Tags
Browse and search all threat intelligence tags
Admin Panel Hunt
Web-attackScanning for administrative interfaces
CGI Script Hunt
Web-attackScanning for vulnerable CGI scripts
CMS Enumeration
Web-attackContent management system discovery and enumeration
Cisco UCM Exploit
CveCVE-2024-20253 Cisco Unified Communications Manager RCE
Citrix ADC / Gateway Probe
ReconHTTP request targeting Citrix ADC or Citrix Gateway (formerly NetScaler ADC/Gateway) specific URL paths, indicating deliberate reconnaissance or scanning for Citrix remote access infrastructure.
Config File Hunt
Web-attackScanning for exposed configuration files
Database Admin Hunt
Web-attackScanning for database admin interfaces (phpMyAdmin, etc.)
Directory Traversal Attempt
Web-attackPath traversal attack attempting to access restricted files
Enterprise Software Probe
Web-attackProbing for enterprise software (Confluence, Jenkins, etc.)
Exchange Probe
ExploitProbing Microsoft Exchange for ProxyShell/ProxyLogon vulnerabilities
File Upload Attempt
Web-attackAttempting to upload potentially malicious files
FortiGate Probe
ReconProbing FortiGate/FortiOS SSL VPN and admin interfaces, including path traversal exploit attempts
GlobalProtect Probe
ReconProbing Palo Alto GlobalProtect VPN login endpoints
IoT Default Credential Attempt
BotnetDefault credential stuffing attempt on telnet
Ivanti EPMM Exploit
CveCVE-2026-1281/CVE-2026-1340 Ivanti Endpoint Manager Mobile pre-auth RCE via Bash arithmetic expansion in /mifs/c/appstore/fob/ and /mifs/c/aftstore/fob/ endpoints
MCP Server Scan
ReconScanning for exposed Model Context Protocol (MCP) and Server-Sent Events (SSE) endpoints
Mirai Credential Spray
BotnetMirai-specific IoT default credentials detected in telnet payload
Mirai Scanner
BotnetMirai-style port 23/2323 dual scanning pattern detected
PHPUnit RCE Scan
ExploitScanning for exposed PHPUnit eval-stdin.php endpoint allowing arbitrary PHP code execution
Path Traversal Attempt
Web-attackPath traversal via encoded sequences
Port Scan
ReconScanning 5+ ports on target host
RDP Connection Attempt
ActivityRemote Desktop Protocol (RDP) connection attempt detected on port 3389
Router Exploit
Web-attackAttempting router firmware exploits (Netgear, D-Link, etc.)
SIP Register Scanner
ActivitySIP VoIP registration scanning on port 5060
SQL Injection Attempt
Web-attackSQL injection attack detected in request
SSH Bruteforcer
Brute-forceMultiple SSH authentication attempts detected
SSH Connection Attempt
ActivitySSH connection attempt detected on port 22 or 2222
SharePoint Active Exploitation
CveActive exploitation of SharePoint vulnerabilities
SharePoint Toolshell Exploit
CveSharePoint toolshell exploitation attempt
SharePoint Webshell Scanning
CveScanning for SharePoint web shells
SolarWinds Probe
Web-attackProbing for SolarWinds Orion endpoints
TLS/SSL Crawler
ActivityTLS/SSL connection fingerprinting detected via Suricata
Telnet Bruteforcer
Brute-forceMultiple telnet authentication attempts detected
Telnet Login Attempt
ActivityTelnet connection attempt on port 23 or 2323
ThinkPHP RCE
ExploitExploiting ThinkPHP framework invokefunction endpoint for remote code execution
URI Parsing Exploit
Web-attackExploiting URI parsing vulnerabilities
VNC Login Attempt
ActivityVNC remote desktop login attempt on port 5900/5901
Web Command Injection
Web-attackAttempting OS command injection via web parameters
Web Crawler
ActivityHTTP web crawling activity detected on web honeypots
Web Shell Hunt
Web-attackScanning for web shells (WSO, c99, r57, etc.)
Web Vulnerability Exploit
Web-attackGeneric web application vulnerability exploit
WordPress Auth Bypass
CveWordPress authentication bypass attempt
WordPress Enumeration
Web-attackWordPress user and plugin enumeration