SCARD

Last updated Tue, 14 Apr 2026 11:04:24 (Australia/Brisbane)

View activity by IP
View activity by Type

List of suspicious activity by IP addresses

Below is a list of the top 500 IP addresses with suspicious activity observed by SCARD. Click on an IP address below for more information about its activity.

Note: Due to the overwhelming number of common scan types, this list omits typical scan types in favour of less-seen threat types.

IPs by timestamp

- or -

IPs by incident count

IP Address	Incidence
103.210.22.17	17
115.61.98.69	4
176.65.139.60	105
124.198.131.185	3244
147.93.185.113	5
71.38.197.155	13
210.191.89.156	96
52.165.89.126	2
101.35.156.50	66
45.205.1.26	706
43.134.116.136	2
125.44.60.24	2
107.161.178.152	853
102.117.171.139	1
77.127.58.170	4
45.11.229.248	2
76.87.181.129	13
65.49.27.189	195
27.215.82.9	1
14.190.238.185	1
66.167.169.154	1
101.34.215.105	57
162.158.162.57	10
162.158.108.100	8
146.70.132.41	48
168.144.46.105	14
146.70.194.228	20
164.52.24.185	18
45.142.193.164	203
162.43.180.31	1431
103.16.31.249	1
45.142.193.161	41
103.74.21.20	4
194.87.216.198	2
162.158.216.5	4
103.40.61.98	182
77.237.236.95	26
202.174.110.71	359
66.132.186.239	6
79.124.40.174	120
124.29.214.190	4
172.69.214.227	4
108.162.242.37	2
144.16.1.228	2
66.132.195.115	2
36.83.126.232	12
81.195.182.91	2
104.28.159.127	8
140.11.114.237	1
124.11.64.11	2
152.42.167.194	20
3.111.42.56	4
172.71.182.202	10
172.71.182.47	6
96.127.153.174	120
146.70.194.246	4
36.132.36.134	10
66.132.195.56	1
107.173.30.231	4
165.154.120.89	8
89.189.181.54	1
223.68.7.235	1
105.209.160.96	14
143.244.57.82	8
91.224.92.99	46
34.100.135.49	80
185.177.72.61	63
120.241.79.66	34
42.224.168.31	2
91.224.92.177	1021
93.157.62.93	2
144.48.36.141	195
103.18.14.38	8
35.203.210.74	2
152.32.175.104	4
122.246.247.168	1
172.70.214.20	2
162.159.98.172	2
162.158.178.87	2
45.158.77.164	2
64.118.133.85	2
23.27.99.61	2
85.149.211.194	2
195.86.192.225	4
23.27.24.147	2
166.0.106.176	2
103.219.193.2	2
81.90.31.90	4
151.158.1.202	2
157.85.102.167	2
64.118.149.119	2
154.16.27.240	2
181.214.250.104	2
82.26.82.157	4
82.152.91.252	2
195.86.215.63	2
195.86.128.156	2
195.86.8.46	2
61.2.149.245	4
168.110.197.76	24
172.64.192.49	2
31.126.195.15	8
216.218.206.67	3
168.100.9.75	10
101.36.104.242	40
45.142.193.53	14
159.223.175.115	12
60.22.179.203	2
103.48.64.0	2
113.169.124.26	1
174.171.52.9	14
199.45.154.182	3
89.44.137.152	16
162.158.182.151	2
172.69.109.52	2
172.70.248.65	6
87.249.133.18	2
202.141.39.32	2
104.194.134.203	14
104.28.163.50	4
76.121.185.31	4
172.69.60.166	8
212.90.98.248	2
104.23.187.183	2
176.32.32.162	95
202.110.17.152	6
103.181.160.154	4
2.58.56.212	2
162.158.189.16	4
162.158.189.162	4
76.181.72.40	7
182.113.1.205	6
14.115.88.213	1
121.127.42.69	4
66.132.186.183	3
172.71.103.228	2
38.190.224.63	2
104.23.187.230	2
16.163.143.141	13
103.48.64.3	2
89.251.0.177	2
180.184.55.222	4
173.197.14.231	62
42.176.9.56	4
119.30.117.78	4
193.163.125.245	2
207.154.197.196	25
101.47.8.187	49
54.206.37.103	4
202.70.139.189	2
103.203.57.2	62
103.168.58.222	7
157.230.185.132	2
142.93.207.24	2
94.26.88.31	60
165.22.187.213	4
206.168.201.206	20
116.203.111.151	2
108.56.233.66	23
159.223.57.188	2
66.132.224.93	1
2.59.126.197	4
137.74.16.120	7
212.102.41.21	2
196.117.93.106	8
81.16.152.2	13
101.36.228.201	23
165.22.189.184	4
206.135.161.94	10
152.32.239.15	8
175.107.205.196	3
104.23.168.66	4
172.70.46.73	2
97.99.141.3	20
172.68.210.35	4
108.162.249.125	38
108.162.249.124	42
162.158.189.50	4
66.132.172.129	5
141.101.76.73	2
172.71.98.100	2
36.230.30.245	2
206.168.201.8	2
172.68.210.162	12
165.154.51.90	8
75.184.8.95	18
85.204.70.104	4
216.167.92.154	9
34.145.36.34	2
175.107.228.11	1
113.249.110.181	21
85.11.167.49	3
35.203.210.3	2
165.154.51.225	8
152.67.43.17	208
47.28.96.124	4
192.253.209.141	2
100.16.2.147	16
45.88.186.250	2
172.94.57.7	2
172.71.148.147	2
172.70.248.158	6
203.161.30.165	12
203.161.30.161	30
103.209.40.171	1
172.70.142.31	4
108.162.226.96	2
59.88.131.37	4
110.38.240.65	2
20.74.212.144	189
104.28.163.29	89
45.205.1.8	8
72.255.32.180	2
163.5.214.40	16
66.132.224.232	4
193.163.125.208	1
2.101.200.10	24
103.239.185.31	8
72.255.33.219	2
136.117.114.178	2
82.102.18.222	19
104.187.62.77	66
136.118.234.67	2
34.53.35.145	2
31.171.130.43	2
31.171.130.1	2
31.171.130.42	2
172.68.229.137	2
31.171.130.9	2
172.71.241.169	2
31.171.130.10	2
31.171.130.49	2
31.171.130.33	2
31.171.130.3	2
31.171.130.24	2
45.142.193.16	8
31.171.130.36	2
31.171.130.7	2
31.171.130.29	2
31.171.130.21	2
31.171.130.52	2
107.170.0.198	2
66.132.224.22	2
195.140.214.28	6
45.230.66.123	13
68.162.210.102	21
103.120.189.68	383
89.187.168.35	2
70.176.92.83	20
108.54.90.54	24
45.205.1.20	2188
66.132.224.82	3
8.8.8.8	2
176.65.139.31	5
162.216.149.102	2
104.152.52.125	4
104.248.135.230	28
144.172.94.2	10
125.46.245.63	6
82.102.18.182	20
38.250.116.34	11
35.247.94.7	2
115.96.183.18	1
199.45.154.188	2
98.159.37.192	2
103.143.11.229	7
103.26.86.73	2
178.218.130.7	2
109.207.132.57	2
162.158.122.89	2
136.118.31.65	2
104.152.52.231	3
185.91.69.5	2
35.203.210.146	2
117.215.52.74	2
162.243.51.145	402
70.119.0.79	22
61.3.132.239	1
203.161.30.172	6
103.120.189.74	351
103.181.158.75	6
51.158.205.47	186
222.142.252.101	6
151.202.39.46	45
95.85.245.51	2
77.44.215.51	2
35.216.156.249	88
85.217.149.65	3
103.84.57.21	18
202.70.139.241	4
172.69.94.159	2
58.65.216.33	5
62.118.82.23	2
179.60.56.41	4
45.142.193.169	17
103.142.210.242	1
74.129.78.179	28
42.177.20.212	4
101.36.112.101	8
220.198.241.236	4
103.153.62.40	3
179.43.189.71	24
73.87.125.2	27
185.247.137.161	1
20.85.123.27	4
103.93.93.170	13
66.132.224.229	1
124.220.19.110	29
172.69.130.11	2
172.70.80.166	2
172.71.120.25	6
89.251.0.53	2
176.65.148.58	2
160.119.76.41	7
219.68.5.54	10
40.81.230.77	171
61.184.25.28	4
172.59.139.149	3
105.247.145.135	63
65.36.63.109	6
120.86.236.100	10
66.132.172.185	3
193.163.125.73	1
72.49.246.191	12
2001	614
76.38.153.145	49
71.64.198.68	32
103.78.195.193	8
61.3.138.118	2
34.53.116.77	2
193.116.235.48	3
143.244.168.161	11
172.69.60.178	14
172.68.210.65	30
202.165.29.219	11
184.105.139.69	3
98.115.32.221	60
162.204.57.148	12
108.216.240.245	11
89.251.0.79	2
162.158.163.129	2
89.251.0.78	2
172.71.195.39	2
103.84.57.217	7
186.75.251.59	6
24.6.228.124	15
157.15.40.60	2
223.123.124.181	2
156.238.86.2	4
2.26.82.219	10
104.194.159.157	33
182.240.199.171	6
162.199.24.39	36
69.73.198.204	8
66.132.186.220	2
172.70.248.195	6
223.123.43.68	6
103.176.16.95	4
73.3.187.248	18
172.71.172.180	2
172.71.172.181	2
172.69.150.143	10
124.146.44.248	1
103.77.107.178	16
146.70.40.70	22
34.23.70.139	2
82.165.247.100	18
188.59.74.198	2
120.61.74.181	2
103.65.237.234	34
23.146.236.243	10
89.43.132.108	1
104.23.170.195	2
85.204.70.98	12
172.71.99.80	4
176.65.132.241	34
104.23.170.24	2
73.141.237.65	40
27.215.48.204	2
185.38.148.2	110
175.107.1.130	2
173.239.218.121	2
172.70.80.21	8
117.245.139.157	2
162.158.108.136	16
104.22.66.132	2
179.73.152.183	20
172.69.165.10	2
162.158.88.138	2
165.50.25.186	12
34.11.111.109	2
202.70.139.138	2
66.132.172.203	1
34.11.83.208	2
172.68.22.45	2
108.162.245.52	2
66.132.172.36	2
172.68.22.44	2
108.162.245.53	2
175.165.198.171	2
222.89.169.98	7
178.80.241.38	4
91.230.225.104	2
119.30.117.109	4
35.203.210.36	2
85.203.21.239	2
47.12.73.195	43
87.236.176.154	1
35.247.26.201	2
103.152.236.166	2
190.123.44.221	11
35.203.210.100	2
185.243.5.152	25
136.117.91.23	2
185.177.72.69	1
103.177.199.89	9
139.135.45.247	6
52.214.239.188	1
172.68.50.124	6
66.132.195.87	2
167.99.134.35	16
66.132.186.211	2
159.223.26.186	8
43.248.15.177	1
73.152.127.80	11
64.181.165.33	94
66.132.172.97	1
66.132.224.28	3
103.172.71.229	6
206.135.170.32	4
203.163.243.10	1
50.4.52.45	8
165.154.182.174	12
80.94.95.216	3
172.69.17.27	2
34.9.64.107	2
117.231.192.83	1
167.71.33.239	25
110.37.52.73	4
202.174.110.72	28
93.118.41.107	2
137.184.211.124	5
103.146.52.37	1
45.154.98.78	20
87.236.176.107	1
34.23.252.240	1
194.26.192.152	19
45.141.233.69	11
103.152.159.196	1
34.19.28.183	2
172.71.203.67	2
104.23.190.75	2
104.23.187.106	2
59.103.104.73	4
172.68.164.64	2
172.71.124.89	2
193.163.125.112	1
66.132.186.194	3
174.85.76.128	10
146.70.194.222	14
49.89.101.165	4
8.229.160.93	2
172.71.98.152	2
104.23.170.88	2
91.191.209.198	1
42.224.125.141	1
104.22.24.159	2
104.22.56.174	2
104.22.56.175	2
104.22.24.158	2
104.22.56.6	2
104.22.24.79	2
16.58.56.214	6
5.188.206.46	1
98.227.202.243	18
104.251.181.48	4
104.22.17.211	26
104.22.20.187	28
172.69.135.127	6
92.205.26.97	184
172.69.60.179	30
103.220.209.69	1
167.71.35.146	54
202.98.62.60	10
77.90.185.52	3
174.55.188.233	16
162.158.111.84	8
162.158.110.185	6
104.23.239.132	12
103.132.53.205	1
66.132.186.173	1
162.158.3.84	6
172.68.210.5	4
172.71.99.182	4
172.70.47.150	4
104.23.166.120	8
104.23.170.99	8
172.71.102.164	4
172.70.47.149	4
172.70.208.100	2

IP Address	Incidence
124.198.131.185	3244
45.205.1.20	2188
193.26.115.178	1844
162.43.180.31	1431
31.57.243.42	1052
91.224.92.177	1021
107.161.178.152	853
103.15.226.202	743
45.205.1.26	706
2001	614
221.159.119.6	570
23.133.88.222	473
51.158.55.141	446
162.243.51.145	402
68.183.90.120	383
103.120.189.68	383
98.142.247.128	362
202.174.110.71	359
103.120.189.74	351
179.43.150.26	317
101.132.145.132	299
151.243.11.23	270
176.124.220.230	244
78.128.114.126	224
152.67.43.17	208
45.142.193.164	203
65.49.27.189	195
144.48.36.141	195
20.74.212.144	189
102.69.167.14	187
51.158.205.47	186
178.156.152.106	186
208.111.40.216	184
92.205.26.97	184
209.177.156.197	184
45.159.97.233	183
199.38.182.118	183
209.177.156.94	183
192.73.243.141	183
157.180.28.32	183
208.111.34.178	183
208.72.155.133	183
103.6.84.152	182
45.159.98.145	182
172.237.72.43	182
192.73.240.161	182
192.73.243.135	182
102.67.165.36	182
192.73.252.65	182
176.58.90.104	182
176.58.93.154	182
172.237.61.190	182
172.237.28.183	182
172.238.6.179	182
103.40.61.98	182
192.73.242.204	181
192.73.240.132	181
199.38.181.104	181
167.235.72.200	181
172.105.169.57	181
209.177.158.246	181
199.38.181.93	181
162.248.221.248	181
205.147.105.78	181
172.237.72.79	181
185.34.3.75	181
192.73.244.245	181
176.58.92.144	180
65.109.143.62	180
45.159.98.253	180
192.73.242.187	180
185.40.234.53	180
49.13.204.141	180
176.58.93.248	180
162.248.221.199	180
45.159.97.144	180
205.147.105.30	180
172.105.166.103	180
102.67.165.90	180
185.40.234.176	180
199.38.181.103	180
176.58.90.147	180
5.161.218.233	180
45.159.97.61	180
172.105.179.230	180
45.159.98.196	180
209.177.158.15	180
185.34.3.232	180
185.34.3.207	180
172.237.66.30	179
208.111.40.12	179
162.248.221.215	179
192.73.242.28	179
49.12.193.137	179
176.58.88.183	179
178.156.134.232	179
172.237.61.194	179
172.238.6.34	179
192.73.248.83	179
102.67.165.185	179
102.67.167.188	179
102.67.167.245	179
102.67.167.37	179
172.237.61.197	179
192.73.240.121	179
192.73.252.134	179
192.73.243.229	179
176.58.92.254	179
176.58.90.207	179
176.58.93.147	179
95.217.2.165	179
208.83.234.151	179
208.83.233.233	179
185.40.234.219	179
185.242.3.66	176
37.228.108.150	176
40.81.230.77	171
198.143.149.250	166
92.249.61.156	164
103.118.156.2	161
172.237.72.8	159
176.124.220.231	158
130.61.73.99	145
204.76.203.215	127
176.65.139.34	121
96.127.153.174	120
79.124.40.174	120
38.7.200.204	119
185.242.3.64	117
84.247.145.61	111
185.38.148.2	110
176.65.139.60	105
103.65.237.233	100
5.187.35.142	97
210.191.89.156	96
176.65.139.81	96
45.142.154.10	96
176.32.32.162	95
125.229.204.59	95
64.181.165.33	94
104.28.163.29	89
64.89.163.241	89
35.216.156.249	88
34.100.135.49	80
34.197.70.90	78
172.238.6.180	77
89.22.231.66	76
100.49.117.77	72
139.87.113.170	72
80.66.83.75	72
179.60.56.43	69
178.85.223.80	68
104.187.62.77	66
101.35.156.50	66
181.214.99.10	63
177.136.229.35	63
105.247.145.135	63
185.177.72.61	63
173.197.14.231	62
90.151.171.108	62
103.203.57.2	62
43.143.90.74	61
110.35.80.116	61
178.156.152.91	61
45.144.212.97	60
98.115.32.221	60
94.26.88.31	60
3.131.24.55	59
45.80.230.90	59
101.34.215.105	57
3.234.31.3	57
104.248.23.98	57
167.86.121.168	56
167.71.35.146	54
164.52.0.92	53
194.233.65.152	53
217.120.46.188	51
113.203.203.206	51
172.206.192.187	50
103.69.224.51	50
160.30.137.9	50
82.180.145.166	50
132.243.166.58	50
101.47.8.187	49
89.22.231.59	49
76.38.153.145	49
104.37.191.3	48
185.83.153.183	48
146.70.132.41	48
91.224.92.35	48
82.165.66.87	46
91.224.92.99	46
75.119.128.178	46
151.202.39.46	45
77.83.240.70	45
209.177.145.120	45
172.68.210.64	44
94.72.114.183	43
47.12.73.195	43
103.61.122.229	43
35.216.201.9	43
68.201.244.86	43
108.162.249.124	42
102.165.48.93	42
192.253.248.169	42
81.29.142.50	42
206.189.38.142	42
68.203.104.88	41
45.142.193.161	41
73.141.237.65	40
101.251.219.4	40
101.36.104.242	40
71.239.37.238	40
111.229.92.35	40
129.211.53.53	40
181.188.93.85	40
112.185.72.150	40
76.154.131.144	40
88.160.198.163	39
157.100.120.104	38
198.12.115.30	38
39.150.96.173	38
157.230.243.190	38
161.97.158.68	38
45.230.66.98	38
179.6.101.90	38
108.162.249.125	38
186.235.99.19	38
159.223.73.209	37
79.124.62.178	37
108.17.61.64	36
143.244.57.92	36
15.235.104.234	36
64.82.228.45	36
103.93.93.211	36
89.22.226.160	36
157.100.202.117	36
162.199.24.39	36
62.169.18.225	35
185.17.0.14	35
103.65.237.234	34
102.165.48.59	34
206.189.95.232	34
120.241.79.66	34
98.156.102.89	34
191.241.132.10	34
176.65.132.241	34
3.83.245.221	34
165.227.139.253	34
165.227.161.0	33
191.219.215.221	33
185.243.5.22	33
104.194.159.157	33
223.123.38.34	32
198.98.56.217	32
147.10.45.195	32
167.99.140.61	32
85.204.70.90	32
197.91.94.221	32
63.232.34.186	32
110.42.203.56	32
24.224.141.160	32
41.250.106.208	32
71.64.198.68	32
209.38.199.70	31
181.188.15.105	31
43.142.145.155	31
124.221.54.97	31
106.119.154.56	31
96.126.107.69	31
136.60.157.151	31
178.16.55.142	31
172.69.60.179	30
172.68.210.65	30
191.104.57.41	30
162.216.16.109	30
71.25.172.181	30
42.192.51.72	30
202.3.109.114	30
45.12.1.25	30
203.161.30.161	30
47.132.149.100	30
182.23.36.166	30
172.110.223.70	30
124.220.19.110	29
190.124.22.117	29
64.226.90.53	29
43.135.124.152	29
45.230.66.111	28
101.251.219.13	28
115.64.76.34	28
190.34.48.205	28
104.22.20.187	28
24.9.196.5	28
96.42.60.145	28
103.1.210.25	28
181.188.228.5	28
51.37.79.89	28
104.248.135.230	28
45.149.173.201	28
98.17.226.64	28
202.174.110.72	28
71.195.200.7	28
190.145.240.184	28
98.214.39.135	28
181.91.84.46	28
74.129.78.179	28
220.169.121.131	28
143.110.190.12	28
23.91.206.2	27
73.146.100.85	27
103.114.163.150	27
51.158.234.233	27
104.28.163.39	27
73.87.125.2	27
138.199.175.210	27
141.98.234.187	27
49.234.229.91	26
45.153.34.7	26
70.112.135.163	26
103.97.215.11	26
161.97.186.119	26
76.30.18.165	26
172.58.150.193	26
47.213.164.51	26
23.94.213.157	26
152.42.214.22	26
176.65.139.59	26
2.27.53.96	26
104.22.17.211	26
104.22.20.186	26
167.99.210.137	26
73.139.73.164	26
77.237.236.95	26
202.43.231.238	26
1.117.233.202	25
172.86.67.208	25
157.100.138.62	25
108.219.170.79	25
167.71.33.239	25
172.110.223.37	25
105.209.184.184	25
207.154.197.196	25
18.221.179.104	25
185.243.5.152	25
129.222.112.68	24
152.32.247.23	24
196.39.13.210	24
47.225.149.17	24
179.43.189.71	24
102.213.49.86	24
190.124.22.100	24
80.66.83.74	24
174.48.53.49	24
120.48.22.219	24
152.32.140.22	24
190.92.36.161	24
5.64.153.35	24
2.101.200.10	24
194.26.192.57	24
162.244.18.91	24
72.22.128.229	24
104.22.17.210	24
108.54.90.54	24
109.123.249.129	24
168.110.197.76	24
223.123.43.6	24
140.245.121.61	24
71.188.120.125	24
118.145.66.151	24
89.42.231.182	23
82.3.3.43	23
101.36.228.201	23
73.55.133.14	23
45.230.66.106	23
108.56.233.66	23
108.46.146.230	23
172.110.223.52	23
185.198.27.111	23
172.59.241.59	23
84.247.148.26	23
70.188.63.159	22
101.35.161.128	22
191.110.124.190	22
70.119.0.79	22
73.229.1.125	22
146.70.40.70	22
149.28.49.123	22
92.20.55.252	22
154.12.82.78	22
165.154.135.215	22
146.70.194.254	22
168.144.38.135	22
188.161.8.201	22
217.76.52.66	22
149.50.97.236	22
103.65.236.153	22
93.123.109.183	22
132.147.144.24	22
98.147.139.195	22
73.127.219.155	22
208.123.73.209	22
44.192.21.59	21
74.83.112.191	21
34.228.104.231	21
144.31.81.21	21
113.249.110.181	21
76.114.170.107	21
195.178.110.135	21
68.80.165.144	21
167.224.160.141	21
217.217.248.219	21
64.226.88.238	21
64.227.7.255	21
68.162.210.102	21
36.154.50.214	21
134.209.247.242	21
40.88.21.235	21
185.40.234.113	21
152.42.167.194	20
100.50.17.159	20
157.100.198.111	20
45.230.66.118	20
101.36.119.146	20
152.42.183.182	20
45.154.98.78	20
24.59.131.177	20
35.140.35.98	20
102.0.10.130	20
207.154.236.153	20
172.223.204.45	20
82.102.18.182	20
173.212.245.252	20
194.26.192.251	20
92.97.191.194	20
164.90.225.199	20
69.249.11.189	20
118.194.250.127	20
47.25.248.177	20
206.168.201.206	20
179.73.152.183	20
167.99.70.249	20
74.139.195.18	20
73.151.15.155	20
75.182.11.56	20
146.70.194.228	20
195.176.3.24	20
103.112.173.32	20
152.32.225.99	20
152.42.179.252	20
85.204.70.88	20
88.210.114.28	20
120.48.32.130	20
122.129.109.25	20
68.12.93.158	20
64.127.150.84	20
162.158.154.182	20
70.176.92.83	20
85.204.70.116	20
107.146.83.4	20
190.124.18.234	20
73.134.168.186	20
97.183.215.113	20
71.214.51.105	20
118.196.21.218	20
73.219.245.108	20
97.85.254.80	20
97.99.141.3	20
98.223.229.9	20
170.231.54.168	20
143.105.7.161	20
143.105.17.238	20
108.32.38.223	20
82.102.18.222	19
73.67.109.66	19
91.224.92.97	19
24.182.9.70	19
197.245.214.80	19
194.26.192.152	19
18.190.15.50	19
213.171.28.71	19
103.61.122.197	19
45.61.185.209	19
35.169.206.177	19
119.160.215.50	19
94.60.222.209	19
70.19.66.221	19
71.60.230.96	19
206.189.58.230	19
73.210.22.122	19
216.57.110.81	19
143.0.239.110	19
102.165.48.64	18
75.158.52.155	18
142.93.129.190	18
82.102.18.220	18
172.69.176.136	18
75.184.8.95	18
82.165.247.100	18
82.102.18.188	18

Top threats types

Below is a list of the top 200 threat types observed across the network.

Description	Incidence
ET INFO Session Traversal Utilities for NAT (STUN Binding Response)	15372
ET HUNTING Suspicious Chmod Usage in URI (Inbound)	5040
ET SCAN LeakIX Inbound User-Agent	4559
ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access (CVE-2025-55182)	3650
ET SCAN WordPress Scanner Performing Multiple Requests to Windows Live Writer XML	3574
ET HUNTING Javascript Prototype Pollution Attempt via __proto__ in HTTP Body	3331
ET WEB_SERVER WebShell Generic - wget http - POST	2571
ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)	2523
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2	2312
ET EXPLOIT D-Link DSL-2750B - OS Command Injection	2145
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)	2145
ET HUNTING Javascript Sandbox Escape via Global Object (process)	2063
SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt	1927
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	1632
SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt	1525
ET INFO Netlink GPON Login Attempt (GET)	1487
ET INFO External Oracle T3 Requests Inbound	1435
SURICATA HTTP Host header invalid	1328
ET INFO Request for Visual Studio Code sftp.json - Possible Information Leak	1218
ET INFO SSH-2.0-Go version string Observed in Network Traffic	1147
ET HUNTING Request for Webshell in .well-known directory	1120
ET WEB_SERVER WEB-PHP phpinfo access	978
ET SCAN Rapid POP3S Connections - Possible Brute Force Attack	919
ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound)	888
SURICATA TCP invalid option length	853
ET INFO Apache Solr System Information Request	791
ET SCAN Mirai Variant User-Agent (Inbound)	790
ET INFO Python aiohttp User-Agent Observed Inbound	780
SERVER-WEBAPP React Server Components remote code execution attempt	776
ET SCAN SFTP/FTP Password Exposure via sftp-config.json	774
SURICATA IKE invalid proposal	699
SURICATA TCP header length too small	698
ET VOIP INVITE Message Flood UDP	611
SERVER-WEBAPP TP-Link Archer Router command injection attempt	576
ET EXPLOIT HackingTrio UA (Hello, World)	561
ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine)	550
ET EXPLOIT GraphQL Introspection Query Attempt	546
ET WEB_SERVER WGET Command Specifying Output in HTTP Headers	535
ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution	533
ET INFO Spring Boot Actuator Health Check Request	499
ET EXPLOIT Netgear DGN Remote Command Execution	482
ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394)	479
ET SCAN Web Scanner - Fuzz Faster U Fool (Inbound)	464
SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt	411
ET SCAN Laravel Debug Mode Information Disclosure Probe Inbound	374
SURICATA QUIC error on data	357
ET DNS Query to a *.top domain - Likely Hostile	356
ET WEB_SERVER /etc/passwd Detected in URI	322
ET VOIP Modified Sipvicious Asterisk PBX User-Agent	315
SURICATA HTTP request field missing colon	298
ET EXPLOIT MVPower DVR Shell UCE	289
ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)	289
ET INFO Observed DNS Query to .cfd TLD	282
SURICATA Applayer Unexpected protocol	268
SURICATA Applayer No TLS after STARTTLS	268
ET SCAN Potential SSH Scan OUTBOUND	260
SURICATA SMB malformed request dialects	258
ET SCAN JAWS Webserver Unauthenticated Shell Command Execution	246
ET SCAN NETWORK Incoming Masscan detected	229
SURICATA DHCP truncated options	220
ET VOIP Possible Inbound VOIP Scan/Misuse With User-Agent Zoiper	196
SURICATA STREAM ESTABLISHED packet out of window	183
SURICATA HTTP METHOD terminated by non-compliant character	174
ET WEB_SPECIFIC_APPS Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials	174
ET SCAN Behavioral Unusual Port 1433 traffic Potential Scan or Infection	169
ET INFO Observed DNS Query to .nexus TLD	168
ET WEB_SERVER PHP tags in HTTP POST	160
SERVER-WEBAPP PHPUnit PHP remote code execution attempt	154
ET SCAN NMAP OS Detection Probe	152
ET WEB_SERVER Likely Malicious Request for /proc/self/environ	128
SURICATA HTTP invalid request field folding	122
ET WEB_SERVER Wordpress Login Bruteforcing Detected	122
SURICATA ICMPv4 invalid checksum	114
SURICATA SMTP duplicate fields	109
ET WEB_SPECIFIC_APPS Vite Arbitrary File Read Via raw parameter (CVE-2025-30208)	100
ET USER_AGENTS WinRM User Agent Detected - Possible Lateral Movement	96
SURICATA FRAG IPv4 Fragmentation overlap	95
ET HUNTING Suspicious PHP Code in HTTP POST (Outbound)	88
ET WEB_SERVER allow_url_include PHP config option in uri	85
ET WEB_SERVER auto_prepend_file PHP config option in uri	85
ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577)	85
ET WEB_SERVER /etc/shadow Detected in URI	84
ET SCAN NMAP SIP Version Detection Script Activity	82
ET WEB_SERVER Generic PHP Remote File Include	79
ET WEB_SERVER PHP.//Input in HTTP POST	79
ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228)	76
ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)	76
ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228)	76
ET HUNTING Suspicious PHP Code in HTTP POST (Inbound)	72
SURICATA DNS Invalid opcode	72
ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body	72
ET SCAN NMAP SIP Version Detect OPTIONS Scan	71
SERVER-WEBAPP PHP PHP-CGI command execution attempt	71
ET INFO Abused Hosting Domain in DNS Lookup (azurewebsites .net)	68
ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Attempt (CVE-2022-1388) M3	65
ET INFO F5 BIG-IP - Command Execution via util/bash	65
ET MALWARE MS Remote Desktop micros User Login Request	64
ET INFO POSSIBLE Web Crawl using Curl	63
ET USER_AGENTS Suspcious LeakIX User-Agent (l9explore)	63
ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack	62
SURICATA TLS handshake invalid length	57
SURICATA HTTP URI terminated by non-compliant character	53
ET INFO SOCKSv4 HTTP Proxy Inbound Request (Linux Source)	53
ET WEB_SERVER .bash_history Detected in URI	53
ET SCAN Suspicious User-Agent Containing Security Scan/ner Likely Scan	52
ET WEB_SERVER Inbound PHP User-Agent	52
SURICATA HTTP request header invalid	51
ET DOS Potential CLDAP Amplification Reflection	50
ET MALWARE MS Remote Desktop edc User Login Request	48
ET INFO Infrastructure as a Service Domain in DNS Lookup (railway .app)	46
ET SCAN Amap UDP Service Scan Detected	45
ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt	44
ET VOIP REGISTER Message Flood UDP	43
ET WEB_SPECIFIC_APPS Totolink A3700R Multiple Authentication Bypass cstecgecgi.cgi Endpoints (CVE-2025-3663 - CVE-2025-3668)	42
ET SCAN Yandex Webcrawler User-Agent (YandexBot)	41
ET INFO DNS Query for Suspicious .icu Domain	40
ET INFO Inbound Frequent Emails - Possible Spambot Inbound	40
SURICATA HTTP missing Host header	39
SURICATA SMTP invalid pipelined sequence	37
ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability	36
SURICATA HTTP Host part of URI is invalid	35
ET SCAN RDP Connection Attempt from Nmap	35
ET INFO PHP Xdebug Extension Query Parameter (XDEBUG_SESSION_START)	33
ET EXPLOIT Possible Vacron NVR Remote Command Execution	32
ET SCAN Suspicious User-Agent Containing Web Scan/er Likely Web Scanner	31
SURICATA HTTP status 100-Continue already seen	30
ET Threatview.io High Confidence Cobalt Strike C2 IP group 17	30
MALWARE-BACKDOOR Aspx.Webshell.Agent inbound request for known webshell path attempt	30
ET INFO URL Shortening Service Domain in DNS Lookup (shorturl .at)	28
SERVER-OTHER Apache Log4j logging remote code execution attempt	27
ET HUNTING XML External Entity Injection Inbound M1	26
ET WEB_SERVER Possible XXE SYSTEM ENTITY in POST BODY.	26
SURICATA STREAM 3way handshake wrong seq wrong ack	25
ET WEB_SERVER SQL Injection Select Sleep Time Delay	25
ET INFO WinHttpRequest Downloading EXE	24
ET SCAN External Host Probing for ChromeCast Devices	24
ET SCAN DuckDuckGo Webcrawler User-Agent (DuckDuckBot)	23
PROTOCOL-DNS Malformed DNS query with HTTP content	23
ET INFO Java Url Lib User Agent Web Crawl (Inbound)	22
ET WEB_SERVER JBoss jmx-console Probe	22
ET WEB_SERVER PHP System Command in HTTP POST	22
ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt	22
ET Threatview.io High Confidence Cobalt Strike C2 IP group 3	21
SURICATA DNS Z flag set	20
ET INFO Inbound /uploadify.php Access	20
ET SCAN FTPSync Settings Disclosure Attempt	20
SERVER-WEBAPP Comtrend VR-3033 routers command injection attempt	20
INDICATOR-SCAN DNS version.bind string information disclosure attempt	19
ET EXPLOIT Apache HTTP Server SSRF (CVE-2021-40438)	18
ET EXPLOIT Microsoft Exchange Pre-Auth Path Confusion M1 (CVE-2021-31207)	18
SERVER-WEBAPP JBoss JMX console access attempt	18
SURICATA HTTP Host header ambiguous	18
ET WEB_SERVER ColdFusion componentutils access	18
SERVER-WEBAPP Pulse Secure SSL VPN version check attempt	18
POLICY-OTHER Adobe ColdFusion component browser access attempt	18
SQL 1 = 1 - possible sql injection attempt	17
ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243)	17
SURICATA HTTP2 too long frame data	15
ET WEB_SERVER Possible SQL Injection UNION SELECT in HTTP Request Body	14
SURICATA TLS invalid heartbeat encountered, possible exploit attempt (heartbleed)	13
ET Threatview.io High Confidence Cobalt Strike C2 IP group 19	13
OS-OTHER Bash CGI environment variable injection attempt	13
ET EXPLOIT Possible Zimbra Autodiscover Servlet XXE (CVE-2019-9670)	12
ET EXPLOIT Zimbra <8.8.11 - XML External Entity Injection/SSRF Attempt (CVE-2019-9621)	12
ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers	12
ET WEB_SPECIFIC_APPS TOTOLINK N600R cstecgi.cgi langType parameter Command Injection Attempt (CVE-2022-26189, CVE-2025-9935)	12
ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M1	11
ET SCAN Behavioral Unusual Port 135 traffic Potential Scan or Infection	11
ET Threatview.io High Confidence Cobalt Strike C2 IP group 11	11
SERVER-WEBAPP Facade Ignition remote code execution attempt	10
ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228)	10
ET INFO Referrer-Policy set to unsafe-url	10
SERVER-APACHE Apache HTTP server SSRF attempt	10
SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt	10
ET HUNTING Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228)	9
ET INFO SOCKSv4 HTTP Proxy Inbound Request (Windows Source)	9
SURICATA ICMPv4 unknown version	9
ET WEB_SERVER Possible IIS Integer Overflow DoS (CVE-2015-1635)	9
SURICATA UDP packet too small	9
ET HUNTING Suspicious Netlify Hosted DNS Request - Possible Phishing Landing	8
ET INFO DNS Query for Suspicious .ml Domain	8
SURICATA ICMPv4 unknown code	8
ET WEB_SERVER CURL Command Specifying Output in HTTP Headers	8
ET WEB_SPECIFIC_APPS XML External Entity Information Disclosure	8
ET WEB_SERVER Fake Googlebot UA 2 Inbound	7
SURICATA TLS invalid SSLv2 header	6
ET EXPLOIT Hikvision IP Camera RCE Attempt (CVE-2021-36260)	6
ET HUNTING .exec in HTTP URI Inbound - Possible Exploit Activity	6
ET HUNTING IPFS Gateway Domain in DNS Lookup (ipfs .dweb .link)	6
ET HUNTING SUSPICIOUS SMTP EXE - ZIP file with .exe filename inside (Inbound)	6
ET INFO DNS Query for Suspicious .ga Domain	6
ET SCAN Google Webcrawler User-Agent (Mediapartners-Google)	6
SURICATA HTTP gzip decompression failed	6
ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=)	6
ET WEB_SERVER ThinkPHP RCE Exploitation Attempt	6
ET WEB_SPECIFIC_APPS Wordpress LiteSpeed Cache Plugin debug.log Access Attempt (CVE-2024-44000)	6
ET DOS Possible NTP DDoS Inbound Frequent Un-Authed PEER_LIST_SUM Requests IMPL 0x03	5
ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2	5
SERVER-OTHER Sentinel license manager buffer overflow attempt	5
ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2	5