Skip to content

Sensors Available Tags

Tag Description
100PROCENT_IT_KOMMUNIKATION https://www.100procent.com/
AMPEREINNOTECH https://ampereinnotech.com/
AMPLIFICATION Association with amplification attacks
AMQP_SCANNER Scanning for a technology of Advanced Message Queuing Protocol such as RabbitMQ
ASTERISK_SCANNER Scanning for Asterisk/VOIP Technology
ADWARE Malware delivered via advertisement
ADWIND Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat
BACKDOOR Scanning for a known backdoor
BAIDUSPIDER http://www.baidu.com/
BENIGN Known and confirmed actor or actions that have been classified by us as non malicious
BINARYEDGE https://www.binaryedge.io/
BINGBOT https://www.bing.com/
BITSIGHT https://www.bitsight.com/
BOTNET Known botnet traffic
CENSYS https://censys.io/
CISCO_LINKSYS_SCANNER Scanning for vulnerabilities associated with Cisco or Linksys
CISCO_SMART_INSTALL Scanning for Cisco Smart Install
COCCOC Cốc Cốc browser is a freeware web browser focused on the Vietnamese market, developed by Vietnamese company Cốc Cốc and based on Chromium open source code
CODESYS_SCANNER Scanning for Codesys protocol, typically used in SCADA environments
CORBA_SCANNER The Common Object Request Broker Architecture is a standard defined by the Object Management Group designed to facilitate the communication of systems that are deployed on diverse platforms.
CRYPTOCURRENCY_SCANNER Scanning for cryptocurrency API or exposed nodes
CVE-2017-17215 Huawei HG532 with some customized versions has a remote code execution vulnerability
CYBERGREEN The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.
CYMRU http://www.team-cymru.com
DICT_SCANNER Dictionary Network Protocol
DLINK_SCANNER Scanning for DLink vulnerabilities
DNS_SCANNER The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network
DOMAINTOOLS https://www.domaintools.com/
DRIDEX Dridex also known as Bugat and Cridex is a form of malware that specializes in stealing bank credentials
DRUPAL_SCANNER Scanning for Drupal framework vulnerabilities
DUCKDUCKBOT https://duckduckgo.com/
ELASTICSEARCH_SCANNER Scanning for exposed Elasticsearch databases
EMAIL_SCANNER Scanning for known email protocols
EMOTET The Emotet banking Trojan was first identified by security researchers in 2014
EOS_NODE_SCANNER Scanning for EOS Blockchain nodes
ETHEREUM_NODE_SCANNER Scanning for Ethereum Blockchain nodes
EXABOT Exabot is a web scraper for Exalead https://www.exalead.com
EXPLOITATION Validated exploitation of known vulnerability
EXPOSURE_MONITORING https://www.exposuremonitoring.in/
FACEBOOKEXTERNALHIT https://www.facebook.com/ crawler
FINDMALWARE http://research.findmalware.org/
FINGER_SCANNER Scanner for fing protocol
FOX_SCANNER Scanner for Tridium Fox scada protocol
FTP_SCANNER Scanner for FTP servers
GIT_SCANNER Scanner for open git repositories
GOODOR Scanner for the goodor backdoor
GOOGLE www.google.com hosted content
GOOGLEBOT https://www.google.com/ crawler
GOOTKIT Trojan.GootKit is a Trojan horse that steals confidential information. It also opens a back door and downloads additional files on to the compromised computer.
GOZI GOZI is a spyware that monitors network traffic. It also gets login credentials stored in browsers and mail applications.
GPON_ONT_SCANNER Scanner for GPON Network terminals
HADOOP_HDFS_SCANNER Scanning for Hadoop HDFS
HADOOP_YARN_SCANNER Scanning for Hadoop Yarn
HNAP_SCANNER Scanning for HNAP routers
HTTP_CRAWLER HTTP Crawler
HTTP_SCANNER Scanning for HTTP Services
HUAWEI_HG532_SCANNER Scanning for vulnerabilities associated with the Huawei HG532 Router
ICMP_ECHO_REQUEST Ping event
INTERNET_CENSUS Internet wide scanner actor seemly associated with Bitsight
INTERNET_TTL http://www.internettl.org/
INTRINSEC https://intrinsecsecurity.com/
IPFIRE_EXPLOIT Scanning for IPFire router software exploits
IPIP https://en.ipip.net/
IS_ARCHIVER The Internet Archive https://archive.org/
JABBER_SCANNER Scanning for the Jabber protocol
JANUARY January Malware https://bitninja.io/blog/2018/12/28/goodbye-peppa-hello-january?PageSpeed=noscript
JAVA_SCANNER Scanning for JRMI endpoints
JBIFROST Also called ADWind The Adwind Remote Access Trojan (RAT) is a popular Java-based backdoor capable of infecting Windows, Linux, Mac OS and Android operating systems. Its cross-platform nature, elaborate backdoor features, and relatively cheap price makes it a favourite choice for many cybercriminals today.
JBOSS_MALWARE Known Malware of JBOSS framework
JUNIPER_SCANNER Scanning for exposed Juniper network devices
KGUARD_SCANNER Scanning for Kguard Cameras
KUDELSKI-NAGRA Internet wide scanner https://www.nagra.com/
LOSEC Internet Wide scanner - lo-sec.online
MAIL_RU Mail.Ru Group, ООО (commonly referred to as Mail.Ru) is a Russian Internet company.
MALICIOUS Known and confirmed malicious actions
MALIGN Known and confirmed malicious actions
MALWARE Known and confirmed malware
MASSCAN_SCANNER Scanner using Masscan
MEMCACHED_SCANNER Scanning for exposed memcached endpoints
MICROSOFT_SQL_SERVER Scanning for exposed Microsoft SQL server
MINERPOOL www.minerpool.net
MODBUS_SCANNER Scanning for the SCADA protocol modbus
MONGODB_SCANNER Scanning for exposed mongoDB databases
NETCRAFT Netcraft is an Internet services company based in Bath, Somerset, England. https://www.netcraft.com/
NETSYSTEMS http://netsystemsresearch.com
NMAP_SCANNER Actor using the NMAP scanner
NUUO_NVR_SCANNER Scanning for Nuuo CCTV Cameras
ONYPHE Internet Wide scanner https://www.onyphe.io/
ORACLE_TNS_SCANNER Scanning for Oracle Databases exposing the TNS endpoint
PEPPA Peppa malware
PHPMYADMIN Scanning for PHPMyAdmin panels
PRINTER_SCANNER Scanning for exposed printers
PROBETHENET Internet Wide Scanner http://probethenet.com/
PROJECT25499 Internet Wide Scanning http://project25499.com/
PROXY_SCANNER Scanning for open proxies
PUTTY_CLIENT SSH Connections using Putty Client
QUADMETRICS https://quadmetrics.com/
QUEENS_COLLEGE_UNI_NY https://www.qc.cuny.edu Queens College, City University of New York
QWANT https://www.qwant.com/ Qwant, the European search engine that respects your privacy
RABBITMQ_SCANNER Scanning for RabbitMQ Protocol
RADWARE_SCANNER https://www.radware.com/
RANSOMWARE General ransomware tag, when we cant classify the family
RAPID7 https://www.rapid7.com/
RDP_SCANNER Scanning for Remote Desktop Protocols
REDIS_SCANNER Scanning for exposed REDIS databases
RFB_SCANNER Scanning for VNC Protocol
RLOGIN_SCANNER Scanning for Rlogin protocol
ROUTER_SCANNER Scanning for exposed routers
RSYNC_SCANNER Scanning for Rsync servers
RTSP_SCANNER Scanning for Realtime Stream Protocol
RWTH_AACHEN_UNIVERSITY http://www.rwth-aachen.de RWTH Aachen University or Rheinisch-Westfälische Technische Hochschule Aachen is a research university located in Aachen, North Rhine-Westphalia, Germany
SAP_SCANNER Scanning for SAP Servers
SCADA_SCANNER Scanning for SCADA protocols
SEZNAM https://www.seznam.cz/ crawler
SHADOWSERVER https://www.shadowserver.org/wiki/ scanner
SHODAN Internet Wide Scanning Shodan.io
SIP_SCANNER Scanning for SIP /VOIP Servers
SLURP Slurp bot for Yahoo
SMB_SCANNER Scanner for SMB Protocol often affiliated with exploitation of Microsoft Windows
SMTP_SCANNER Scanner for SMTP protocol
SOGOU https://www.sogou.com/
SOURCE_ENGINE Valve Source Engine - Games
SSH_SCANNER Valid SSH connections
SSL_SCANNER Valid SSL Connections
STANFORD_UNIVERSITY https://www.stanford.edu/ Leland Stanford Junior University is a private research university in Stanford, California.
STRETCHOID http://stretchoid.com/ Stetchoid is a platform that helps identify an organization's online services.
TALAIA https://www.talaia.io/ A highly scalable, NetFlow/IPFIX based big-data platform that is designed for network operators taking complex decisions
TCP_SYN SYN packet received
TOFSEE Backdoor.Tofsee is capable of making changes to the settings on affected systems and stealing information from them. Once executed, it is capable of tracking users online activities, opening affected systems for infiltration to steal personal information and credentials, and changing browser and DNS settings.
TOR Tor node
TOR_SCANNER Scanning for the Tor Protocol
TORRENTLOCKER TorrentLocker is a ransomware trojan targeting Microsoft Windows. TorrentLocker scans the system for programs and files, and conceals the contents through AES encryption leaving ransom instructions to the victim on what has to be done, and how to pay the decryption ransom
TRICKBOT Trickbot Malware
TROLDESH Ransom.Troldesh is a Trojan horse that encrypts files on the compromised computer and asks the user to pay in order to decrypt them. It may also download potentially malicious files.
UNIFI_SCANNER Scanning for Ubiquiti devices - UNIFI family
UBIQUITI_SCANNER Scanning for Ubiquiti devices
UNIVERSITY_BERKELEY https://www.berkeley.edu/ The University of California, Berkeley is a public research university in Berkeley, California.
UNIVERSITY_BROWN https://www.brown.edu/ Brown University is a private Ivy League research university in Providence, Rhode Island
UNIVERSITY_MICHIGAN https://umich.edu/ The University of Michigan, often simply referred to as Michigan, is a public research university in Ann Arbor, Michigan.
UPNP_SCANNER Scanner for UPNP protocol
VNC_SCANNER Scanner for the VNC Protocol
VTIGERCRM_SCANNER Scanner for the Vtiger CRM
WORDPRESS_SCANNER Scanning for Wordpress
X11_SCANNER Scanning for the X11 protocol
YANDEXBOT https://yandex.com/
ZGRAB_SCANNER Scanner using zgrab software - https://github.com/zmap/zgrab2
ZTE_F460_SCANNER Scanning for ZTE F460 Routers
ZTE_F660_SCANNER Scanning for ZTE F660 Routers