Skip to content

Sensors Available Tags

Tag Description
AFP_SCANNER AFP - Apple Filing protocol Scanner
AFS_SCANNER AFSVersionRequest Scanner
ANDROMOUSE_SCANNER AndroMouse Scanner - Android Wireless Mouse And Keyboard
AMPEREINNOTECH Internet wide scanner
AMPLIFICATION Association with amplification attacks
AMQP_SCANNER Scanning for a technology of Advanced Message Queuing Protocol such as RabbitMQ
ASTERISK_SCANNER Scanning for Asterisk/VOIP Technology
ADWARE Malware delivered via advertisement
ADWIND Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat
APACHE_JSERV_SCANNER The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server
APPLERD_SCANNER Apple Remote Desktop Scanner
BACKDOOR Scanning for a known backdoor
BENIGN Known and confirmed actor or actions that have been classified by us as non malicious
BGP_SCANNER Scanning for BGP protocol
BINARYEDGE Internet wide scanner
BITSIGHT Internet wide scanner
BITTORRENT_SCANNER Scanning for Bittorrent protocol
BOTNET Known botnet traffic
BLUEKEEP_SCANNER Vulnerability affecting RDP protocol (CVE-2019-0708)
BUSYBOX_SCANNER Scanning for BusyBox
CASSANDRA_SCANNER Scanning for Apache Cassandra
CENSYS Internet wide scanner
CISCO_LINKSYS_SCANNER Scanning for vulnerabilities associated with Cisco or Linksys
CISCO_SMART_INSTALL Scanning for Cisco Smart Install
CITRIX_SCANNER Scanner looking for Citrix instances
COAP_SCANNER CoAP GET .well-known/core Scanner
COCCOC Cốc Cốc browser is a freeware web browser focused on the Vietnamese market, developed by Vietnamese company Cốc Cốc and based on Chromium open source code
CODESYS_SCANNER Scanning for Codesys protocol, typically used in SCADA environments
CORBA_SCANNER The Common Object Request Broker Architecture is a standard defined by the Object Management Group designed to facilitate the communication of systems that are deployed on diverse platforms
CRIMINALIP Internet wide scanner
CROSSMATCH_SERVER Crossmatch Biometric server
CRYPTOCURRENCY_SCANNER Scanning for cryptocurrency API or exposed nodes
CVE-2012-0152 The Remote Desktop Protocol service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service via a series of crafted packets
CVE-2012-0432 Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before
CVE-2015-4852 The WLS Security component in Oracle WebLogic Server,,, and allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic
CVE-2015-7808 The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments
CVE-2015-8562 Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header
CVE-2017-5638 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string
CVE-2017-12615 Apache Tomcat 7.0.0 to 7.0.79 has a remote code execution vulnerability
CVE-2017-17215 Huawei HG532 with some customized versions has a remote code execution vulnerability
CVE-2018-13379 Some versions of Fortinet FortiOS under SSL VPN web portal allows an unauthenticated attacker to download system files via HTTP resource requests
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2019-11510 File reading vulnerability in Pulse Secure Pulse Connect Secure
CVE-2019-15107 Command injection vulnerability on Webmin through 1.920
CVE-2019-19781 An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal
CYBERGREEN The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem
DAHUA_DVR_SCANNER Scanning for Dahua DVR devices
DAHUA_NVR_SCANNER Scanning for Dahua NVR devices
DRDA_SCANNER DRDA Protocol Scanner
DFIND_SCANNER Scanner using ZmEu vulnerability scanner
DICT_SCANNER Dictionary Network Protocol
DIGI_DISCOVERY_SCANNER Scanning for Digi Device Discovery
DLINK_SCANNER Scanning for DLink vulnerabilities
DNS_SCANNER The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network
DNS_SD_SCANNER Scanning for DNS Service Discovery
DRIDEX Dridex also known as Bugat and Cridex is a form of malware that specializes in stealing bank credentials
DRUPAL_SCANNER Scanning for Drupal framework vulnerabilities
DTLS_SCANNER Valid DTLS Connections
DVR_SCANNER Scanning for DVR devices
ECSHOP_SCANNER Scanning for eCShop
EPMD_SCANNER Erlang Port Mapper Daemon Scanner
ELASTICSEARCH_SCANNER Scanning for exposed Elasticsearch databases
EMAIL_SCANNER Scanning for known email protocols
EMOTET The Emotet banking Trojan was first identified by security researchers in 2014
ENTTEC_DMX Scanning for ENTTEC DMX devices
EOS_NODE_SCANNER Scanning for EOS Blockchain nodes
ETHEREUM_NODE_SCANNER Scanning for Ethereum Blockchain nodes
EXABOT Exabot is a web scraper for Exalead
EXPLOITATION Validated exploitation of known vulnerability
FINGER_SCANNER Scanner for fing protocol
FIREBIRD_SCANNER Firebird is an open-source SQL relational database management system
FOX_SCANNER Scanner for Tridium Fox scada protocol
FTP_SCANNER Scanner for FTP servers
GAME_SERVER_STATUS_SCANNER Looking for status for freelancer game
GENERICLINES Normal new line scanner, typically initial probe
GIT_SCANNER Scanner for open git repositories
GOODOR Scanner for the goodor backdoor
GOOGLE hosted content
GOOTKIT Trojan.GootKit is a Trojan horse that steals confidential information and also opens a back door and downloads additional files on to the compromised computer
GOZI GOZI is a spyware that monitors network traffic. It also gets login credentials stored in browsers and mail applications
GPON_ONT_SCANNER Scanner for GPON Network terminals
GKRELLM_SCANNER GKrellM System Monitor Scanner
HADOOP_YARN_SCANNER Scanning for Hadoop Yarn
HAMLIB_SCANNER Hamlib rotctld Scanner
HISILICON_DVR Scanning fot a remote code execution vulnerability on HiSilicon DVR devices
HNAP_SCANNER Scanning for HNAP routers
HTTP_REFLECTION Source of event tried to make one of our sensors access something from 3rd party, potential DDoS
HTTP_SCANNER Scanning for HTTP Services
HUAWEI_HG532_SCANNER Scanning for vulnerabilities associated with the Huawei HG532 Router
IBM_DB2_SCANNER Scanning for IBM DB2 databases
IBM_TN3270 Scanning for IBM TN3270 terminals
IBM_NJE_SCANNER IBM Network Job Entry Scanner
IKE_SCANNER Internet Key Exchange protocol scanner
INFORMIX_SCANNER IBM Informix is a product family within IBM's Information Management division that is centered on several relational database management system offerings.
INTERNET_CENSUS Internet wide scanner actor seemly associated with Bitsight
IPFIRE_EXPLOIT Scanning for IPFire router software exploits
IPMI_SCANNER Scanning for devices using IPMI
IRC_SCANNER Scanning for IRC servers
IS_ARCHIVER The Internet Archive
JABBER_SCANNER Scanning for the Jabber protocol
JANUARY January Malware
JAVA_SCANNER Scanning for JRMI endpoints
JBIFROST Also called ADWind, the Adwind Remote Access Trojan (RAT) is a popular Java-based backdoor capable of infecting Windows, Linux, Mac OS and Android operating systems
JBOSS_MALWARE Known Malware of JBOSS framework
JDWP_SCANNER Scanning for Java Debug Wire Protocol
JENKINS_SCANNER  Scanning for Jenkins
JOOMLA_SCANNER  Scanning for Joomla
JUNIPER_SCANNER Scanning for exposed Juniper network devices
KERBEROS_SCANNER Scanning for Kerberos protocol
KGUARD_SCANNER Scanning for Kguard Cameras
KUDELSKI-NAGRA Internet wide scanner
KUMOFS_SCANNER Kumofs is a simple and fast distributed key-value store
LANDESK_SCANNER Scanning for Landesk software
LINUX_BACKDOOR_SCANNER Scanning for Linux backdoors
LINUXSAMPLER_SCANNER LinuxSampler Control Protocol Scanner
LDAP_SCANNER Scanning for LDAP protocol
LPD_SCANNER Line Printer Daemon protocol
LOSEC Internet wide scanner
MAIL_RU Mail.Ru Group, ООО (commonly referred to as Mail.Ru) is a Russian Internet company
MALICIOUS Known and confirmed malicious actions
MALIGN Known and confirmed malicious actions
MALWARE Known and confirmed malware
MARBLE_COIN_SCANNER Scanning for Marble Coin
MASSCAN_SCANNER Scanner using Masscan
MEMCACHED_SCANNER Scanning for exposed memcached endpoints
METASPLOIT Actor using the Metasploit
MICROSOFT_SQL_SERVER Scanning for exposed Microsoft SQL server
MIKROTIK_ROUTEROS Scanning for a remote shell vulnerability on Mikrotik devices running certain versions of RouterOS
MIRAI Mirai-family botnet
MNUBOT MnuBot is a banking trojan discovered by IBM X-Force researchers
MODBUS_SCANNER Scanning for the SCADA protocol modbus
MONGODB_SCANNER Scanning for exposed mongoDB databases
MUMBLE_SCANNER Mumble Voice Chat Server Scanner
MQTT_SCANNER A lightweight messaging protocol for small sensors and mobile devices
NFS_SCANNER NFS version 2 Scanner
NETCRAFT Netcraft is an Internet services company based in Bath, Somerset, England.
NEUTRINO Neutrino malware
NMAP_SCANNER Actor using the NMAP scanner
NOCTION_IRP Scanning for Noction IRP BGP software
NOMACHINE_SCANNER NoMachine Network Server Scanner
NOVELL_NCP_SCANNER Scanning for Novell NetWare Core Protocol
NUUO_NVR_SCANNER Scanning for Nuuo CCTV Cameras
NTP_SCANNER Scanning for NTP servers
NVMS9000_DVR_SCANNER Scanning for NVMS-9000 Digital Video Recorder devices
ONYPHE Internet wide scanner
OPENPORTSTATS Internet wide scanner
OPENVPN_SCANNER OpenVPN software scanner
ORACLE_TNS_SCANNER Scanning for Oracle Databases exposing the TNS endpoint
ORACLE_WEBLOGIC Scanning for Oracle Weblogic Servers
PC_ANYWHERE_SCANNER pcAnywhere was a suite of computer programs by Symantec which allows a user of the pcAnywhere remote program on a computer to connect to a personal computer running the pcAnywhere host
PCWORX_SCANNER Scanning for PCWorx protocol
PEPPA Peppa malware
PERVASIVE_SQL_SCANNER Pervasive PSQL is an ACID-compliant database management system (DBMS) developed by Pervasive Software
PLC_SCANNER Scanning for Programmable Logic Controllers
PHP_FPM Scanning for PHP FastCGI Process Manager panels
PHPMYADMIN Scanning for PHPMyAdmin panels
POSTGRESQL_SCANNER Scanning for PostgreSQL servers
PRINTER_SCANNER Scanning for exposed printers
PROBETHENET Internet wide scanner
PROCONOS_SCANNER ProConOs scada protocol Scanner
PROJECT25499 Internet wide scanner
PROXY_SCANNER Scanning for open proxies
PUTTY_CLIENT SSH Connections using Putty Client
QUAKE_SCANNER Scanner for Quake 3 servers
QUEENS_COLLEGE_UNI_NY Queens College, City University of New York
QUIC_SCANNER Scanning for QUIC protocol
QWANT Qwant, the European search engine that respects your privacy
RABBITMQ_SCANNER Scanning for RabbitMQ Protocol
RADMIN_SCANNER Scanning for Radmin software
RADWARE_SCANNER Scanning for Radware software
RANSOMWARE General ransomware tag, when we cant classify the family
RAPID7 Internet wide scanner
RCONFIG_SCANNER  Scanning for rConfig network management tool
RDP_SCANNER Scanning for Remote Desktop Protocols
RDS_SCANNER Scanning for Microsoft Remote Desktop Services
REALTEK_MINIIGD_UPNP Scanning for Realtek SDK Miniigd UPnP command execution vulnerability
REDIS_SCANNER Scanning for exposed REDIS databases
RFB_SCANNER Scanning for VNC Protocol
RLOGIN_SCANNER Scanning for Rlogin protocol
ROUTER_SCANNER Scanning for exposed routers
RPC_SCANNER Most likely looking for Ethereum Nodes
RSYNC_SCANNER Scanning for Rsync servers
RTSP_SCANNER Scanning for Realtime Stream Protocol
RUBY Actor using a Ruby-based tool
RWTH_AACHEN_UNIVERSITY RWTH Aachen University or Rheinisch-Westfälische Technische Hochschule Aachen is a research university located in Aachen, North Rhine-Westphalia, Germany
SAP_SCANNER Scanning for SAP Servers
SCADA_SCANNER Scanning for SCADA protocols
SERIALNUMBERD Scanning for serialnumberd
SERVICES_HELP Services Help Scanner
SEZNAM crawler
SHAREPOINT_SCANNER Scanning for Sharepoint
SHODAN Internet wide scanner
SIP_SCANNER Scanning for SIP /VOIP Servers
SLURP Slurp bot for Yahoo
SMB_SCANNER Scanner for SMB Protocol often affiliated with exploitation of Microsoft Windows
SMTP_SCANNER Scanner for SMTP protocol
SNMP_SCANNER Scanner for SNMP protocol
SOAP_SCANNER Scanning for software based on SOAP requests
SQUEEZECENTER_SCANNER SqueezeCenter is the media server component of Slim Devices's (now a Logitech company) media playing devices such as Squeezebox
SOLARWINDS_ORION_SCANNER Scanner for Solarwinds Orion
SOURCE_ENGINE Valve Source Engine - Games
SSH_SCANNER Valid SSH connections
SSL_SCANNER Valid SSL Connections
STANFORD_UNIVERSITY Leland Stanford Junior University is a private research university in Stanford, California
STRATUM_SCANNER Scanning for Stratum software
STRUTS_OGNL_SCANNER Apache Struts Jakarta Multipart Parser OGNL Injection Scanner
STRETCHOID Stetchoid is a platform that helps identify an organization's online services
SYBASE_ASA_DISCOVER Scanning for Sybase Anywhere servers on the LAN by sending broadcast discovery messages
TARANTOOL_SCANNER Tarantool is an open-source NoSQL database management system and Lua application server
TALAIA A highly scalable, NetFlow/IPFIX based big-data platform that is designed for network operators taking complex decisions
TCP_SYN SYN packet received
TFTP_SCANNER Scanner for FTP servers
THINK_PHP Exploitation of ThinkPHP vulnerability
TOFSEE Backdoor.Tofsee is capable of making changes to the settings on affected systems and stealing information from them. Once executed, it is capable of tracking users online activities, opening affected systems for infiltration to steal personal information and credentials, and changing browser and DNS settings
TOR Tor node
TOR_SCANNER Scanning for the Tor Protocol
TORRENTLOCKER TorrentLocker is a ransomware trojan targeting Microsoft Windows. TorrentLocker scans the system for programs and files, and conceals the contents through AES encryption leaving ransom instructions to the victim on what has to be done, and how to pay the decryption ransom
TREND_MICRO_OFFICESCAN_SCANNER Trendmicro endpoint protection
TRICKBOT Trickbot Malware
TROJAN A trojan horse or trojan is a type of malware that is often disguised as legitimate software
TROLDESH Ransom.Troldesh is a Trojan horse that encrypts files on the compromised computer and asks the user to pay in order to decrypt them. It may also download potentially malicious files
TEAMSPEAK2_SCANNER Team Speak 2 VoIp Communication Server
UNIFI_SCANNER Scanning for Ubiquiti devices - UNIFI family
UBIQUITI_SCANNER Scanning for Ubiquiti devices
UNIVERSITY_BERKELEY The University of California, Berkeley is a public research university in Berkeley, California
UNIVERSITY_BROWN Brown University is a private Ivy League research university in Providence, Rhode Island
UNIVERSITY_MICHIGAN The University of Michigan, often simply referred to as Michigan, is a public research university in Ann Arbor, Michigan
UPNP_SCANNER Scanner for UPNP protocol
VBULLETIN_SCANNER Scanner for vBulletin software
VNC_SCANNER Scanner for the VNC Protocol
VTIGERCRM_SCANNER Scanner for the Vtiger CRM
VXWORKS_SCANNER Scanning for VxWorks systems
VXWORKS_DOS VxWorks vulnerability that can cause a Denial of Service
WEBMIN Scanning for Webmin
WEBLOGIC_SCANNER Weblogic Scanner - Java Deserialization
WMSREQUEST_SCANNER Web Map Service request
WWWOFFLE_SCANNER WWWOFFLE is a proxy server and web caching software
WORDPRESS_SCANNER Scanning for Wordpress
WSDISCOVERY_SCANNER Scanning for Web Services Dynamic Discovery protocol
X11_SCANNER Scanning for the X11 protocol
ZENNOLAB_SCANNER Scanning for Zennolab tools
ZGRAB_SCANNER Scanner using zgrab software -
ZMAP_SCANNER Scanner using zmap software -
ZMEU_SCANNER Scanner using ZmEu vulnerability scanner
ZTE_F460_SCANNER Scanning for ZTE F460 Routers
ZTE_F660_SCANNER Scanning for ZTE F660 Routers