SCARD

Last updated Sat, 30 May 2026 20:05:00 (Australia/Brisbane)

View activity by IP
View activity by Type

List of suspicious activity by IP addresses

Below is a list of the top 500 IP addresses with suspicious activity observed by SCARD. Click on an IP address below for more information about its activity.

Note: Due to the overwhelming number of common scan types, this list omits typical scan types in favour of less-seen threat types.

IPs by timestamp

- or -

IPs by incident count

IP Address	Incidence
172.70.206.135	2
10.4.11.247	25
8.8.4.4	695
143.105.136.67	21
220.202.77.111	2
101.251.219.4	52
119.118.236.154	2
124.198.131.39	4
139.135.41.164	6
107.161.178.152	2933
84.17.43.213	8
157.15.40.62	158
152.32.206.83	14
194.163.157.206	52
112.185.72.150	157
150.228.169.11	6
167.88.166.2	2
162.43.180.31	4916
66.132.172.254	4
172.69.224.88	6
172.69.43.212	6
172.69.224.89	12
172.71.178.58	6
141.101.99.217	6
172.69.43.213	8
172.68.186.49	8
141.101.99.218	6
172.70.91.77	2
172.68.229.149	8
172.71.241.27	4
162.158.216.89	2
172.70.162.7	6
172.64.192.89	8
185.38.148.2	286
143.244.168.161	33
164.92.244.132	17
206.81.24.227	37
117.255.40.112	4
141.101.68.129	2
72.255.19.166	8
91.106.44.134	6
99.52.97.105	8
89.190.156.70	339
47.88.94.125	84
198.44.137.54	16
47.251.188.16	86
47.77.227.227	89
47.251.90.48	95
47.89.246.29	88
101.36.123.67	28
178.128.189.115	8
121.127.42.69	14
202.141.103.110	6
47.251.79.205	105
45.33.94.246	10
66.132.224.26	2
8.8.8.8	760
104.23.172.96	10
108.162.249.106	8
104.23.172.97	10
167.88.167.50	2
89.185.81.112	37
139.135.41.8	3
186.224.19.119	15
150.228.197.155	6
147.93.147.250	19
202.56.2.125	24
170.245.24.190	12
144.48.36.141	653
162.158.155.142	4
172.71.203.85	10
162.158.155.141	4
172.70.110.35	14
104.23.187.8	12
172.71.203.84	6
162.158.63.237	8
104.23.190.207	8
172.70.110.34	4
104.23.190.206	8
178.214.77.68	418
131.0.235.131	10
193.163.125.143	2
87.236.176.211	1
146.70.194.228	90
165.154.206.250	18
167.99.101.91	6
202.174.110.71	1379
103.176.16.185	2
95.215.108.177	35
103.24.110.153	4
50.116.33.209	4
200.117.108.67	8
169.239.182.214	73
104.23.187.9	10
162.158.158.20	6
172.70.230.5	10
144.48.132.151	2
168.232.24.153	9
217.216.92.40	4
194.163.173.74	30
187.17.224.139	42
202.174.110.70	17
131.222.251.54	2
65.49.27.189	669
172.70.46.179	2
104.23.166.130	10
37.19.197.137	73
62.60.130.128	21
199.45.154.116	2
213.199.43.136	7
189.51.43.54	22
192.252.178.239	16
162.216.150.202	2
185.169.4.191	2
185.169.4.210	6
151.185.42.72	236
51.159.234.118	14
195.211.71.45	2
45.142.193.161	917
152.237.6.145	6
164.52.0.92	174
181.191.61.9	6
119.152.229.46	6
147.185.133.167	3
45.33.5.69	6
51.158.205.47	593
103.199.123.223	1
34.144.180.244	3
167.99.226.145	4
103.73.101.168	4
91.92.42.86	32
165.154.206.139	28
34.131.98.231	6
45.142.193.169	56
143.244.57.123	81
172.70.47.92	2
206.168.201.233	1
201.139.187.226	6
45.142.193.164	665
205.185.118.142	24
118.44.144.198	2
143.137.214.103	6
172.68.151.83	4
172.68.151.82	4
172.68.151.43	6
34.14.23.154	2
179.9.187.31	6
103.18.14.0	1
172.70.47.149	6
104.23.166.57	2
5.135.71.236	36
35.220.184.9	8
34.6.195.57	8
34.96.196.231	10
35.243.176.25	2
35.205.112.78	2
60.246.15.25	8
103.176.16.231	1
181.189.91.60	6
34.96.192.170	18
117.205.169.106	2
186.227.216.145	6
103.98.38.53	1
79.124.62.178	126
34.32.217.211	10
34.131.239.19	2
34.139.208.71	6
186.224.19.217	12
34.93.214.118	4
79.127.169.85	2
173.255.212.137	22
198.74.56.46	10
34.13.43.185	4
8.230.123.198	10
34.52.150.162	2
118.130.168.66	12
69.164.217.245	6
50.116.26.161	6
34.148.89.66	8
152.32.226.205	344
38.210.202.123	18
38.210.202.112	2
35.241.81.197	6
138.124.73.150	1
199.45.155.79	3
199.45.154.190	9
43.252.159.101	1
54.36.18.72	35
34.174.51.148	2
45.79.205.116	4
190.244.181.173	8
59.97.250.70	2
34.26.42.171	10
60.23.238.239	1
35.196.146.150	4
107.167.187.27	8
129.224.206.20	6
62.238.44.99	4
143.244.57.118	39
35.236.228.112	4
147.185.133.240	2
103.126.87.206	25
34.32.106.71	2
195.96.139.75	1
45.182.61.63	6
206.189.209.165	12
34.7.51.40	8
34.174.199.165	4
8.230.112.40	8
94.103.2.175	1
182.119.228.49	2
34.32.184.254	6
165.22.181.105	4
104.196.19.131	6
34.181.200.95	8
103.172.24.107	6
186.192.62.89	2
213.170.135.11	8
34.174.246.223	6
34.50.74.241	6
34.7.8.107	2
34.124.180.50	4
34.39.147.24	16
87.121.84.167	30
167.71.81.114	30
159.89.174.87	32
34.76.6.126	6
34.93.115.114	5
45.41.104.181	6
189.121.203.227	6
103.188.38.178	3
66.228.34.203	35
45.238.254.40	12
117.253.65.223	2
34.40.254.196	6
152.42.224.150	6
102.33.182.202	14
223.247.215.184	16
91.92.42.182	22
45.187.198.91	8
34.88.200.177	8
45.142.193.53	97
212.105.153.145	39
103.154.119.178	2
34.88.255.19	14
193.163.125.230	2
35.189.18.166	2
36.38.56.82	10
200.23.126.41	2
34.151.166.153	3
34.93.151.235	3
161.35.17.235	2
34.96.161.128	6
42.235.94.214	6
201.75.241.71	2
193.188.123.38	6
34.39.118.79	8
34.175.194.29	2
82.102.18.188	33
207.175.87.148	2
34.101.217.170	2
121.101.133.135	4
45.224.29.174	6
66.132.224.28	5
182.114.194.234	1
35.228.52.48	14
170.239.36.173	4
179.0.182.61	6
35.240.33.137	12
153.67.181.228	2
34.88.154.61	12
118.145.104.37	4
2001	3434
34.125.140.94	6
200.23.126.87	1
45.230.66.100	52
8.230.117.9	4
34.174.107.91	8
5.46.247.17	2
34.19.229.127	6
8.230.102.231	6
66.228.42.204	22
34.107.2.38	6
34.116.126.127	10
103.213.112.252	2
191.32.134.25	2
139.135.45.10	4
180.244.187.73	4
34.95.168.181	12
162.216.149.140	2
66.132.224.235	8
172.110.223.147	40
8.231.69.88	4
190.183.248.133	6
34.21.240.60	4
143.244.57.92	113
177.72.76.76	6
35.201.14.109	2
3.142.170.60	60
45.164.146.28	6
167.88.164.186	2
66.132.224.224	5
96.127.153.174	376
191.35.61.58	6
34.16.144.102	12
201.34.235.156	2
104.23.190.78	2
162.216.149.178	1
45.230.66.98	75
34.34.17.23	4
223.85.251.55	2
66.228.36.223	24
119.73.7.232	6
34.151.90.219	3
172.64.217.218	2
35.198.33.29	13
75.246.198.119	15
186.208.86.220	6
34.116.106.51	3
34.142.37.252	2
5.61.209.224	24
35.228.127.123	6
34.139.85.241	2
143.105.129.244	2
34.151.234.36	10
34.21.241.126	6
193.163.125.96	3
34.92.26.38	10
185.182.9.186	4
35.228.127.38	2
172.69.109.68	4
35.194.138.125	6
172.71.160.22	2
172.2.5.212	102
8.228.37.106	10
34.83.56.28	6
34.174.38.95	10
34.177.83.141	8
199.45.154.114	5
199.45.154.185	7
123.129.132.110	6
35.246.40.59	6
185.243.5.47	4
66.9.161.150	6
34.96.172.15	8
162.158.179.218	6
172.71.215.166	2
35.198.46.173	4
129.224.207.114	3
34.87.217.52	4
222.137.117.175	6
222.139.83.95	1
177.241.35.242	6
185.162.250.72	5
41.141.48.162	3
35.246.100.142	8
181.233.41.144	6
66.132.224.230	3
223.149.252.16	4
148.227.69.84	6
34.39.88.213	10
34.174.118.160	6
129.222.187.39	12
34.125.44.97	8
104.157.40.219	4
105.113.117.177	2
34.147.206.89	6
35.197.183.184	2
5.187.35.142	167
38.158.200.208	6
144.31.187.131	6
129.224.207.195	2
82.102.18.124	53
47.105.80.59	2
45.148.10.200	8
103.213.112.156	10
103.221.72.58	3
104.152.52.129	4
136.110.52.196	6
34.177.118.73	10
201.172.174.29	1
221.159.119.6	1769
184.50.26.141	9
223.123.73.177	6
35.240.180.102	2
167.250.37.2	8
38.97.137.28	2
157.66.56.90	2
110.36.77.17	4
35.229.251.224	8
147.45.50.171	12
34.39.48.55	6
66.9.161.131	6
34.118.9.225	2
143.105.33.194	6
118.193.59.4	20
89.58.31.64	16
34.87.209.116	8
34.156.234.40	8
34.12.110.200	8
23.55.168.86	15
23.47.148.90	1
98.97.79.230	2
35.174.172.157	1
120.48.32.130	45
82.86.108.115	12
147.45.50.108	18
45.230.66.124	54
34.19.16.141	16
34.7.171.223	6
200.15.17.213	6
34.21.140.30	4
152.32.208.169	14
34.88.110.123	3
35.236.146.89	4
23.223.246.145	15
34.50.71.228	6
34.168.252.187	8
34.176.252.5	10
138.199.21.246	2
45.149.243.220	1
31.207.91.230	2
185.194.178.81	4
185.194.178.83	2
79.124.40.174	385
124.122.134.254	1
23.200.32.84	16
167.250.37.0	6
45.186.15.39	3
45.142.154.10	329
23.211.233.242	9
203.175.103.93	6
185.80.128.73	6
190.137.25.144	2
141.101.76.38	4
216.234.211.62	8
165.22.248.57	2
148.222.222.44	3
103.216.198.182	2
102.129.81.143	2
184.85.215.133	15
38.50.15.65	2
98.97.134.88	2
142.93.143.8	26
139.59.132.8	16
185.247.137.225	2
195.96.139.86	1
119.236.153.30	6
118.193.64.235	22
119.73.8.195	2
47.253.129.228	2
150.228.177.212	11
165.154.36.105	12
206.135.161.240	10
203.2.112.33	2
193.122.125.184	26
143.198.95.93	2
167.172.158.128	31
165.22.34.189	17
138.68.82.23	32
164.92.107.174	20
64.23.218.208	30
142.93.129.190	44
164.90.228.79	16
146.190.63.248	39
206.189.19.19	44
170.247.78.191	9
49.156.196.26	6
59.103.119.212	2
14.1.105.60	6
91.92.243.134	6
172.71.241.37	1
172.70.91.132	1
172.71.241.100	1
188.161.88.80	6
114.10.45.88	6
47.253.157.29	2
87.232.125.78	3
216.234.223.227	6
172.69.7.15	4
164.163.40.16	12
23.55.237.232	15
190.229.150.129	3
210.191.89.156	308
83.217.209.195	68
114.240.13.82	1
172.71.164.129	8
87.241.157.201	6
196.188.228.83	3
190.8.166.119	6
69.255.3.174	72
129.224.206.142	6
195.96.139.82	1
186.168.102.166	2
74.244.85.136	2
72.255.19.244	8
61.216.49.121	4
41.254.89.93	6
34.105.243.231	2
186.124.92.10	2

IP Address	Incidence
124.198.131.185	13612
162.43.180.31	4916
2001	3434
45.205.1.20	3415
107.161.178.152	2933
193.26.115.178	1844
91.224.92.177	1842
221.159.119.6	1769
45.205.1.26	1636
103.68.69.6	1525
125.229.204.59	1403
202.174.110.71	1379
124.198.131.22	1344
101.132.145.132	1107
134.94.0.68	1103
31.57.243.42	1052
65.109.93.96	950
45.142.193.161	917
103.15.226.202	762
8.8.8.8	760
194.146.13.170	703
8.8.4.4	695
65.49.27.189	669
45.142.193.164	665
20.74.212.144	663
144.48.36.141	653
51.158.205.47	593
155.248.183.67	578
92.205.26.97	575
152.67.43.17	512
216.81.245.69	500
87.121.84.16	488
204.76.203.6	483
179.43.150.26	481
23.133.88.222	473
45.131.214.103	470
36.37.209.184	464
194.213.3.117	451
161.97.163.222	448
68.183.90.120	447
51.158.55.141	446
216.9.225.23	436
178.214.77.68	418
162.243.51.145	402
45.205.1.43	398
79.124.40.174	385
103.120.189.68	383
96.127.153.174	376
170.168.61.63	366
98.142.247.128	362
195.178.110.135	358
160.119.71.12	352
103.120.189.74	351
176.65.139.81	348
152.32.226.205	344
89.190.156.70	339
45.142.154.10	329
210.191.89.156	308
185.38.148.2	286
101.47.8.187	271
151.243.11.23	270
46.151.182.107	244
45.135.193.131	244
176.124.220.230	244
151.185.42.72	236
62.60.153.219	226
204.76.203.215	225
78.128.114.126	224
103.40.61.98	220
176.65.148.70	218
143.14.178.62	212
178.156.152.106	211
103.203.57.2	211
208.111.40.216	210
209.177.156.197	210
209.177.156.94	209
45.159.97.233	208
208.72.155.133	208
192.73.243.141	208
103.6.84.152	208
176.58.93.154	208
172.237.72.43	208
208.111.34.178	208
199.38.182.118	208
192.73.240.161	207
192.73.252.65	207
176.58.90.104	207
45.159.98.145	207
172.105.169.57	207
172.237.72.79	207
157.180.28.32	207
192.73.243.135	207
192.73.244.245	207
172.237.61.190	207
162.248.221.248	207
192.73.242.204	206
199.38.181.93	206
192.73.240.132	206
172.237.28.183	206
185.34.3.75	206
199.38.181.104	206
167.235.72.200	206
209.177.158.246	206
172.238.6.179	206
102.67.165.36	206
205.147.105.78	206
176.58.93.248	205
172.105.166.103	205
172.105.179.230	205
5.161.218.233	205
209.177.158.15	205
176.58.90.147	205
199.38.181.103	205
45.159.97.144	205
176.58.92.144	205
45.159.97.61	205
45.159.98.196	205
49.13.204.141	205
185.34.3.207	205
185.40.234.176	205
45.159.98.253	205
192.73.242.187	205
162.248.221.199	205
185.40.234.53	205
185.34.3.232	204
178.156.134.232	204
172.237.61.197	204
185.40.234.219	204
162.248.221.215	204
192.73.243.229	204
95.217.2.165	204
65.109.143.62	204
208.83.233.233	204
208.83.234.151	204
176.58.93.147	204
176.58.92.254	204
172.237.61.194	204
49.12.193.137	204
176.58.90.207	204
102.67.165.185	204
102.67.165.90	204
102.67.167.188	204
102.67.167.37	204
192.73.242.28	204
176.58.88.183	204
172.238.6.34	203
102.67.167.245	203
205.147.105.30	203
192.73.252.134	202
172.237.66.30	202
192.73.240.121	202
192.73.248.83	202
208.111.40.12	202
193.32.162.104	190
102.69.167.14	187
110.35.80.116	185
220.161.140.129	184
43.228.157.121	184
206.189.146.42	182
81.29.142.50	182
143.14.179.230	182
172.237.72.8	182
135.237.99.224	181
164.52.24.185	180
37.228.108.150	176
185.242.3.66	176
164.52.0.92	174
152.32.132.28	173
40.81.230.77	171
82.102.18.220	170
174.138.59.150	170
165.22.124.37	168
5.187.35.142	167
198.143.149.250	166
118.69.130.66	166
92.249.61.156	164
34.197.70.90	164
64.181.165.33	164
103.118.156.2	161
157.15.40.62	158
176.124.220.231	158
112.185.72.150	157
172.212.217.10	155
101.36.104.242	146
130.61.73.99	145
20.220.233.65	145
103.123.226.138	142
95.85.232.75	135
45.84.107.189	134
35.201.4.253	134
85.204.70.94	134
45.143.94.221	132
103.253.27.67	130
176.65.148.92	130
100.49.117.77	129
172.69.60.146	126
24.182.9.70	126
79.124.62.178	126
45.131.111.193	125
31.25.239.43	125
34.228.104.231	125
94.26.88.31	124
103.85.72.144	122
176.65.139.34	121
154.117.199.5	121
108.162.249.62	120
38.7.200.204	119
149.50.97.236	119
176.97.210.117	118
176.65.139.60	117
185.242.3.64	117
90.151.171.108	115
143.244.57.92	113
84.247.145.61	111
120.241.79.66	111
174.85.76.128	108
62.60.226.79	108
66.56.195.166	107
82.102.18.182	105
47.251.79.205	105
77.83.240.70	105
98.115.32.221	104
84.229.171.180	104
78.40.209.147	104
86.54.25.100	103
204.76.203.73	103
77.90.185.65	102
47.236.233.226	102
44.195.19.136	102
172.69.60.147	102
47.254.76.66	102
103.65.237.233	102
172.2.5.212	102
71.239.37.238	101
176.32.32.162	101
73.141.237.65	100
185.177.72.61	100
154.16.49.28	100
47.77.223.127	100
119.160.215.50	100
108.162.249.63	100
108.54.90.54	99
70.119.0.79	97
82.102.18.222	97
45.142.193.53	97
146.70.194.222	97
54.162.147.196	96
202.3.109.114	96
47.251.186.126	95
172.110.223.135	95
47.251.90.48	95
35.169.206.177	94
54.159.102.244	94
47.251.24.105	93
47.251.89.134	92
139.59.224.14	92
91.224.92.35	92
47.89.195.183	92
95.214.55.226	92
47.251.118.89	92
103.106.66.77	92
146.70.194.228	90
105.247.145.135	90
82.102.18.116	90
47.77.220.146	89
104.28.163.29	89
64.89.163.241	89
3.131.24.55	89
47.77.227.227	89
47.77.228.238	89
47.89.246.29	88
85.204.70.90	88
35.216.156.249	88
176.65.139.154	88
176.65.149.223	87
23.252.61.36	87
112.28.209.102	87
47.251.188.82	86
91.224.92.99	86
104.187.62.77	86
47.251.188.16	86
103.1.210.25	86
172.238.6.180	85
34.100.135.49	85
47.88.94.125	84
100.50.17.159	83
98.255.24.4	82
172.68.210.244	82
146.70.194.236	82
103.168.67.107	82
143.244.57.123	81
209.173.247.210	80
163.5.214.40	79
47.88.18.245	79
104.22.17.211	78
163.7.1.156	78
47.77.216.189	77
222.89.169.98	77
168.144.37.240	76
102.129.255.33	76
146.70.194.238	76
139.84.217.147	76
89.22.231.66	76
101.34.215.105	75
165.227.148.131	75
118.70.178.158	75
45.230.66.98	75
101.35.156.50	74
85.204.70.118	74
47.251.88.238	73
37.19.197.137	73
169.239.182.214	73
125.165.62.124	72
69.255.3.174	72
130.78.219.66	72
3.83.245.221	72
139.87.113.170	72
157.230.20.55	72
80.66.83.75	72
137.184.20.87	70
143.244.57.121	70
146.70.194.230	69
179.60.56.43	69
208.84.100.117	69
143.244.57.90	69
47.238.236.74	68
153.75.247.232	68
194.233.87.234	68
178.85.223.80	68
83.217.209.195	68
172.68.210.245	68
202.174.110.72	68
46.250.239.138	67
40.88.21.235	67
143.244.57.86	67
172.110.223.143	67
190.104.254.91	66
176.65.139.59	66
143.244.57.84	66
14.205.104.200	65
178.156.152.91	64
101.251.219.13	64
151.202.39.46	64
18.190.15.50	64
176.65.139.165	64
181.214.99.10	63
177.136.229.35	63
107.155.48.46	63
102.70.86.105	63
165.154.20.228	63
85.204.70.88	63
100.28.153.226	62
80.94.95.169	62
16.163.143.141	62
173.197.14.231	62
170.64.180.74	62
108.181.6.46	62
209.141.51.21	62
169.239.180.228	62
43.143.90.74	61
140.245.114.136	61
170.238.161.251	61
103.97.215.11	61
179.6.101.90	61
74.249.173.207	60
45.144.212.97	60
104.22.17.210	60
45.230.66.114	60
52.20.198.190	60
8.141.19.33	60
3.142.170.60	60
73.3.187.248	59
45.80.230.90	59
76.114.170.107	59
140.245.121.218	59
24.6.228.124	59
4.201.75.230	58
104.248.23.98	57
94.26.106.206	57
156.245.207.80	57
115.133.247.67	57
66.94.124.248	57
194.26.192.20	57
3.234.31.3	57
192.253.248.169	56
193.26.115.53	56
45.142.193.169	56
185.241.208.27	56
167.86.121.168	56
141.98.9.70	56
167.71.35.146	55
163.61.39.140	55
185.243.5.22	55
84.17.60.251	55
18.119.209.50	55
85.204.70.116	54
186.235.99.19	54
199.21.150.105	54
45.230.66.124	54
85.204.70.100	54
15.235.104.234	54
110.53.177.103	54
62.60.130.230	54
130.12.180.58	54
167.99.210.137	53
155.94.139.220	53
43.252.231.122	53
82.102.18.124	53
134.122.74.181	53
194.233.65.152	53
103.118.28.17	53
138.68.182.214	52
129.211.53.53	52
45.230.66.100	52
101.251.219.4	52
223.123.38.34	52
194.163.157.206	52
165.245.253.121	52
35.216.195.77	52
108.17.61.64	52
96.29.213.148	52
73.209.88.38	52
80.94.95.242	52
165.154.235.77	52
217.120.46.188	51
68.183.65.32	51
96.126.188.55	51
212.73.217.80	51
113.203.203.206	51
68.201.244.86	51
1.117.233.202	50
206.189.95.232	50
160.30.137.9	50
172.206.192.187	50
82.180.145.166	50
172.68.210.64	50
103.138.237.18	50
157.10.109.87	50
162.216.16.109	50
79.127.248.2	50
75.35.242.215	50
132.243.166.58	50
104.23.251.226	50
37.19.216.146	50
192.109.200.215	50
157.245.36.108	50
108.136.162.67	50
103.69.224.51	50
195.170.172.128	50
89.22.231.59	49
147.182.149.75	49
143.244.57.120	49
72.94.12.28	49
85.204.70.104	49
76.38.153.145	49
209.177.145.120	49
194.233.64.21	49
85.204.70.98	49
45.230.66.111	48
185.83.153.183	48
176.65.148.155	48
176.65.148.58	48
84.247.181.144	48
104.37.191.3	48
147.93.185.113	48
73.219.245.108	48
146.70.132.41	48
176.65.148.172	47
103.216.198.106	47
118.145.245.82	47
5.83.154.30	46
108.162.249.125	46
115.191.32.57	46
147.45.50.248	46
101.185.104.177	46
66.94.112.214	46
176.65.148.184	46
82.165.66.87	46
217.199.144.35	46
75.119.128.178	46
23.240.197.167	46
168.110.197.76	46
68.12.93.158	46
108.162.249.124	46
46.250.230.63	45
35.216.201.9	45
164.92.225.4	45
178.128.204.108	45
120.48.32.130	45
146.70.194.220	45
168.144.39.136	45
81.16.152.2	45
118.194.251.145	44
207.154.201.80	44
185.167.60.134	44
109.123.238.174	44
103.77.144.228	44
142.93.129.190	44
206.189.19.19	44
70.176.92.83	44

Top threats types

Below is a list of the top 200 threat types observed across the network.

Description	Incidence
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)	17495
ET SCAN LeakIX Inbound User-Agent	13584
ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML	11611
ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)	9890
ET HUNTING Javascript Prototype Pollution Attempt via __proto__ in HTTP Body	9246
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2	7406
ET WEB_SERVER WebShell Generic - wget http - POST	7106
ET HUNTING Suspicious Chmod Usage in URI (Inbound)	7009
ET WEB_SERVER WEB-PHP phpinfo access	6831
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	5592
ET INFO External Oracle T3 Requests Inbound	5037
ET HUNTING Javascript Sandbox Escape via Global Object (process)	4959
ET INFO Netlink GPON Login Attempt (GET)	4698
ET HUNTING Request for Webshell in .well-known directory	4298
ET INFO SSH-2.0-Go version string Observed in Network Traffic	3581
SURICATA TCP header length too small	3395
ET SCAN Rapid POP3S Connections - Possible Brute Force Attack	3334
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)	3221
SURICATA HTTP Host header invalid	3163
ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound)	3108
ET INFO Python aiohttp User-Agent Observed Inbound	3082
ET EXPLOIT D-Link DSL-2750B - OS Command Injection	3003
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)	3003
SURICATA TCP invalid option length	2988
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt	2707
ET INFO Request for Visual Studio Code sftp.json - Possible Information Leak	2581
ET SCAN Mirai Variant User-Agent (Inbound)	2527
SURICATA IKE invalid proposal	2388
ET INFO Apache Solr System Information Request	2195
ET SCAN SFTP/FTP Password Exposure via sftp-config.json	2179
SURICATA HTTP URI terminated by non-compliant character	2135
ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine)	1906
ET WEB_SERVER WGET Command Specifying Output in HTTP Headers	1876
ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution	1872
ET EXPLOIT HackingTrio UA (Hello, World)	1865
ET VOIP INVITE Message Flood UDP	1808
SERVER-WEBAPP TP-Link Archer Router command injection attempt	1781
ET EXPLOIT MVPower DVR Shell UCE	1755
ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	1721
SERVER-WEBAPP React Server Components remote code execution attempt	1660
SURICATA Applayer Unexpected protocol	1659
SURICATA Applayer No TLS after STARTTLS	1659
ET WEB_SERVER PHP tags in HTTP POST	1657
ET EXPLOIT Netgear DGN Remote Command Execution	1653
ET SCAN Laravel Debug Mode Information Disclosure Probe Inbound	1614
ET EXPLOIT GraphQL Introspection Query Attempt	1611
ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	1575
ET INFO Spring Boot Actuator Health Check Request	1550
SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt	1525
SURICATA FRAG IPv4 Fragmentation overlap	1458
SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt	1401
ET SCAN Suspicious User-Agent Containing Security Scan/ner Likely Scan	1379
ET INFO Google DNS Over HTTPS Certificate Inbound	1353
SURICATA HTTP METHOD terminated by non-compliant character	1300
SURICATA HTTP request field missing colon	1289
SERVER-WEBAPP PHPUnit PHP remote code execution attempt	1275
ET DNS Query to a *.top domain - Likely Hostile	1272
ET VOIP Modified Sipvicious Asterisk PBX User-Agent	1087
ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394)	1086
ET WEB_SERVER /etc/passwd Detected in URI	1043
ET INFO Observed DNS Query to .nexus TLD	1014
ET WEB_SERVER Wordpress Login Bruteforcing Detected	1007
SURICATA SMB malformed request dialects	924
ET SCAN Potential SSH Scan OUTBOUND	914
SURICATA HTTP invalid request field folding	899
ET INFO Observed DNS Query to .fit TLD	770
ET VOIP Possible Inbound VOIP Scan/Misuse With User-Agent Zoiper	716
SURICATA SMTP duplicate fields	699
SURICATA QUIC error on data	672
ET SCAN NETWORK Incoming Masscan detected	640
ET SCAN NMAP OS Detection Probe	613
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection	528
SURICATA ICMPv4 invalid checksum	523
ET INFO Infrastructure as a Service Domain in DNS Lookup (railway .app)	510
ET INFO ChatGPT-User Traffic Detected Inbound M1	493
ET INFO ChatGPT-User Traffic Detected Inbound M2	493
SURICATA DHCP truncated options	488
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body	470
ET SCAN Web Scanner - Fuzz Faster U Fool (Inbound)	468
ET WEB_SPECIFIC_APPS Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials	426
ET WEB_SERVER auto_prepend_file PHP config option in uri	422
ET INFO Observed DNS Query to .cfd TLD	418
ET WEB_SERVER allow_url_include PHP config option in uri	412
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577)	402
ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack	401
ET WEB_SERVER Generic PHP Remote File Include	400
ET WEB_SERVER PHP.//Input in HTTP POST	400
ET EXPLOIT Zyxel ZyWALL/USG OS Command Injection (CVE-2023-28771)	394
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound)	379
SERVER-WEBAPP PHP PHP-CGI command execution attempt	369
ET Threatview.io High Confidence Cobalt Strike C2 IP group 3	358
ET HUNTING Observed Query to .beauty TLD	356
ET WEB_SERVER .bash_history Detected in URI	323
ET SCAN NMAP SIP Version Detection Script Activity	314
ET SCAN RDP Connection Attempt from Nmap	297
ET WEB_SPECIFIC_APPS WordPress Plugin Gravity SMTP Unauthenticated REST API (CVE-2026-4020)	292
ET SCAN Exabot Webcrawler User Agent	292
ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228)	276
ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228)	276
ET WEB_SPECIFIC_APPS Vite Arbitrary File Read Via raw parameter (CVE-2025-30208)	274
ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)	272
ET HUNTING Suspicious PHP Code in HTTP POST (Outbound)	271
SURICATA TCP option invalid length	269
ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability	250
ET WEB_SERVER Fake Googlebot UA 2 Inbound	248
SURICATA DNS Invalid opcode	220
ET USER_AGENTS WinRM User Agent Detected - Possible Lateral Movement	209
ET SCAN Yandex Webcrawler User-Agent (YandexBot)	204
ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-114	202
ET WEB_SERVER Possible D-Link Router HNAP Protocol Security Bypass Attempt	202
SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt	188
SURICATA STREAM ESTABLISHED packet out of window	184
ET SCAN NMAP SIP Version Detect OPTIONS Scan	179
ET DOS Potential CLDAP Amplification Reflection	177
ET WEB_SERVER Inbound PHP User-Agent	160
ET INFO POSSIBLE Web Crawl using Curl	160
SURICATA HTTP request header invalid	153
SURICATA SMTP invalid pipelined sequence	152
ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt	142
SERVER-WEBAPP Vite Vitejs arbitrary file read attempt	136
ET WEB_SERVER Likely Malicious Request for /proc/self/environ	136
ET INFO Inbound Frequent Emails - Possible Spambot Inbound	133
SURICATA HTTP request buffer too long	130
ET DNS Query to a *.pw domain - Likely Hostile	125
SERVER-OTHER Apache Log4j logging remote code execution attempt	115
SURICATA DNS Z flag set	112
ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Attempt (CVE-2022-1388) M3	109
ET INFO F5 BIG-IP - Command Execution via util/bash	109
ET USER_AGENTS Suspcious LeakIX User-Agent (l9explore)	108
MALWARE-BACKDOOR Aspx.Webshell.Agent inbound request for known webshell path attempt	106
ET INFO PHP Xdebug Extension Query Parameter (XDEBUG_SESSION_START)	106
ET VOIP REGISTER Message Flood UDP	103
SURICATA STREAM 3way handshake SYN/ACK ignored TFO data	102
ET INFO Anonymous Domain Registrar CnC Domain in DNS Lookup (*. njalla .net)	100
ET INFO SOCKSv4 HTTP Proxy Inbound Request (Linux Source)	100
ET SCAN Amap UDP Service Scan Detected	99
ET MALWARE MS Remote Desktop micros User Login Request	96
SURICATA HTTP status 100-Continue already seen	96
ET EXPLOIT Possible Vacron NVR Remote Command Execution	93
ET WEB_SERVER SQL Injection Select Sleep Time Delay	89
ET SCAN DuckDuckGo Webcrawler User-Agent (DuckDuckBot)	88
ET WEB_SERVER /etc/shadow Detected in URI	86
SURICATA HTTP Host part of URI is invalid	85
ET SCAN External Host Probing for ChromeCast Devices	84
ET INFO Peach C++ Library User Agent Inbound	77
ET WEB_SERVER Next.js Middleware Authorization Bypass (CVE-2025-29927)	76
SURICATA TLS handshake invalid length	75
ET Threatview.io High Confidence Cobalt Strike C2 IP group 19	72
ET INFO DNS Query for Suspicious .icu Domain	72
SURICATA UDP packet too small	72
PROTOCOL-DNS Malformed DNS query with HTTP content	70
SERVER-APACHE Apache Struts remote code execution attempt	68
ET INFO Abused Hosting Domain in DNS Lookup (azurewebsites .net)	68
ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3	68
ET WEB_SERVER Possible XXE SYSTEM ENTITY in POST BODY.	67
ET HUNTING XML External Entity Injection Inbound M1	67
SURICATA SMTP invalid reply	67
SERVER-WEBAPP WordPress Backup Migration plugin PHP code injection attempt	64
ET INFO Java Url Lib User Agent Web Crawl (Inbound)	64
ET WEB_SERVER Possible SQL Injection UNION SELECT in HTTP Request Body	60
SURICATA TLS invalid record version	59
SQL HTTP URI blind injection attempt	58
ET WEB_SERVER ThinkPHP RCE Exploitation Attempt	57
SURICATA HTTP Host header ambiguous	56
SURICATA HTTP gzip decompression failed	54
ET EXPLOIT Cisco IOS XE Web Server Possible Authentication Bypass Attempt (CVE-2023-20198) (Inbound)	52
ET WEB_SERVER ColdFusion componentutils access	50
ET INFO Observed DNS Query to .work TLD	50
POLICY-OTHER Adobe ColdFusion component browser access attempt	50
ET SCAN Suspicious User-Agent Containing Web Scan/er Likely Web Scanner	49
SERVER-WEBAPP Pulse Secure SSL VPN version check attempt	48
ET INFO DNS Query for Suspicious .ga Domain	48
ET MALWARE MS Remote Desktop edc User Login Request	48
ET WEB_SERVER HTTP POST Generic eval of base64_decode	46
ET WEB_SERVER PHP System Command in HTTP POST	45
SURICATA SMTP tls rejected	45
SURICATA TLS invalid heartbeat encountered, possible exploit attempt (heartbleed)	44
ET WEB_SPECIFIC_APPS TBK DVR-4104/4216 Command Injection Attempt (CVE-2024-3721)	43
ET EXPLOIT Linksys E-Series Device RCE Attempt	43
ET WEB_SPECIFIC_APPS Linksys E-Series OS Command Injection (CVE-2025-34037) M1	43
ET WORM TheMoon.linksys.router 2	43
ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228)	42
ET WEB_SPECIFIC_APPS Shenzhen TVT NVMS-9000 Information Disclosure Attempt (CVE-2024-14007)	42
ET WEB_SPECIFIC_APPS Tenda AdvSetMacMtuWan wanMTU Parameter Buffer Overflow Attempt (CVE-2025-10432)	42
SURICATA HTTP missing Host header	42
ET WEB_SPECIFIC_APPS Totolink A3700R Multiple Authentication Bypass cstecgecgi.cgi Endpoints (CVE-2025-3663 - CVE-2025-3668)	42
ET INFO Referrer-Policy set to unsafe-url	42
ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection	41
SERVER-WEBAPP Next.js Middleware authentication bypass attempt	40
ET EXPLOIT Possible Zimbra Autodiscover Servlet XXE (CVE-2019-9670)	39
ET EXPLOIT Zimbra <8.8.11 - XML External Entity Injection/SSRF Attempt (CVE-2019-9621)	39
ET HUNTING Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228)	39
ET EXPLOIT Fortigate VPN - Request to /remote/info - Possible CVE-2023-27997 Exploit Attempt	38
INDICATOR-SCAN DNS version.bind string information disclosure attempt	38
ET DNS DNS Lookup for localhost.DOMAIN.TLD	37
SERVER-WEBAPP Zyxel unauthenticated IKEv2 overflow attempt	37
ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228)	37
ET Threatview.io High Confidence Cobalt Strike C2 IP group 11	37
ET INFO Ask Webcrawler User-Agent	37
SERVER-WEBAPP Zyxel unauthenticated IKEv2 command injection attempt	37