164.90.208.56 55
144.48.132.32 17
35.201.4.253 268
172.69.60.175 22
172.71.81.26 4
172.68.229.74 16
172.71.178.103 2
172.69.60.174 18
172.71.241.76 14
141.101.99.20 6
104.23.175.41 5
202.137.165.58 4
162.158.190.102 2
172.69.224.75 2
172.68.194.188 6
172.70.208.126 8
162.158.106.81 2
162.158.170.104 8
172.68.164.99 6
104.23.239.145 26
108.162.227.143 8
103.153.211.233 2
183.222.14.242 47
34.38.64.57 2
47.89.195.183 162
35.169.206.177 219
175.107.37.2 2
35.189.254.175 2
104.22.127.41 2
185.249.227.95 18
223.123.38.122 14
186.220.214.254 2
117.172.226.189 1
75.119.158.216 2
180.244.187.179 6
110.38.243.42 2
58.208.16.222 2
39.107.244.230 153
108.162.249.115 16
172.70.218.160 4
172.71.202.8 6
108.162.249.114 6
172.69.94.253 4
172.70.208.108 14
172.68.210.59 4
162.158.170.158 4
172.70.218.161 4
104.22.66.167 18
172.71.198.123 22
162.158.168.175 26
162.158.162.47 10
162.158.227.153 6
172.68.210.58 8
172.68.164.62 8
172.71.198.122 14
104.23.175.229 6
172.71.202.9 4
172.68.164.63 4
172.70.189.152 4
172.69.94.252 4
172.69.179.69 4
162.158.170.159 4
172.71.124.244 6
162.158.108.60 4
103.69.188.234 1
72.255.32.122 6
45.226.224.126 2
154.41.170.84 2
38.255.25.23 2
104.23.160.102 2
153.117.34.152 6
115.227.26.85 179
107.85.96.209 4
167.99.78.16 8
45.177.33.164 6
103.253.27.99 4
194.165.16.11 176
34.38.99.39 2
172.70.208.109 6
104.22.127.39 2
162.158.227.152 2
104.23.175.228 2
172.71.81.168 2
162.158.106.246 2
162.158.168.174 28
172.69.176.62 8
162.158.190.78 2
108.162.241.181 16
124.29.214.153 2
190.72.111.125 2
153.117.5.0 2
45.133.36.90 5
115.190.62.211 4
85.204.70.116 173
162.217.103.68 276
72.255.32.176 6
82.151.84.22 1
103.176.16.33 6
182.121.14.109 1
112.213.32.198 15
163.7.11.83 2
195.161.62.64 3
172.69.176.102 8
153.117.40.106 2
23.234.75.225 6
172.110.223.135 183
47.238.253.120 2
103.196.160.96 2
72.255.33.246 6
47.238.230.17 2
142.251.152.119 1
153.117.1.178 6
8.217.41.246 2
45.128.146.183 2
167.99.210.137 83
138.68.82.23 68
146.190.63.48 62
162.158.186.187 4
162.158.129.129 4
159.223.132.86 63
167.99.182.39 55
147.182.149.75 67
167.71.175.236 61
206.81.24.227 69
159.89.12.166 71
64.225.75.246 60
209.38.248.17 63
139.59.143.102 61
157.245.204.205 41
162.17.163.226 18
51.37.140.30 1
84.17.60.251 81
69.10.56.122 4
216.16.101.175 4
8.217.118.126 2
42.232.226.15 2
89.126.211.166 43
103.98.151.47 1
157.245.174.81 2
51.158.205.47 933
47.77.216.189 163
47.88.94.125 180
47.251.88.238 153
37.19.216.146 106
47.88.18.245 175
79.127.248.2 92
47.77.227.227 167
47.251.24.105 183
47.251.188.82 166
47.251.188.16 158
47.89.246.29 169
161.132.47.68 8
162.158.186.186 8
162.158.129.128 2
162.158.129.76 2
187.121.163.25 1
153.117.127.196 4
119.96.223.148 104
39.74.195.221 2
139.135.42.149 20
157.100.203.225 1
103.82.120.60 2
103.26.86.215 2
45.134.253.125 2
54.234.67.238 1
110.37.76.64 1
223.123.41.70 15
46.102.249.112 4
152.32.148.250 32
209.90.160.10 34
152.32.169.7 18
62.4.15.81 4
45.79.152.14 50
72.255.32.51 4
165.20.126.232 2
157.66.55.50 10
31.59.160.12 68
104.22.127.61 12
108.162.249.62 182
47.77.220.146 175
47.251.118.89 185
103.66.148.82 31
20.219.14.31 2
14.1.104.74 3
47.77.223.127 183
47.77.228.238 165
13.220.239.19 1
206.204.43.163 2
172.71.102.125 4
172.71.95.123 2
39.34.187.79 4
172.68.210.206 42
45.185.194.16 1
79.124.62.178 223
104.23.229.143 16
85.204.70.96 64
172.69.223.140 2
172.69.222.225 2
82.102.18.116 152
218.155.219.109 1
94.154.43.64 845
198.235.24.80 4
103.59.161.184 4
103.194.92.13 2
38.60.206.58 11
216.10.217.5 2
103.174.243.218 6
31.70.84.142 5
41.214.46.130 2
103.245.3.111 2
31.58.91.237 15
172.68.210.245 144
172.69.60.146 204
163.7.1.156 83
172.69.192.141 8
192.142.28.77 151
185.243.5.108 14
5.182.209.113 6
123.11.88.167 2
172.69.138.93 4
190.123.44.221 62
58.221.128.102 10
189.90.29.218 4
66.228.36.223 56
164.52.24.185 242
66.226.147.116 9
45.41.105.253 30
46.254.109.129 2
103.75.49.174 2
94.154.43.18 9
123.11.15.48 2
139.135.60.167 4
162.158.108.150 6
167.191.93.253 1
103.168.67.159 56
172.69.138.189 2
188.213.68.11 6
153.117.34.189 4
159.100.25.250 2
45.142.193.161 1477
117.223.141.154 10
72.255.32.225 7
162.216.150.17 2
143.244.47.83 2
109.76.225.124 2
103.80.237.196 2
185.201.88.231 2
78.142.18.40 10
31.173.67.123 4
222.212.83.51 76
223.123.124.127 13
179.1.33.34 1
45.148.10.200 317
223.123.44.123 23
122.192.61.245 6
IP Address Incidence
139.162.116.160 16139
124.198.131.185 13612
162.43.180.31 8501
45.225.135.171 8212
2001 5694
138.124.119.108 4606
124.198.131.39 4574
45.205.1.20 3415
107.161.178.152 3247
221.159.119.6 3091
172.110.223.185 2516
202.174.110.71 2159
101.132.145.132 2097
45.225.135.169 2049
13.201.129.175 1944
193.26.115.178 1844
91.224.92.177 1842
45.198.224.244 1792
103.54.101.248 1713
45.205.1.26 1636
8.8.8.8 1595
216.126.224.33 1563
8.8.4.4 1548
103.68.69.6 1525
68.183.90.120 1482
45.142.193.161 1477
125.229.204.59 1403
103.81.168.2 1401
124.198.131.22 1344
45.142.193.164 1199
193.26.115.137 1126
134.94.0.68 1103
144.48.36.141 1060
31.57.243.42 1052
172.110.223.179 1026
65.109.93.96 950
65.49.27.189 948
51.158.205.47 933
178.156.152.106 925
185.34.3.75 924
209.177.156.197 917
45.159.97.233 916
176.58.90.104 916
112.196.54.182 916
199.38.181.93 912
192.73.243.141 912
199.38.182.118 911
157.180.28.32 910
176.58.92.254 909
185.40.234.53 908
208.72.155.133 907
94.154.43.12 906
45.159.98.145 899
192.73.242.204 897
192.73.240.132 896
172.237.61.190 895
102.67.165.36 889
103.6.84.152 887
102.67.167.188 883
208.111.40.216 880
176.58.93.154 878
208.111.34.178 877
209.177.156.94 877
5.161.218.233 876
172.237.72.43 876
162.248.221.248 876
192.73.244.245 875
172.238.6.179 875
192.73.240.161 875
172.237.72.79 875
192.73.243.135 875
172.105.169.57 875
199.38.181.104 874
192.73.252.65 874
192.73.242.187 874
209.177.158.246 874
172.237.28.183 874
205.147.105.78 874
162.248.221.199 873
172.105.179.230 873
167.235.72.200 873
172.105.166.103 873
176.58.92.144 873
49.13.204.141 873
176.58.93.248 873
45.159.97.144 873
185.34.3.232 872
176.58.90.147 872
14.224.202.234 872
185.40.234.176 872
45.159.98.196 872
185.34.3.207 872
45.159.97.61 872
209.177.158.15 872
45.159.98.253 872
199.38.181.103 872
208.83.233.233 872
95.217.2.165 871
49.12.193.137 871
185.40.234.219 871
102.67.165.185 871
172.237.61.194 871
178.156.134.232 871
176.58.90.207 871
192.73.243.229 871
172.238.6.34 871
176.58.93.147 871
162.248.221.215 871
176.58.88.183 871
102.67.165.90 871
102.67.167.37 871
192.73.242.28 871
172.237.61.197 871
65.109.143.62 871
208.83.234.151 871
102.67.167.245 870
205.147.105.30 870
208.111.40.12 869
192.73.248.83 869
192.73.252.134 869
192.73.240.121 869
172.237.66.30 869
119.252.170.155 848
94.154.43.64 845
52.255.171.151 840
218.38.29.203 812
193.32.162.60 801
172.237.72.8 800
51.79.77.114 784
216.10.11.59 772
103.15.226.202 762
219.109.219.42 752
202.112.237.233 744
159.195.24.196 736
197.243.109.171 708
194.146.13.170 703
98.126.237.11 700
109.236.57.14 692
36.91.101.203 686
23.206.59.94 681
122.226.145.190 676
20.74.212.144 663
160.119.71.111 649
51.158.248.123 636
172.198.65.198 628
45.200.49.211 620
36.92.14.109 580
155.248.183.67 578
92.205.26.97 576
103.143.73.110 574
103.179.190.58 574
20.118.128.131 568
158.94.210.15 561
118.70.51.93 556
150.241.245.47 544
125.222.146.34 540
92.205.20.173 524
45.142.154.10 523
124.133.246.234 516
172.171.244.250 516
222.133.52.246 512
152.67.43.17 512
139.5.19.235 512
217.52.32.91 508
197.243.18.136 508
101.47.8.187 507
41.130.140.33 504
216.81.245.69 500
62.210.80.124 500
178.214.77.68 498
89.190.156.70 498
105.235.250.46 496
210.242.156.227 492
91.92.40.191 492
172.174.88.139 492
210.191.89.156 492
79.124.40.174 490
20.124.92.241 488
87.121.84.16 488
152.32.226.205 485
204.76.203.6 483
179.43.150.26 481
23.133.88.222 473
38.100.28.213 472
45.131.214.103 470
20.38.44.70 464
36.37.209.184 464
36.66.162.11 460
194.213.3.117 451
161.97.163.222 448
51.158.55.141 446
103.45.66.22 444
48.217.65.168 440
216.9.225.23 436
165.227.194.196 432
20.244.3.24 428
222.74.219.131 422
36.108.171.228 412
103.55.90.11 412
60.13.177.28 412
20.243.179.13 408
185.77.3.30 408
197.248.155.13 408
160.30.160.133 408
43.226.37.32 408
116.0.53.140 408
46.250.226.13 404
162.243.51.145 402
172.191.171.55 400
211.21.48.242 400
45.205.1.43 398
20.163.241.222 396
197.243.109.173 396
38.225.205.193 396
172.188.216.47 396
185.38.148.2 394
103.120.189.68 386
172.179.142.153 382
20.2.220.152 380
31.7.86.142 378
151.185.42.72 378
154.83.13.38 376
96.127.153.174 376
175.178.221.26 376
20.235.242.37 376
197.156.65.196 372
160.119.71.129 372
39.106.79.26 370
107.189.21.129 368
192.252.180.10 366
170.168.61.63 366
20.109.157.99 365
74.113.235.139 364
63.70.5.22 364
195.178.110.135 364
185.112.200.161 364
40.76.107.218 364
197.50.155.236 364
98.142.247.128 362
118.67.221.34 360
62.210.80.15 356
34.20.226.140 356
154.198.49.249 356
84.36.101.186 354
45.71.14.204 353
141.11.21.65 352
111.61.5.30 352
45.222.128.45 352
160.119.71.12 352
103.120.189.74 351
64.227.160.35 348
176.65.139.81 348
40.81.230.77 345
45.198.224.241 344
113.171.82.24 344
36.75.22.63 344
181.214.140.97 344
114.115.207.31 340
20.48.255.163 338
88.85.240.101 336
74.176.210.201 336
5.187.35.142 333
103.115.31.111 332
101.35.105.58 332
103.35.121.131 332
152.42.228.153 330
48.199.19.39 328
91.107.249.230 328
120.46.71.127 324
161.35.3.45 324
200.115.104.122 324
52.231.181.28 324
68.154.1.212 320
103.178.248.233 320
191.237.255.150 320
45.148.10.200 317
94.136.178.160 316
62.146.232.250 316
164.52.0.92 316
20.42.89.33 314
110.35.80.116 313
20.7.34.105 312
193.112.98.82 312
66.235.175.88 312
160.250.133.90 308
141.11.21.212 308
20.86.140.239 304
45.241.58.185 304
78.142.218.159 304
103.74.122.107 304
20.84.121.143 304
58.245.214.150 302
103.118.255.179 300
103.97.164.235 298
122.185.220.190 298
103.203.57.2 297
4.213.95.146 296
20.197.39.148 296
222.173.95.86 292
91.224.92.19 290
103.66.78.63 290
35.209.43.176 288
34.20.148.70 288
51.219.82.170 286
198.50.239.95 285
129.204.195.90 284
20.124.124.70 284
196.188.175.244 284
101.58.67.95 284
59.90.70.91 284
180.190.240.204 284
20.244.45.153 280
4.247.139.22 280
162.217.103.68 276
36.66.162.10 276
143.244.57.92 276
117.241.78.154 276
135.235.159.87 272
134.175.230.188 272
20.89.180.232 272
151.243.11.23 270
156.238.122.193 268
61.2.73.10 268
50.220.53.118 268
35.201.4.253 268
35.236.18.74 268
103.126.6.145 268
185.28.119.27 268
45.153.34.231 266
5.191.246.144 264
20.174.184.111 260
186.139.64.243 260
197.50.102.207 260
20.40.47.162 260
103.48.192.223 256
62.234.193.80 256
95.62.152.156 256
129.211.210.73 256
4.188.251.117 256
187.17.224.139 256
182.188.45.216 256
20.57.1.168 256
104.211.221.174 256
4.186.31.81 252
37.34.206.154 252
213.111.148.227 252
164.132.235.188 252
172.238.6.180 251
103.143.239.193 249
4.194.240.177 248
101.35.46.124 248
163.21.233.251 248
20.56.26.13 248
101.126.145.49 246
46.151.182.107 244
176.124.220.230 244
57.128.195.102 244
4.247.146.207 244
45.135.193.131 244
182.37.52.234 242
164.52.24.185 242
117.250.20.113 240
47.120.53.246 240
45.198.224.5 236
20.84.105.238 236
129.28.69.253 236
101.34.77.16 236
20.127.218.138 236
191.54.255.95 236
85.204.70.94 234
124.221.186.24 232
82.102.18.220 232
197.248.160.105 232
62.210.80.37 232
69.164.252.221 232
104.208.73.137 232
122.152.236.205 230
197.50.102.221 230
111.231.165.56 228
220.247.235.22 228
154.197.124.88 228
103.63.233.155 228
195.154.103.239 228
103.3.164.243 227
62.60.153.219 226
101.36.104.242 225
204.76.203.215 225
78.128.114.126 224
114.134.186.93 224
95.247.135.250 224
149.88.76.188 224
124.220.41.252 224
103.143.207.31 224
79.124.62.178 223
124.222.13.103 220
112.213.123.35 220
81.70.47.93 220
103.40.61.98 220
4.232.138.159 220
52.160.34.85 220
35.169.206.177 219
176.65.148.70 218
172.210.66.4 216
45.194.20.244 216
59.12.220.98 216
39.106.172.206 216
160.119.76.47 216
20.106.177.223 216
42.51.42.17 216
45.141.224.213 216
222.93.106.117 216
154.211.22.211 216
143.14.178.62 212
103.87.29.196 212
172.206.226.76 212
46.38.233.51 212
187.49.17.98 212
117.40.212.10 210
103.250.172.185 208
4.213.72.79 208
59.90.9.73 208
4.213.208.86 208
119.28.191.160 208
34.197.70.90 206
160.119.76.85 206
85.239.151.41 205
172.69.60.146 204
18.133.237.224 204
209.99.188.76 204
40.65.222.177 204
43.161.237.192 204
103.231.248.180 204
188.212.158.71 204
4.221.171.61 200
160.30.137.70 200
111.231.226.6 200
36.83.27.178 200
39.109.126.224 200
20.169.219.57 200
182.50.5.205 200
193.226.10.62 196
47.119.123.3 196
47.92.201.46 196
118.196.23.199 196
187.217.36.136 196
82.102.18.182 195
101.126.23.177 194
45.142.193.53 192
149.88.92.81 192
80.94.95.242 192
34.10.58.237 192
49.212.217.115 192
163.245.199.187 192
135.181.243.156 192
94.136.191.1 192
74.235.162.56 192
45.91.94.16 192
211.250.192.111 192
100.49.117.77 190
193.32.162.104 190
45.198.224.13 189
104.42.134.250 188
94.26.106.80 188
20.82.93.169 188
103.214.143.53 188
221.214.104.46 188
54.46.62.55 188
147.161.35.151 188
68.210.186.126 188
102.69.167.14 187
47.251.118.89 185
135.237.99.224 185
31.132.90.3 184
100.50.17.159 184
43.228.157.121 184
20.57.179.191 184
220.161.140.129 184
172.110.223.135 183
146.70.194.236 183
47.77.223.127 183
47.251.24.105 183
81.29.142.50 182
143.14.179.230 182
206.189.146.42 182
108.162.249.62 182
103.123.226.138 182
3.131.24.55 181
84.200.16.101 180
47.88.94.125 180
180.184.30.254 180
196.218.23.60 180
156.236.110.181 180
115.227.26.85 179
85.204.70.88 179
47.251.90.48 178
172.69.60.147 178
146.70.194.222 177
101.42.24.83 176
101.43.76.161 176
80.238.235.241 176

 

Back to top

Top threats types

Below is a list of the top 200 threat types observed across the network.

Description Incidence
ET INFO Session Traversal Utilities for NAT (STUN Binding Response) 74238
ET USER_AGENTS WinRM User Agent Detected - Possible Lateral Movement 55869
ET INFO WinRM wsman Access - Possible Lateral Movement 55567
ET SCAN LeakIX Inbound User-Agent 26333
SURICATA TCP header length too small 20694
ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182) 20064
ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML 19081
ET HUNTING Javascript Prototype Pollution Attempt via __proto__ in HTTP Body 18312
SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt 17892
ET WEB_SERVER WEB-PHP phpinfo access 13906
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 11595
ET WEB_SERVER WebShell Generic - wget http - POST 10168
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response 9584
ET HUNTING Suspicious Chmod Usage in URI (Inbound) 8112
ET INFO External Oracle T3 Requests Inbound 7999
ET INFO Netlink GPON Login Attempt (GET) 7686
ET INFO SSH-2.0-Go version string Observed in Network Traffic 7401
ET HUNTING Javascript Sandbox Escape via Global Object (process) 6852
ET INFO Python aiohttp User-Agent Observed Inbound 6422
SURICATA HTTP Host header invalid 6013
ET SCAN Rapid POP3S Connections - Possible Brute Force Attack 5527
ET EXPLOIT MVPower DVR Shell UCE 5497
ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016) 5463
ET SCAN JAWS Webserver Unauthenticated Shell Command Execution 5234
SERVER-WEBAPP React Server Components remote code execution attempt 5175
ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) 5057
ET HUNTING Request for Webshell in .well-known directory 4974
ET VOIP INVITE Message Flood UDP 4892
ET VOIP Possible Inbound VOIP Scan/Misuse With User-Agent Zoiper 4720
ET WEB_SPECIFIC_APPS WordPress Plugin Gravity SMTP Unauthenticated REST API (CVE-2026-4020) 4440
ET SCAN Mirai Variant User-Agent (Inbound) 4278
SURICATA HTTP URI terminated by non-compliant character 4241
ET INFO Request for Visual Studio Code sftp.json - Possible Information Leak 4189
ET EXPLOIT D-Link DSL-2750B - OS Command Injection 4173
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017) 4173
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt 3756
ET VOIP Modified Sipvicious Asterisk PBX User-Agent 3729
ET INFO Apache Solr System Information Request 3635
SURICATA IKE invalid proposal 3393
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173) 3350
SURICATA TCP invalid option length 3308
ET SCAN SFTP/FTP Password Exposure via sftp-config.json 3210
ET EXPLOIT GraphQL Introspection Query Attempt 3139
SERVER-WEBAPP TP-Link Archer Router command injection attempt 3115
ET WEB_SERVER PHP tags in HTTP POST 3040
ET INFO Google DNS Over HTTPS Certificate Inbound 3039
ET EXPLOIT HackingTrio UA (Hello, World) 2981
ET INFO Spring Boot Actuator Health Check Request 2941
ET WEB_SERVER WGET Command Specifying Output in HTTP Headers 2889
ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution 2880
ET SCAN Laravel Debug Mode Information Disclosure Probe Inbound 2761
ET EXPLOIT Netgear DGN Remote Command Execution 2733
ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine) 2610
SURICATA Applayer No TLS after STARTTLS 2400
SURICATA Applayer Unexpected protocol 2400
SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt 2350
ET DNS Query to a *.top domain - Likely Hostile 2313
SERVER-WEBAPP PHPUnit PHP remote code execution attempt 2128
SURICATA HTTP METHOD terminated by non-compliant character 2108
SURICATA HTTP request field missing colon 1879
ET WEB_SERVER .bash_history Detected in URI 1713
ET SCAN Suspicious User-Agent Containing Security Scan/ner Likely Scan 1704
SURICATA ICMPv4 invalid checksum 1657
ET WEB_SERVER /etc/passwd Detected in URI 1612
ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394) 1609
ET SCAN Potential SSH Scan OUTBOUND 1546
ET WEB_SERVER Wordpress Login Bruteforcing Detected 1537
SURICATA SMB malformed request dialects 1497
SURICATA FRAG IPv4 Fragmentation overlap 1480
ET INFO Observed DNS Query to .nexus TLD 1456
ET INFO Observed DNS Query to .fit TLD 1338
SURICATA HTTP invalid request field folding 1236
ET SCAN NMAP OS Detection Probe 1235
ET SCAN NETWORK Incoming Masscan detected 1173
ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack 1130
SURICATA SMTP duplicate fields 1113
ET INFO ChatGPT-User Traffic Detected Inbound M1 1065
ET INFO ChatGPT-User Traffic Detected Inbound M2 1061
SURICATA QUIC error on data 1045
ET WEB_SPECIFIC_APPS Wordpress LiteSpeed Cache Plugin debug.log Access Attempt (CVE-2024-44000) 1012
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection 992
ET WEB_SPECIFIC_APPS Apache ActiveMQ 6.x Default Unauthenticated API Access (CVE-2024-32114) M1 974
SURICATA STREAM ESTABLISHED packet out of window 864
SURICATA DHCP truncated options 835
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body 772
ET SCAN NMAP SIP Version Detection Script Activity 742
ET INFO Infrastructure as a Service Domain in DNS Lookup (railway .app) 712
ET WEB_SERVER auto_prepend_file PHP config option in uri 695
ET SCAN RDP Connection Attempt from Nmap 686
ET WEB_SERVER allow_url_include PHP config option in uri 685
ET WEB_SERVER Generic PHP Remote File Include 667
ET WEB_SERVER PHP.//Input in HTTP POST 667
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) 653
ET WEB_SPECIFIC_APPS Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials 634
ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability 612
SERVER-WEBAPP PHP PHP-CGI command execution attempt 593
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound) 568
ET INFO POSSIBLE Web Crawl using Curl 559
ET HUNTING Observed Query to .beauty TLD 552
ET WEB_SERVER Fake Googlebot UA 2 Inbound 550
ET EXPLOIT Zyxel ZyWALL/USG OS Command Injection (CVE-2023-28771) 518
ET SCAN Exabot Webcrawler User Agent 513
ET INFO Observed DNS Query to .cfd TLD 496
ET SCAN Web Scanner - Fuzz Faster U Fool (Inbound) 468
ET WEB_SERVER Likely Malicious Request for /proc/self/environ 429
ET USER_AGENTS Suspcious LeakIX User-Agent (l9explore) 421
ET HUNTING Suspicious PHP Code in HTTP POST (Outbound) 405
ET WEB_SPECIFIC_APPS Vite Arbitrary File Read Via raw parameter (CVE-2025-30208) 396
ET Threatview.io High Confidence Cobalt Strike C2 IP group 3 371
ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228) 369
ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228) 369
ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) 365
ET DOS Potential CLDAP Amplification Reflection 361
ET WEB_SERVER ThinkPHP RCE Exploitation Attempt 351
SURICATA HTTP request buffer too long 311
SURICATA DNS Invalid opcode 307
ET SCAN NMAP SIP Version Detect OPTIONS Scan 283
SURICATA UDP packet too small 278
ET INFO Inbound Frequent Emails - Possible Spambot Inbound 273
SERVER-WEBAPP Langflow code validator remote code execution attempt 272
SURICATA TCP option invalid length 269
ET SCAN Yandex Webcrawler User-Agent (YandexBot) 262
SURICATA HTTP request header invalid 261
ET EXPLOIT LB-Link Command Injection Attempt (CVE-2023-26801) 238
ET INFO Discord Chat Service Domain in DNS Lookup (gateway .discord .gg) 238
SURICATA SMTP invalid pipelined sequence 230
ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721) 230
ET WEB_SERVER Possible D-Link Router HNAP Protocol Security Bypass Attempt 212
ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-114 212
ET EXPLOIT Linksys E-Series Device RCE Attempt 207
ET INFO Peach C++ Library User Agent Inbound 203
ET VOIP REGISTER Message Flood UDP 202
MALWARE-BACKDOOR Aspx.Webshell.Agent inbound request for known webshell path attempt 201
ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt 200
SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt 194
ET DNS Query to a *.pw domain - Likely Hostile 190
SERVER-WEBAPP WordPress get_post authentication bypass attempt 187
ET WEB_SPECIFIC_APPS Qwik Unauthenticated RCE via server$ Deserialization (CVE-2026-27971) 176
ET WEB_SERVER Inbound PHP User-Agent 172
ET INFO DNS Query for Suspicious .icu Domain 172
SURICATA HTTP Host header ambiguous 170
ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1 164
ET EXPLOIT Cisco ASA and Firepower Path Traversal Vulnerability M2 (CVE-2020-3452) 163
ET EXPLOIT Cisco ASA/Firepower Unauthenticated File Read (CVE-2020-3452) M3 163
ET EXPLOIT Cisco ASA/Firepower Unauthenticated File Read (CVE-2020-3452) M2 163
ET SCAN DuckDuckGo Webcrawler User-Agent (DuckDuckBot) 162
ET SCAN Amap UDP Service Scan Detected 159
ET SCAN External Host Probing for ChromeCast Devices 158
ET INFO F5 BIG-IP - Command Execution via util/bash 156
ET INFO MS Remote Desktop Service User Login Request 156
ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Attempt (CVE-2022-1388) M3 154
ET HUNTING Suspicious Netlify Hosted DNS Request - Possible Phishing Landing 154
ET INFO SOCKSv4 HTTP Proxy Inbound Request (Linux Source) 153
ET INFO Proxy TRACE Request - inbound 142
SURICATA TLS handshake invalid length 141
SERVER-WEBAPP Vite Vitejs arbitrary file read attempt 136
ET SCAN Suspicious User-Agent Containing Web Scan/er Likely Web Scanner 130
ET INFO PHP Xdebug Extension Query Parameter (XDEBUG_SESSION_START) 129
SURICATA HTTP Host part of URI is invalid 127
ET EXPLOIT Possible Vacron NVR Remote Command Execution 126
ET WEB_SERVER /etc/shadow Detected in URI 126
SURICATA SMTP invalid reply 119
ET WEB_SERVER JBoss jmx-console Probe 116
ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt 116
ET INFO Java Url Lib User Agent Web Crawl (Inbound) 116
SERVER-OTHER Apache Log4j logging remote code execution attempt 115
SURICATA DNS Z flag set 112
SERVER-APACHE Apache Struts remote code execution attempt 110
ET WORM TheMoon.linksys.router 2 107
SURICATA TLS invalid record version 106
ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3 103
ET INFO DNS Query for Suspicious .ga Domain 102
SURICATA STREAM 3way handshake SYN/ACK ignored TFO data 102
SERVER-WEBAPP JBoss JMX console access attempt 102
ET INFO Anonymous Domain Registrar CnC Domain in DNS Lookup (*. njalla .net) 100
SURICATA HTTP status 100-Continue already seen 96
ET WEB_SERVER Possible SQL Injection UNION SELECT in HTTP Request Body 96
ET MALWARE MS Remote Desktop micros User Login Request 96
ET WEB_SERVER PHP System Command in HTTP POST 95
ET WEB_SPECIFIC_APPS Langflow AI Unauthenticated Remote Code Execution via Code Validation Endpoint (CVE-2025-3248) 92
ET WEB_SERVER SQL Injection Select Sleep Time Delay 91
ET EXPLOIT Cisco IOS XE Web Server Possible Authentication Bypass Attempt (CVE-2023-20198) (Inbound) 91
ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI 91
ET INFO DNS Query to Online Application Hosting Domain (onrender .com) 86
ET WEB_SERVER Next.js Middleware Authorization Bypass (CVE-2025-29927) 82
ET INFO Ask Webcrawler User-Agent 82
PROTOCOL-DNS Malformed DNS query with HTTP content 80
ET WEB_SERVER Possible XXE SYSTEM ENTITY in POST BODY. 79
ET HUNTING XML External Entity Injection Inbound M1 79
SERVER-WEBAPP Pulse Secure SSL VPN version check attempt 76
SURICATA ICMPv4 unknown code 75
SURICATA IKE unknown proposal 72
ET Threatview.io High Confidence Cobalt Strike C2 IP group 19 72
ET INFO Referrer-Policy set to unsafe-url 72
INDICATOR-SCAN DNS version.bind string information disclosure attempt 72
SURICATA HTTP gzip decompression failed 70
ET EXPLOIT Fortigate VPN - Request to /remote/info - Possible CVE-2023-27997 Exploit Attempt 69
ET INFO Abused Hosting Domain in DNS Lookup (azurewebsites .net) 68
ET WEB_SERVER ColdFusion componentutils access 66
POLICY-OTHER Adobe ColdFusion component browser access attempt 66

 

Back to top