IP addresses with this tag have been observed attempting to negotiate an SSH session.

IP addresses with this tag have been observed making repeated SSH connections in a short timeframe.

IP addresses with this tag have been observed attempting to authenticate to a Telnet server.

IP addresses with this tag have been observed attempting to bruteforce Telnet server credentials.

IP addresses with this tag have been observed attempting to opportunistically crawl the Internet and establish TLS/SSL connections.

IP addresses with this tag have been seen crawling HTTP(S) servers around the Internet.

IP addresses with this tag have been observed scanning the Internet for SIP devices and attempting to query or modify address bindings using REGISTER requests.

IP addresses with this tag have been observed attempting to authenticate to a VNC server.