New Tags
Atlassian Confluence Server OGNL Injection Attempt [Intention: Malicious]
- CVE-2021-26084
- This IP address has been observed attempting to exploit CVE-2021-26084, an OGNL injection vulnerability in Confluence Server and Data Center.
- Sources: GitHub (1, 2), MITRE
- See it on GreyNoise Viz
Atlassian Confluence Server OGNL Injection Vuln Check [Intention: Unknown]
- CVE-2021-26084
- This IP address has been observed checking for the existence of CVE-2021-26084, an OGNL injection vulnerability in Confluence Server and Data Center.
- Sources: GitHub (1, 2), MITRE
- See it on GreyNoise Viz
Oracle WebLogic RCE CVE-2021-2109 [Intention: Malicious]
Seagate BlackArmor RCE Attempt [Intention: Malicious]
ASUS GT-AC2900 Auth Bypass Attempt [Intention: Malicious]
- CVE-2021-32030
- This IP address has been observed attempting to exploit CVE-2021-32030, an authentication bypass in ASUS GT-AC2900 routers.
- Sources: MITRE, Atredis
- See it on GreyNoise Viz
Apache SkyWalking GraphQL SQL Injection [Intention: Malicious]
- CVE-2020-9483
- This IP address has been observed attempting to exploit CVE-2020-9483, a SQL injection vulnerability in Apache SkyWalking via GraphQL.
- Sources: GitHub, NVD
- See it on GreyNoise Viz
Carries HTTP Referer [Intention: Unknown]
- This IP address has been observed scanning the internet with an HTTP client that includes the Referer header in its requests.
- Sources: Firefox
- See it on GreyNoise Viz
Stores HTTP Cookies [Intention: Unknown]
- This IP address has been observed scanning the internet with an HTTP client that supports storing Cookies.
- Sources: Firefox (1, 2)
- See it on GreyNoise Viz
Follows HTTP Redirects [Intention: Unknown]
- This IP address has been observed scanning the internet with an HTTP client that follows redirects defined in a Location header.
- Sources: Firefox
- See it on GreyNoise Viz
RSYNC Crawler [Intention: Unknown]
New Actor Tag
University of Michigan [Intention: Benign]
Tag Improvements
As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.
ADB Check [Intention: Unknown]
- This IP address has been observed checking for the existence of the Android Debug Bridge protocol.
- See it on GreyNoise Viz
ADB Attempt [Intention: Malicious]
- This IP address has been observed checking for the existence of the Android Debug Bridge protocol and has requested interactivity.
- See it on GreyNoise Viz
EDITORS NOTE: This blog post has been updated as of Sep. 2 to reflect edits to the Atlassian Confluence Server OGNL Injection tags.