Skip to content

Sensors Available Tags

Tag Description
AMPEREINNOTECH Internet wide scanner
AMPLIFICATION Association with amplification attacks
AMQP_SCANNER Scanning for a technology of Advanced Message Queuing Protocol such as RabbitMQ
ASTERISK_SCANNER Scanning for Asterisk/VOIP Technology
ADWARE Malware delivered via advertisement
ADWIND Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat
BACKDOOR Scanning for a known backdoor
BENIGN Known and confirmed actor or actions that have been classified by us as non malicious
BINARYEDGE Internet wide scanner
BITSIGHT Internet wide scanner
BOTNET Known botnet traffic
BLUEKEEP_SCANNER Vulnerability affecting RDP protocol (CVE-2019-0708)
CENSYS Internet wide scanner
CISCO_LINKSYS_SCANNER Scanning for vulnerabilities associated with Cisco or Linksys
CISCO_SMART_INSTALL Scanning for Cisco Smart Install
COCCOC Cốc Cốc browser is a freeware web browser focused on the Vietnamese market, developed by Vietnamese company Cốc Cốc and based on Chromium open source code
CODESYS_SCANNER Scanning for Codesys protocol, typically used in SCADA environments
CORBA_SCANNER The Common Object Request Broker Architecture is a standard defined by the Object Management Group designed to facilitate the communication of systems that are deployed on diverse platforms
CRIMINALIP Internet wide scanner
CRYPTOCURRENCY_SCANNER Scanning for cryptocurrency API or exposed nodes
CVE-2017-12615 Apache Tomcat 7.0.0 to 7.0.79 has a remote code execution vulnerability
CVE-2017-17215 Huawei HG532 with some customized versions has a remote code execution vulnerability
CVE-2018-13379 Some versions of Fortinet FortiOS under SSL VPN web portal allows an unauthenticated attacker to download system files via HTTP resource requests
CVE-2019-11510 File reading vulnerability in Pulse Secure Pulse Connect Secure
CVE-2019-15107 Command injection vulnerability on Webmin through 1.920
CYBERGREEN The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem
DICT_SCANNER Dictionary Network Protocol
DLINK_SCANNER Scanning for DLink vulnerabilities
DNS_SCANNER The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network
DRIDEX Dridex also known as Bugat and Cridex is a form of malware that specializes in stealing bank credentials
DRUPAL_SCANNER Scanning for Drupal framework vulnerabilities
ELASTICSEARCH_SCANNER Scanning for exposed Elasticsearch databases
EMAIL_SCANNER Scanning for known email protocols
EMOTET The Emotet banking Trojan was first identified by security researchers in 2014
EOS_NODE_SCANNER Scanning for EOS Blockchain nodes
ETHEREUM_NODE_SCANNER Scanning for Ethereum Blockchain nodes
EXABOT Exabot is a web scraper for Exalead
EXPLOITATION Validated exploitation of known vulnerability
FINGER_SCANNER Scanner for fing protocol
FOX_SCANNER Scanner for Tridium Fox scada protocol
FTP_SCANNER Scanner for FTP servers
GIT_SCANNER Scanner for open git repositories
GOODOR Scanner for the goodor backdoor
GOOGLE hosted content
GOOTKIT Trojan.GootKit is a Trojan horse that steals confidential information. It also opens a back door and downloads additional files on to the compromised computer.
GOZI GOZI is a spyware that monitors network traffic. It also gets login credentials stored in browsers and mail applications.
GPON_ONT_SCANNER Scanner for GPON Network terminals
HADOOP_YARN_SCANNER Scanning for Hadoop Yarn
HNAP_SCANNER Scanning for HNAP routers
HTTP_REFLECTION Source of event tried to make on of our sensors access something from 3rd party. Potential DDoS
HTTP_SCANNER Scanning for HTTP Services
HUAWEI_HG532_SCANNER Scanning for vulnerabilities associated with the Huawei HG532 Router
INTERNET_CENSUS Internet wide scanner actor seemly associated with Bitsight
IPFIRE_EXPLOIT Scanning for IPFire router software exploits
IS_ARCHIVER The Internet Archive
JABBER_SCANNER Scanning for the Jabber protocol
JANUARY January Malware
JAVA_SCANNER Scanning for JRMI endpoints
JBIFROST Also called ADWind The Adwind Remote Access Trojan (RAT) is a popular Java-based backdoor capable of infecting Windows, Linux, Mac OS and Android operating systems. Its cross-platform nature, elaborate backdoor features, and relatively cheap price makes it a favourite choice for many cybercriminals today.
JBOSS_MALWARE Known Malware of JBOSS framework
JUNIPER_SCANNER Scanning for exposed Juniper network devices
KGUARD_SCANNER Scanning for Kguard Cameras
KUDELSKI-NAGRA Internet wide scanner
LOSEC Internet wide scanner
MAIL_RU Mail.Ru Group, ООО (commonly referred to as Mail.Ru) is a Russian Internet company.
MALICIOUS Known and confirmed malicious actions
MALIGN Known and confirmed malicious actions
MALWARE Known and confirmed malware
MASSCAN_SCANNER Scanner using Masscan
MEMCACHED_SCANNER Scanning for exposed memcached endpoints
MICROSOFT_SQL_SERVER Scanning for exposed Microsoft SQL server
MIRAI Mirai-family botnet
MODBUS_SCANNER Scanning for the SCADA protocol modbus
MONGODB_SCANNER Scanning for exposed mongoDB databases
NETCRAFT Netcraft is an Internet services company based in Bath, Somerset, England.
NMAP_SCANNER Actor using the NMAP scanner
NUUO_NVR_SCANNER Scanning for Nuuo CCTV Cameras
ONYPHE Internet wide scanner
OPENPORTSTATS Internet wide scanner
ORACLE_TNS_SCANNER Scanning for Oracle Databases exposing the TNS endpoint
ORACLE_WEBLOGIC Scanning for Oracle Weblogic Servers
PEPPA Peppa malware
PHPMYADMIN Scanning for PHPMyAdmin panels
PRINTER_SCANNER Scanning for exposed printers
PROBETHENET Internet wide scanner
PROJECT25499 Internet wide scanner
PROXY_SCANNER Scanning for open proxies
PUTTY_CLIENT SSH Connections using Putty Client
QUEENS_COLLEGE_UNI_NY Queens College, City University of New York
QWANT Qwant, the European search engine that respects your privacy
RABBITMQ_SCANNER Scanning for RabbitMQ Protocol
RANSOMWARE General ransomware tag, when we cant classify the family
RAPID7 Internet wide scanner
RDP_SCANNER Scanning for Remote Desktop Protocols
REDIS_SCANNER Scanning for exposed REDIS databases
RFB_SCANNER Scanning for VNC Protocol
RLOGIN_SCANNER Scanning for Rlogin protocol
ROUTER_SCANNER Scanning for exposed routers
RSYNC_SCANNER Scanning for Rsync servers
RTSP_SCANNER Scanning for Realtime Stream Protocol
RWTH_AACHEN_UNIVERSITY RWTH Aachen University or Rheinisch-Westfälische Technische Hochschule Aachen is a research university located in Aachen, North Rhine-Westphalia, Germany
SAP_SCANNER Scanning for SAP Servers
SCADA_SCANNER Scanning for SCADA protocols
SEZNAM crawler
SHODAN Internet wide scanner
SIP_SCANNER Scanning for SIP /VOIP Servers
SLURP Slurp bot for Yahoo
SMB_SCANNER Scanner for SMB Protocol often affiliated with exploitation of Microsoft Windows
SMTP_SCANNER Scanner for SMTP protocol
SOURCE_ENGINE Valve Source Engine - Games
SSH_SCANNER Valid SSH connections
SSL_SCANNER Valid SSL Connections
STANFORD_UNIVERSITY Leland Stanford Junior University is a private research university in Stanford, California.
STRETCHOID Stetchoid is a platform that helps identify an organization's online services.
TALAIA A highly scalable, NetFlow/IPFIX based big-data platform that is designed for network operators taking complex decisions
TCP_SYN SYN packet received
THINK_PHP Exploitation of ThinkPHP vulnerability
TOFSEE Backdoor.Tofsee is capable of making changes to the settings on affected systems and stealing information from them. Once executed, it is capable of tracking users online activities, opening affected systems for infiltration to steal personal information and credentials, and changing browser and DNS settings.
TOR Tor node
TOR_SCANNER Scanning for the Tor Protocol
TORRENTLOCKER TorrentLocker is a ransomware trojan targeting Microsoft Windows. TorrentLocker scans the system for programs and files, and conceals the contents through AES encryption leaving ransom instructions to the victim on what has to be done, and how to pay the decryption ransom
TRICKBOT Trickbot Malware
TROLDESH Ransom.Troldesh is a Trojan horse that encrypts files on the compromised computer and asks the user to pay in order to decrypt them. It may also download potentially malicious files.
UNIFI_SCANNER Scanning for Ubiquiti devices - UNIFI family
UBIQUITI_SCANNER Scanning for Ubiquiti devices
UNIVERSITY_BERKELEY The University of California, Berkeley is a public research university in Berkeley, California.
UNIVERSITY_BROWN Brown University is a private Ivy League research university in Providence, Rhode Island
UNIVERSITY_MICHIGAN The University of Michigan, often simply referred to as Michigan, is a public research university in Ann Arbor, Michigan.
UPNP_SCANNER Scanner for UPNP protocol
VNC_SCANNER Scanner for the VNC Protocol
VTIGERCRM_SCANNER Scanner for the Vtiger CRM
WORDPRESS_SCANNER Scanning for Wordpress
X11_SCANNER Scanning for the X11 protocol
ZGRAB_SCANNER Scanner using zgrab software -
ZTE_F460_SCANNER Scanning for ZTE F460 Routers
ZTE_F660_SCANNER Scanning for ZTE F660 Routers
WEBMIN Scanning for Webmin