Skip to content

Sensors Available Tags

Tag Description
AMPEREINNOTECH Internet wide scanner
AMPLIFICATION Association with amplification attacks
AMQP_SCANNER Scanning for a technology of Advanced Message Queuing Protocol such as RabbitMQ
ASTERISK_SCANNER Scanning for Asterisk/VOIP Technology
ADWARE Malware delivered via advertisement
ADWIND Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat
BACKDOOR Scanning for a known backdoor
BENIGN Known and confirmed actor or actions that have been classified by us as non malicious
BGP_SCANNER Scanning for BGP protocol
BINARYEDGE Internet wide scanner
BITSIGHT Internet wide scanner
BITTORRENT_SCANNER Scanning for Bittorrent protocol
BOTNET Known botnet traffic
BLUEKEEP_SCANNER Vulnerability affecting RDP protocol (CVE-2019-0708)
BUSYBOX_SCANNER Scanning for BusyBox
CASSANDRA_SCANNER Scanning for Apache Cassandra
CENSYS Internet wide scanner
CISCO_LINKSYS_SCANNER Scanning for vulnerabilities associated with Cisco or Linksys
CISCO_SMART_INSTALL Scanning for Cisco Smart Install
COCCOC Cốc Cốc browser is a freeware web browser focused on the Vietnamese market, developed by Vietnamese company Cốc Cốc and based on Chromium open source code
CODESYS_SCANNER Scanning for Codesys protocol, typically used in SCADA environments
CORBA_SCANNER The Common Object Request Broker Architecture is a standard defined by the Object Management Group designed to facilitate the communication of systems that are deployed on diverse platforms
CRIMINALIP Internet wide scanner
CRYPTOCURRENCY_SCANNER Scanning for cryptocurrency API or exposed nodes
CVE-2017-12615 Apache Tomcat 7.0.0 to 7.0.79 has a remote code execution vulnerability
CVE-2017-17215 Huawei HG532 with some customized versions has a remote code execution vulnerability
CVE-2018-13379 Some versions of Fortinet FortiOS under SSL VPN web portal allows an unauthenticated attacker to download system files via HTTP resource requests
CVE-2019-11510 File reading vulnerability in Pulse Secure Pulse Connect Secure
CVE-2019-15107 Command injection vulnerability on Webmin through 1.920
CYBERGREEN The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem
DFIND_SCANNER Scanner using ZmEu vulnerability scanner
DICT_SCANNER Dictionary Network Protocol
DLINK_SCANNER Scanning for DLink vulnerabilities
DNS_SCANNER The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network
DNS_SD_SCANNER Scanning for DNS Service Discovery
DRIDEX Dridex also known as Bugat and Cridex is a form of malware that specializes in stealing bank credentials
DRUPAL_SCANNER Scanning for Drupal framework vulnerabilities
DTLS_SCANNER Valid DTLS Connections
DVR_SCANNER Scanning for DVR devices
ELASTICSEARCH_SCANNER Scanning for exposed Elasticsearch databases
EMAIL_SCANNER Scanning for known email protocols
EMOTET The Emotet banking Trojan was first identified by security researchers in 2014
ENTTEC_DMX Scanning for ENTTEC DMX devices
EOS_NODE_SCANNER Scanning for EOS Blockchain nodes
ETHEREUM_NODE_SCANNER Scanning for Ethereum Blockchain nodes
EXABOT Exabot is a web scraper for Exalead
EXPLOITATION Validated exploitation of known vulnerability
FINGER_SCANNER Scanner for fing protocol
FOX_SCANNER Scanner for Tridium Fox scada protocol
FTP_SCANNER Scanner for FTP servers
GIT_SCANNER Scanner for open git repositories
GOODOR Scanner for the goodor backdoor
GOOGLE hosted content
GOOTKIT Trojan.GootKit is a Trojan horse that steals confidential information and also opens a back door and downloads additional files on to the compromised computer
GOZI GOZI is a spyware that monitors network traffic. It also gets login credentials stored in browsers and mail applications
GPON_ONT_SCANNER Scanner for GPON Network terminals
HADOOP_YARN_SCANNER Scanning for Hadoop Yarn
HISILICON_DVR Scanning fot a remote code execution vulnerability on HiSilicon DVR devices
HNAP_SCANNER Scanning for HNAP routers
HTTP_REFLECTION Source of event tried to make one of our sensors access something from 3rd party, potential DDoS
HTTP_SCANNER Scanning for HTTP Services
HUAWEI_HG532_SCANNER Scanning for vulnerabilities associated with the Huawei HG532 Router
IBM_DB2_SCANNER Scanning for IBM DB2 databases
IBM_TN3270 Scanning for IBM TN3270 terminals
INTERNET_CENSUS Internet wide scanner actor seemly associated with Bitsight
IPFIRE_EXPLOIT Scanning for IPFire router software exploits
IPMI_SCANNER Scanning for devices using IPMI
IRC_SCANNER Scanning for IRC servers
IS_ARCHIVER The Internet Archive
JABBER_SCANNER Scanning for the Jabber protocol
JANUARY January Malware
JAVA_SCANNER Scanning for JRMI endpoints
JBIFROST Also called ADWind, the Adwind Remote Access Trojan (RAT) is a popular Java-based backdoor capable of infecting Windows, Linux, Mac OS and Android operating systems
JBOSS_MALWARE Known Malware of JBOSS framework
JDWP_SCANNER Scanning for Java Debug Wire Protocol
JUNIPER_SCANNER Scanning for exposed Juniper network devices
KGUARD_SCANNER Scanning for Kguard Cameras
KUDELSKI-NAGRA Internet wide scanner
LANDESK_SCANNER Scanning for Landesk software
LDAP_SCANNER Scanning for LDAP protocol
LOSEC Internet wide scanner
MAIL_RU Mail.Ru Group, ООО (commonly referred to as Mail.Ru) is a Russian Internet company.
MALICIOUS Known and confirmed malicious actions
MALIGN Known and confirmed malicious actions
MALWARE Known and confirmed malware
MARBLE_COIN_SCANNER Scanning for Marble Coin
MASSCAN_SCANNER Scanner using Masscan
MEMCACHED_SCANNER Scanning for exposed memcached endpoints
MICROSOFT_SQL_SERVER Scanning for exposed Microsoft SQL server
MIKROTIK_ROUTEROS Scanning for a remote shell vulnerability on Mikrotik devices running certain versions of RouterOS
MIRAI Mirai-family botnet
MODBUS_SCANNER Scanning for the SCADA protocol modbus
MONGODB_SCANNER Scanning for exposed mongoDB databases
NETCRAFT Netcraft is an Internet services company based in Bath, Somerset, England.
NEUTRINO Neutrino malware
NMAP_SCANNER Actor using the NMAP scanner
NOCTION_IRP Scanning for Noction IRP BGP software
NUUO_NVR_SCANNER Scanning for Nuuo CCTV Cameras
ONYPHE Internet wide scanner
OPENPORTSTATS Internet wide scanner
ORACLE_TNS_SCANNER Scanning for Oracle Databases exposing the TNS endpoint
ORACLE_WEBLOGIC Scanning for Oracle Weblogic Servers
PCWORX_SCANNER Scanning for PCWorx protocol
PEPPA Peppa malware
PHP_FPM Scanning for PHP FastCGI Process Manager panels
PHPMYADMIN Scanning for PHPMyAdmin panels
PRINTER_SCANNER Scanning for exposed printers
PROBETHENET Internet wide scanner
PROJECT25499 Internet wide scanner
PROXY_SCANNER Scanning for open proxies
PUTTY_CLIENT SSH Connections using Putty Client
QUEENS_COLLEGE_UNI_NY Queens College, City University of New York
QWANT Qwant, the European search engine that respects your privacy
RABBITMQ_SCANNER Scanning for RabbitMQ Protocol
RANSOMWARE General ransomware tag, when we cant classify the family
RAPID7 Internet wide scanner
RDP_SCANNER Scanning for Remote Desktop Protocols
REALTEK_MINIIGD_UPNP Scanning for Realtek SDK Miniigd UPnP command execution vulnerability
REDIS_SCANNER Scanning for exposed REDIS databases
RFB_SCANNER Scanning for VNC Protocol
RLOGIN_SCANNER Scanning for Rlogin protocol
ROUTER_SCANNER Scanning for exposed routers
RSYNC_SCANNER Scanning for Rsync servers
RTSP_SCANNER Scanning for Realtime Stream Protocol
RWTH_AACHEN_UNIVERSITY RWTH Aachen University or Rheinisch-Westfälische Technische Hochschule Aachen is a research university located in Aachen, North Rhine-Westphalia, Germany
SAP_SCANNER Scanning for SAP Servers
SCADA_SCANNER Scanning for SCADA protocols
SERIALNUMBERD Scanning for serialnumberd
SEZNAM crawler
SHODAN Internet wide scanner
SIP_SCANNER Scanning for SIP /VOIP Servers
SLURP Slurp bot for Yahoo
SMB_SCANNER Scanner for SMB Protocol often affiliated with exploitation of Microsoft Windows
SMTP_SCANNER Scanner for SMTP protocol
SNMP_SCANNER Scanner for SNMP protocol
SOAP_SCANNER Scanning for software based on SOAP requests
SOURCE_ENGINE Valve Source Engine - Games
SSH_SCANNER Valid SSH connections
SSL_SCANNER Valid SSL Connections
STANFORD_UNIVERSITY Leland Stanford Junior University is a private research university in Stanford, California.
STRATUM_SCANNER Scanning for Stratum software
STRETCHOID Stetchoid is a platform that helps identify an organization's online services.
TALAIA A highly scalable, NetFlow/IPFIX based big-data platform that is designed for network operators taking complex decisions
TCP_SYN SYN packet received
TFTP_SCANNER Scanner for FTP servers
THINK_PHP Exploitation of ThinkPHP vulnerability
TOFSEE Backdoor.Tofsee is capable of making changes to the settings on affected systems and stealing information from them. Once executed, it is capable of tracking users online activities, opening affected systems for infiltration to steal personal information and credentials, and changing browser and DNS settings.
TOR Tor node
TOR_SCANNER Scanning for the Tor Protocol
TORRENTLOCKER TorrentLocker is a ransomware trojan targeting Microsoft Windows. TorrentLocker scans the system for programs and files, and conceals the contents through AES encryption leaving ransom instructions to the victim on what has to be done, and how to pay the decryption ransom
TRICKBOT Trickbot Malware
TROLDESH Ransom.Troldesh is a Trojan horse that encrypts files on the compromised computer and asks the user to pay in order to decrypt them. It may also download potentially malicious files.
UNIFI_SCANNER Scanning for Ubiquiti devices - UNIFI family
UBIQUITI_SCANNER Scanning for Ubiquiti devices
UNIVERSITY_BERKELEY The University of California, Berkeley is a public research university in Berkeley, California.
UNIVERSITY_BROWN Brown University is a private Ivy League research university in Providence, Rhode Island
UNIVERSITY_MICHIGAN The University of Michigan, often simply referred to as Michigan, is a public research university in Ann Arbor, Michigan.
UPNP_SCANNER Scanner for UPNP protocol
VBULLETIN_SCANNER Scanner for vBulletin software
VNC_SCANNER Scanner for the VNC Protocol
VTIGERCRM_SCANNER Scanner for the Vtiger CRM
WEBMIN Scanning for Webmin
WORDPRESS_SCANNER Scanning for Wordpress
WSDISCOVERY_SCANNER Scanning for Web Services Dynamic Discovery protocol
X11_SCANNER Scanning for the X11 protocol
ZENNOLAB_SCANNER Scanning for Zennolab tools
ZGRAB_SCANNER Scanner using zgrab software -
ZMEU_SCANNER Scanner using ZmEu vulnerability scanner
ZTE_F460_SCANNER Scanning for ZTE F460 Routers
ZTE_F660_SCANNER Scanning for ZTE F660 Routers