Explore Our Data
New Tags
Atlassian Confluence Server OGNL Injection Attempt [Intention: Malicious]
- CVE-2021-26084
- This IP address has been observed attempting to exploit CVE-2021-26084, an OGNL injection vulnerability in Confluence Server and Data Center.
- Sources: GitHub (1, 2), MITRE
- See it on GreyNoise Viz
Atlassian Confluence Server OGNL Injection Vuln Check [Intention: Unknown]
- CVE-2021-26084
- This IP address has been observed checking for the existence of CVE-2021-26084, an OGNL injection vulnerability in Confluence Server and Data Center.
- Sources: GitHub (1, 2), MITRE
- See it on GreyNoise Viz
Oracle WebLogic RCE CVE-2021-2109 [Intention: Malicious]
- CVE-2021-2109
- This IP address has been observed exploiting Oracle WebLogic CVE-2021-2109.
- Sources: Mitre, PacketStorm Security, GitHub
- See it on GreyNoise Viz
Seagate BlackArmor RCE Attempt [Intention: Malicious]
- CVE-2014-3206
- This IP address has been observed exploiting CVE-2014-3206, a remote code execution vulnerability in Seagate BlackArmor NAS.
- Sources: NIST, VulDB, ExploitDB
- See it on GreyNoise Viz
ASUS GT-AC2900 Auth Bypass Attempt [Intention: Malicious]
- CVE-2021-32030
- This IP address has been observed attempting to exploit CVE-2021-32030, an authentication bypass in ASUS GT-AC2900 routers.
- Sources: MITRE, Atredis
- See it on GreyNoise Viz
Apache SkyWalking GraphQL SQL Injection [Intention: Malicious]
- CVE-2020-9483
- This IP address has been observed attempting to exploit CVE-2020-9483, a SQL injection vulnerability in Apache SkyWalking via GraphQL.
- Sources: GitHub, NVD
- See it on GreyNoise Viz
Carries HTTP Referer [Intention: Unknown]
- This IP address has been observed scanning the internet with an HTTP client that includes the Referer header in its requests.
- Sources: Firefox
- See it on GreyNoise Viz
Stores HTTP Cookies [Intention: Unknown]
- This IP address has been observed scanning the internet with an HTTP client that supports storing Cookies.
- Sources: Firefox (1, 2)
- See it on GreyNoise Viz
Follows HTTP Redirects [Intention: Unknown]
- This IP address has been observed scanning the internet with an HTTP client that follows redirects defined in a Location header.
- Sources: Firefox
- See it on GreyNoise Viz
RSYNC Crawler [Intention: Unknown]
- This IP address has been observed scanning the internet and attempting to discover rsync server instances.
- Sources: Red Hat, Hacktricks.xyz
- See it on GreyNoise Viz
New Actor Tag
University of Michigan [Intention: Benign]
- Sources: Department of Electrical Engineering and Computer Science
- See it on GreyNoise Viz
Tag Improvements
As part of our process, our research team continues to clean up and improve on existing tags as new information or better processes are introduced.
ADB Check [Intention: Unknown]
- This IP address has been observed checking for the existence of the Android Debug Bridge protocol.
- See it on GreyNoise Viz
ADB Attempt [Intention: Malicious]
- This IP address has been observed checking for the existence of the Android Debug Bridge protocol and has requested interactivity.
- See it on GreyNoise Viz
EDITORS NOTE: This blog post has been updated as of Sep. 2 to reflect edits to the Atlassian Confluence Server OGNL Injection tags.
