Scout Insight Documentation
Searching

Search Examples

  • 104.18.213.12
  • 93[.]184[.]216[.]34
  • jquery.com
  • example[.]com
IP Details

Scout is a threat investigation and hunting platform used to identify and track malicious infrastructure on the internet.

Details Page Tabs

The details page separates information about a searched IP Address into various tabs.

  • Summary
  • Whois
Summary

This tab shows summary information for the queried IP Address.

Whois

This tab shows Whois information for the IP Address.

Pivoting

Pivots are used to find more details on different fields or branch off into new investigations. Pivoting is supported on IP Addresses and domain names within Scout and other Pure Signal products.

IP Pivoting

By default, visiting an IP's details will show the top results by count. A pivot link to the right of the IP address is provided to refine that IP's details using your original search. Not all fields in the original search can be applied, so the pivot link only contains fields which can be applied in this context (see supported fields below).

  • Visit the IP's details without a refined search by clicking the IP address
  • Using a Refined Search Pivot on the IP address in Scout
  • Create a Scout Query (requires Scout subscription)

Examples of pivot links to the right of IP Addresses

These options to pivot can appear in a few spots that feature IP addresses

  • IPs found in multi-view results
  • IP Details Summary Identity panel
  • IPs under the IP Details Communications Tab (Scout Ultimate only)

Domain Pivoting

Domains can pivot to a new Scout Query. This includes domains found on PDNS domain names and common names in X.509 certificates when they appear in search results or an IP's detailed view.

Insights

Insights appear on an IP address's summary view and offer useful information at a glance such as:

  • Combinations of malicious tags
  • Suspicious activities
  • Peculiar domains
  • Recently expired domain records

Insights are sorted by rank of descending maliciousness (malicious, suspicious, followed by informational). The overall rating of the IP is determined by the most malicious insight and appears left of the IP Address. A maximum of ten insights are shown per IP Address searched.

Usage Limits

Scout

Searches are monthly-based and expire at the end of each month. A remaining monthly balance of searches is shown, in real-time in the upper right-hand corner, as a fraction of used searches over the maximum monthly search limit. When the balance is zero, no more searches can be issued until the first day of the following month.

For IP searches, the remaining balance is decremented after each search submission. Users can view all the results in all tabs, without further balance decrement.

For searches returning multi-view results, such as advanced and domain searches, the balance is decremented after:

  • Each search submission
  • Clicking on an IP in the result set, which in turn executes a new IP search.

Note: The following conditions will resubmit a search, and thus decrement the balance as described above:

  • Refreshing the page while reviewing the results of any search
  • Visiting a URL that executes an IP or advanced search

Additional searches can be purchased at any time by contacting your support representative.

Summary Visualizations

Overview Graph

The Overview graph shows a timeline of the searched IP's top features such as:

  • The IP's tags
  • The X.509 subject's common name
  • Open Ports
  • Domain Names

The segments are based on the first seen (inclusive) and last seen (non-inclusive) occurrence of each attribute within the search window. Domain names may be grouped by the root domain, and Open Ports will be grouped when they occur on the same date range. Beneath the Overview is a supporting bar chart providing a count of communication events accross protocols. This corresponds to the Communications graph.

Communications Graph

The Communications Graph is a stacked bar chart, detailing communicated protocols over the search window. Clicking on the legend entries will filter for a specific protocol. Clicking additional legend entries includes more protocols. Toggling them all to hidden will restore the full graph.

Other Graphs

The Services, Tags, ASNs, and Country Codes graphs show a percentage breakdown of the top ten features over time for the searched IP and remote IPs. Note: each column may not add to 100% when there are uncategorized events. Bars may add up to over 100% when there is overlap between categories. Clicking on the legend entries will filter to that specific series. Clicking more legend entries will include additional series. Hiding all series will restore the full graph.

Tags

Tags are a classification system in flows results that identifies IP addresses that exhibit certain types of behavior in flow data. They are displayed as badges next to IP addresses, which can then be used to filter out certain kinds of traffic, such as filtering out scanners, or looking for controllers in a botnet. IP addresses are further classified into sub-tags, which can belong to one or more parent tags.

- Indicators appear to the right of a tag's name e.g. tag to indicate that they have been added to the summary search record from data enriched with our communications records.

Name Description
blockchain The blockchain tag identifies infrastructure that utilizes blockchain technologies. This tag covers a range of blockchain applications, including cryptocurrency as well as other implementations of blockchain methodologies.
Sub-Tags (5)
Name Description
btc Blockchain Vendor
eth Blockchain Vendor
oxen Blockchain Vendor
solana Blockchain Vendor
xmr Blockchain Vendor
bogon Bogons are defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a Regional Internet Registry (RIR) by the Internet Assigned Numbers Authority.
bot Indicates a malware infection at the specific, associated address.
Sub-Tags (77)
Name Description
abstealer bot family
aldibot bot family
amadey bot family
andromeda bot family
azorult bot family
banload bot family
betabot bot family
blackenergy bot family
bluebot bot family
bolek bot family
citadel bot family
cobaltstrike bot family
conficker bot family
corebot bot family
coresys bot family
darkcomet bot family
diamondfox bot family
dirtjumper bot family
dofoil bot family
emotet bot family
enfal bot family
godzilla bot family
gozi2 bot family
goznym bot family
gumblar bot family
http_post bot family
isrstealer bot family
jedobot bot family
kasidet bot family
katrina bot family
keybase bot family
kins bot family
kpot bot family
kratos bot family
kronos bot family
locky bot family
lokibot bot family
madness bot family
marcher bot family
matsnu bot family
minerpanel bot family
mirai bot family
nanocore bot family
neverquest bot family
nymaim bot family
optima bot family
pandabanker bot family
pandora bot family
pincher bot family
ponyloader bot family
poseidon bot family
poseidon-findstr bot family
predatorthethief bot family
proxyback bot family
pua bot family
qakbot bot family
quant bot family
raccoonstealer bot family
ranbyus bot family
redline bot family
rovnix bot family
smartapp bot family
smokeloader bot family
solar bot family
stealrat bot family
suprememiner bot family
teslacrypt bot family
tinba bot family
trickbot bot family
trusteer bot family
tsunami bot family
umbra bot family
urlzone bot family
vawtrak bot family
vertexnet bot family
xorddos bot family
xswkit bot family
cdn The CDN tag characterizes IP addresses associated with Content Delivery Networks (CDNs). A Content Delivery Network (CDN) is a system of distributed servers strategically positioned around the world. Its primary purpose is to deliver web content, such as images, videos, scripts, and other static files, to end users in a faster, and more efficient manner. CDNs are sometimes associated with serving content for multiple different customers and can be an indication of possible shared hosting environment. The CDN tag has child tags to represent specific CDN vendors, such as CDN77, AKAMAI, and more.
Sub-Tags (22)
Name Description
akamai CDN Vendor
alibaba CDN Vendor
amazon CDN Vendor
baishancloud CDN Vendor
bunny CDN Vendor
cachefly CDN Vendor
cdn-networks CDN Vendor
cdn77 CDN Vendor
cloudflare CDN Vendor
edgecast CDN Vendor
fastly CDN Vendor
huawei CDN Vendor
keycdn CDN Vendor
limelight-networks CDN Vendor
lumen CDN Vendor
meta CDN Vendor
Sub-Tags (2)
Name Description
instagram Meta Product
messenger Meta Product
microsoft CDN Vendor
ovh CDN Vendor
singularcdn CDN Vendor
stackpath CDN Vendor
tiktok CDN Vendor
wangsu CDN Vendor
cloud IP addresses with the CLOUD tag represent cloud computing infrastructure. These represent cloud services such as storage, databases, virtual machines and other functionality. The CLOUD tag has child tags to represent specific cloud providers, such as AMAZON, MICROSOFT, GOOGLE, and more. Other child tags can include specific functionality of the cloud service involved and region information if available.
Sub-Tags (14)
Name Description
alibaba Cloud Vendor
Sub-Tags (1)
Name Description
data-transmission-service Alibaba Product
amazon Cloud Vendor
Sub-Tags (36)
Name Description
af-south Cloud Region
ap-east Cloud Region
ap-northeast Cloud Region
ap-south Cloud Region
ap-southeast Cloud Region
api-gateway Amazon Product
appflow Amazon Product
ca-central Cloud Region
ca-west Cloud Region
chime Amazon Product
cloud9 Amazon Product
cloudfront Amazon Product
cn-north Cloud Region
codebuild Amazon Product
connect Amazon Product
dynamodb Amazon Product
ebs Amazon Product
ec2 Amazon Product
eu-central Cloud Region
eu-north Cloud Region
eu-south Cloud Region
eu-west Cloud Region
global Cloud Region
global-accelerator Amazon Product
il-central Cloud Region
kinesis Amazon Product
me-central Cloud Region
me-south Cloud Region
route53 Amazon Product
s3 Amazon Product
sa-east Cloud Region
us-east Cloud Region
us-gov-east Cloud Region
us-gov-west Cloud Region
us-west Cloud Region
workspaces Amazon Product
baidu Cloud Vendor
Sub-Tags (1)
Name Description
baidu-data-transmission-service Baidu Product
digitalocean Cloud Vendor
google Cloud Vendor
huawei Cloud Vendor
ibm Cloud Vendor
microsoft Cloud Vendor
Sub-Tags (74)
Name Description
azure Microsoft Product
azure-action-group Microsoft Product
azure-active-directory Microsoft Product
azure-active-directory-domain-services Microsoft Product
azure-api-management Microsoft Product
azure-app-configuration Microsoft Product
azure-app-service Microsoft Product
azure-application-insights-availability Microsoft Product
azure-arc-infrastructure Microsoft Product
azure-attestation Microsoft Product
azure-autonomous-development-platform Microsoft Product
azure-backup Microsoft Product
azure-batch-node-management Microsoft Product
azure-bot-service Microsoft Product
azure-chaos-studio Microsoft Product
azure-cognitive-search Microsoft Product
azure-cognitive-services-management Microsoft Product
azure-connectors Microsoft Product
azure-container-registry Microsoft Product
azure-cosmos-db Microsoft Product
azure-data-explorer-management Microsoft Product
azure-data-factory Microsoft Product
azure-databricks Microsoft Product
azure-dev-ops Microsoft Product
azure-dev-spaces Microsoft Product
azure-digital-twins Microsoft Product
azure-dynamics365-for-marketing-email Microsoft Product
azure-event-grid Microsoft Product
azure-event-hub Microsoft Product
azure-file-sync Microsoft Product
azure-front-door Microsoft Product
azure-gateway-manager Microsoft Product
azure-grafana Microsoft Product
azure-guest-and-hybrid-management Microsoft Product
azure-hdinsight Microsoft Product
azure-healthcare-apis Microsoft Product
azure-information-protection Microsoft Product
azure-iot-hub Microsoft Product
azure-key-vault Microsoft Product
azure-load-testing-instance-management Microsoft Product
azure-logic-apps Microsoft Product
azure-m365-management-activity-api Microsoft Product
azure-machine-learning Microsoft Product
azure-microsoft-cloud-app-security Microsoft Product
azure-microsoft-fluid-relay Microsoft Product
azure-monitor Microsoft Product
azure-one-ds-collector Microsoft Product
azure-open-datasets Microsoft Product
azure-portal Microsoft Product
azure-power-bi Microsoft Product
azure-power-platform-infra Microsoft Product
azure-power-platform-plex Microsoft Product
azure-power-query-online Microsoft Product
azure-resource-manager Microsoft Product
azure-sccservice Microsoft Product
azure-security-center Microsoft Product
azure-security-compliance-center-powershell Microsoft Product
azure-sentinel Microsoft Product
azure-service-bus Microsoft Product
azure-service-fabric Microsoft Product
azure-signalr Microsoft Product
azure-site-recovery Microsoft Product
azure-sphere Microsoft Product
azure-sql Microsoft Product
azure-stack Microsoft Product
azure-storage Microsoft Product
azure-traffic-manager Microsoft Product
azure-update-delivery Microsoft Product
azure-video-analyzer-for-media Microsoft Product
azure-web-pub-sub Microsoft Product
azure-windows-admin-center Microsoft Product
azure-windows-virtual-desktop Microsoft Product
microsoft-defender-for-identity Microsoft Product
xbox-live Microsoft Product
oracle Cloud Vendor
Sub-Tags (3)
Name Description
object-storage Oracle Product
services-network Oracle Product
virtual-cloud-network Oracle Product
ovh Cloud Vendor
rackspace Cloud Vendor
vocus Cloud Vendor
vultr Cloud Vendor
wicloud.id Cloud Vendor
controller Indicates a system that is providing command and control (aka C&C, C2) services for a botnet. Like the tag bot, there are numerous types of controllers and new families are added frequently.
Sub-Tags (244)
Name Description
404keylogger controller family
abstealer controller family
adwind controller family
agenttesla controller family
ahmyth controller family
aldibot controller family
amadey controller family
amos controller family
anatsa controller family
andromeda controller family
anubis controller family
aresloader controller family
aresrat controller family
arkeistealer controller family
asyncrat controller family
asyncrat controller family
atlantida controller family
avemaria controller family
azorult controller family
azorult controller family
banload controller family
bashlite controller family
bazarbackdoor controller family
beavertail controller family
berbew controller family
betabot controller family
bianlian controller family
billgates controller family
bitrat controller family
bitterrat controller family
blackenergy controller family
blackguard controller family
blacknetrat controller family
blackshadesrat controller family
blister controller family
bluebot controller family
bluebot controller family
blueshell controller family
bolek controller family
bumblebee controller family
chalubo controller family
chaos controller family
citadel controller family
clearfake controller family
cobaltstrike controller family
coinminer controller family
conficker controller family
coper controller family
copybara controller family
corebot controller family
coresys controller family
crimsonrat controller family
cryptbot controller family
cybergate controller family
danabot controller family
darkcomet controller family
darkcomet controller family
darkgate controller family
darktrackrat controller family
dbatloader-stage1 controller family
dcrat controller family
ddosia controller family
diamondfox controller family
dirtjumper controller family
dofoil controller family
dridex controller family
emmenhtal controller family
emotet controller family
empiredownloader controller family
enfal controller family
ermac controller family
fabookie controller family
fakeupdates controller family
formbook controller family
gcleaner controller family
get2 controller family
gh0strat controller family
goatrat controller family
gobrat controller family
godfather controller family
godzilla controller family
golddigger controller family
gomorrahstealer controller family
gootloader controller family
gozi controller family
gozi2 controller family
goznym controller family
grandoreiro controller family
gumblar controller family
hookbot controller family
http_post controller family
hydra controller family
icedid controller family
irata controller family
isfb controller family
isrstealer controller family
jedobot controller family
joker controller family
kaiji controller family
kaiten controller family
kasidet controller family
katrina controller family
keybase controller family
kins controller family
koi-loader controller family
korplug controller family
kpot controller family
kratos controller family
kronos controller family
l3monrat controller family
laplasclipper controller family
latrodectus controller family
lightspy controller family
limerat controller family
locky controller family
loda controller family
lokibot controller family
lucifer controller family
lumma controller family
madness controller family
marcher controller family
mars controller family
marsstealer controller family
matanbuchus controller family
matsnu controller family
medusa controller family
meduza-stealer controller family
metastealer controller family
minerpanel controller family
mintstealer controller family
mirai controller family
moobot controller family
mysticstealer controller family
n-w0rm controller family
nanocore controller family
netsupportmanagerrat controller family
neverquest controller family
njrat controller family
njrat controller family
northstar controller family
nymaim controller family
octo controller family
optima controller family
orcusrat controller family
osint controller family
oskistealer controller family
panda-stealer controller family
pandabanker controller family
pandora controller family
phemedrone-stealer controller family
phonk controller family
phorpiex controller family
pikabot controller family
pincher controller family
plugx controller family
poisonivyrat controller family
pony controller family
ponyloader controller family
poseidon controller family
poseidon-findstr controller family
poseidon-stealer controller family
predatorthethief controller family
privateloader controller family
proxyback controller family
pua controller family
pupy controller family
purecrypter controller family
qakbot controller family
quant controller family
quasar controller family
quasar controller family
raccoonstealer controller family
ranbyus controller family
rat CONTROLLER IP addresses tagged with the RAT child tag are tagged as families identified as Remote Access Trojans (RAT). RATs differentiate from other CONTROLLER families by providing extensive real-time remote-control capabilities like file manipulation, screen capturing, and keystroke logging.
recordbreaker controller family
redline controller family
rekoobe controller family
remcosprorat controller family
remcosrat controller family
responder controller family
revengerat controller family
rhadamanthys controller family
risepro controller family
rms controller family
rovnix controller family
satacom controller family
sectoprat controller family
shadowpad controller family
sharkbot controller family
sidewinder controller family
silence controller family
smartapp controller family
smartloader controller family
smokeloader controller family
socks5-systemz controller family
solar controller family
solarmarker controller family
sparkrat controller family
spybanker controller family
spyder controller family
spynote controller family
squidloader controller family
stealc controller family
stealrat controller family
strelastealer controller family
strrat controller family
supershell controller family
suprememiner controller family
systembc controller family
t34loader controller family
teslacrypt controller family
tinba controller family
tofsee controller family
trickbot controller family
trickmo controller family
trusteer controller family
tsunami controller family
uadmin controller family
umbra controller family
urlzone controller family
vawtrak controller family
vbrevshell controller family
venomrat controller family
vertexnet controller family
vidar controller family
viperrat controller family
vjw0rm controller family
warmcookie controller family
warzone-rat controller family
whitesnakestealer controller family
wikiloader controller family
wshrat controller family
wyrmspy controller family
xehookstealer controller family
xenorat controller family
xloader controller family
xorddos controller family
xpertrat controller family
xswkit controller family
xtremerat controller family
xworm controller family
zeroaccessrat controller family
zgrat controller family
zloader controller family
honeypot The 'HONEYPOT' tag is used to flag IP addresses that exhibit characteristics resembling honeypots. Honeypots are specialized server systems designed to mimic vulnerabilities, intentionally luring potential attackers. Honeypots come in various types and may be associated with related child tags, such as 'GASPOT'.
Sub-Tags (5)
Name Description
dionaea Honeypot Product
gaspot Honeypot Product
kippo Honeypot Product
port-anomaly HONEYPOT IP addresses with the 'port-anomaly' tag are IPs that have an unusual open port profile. This could either represent an IP that is a honeypot or a network security appliance.
ultraseek Honeypot Type
ics IP Addresses with the ICS tag are associated with industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems. The devices found here are programmable logic controllers (PLCs), remote terminal units (RTUs), sensors, actuators, and also software that helps manage these devices, such as SCADA and human-machine interfaces (HMIs). Child tags exist for ICS that help identify vendors of these devices and software, such as JOHNSON_CONTROLS and SIEMENS.
Sub-Tags (121)
Name Description
accuenergy Industrial Control System Vendor
advantage-controls Industrial Control System Vendor
airtek-technologies Industrial Control System Vendor
alerton Industrial Control System Vendor
american-auto-matrix Industrial Control System Vendor
amit Industrial Control System Vendor
anybus Industrial Control System Vendor
aquicore Industrial Control System Vendor
asi-controls Industrial Control System Vendor
automated-logic Industrial Control System Vendor
automation-direct Industrial Control System Vendor
Sub-Tags (1)
Name Description
c-more-hmi Industrial Control System Product
broadwin-technology Industrial Control System Vendor
brodersen Industrial Control System Vendor
carel-industries Industrial Control System Vendor
carrier Industrial Control System Vendor
Sub-Tags (1)
Name Description
i-vu Carrier Product
cimetrics Industrial Control System Vendor
codesys Industrial Control System Vendor
contemporary-controls Industrial Control System Vendor
control-applications Industrial Control System Vendor
cp3 Industrial Control System Product
cp3-r Industrial Control System Product
cp3n Industrial Control System Product
cp4-r Industrial Control System Product
crestron Industrial Control System Vendor
cylon-controls Industrial Control System Vendor
daikin Industrial Control System Vendor
data Industrial Control System Vendor
delta-controls Industrial Control System Vendor
delta-dore Industrial Control System Vendor
deos-controls Industrial Control System Vendor
digi Industrial Control System Vendor
din-ap2 Industrial Control System Product
distech-controls Industrial Control System Vendor
dmps3-4k-350-c Industrial Control System Product
eaton-corp Industrial Control System Vendor
ecs Industrial Control System Vendor
emerson Industrial Control System Vendor
everex Industrial Control System Vendor
ewon Industrial Control System Vendor
exor-international Industrial Control System Vendor
fastwel Industrial Control System Vendor
fieldserver-technologies Industrial Control System Vendor
fuel-gauge Industrial Control System Vendor
global-control-solutions Industrial Control System Vendor
grundfos Industrial Control System Vendor
hmi Industrial Control System Type
honeywell Industrial Control System Vendor
iconics Industrial Control System Vendor
infinite-automation Industrial Control System Vendor
infocon-holdings Industrial Control System Vendor
intesis Industrial Control System Vendor
iv-produkt Industrial Control System Vendor
johnson-controls Industrial Control System Vendor
katronic Industrial Control System Vendor
kieback-peter Industrial Control System Vendor
kmc-controls Industrial Control System Vendor
lantronix Industrial Control System Vendor
Sub-Tags (4)
Name Description
altair-engineering Industrial Control System Vendor
micro-com Industrial Control System Vendor
Sub-Tags (1)
Name Description
scadaview-csx Industrial Control System Product
saf-tehnika Industrial Control System Vendor
xport Industrial Control System Product
leviton Industrial Control System Vendor
lg Industrial Control System Vendor
Sub-Tags (2)
Name Description
ac-smart-bacnet-gateway Industrial Control System Product
acp-bacnet-gateway Industrial Control System Product
liebert-corporation Industrial Control System Vendor
log-gmbh Industrial Control System Vendor
loytec Industrial Control System Vendor
lutron Industrial Control System Vendor
mass-electronics Industrial Control System Vendor
mbs-gmbh Industrial Control System Vendor
mc3 Industrial Control System Product
mc4 Industrial Control System Product
mc4-r Industrial Control System Product
mcquay Industrial Control System Vendor
mitsubishi-electric Industrial Control System Vendor
modbus Industrial Control System Vendor
modbus-bridge Industrial Control System Vendor
modbus-gateway Industrial Control System Vendor
moxa Industrial Control System Vendor
neuberger Industrial Control System Vendor
nordex Industrial Control System Vendor
obvius Industrial Control System Vendor
oj-electronics Industrial Control System Vendor
panasonic Industrial Control System Vendor
Sub-Tags (1)
Name Description
fp-web-server Industrial Control System Product
philips-lighting Industrial Control System Vendor
phoenix-controls Industrial Control System Vendor
plc Industrial Control System Type
pro2 Industrial Control System Product
pro3 Industrial Control System Product
pymodbus Industrial Control System Vendor
pyng-hub Industrial Control System Product
qm-rmc Industrial Control System Product
red-lion Industrial Control System Vendor
regin Industrial Control System Vendor
reliable-controls Industrial Control System Vendor
rle-technologies Industrial Control System Vendor
rmc3 Industrial Control System Product
rockwell Industrial Control System Vendor
rs Industrial Control System Vendor
samsung Industrial Control System Vendor
sauter-ag Industrial Control System Vendor
sbc-electronics Industrial Control System Vendor
schneider-electric Industrial Control System Vendor
Sub-Tags (2)
Name Description
bmx-series Industrial Control System Product
modicon Industrial Control System Product
scl-controls Industrial Control System Vendor
serotonin Industrial Control System Vendor
servisys Industrial Control System Vendor
shina-system Industrial Control System Vendor
siemens Industrial Control System Vendor
Sub-Tags (1)
Name Description
climatrix Industrial Control System Product
smc Industrial Control System Vendor
softdel-systems Industrial Control System Vendor
softplc-corp Industrial Control System Vendor
strato Industrial Control System Vendor
swegon Industrial Control System Vendor
swg-automation Industrial Control System Vendor
tac Industrial Control System Vendor
tekon-avtomatika Industrial Control System Vendor
Sub-Tags (2)
Name Description
kio-series Tekon Avtomatika Vendor
kun-series Tekon Avtomatika Vendor
telkonet Industrial Control System Vendor
tps-co-ltd Industrial Control System Vendor
trane Industrial Control System Vendor
trend-controls Industrial Control System Vendor
tridium Industrial Control System Vendor
Sub-Tags (1)
Name Description
niagara-framework Industrial Control System Product
unitronics Industrial Control System Vendor
vertiv Industrial Control System Vendor
view-inc Industrial Control System Vendor
Sub-Tags (1)
Name Description
smart-window View, Inc. Product
wago Industrial Control System Vendor
wit-sa Industrial Control System Vendor
iot IP addresses that have been observed with a publicly accessible IOT(Internet of Things) device such as IP cameras, smart TVs, printers and DVRs. IOT devices provide 'smart' capabilities by collecting and exchanging data over the Internet or providing more accessibility to various services. IOT devices are targeted by attackers by gaining unauthorized access and infecting devices to participate in botnet operations.
Sub-Tags (68)
Name Description
airplay IoT Vendor
alibi IoT Vendor
avn801 IoT Product
avtech IoT Vendor
axis IoT Vendor
Sub-Tags (5)
Name Description
206 IoT Product
207w IoT Product
215 IoT Product
2120 IoT Product
m1054 IoT Product
biomark IoT Vendor
Sub-Tags (1)
Name Description
mts biomark Product
blue-iris IoT Product
bluesound IoT Vendor
boa-web-server IoT Vendor
bosch IoT Vendor
Sub-Tags (1)
Name Description
videojet bosch Product
bose IoT Vendor
contec IoT Vendor
Sub-Tags (1)
Name Description
solarview Contec Product
copybara IoT Type
crestron IoT Vendor
d-link IoT Vendor
Sub-Tags (7)
Name Description
dcs-2121 IoT Product
dcs-2130 IoT Product
dcs-5020l D-Link Product
dcs-910 IoT Product
dcs-920 IoT Product
dcs-930l IoT Product
dcs-932lb1 D-Link Product
dahua IoT Vendor
dicom-solutions IoT Vendor
domoticz IoT Vendor
dptech IoT Vendor
dts-digitial IoT Vendor
dvr IoT Vendor
everfocus IoT Vendor
foscam IoT Vendor
geovision IoT Vendor
google IoT Vendor
Sub-Tags (2)
Name Description
chromecast IoT Product
nest-hub IoT Product
hanwha-vision IoT Vendor
Sub-Tags (1)
Name Description
snd-6014 Hanwha Vision Product
hid IoT Vendor
Sub-Tags (1)
Name Description
vertex IoT Product
hikvision IoT Vendor
hipcam IoT Vendor
home-assistant IoT Vendor
homebridge IoT Vendor
hp IoT Vendor
Sub-Tags (10)
Name Description
designjet IoT Product
deskjet IoT Product
envy IoT Product
ilo IoT Product
ink-tank IoT Product
inkjet IoT Product
officejet IoT Product
pagewide IoT Product
photosmart IoT Product
smart-tank IoT Product
icatch IoT Vendor
intelbras IoT Vendor
interelogix IoT Vendor
Sub-Tags (1)
Name Description
truvision IoT Product
ip-camera IoT Vendor
jeedom IoT Vendor
kbvision IoT Vendor
lg IoT Vendor
lilin IoT Vendor
Sub-Tags (1)
Name Description
prd-800 IoT Product
luma IoT Vendor
mobotix IoT Vendor
moxa IoT Vendor
Sub-Tags (1)
Name Description
nport-serial-server IoT Product
nad-electronics IoT Vendor
netflix IoT Vendor
Sub-Tags (1)
Name Description
nrdp IoT Product
netwave IoT Vendor
orthanic IoT Vendor
panasonic IoT Vendor
plex-server IoT Vendor
poly IoT Vendor
qualvision IoT Vendor
reecam IoT Vendor
reolink IoT Vendor
samsung IoT Vendor
Sub-Tags (1)
Name Description
sl IoT Product
sanyo IoT Vendor
socomec IoT Vendor
Sub-Tags (1)
Name Description
net-vision Socomec Product
sony IoT Vendor
Sub-Tags (1)
Name Description
playstation IoT Product
tandberg IoT Vendor
tasmota IoT Product
tivo IoT Vendor
trendnet IoT Vendor
ubiquiti-networks IoT Vendor
Sub-Tags (1)
Name Description
unifi-video IoT Product
visonhitech IoT Vendor
vivotek IoT Vendor
Sub-Tags (2)
Name Description
fd8134v VIVOTEK Product
ip7131 IoT Product
webcamxp IoT Vendor
xiongmai IoT Vendor
Sub-Tags (1)
Name Description
netsurveillance IoT Product
yawcam IoT Vendor
yealink IoT Vendor
malware IP Addresses where a malicious file was hosted recently. All malware samples downloaded are checked against AV signatures to confirm they are malicious. IP addresses that are on shared hosting or CDNs are excluded from this tag.
messaging IP addresses tagged as messaging are used to identify infrastructure for common messaging applications and networks, such as Discord, WhatsAPP, Telegram and can include more closed messaging servers using XMPP.
Sub-Tags (13)
Name Description
discord Messaging Vendor
eitaa Messaging Vendor
mattermost Messaging Product
meta Messaging Vendor
Sub-Tags (1)
Name Description
whatsapp Meta Product
qq Messaging Product
rocketchat Messaging Product
signal Messaging Vendor
slack Messaging Product
telegram Messaging Product
viber Messaging Product
wechat Messaging Product
wickr Messaging Product
xmpp-server Messaging Type
mobile This tag identifies IP address ranges associated with Internet service providers that provide Internet connectivity via cellular networks and associated wireless technology such as 4G and 5G.
Sub-Tags (10)
Name Description
at&t Mobile Internet Vendor
beeline Mobile Internet Vendor
jazztel Mobile Vendor
megafon Mobile Internet Vendor
mobile-telesystems Mobile Internet Vendor
mtn-irancell Mobile Internet Vendor
orange-espagne Mobile Vendor
t-mobile Mobile Internet Vendor
verizon Mobile Internet Vendor
vodafone-group Mobile Internet Vendor
nas IP addresses with the NAS tag signify devices referred to as network attached storage (NAS) devices. These are commonly utilized as file servers on local networks as they make data available over a network. NAS tagged IP addresses can have child tags that represent vendors and device model information if identified.
Sub-Tags (6)
Name Description
asustor NAS Vendor
proftpd NAS Product
qnap NAS Vendor
synology NAS Vendor
Sub-Tags (1)
Name Description
disk-station NAS Product
truenas Network-Attached Storage (NAS) Product
zyxel NAS Vendor
Sub-Tags (46)
Name Description
2812 Zyxel Product
ies-series-msan Zyxel Product
keenetic-4g Zyxel Product
keenetic-air Zyxel Product
keenetic-dsl Zyxel Product
keenetic-extra Zyxel Product
keenetic-giga Zyxel Product
keenetic-iii Zyxel Product
keenetic-lite Zyxel Product
keenetic-lte Zyxel Product
keenetic-series Zyxel Product
keenetic-viva Zyxel Product
keenetic-vox Zyxel Product
linux-os Zyxel Product
lte3301 Zyxel Product
lte3302 Zyxel Product
lte3316 Zyxel Product
modems Zyxel Product
n4100-gateway Zyxel Product
nbg-series Zyxel Product
nr7101 Zyxel Product
nsa-210 Zyxel Product
nsa-220 Zyxel Product
nsa-220-plus Zyxel Product
nsa-221 Zyxel Product
nsa-310 Zyxel Product
nsa-310s Zyxel Product
nsa-320 Zyxel Product
nsa-320s Zyxel Product
nsa-325 Zyxel Product
nsa-325-v2 Zyxel Product
nsa-326 Zyxel Product
nsa-540 Zyxel Product
nsa-542 Zyxel Product
nwa-series Zyxel Product
p-2601hn-f1 Zyxel Product
p-660hn-51 Zyxel Product
prestige-series Zyxel Product
sbg3300 Zyxel Product
v300-voip-phone Zyxel Product
vdsl-router Router Type
vmg4325-b10a Zyxel Product
vsg-series Zyxel Product
vsg1435-b101 Zyxel Product
zyair-wireless-series Zyxel Product
zywall-series Zyxel Product
openresolvers Identifies an IP associated with a domain name system (DNS) service that answers any DNS query from anyone. Openresolvers are often used in DNS amplification and reflection attacks.
orb Operational Relay Box (ORB) networks are infrastructures employed by threat groups, including Advanced Persistent Threats (APTs), to act as proxy networks that obscure their operational activities.
Sub-Tags (4)
Name Description
alpha ORB network composed of IOT and SOHO devices in use by likely Chinese Threat Group. Also called Bulbature, RedRelay.
bravo ORB network composed of compromised SOHO and IOT devices coupled with provisioned VPS services in use by likely Chinese Threat Group. Also called ORB2 by Google Mandiant.
charlie ORB network composed mostly of provisioned VPS services in use by likely Chinese Threat Group.
quad7 ORB network composed of compromised SOHO and IOT devices possibly in use by a Chinese Threat Group. Also called 7777 Botnet
ost IP addresses tagged as endpoints with a known Offensive Security Tool. These tools are often used by penetration testers or security teams. In some cases these can also be used by bad actors. Included in this tag are those endpoints that act like a command and control or callback server. Examples include Gophish, Deimos, Cobaltstrike. If an OST indicator is suspected of malicious activity, it will appear under CONTROLLER.
Sub-Tags (28)
Name Description
beef Offensive Security Tool Product
brute-ratel Offensive Security Tool Product
burp-collaborator Offensive Security Tool Product
caldera Offensive Security Tool Product
cobaltstrike Offensive Security Tool Product
covenant Offensive Security Tool Product
deimos Offensive Security Tool Product
gophish Offensive Security Tool Product
hak5-cloud-c2 Offensive Security Tool Product
hashtopolis Offensive Security Tool Product
havoc Offensive Security Tool Product
http-revshell Offensive Security Tool Product
impacket Offensive Security Tool Product
interactsh Offensive Security Tool Product
ligolo-ng Offensive Security Tool Product
metasploit Offensive Security Tool Product
modishka Offensive Security Tool Product
mythic Offensive Security Tool Product
nessus Offensive Security Tool Product
nimplant Offensive Security Tool Product
osint The OSINT tag indicates that the information was collected from publicly accessible sources. These sources are carefully selected and can be used to corroborate or validate other sources.
platypus Offensive Security Tool Product
poshc2 Offensive Security Tool Product
rengine Offensive Security Tool Product
responder Offensive Security Tool Type
sliver Offensive Security Tool Product
stowaway Offensive Security Tool Product
vshell Offensive Security Tool Product
phishing Identifies a host that has been implicated in hosting a malicious phishing page.
proxy The tag, PROXY, identifies IP addresses running popular proxy software. In the context of network architecture, proxies can operate as are intermediary servers between clients and other servers, bridging the communication between these two ends. Proxies can be used to mask IP addresses of either the server or the client on either side, adding a layer of security/privacy. PROXY tags also have child tags that represent common proxy software found running, such as SQUID or TINYPROXY.
Sub-Tags (119)
Name Description
agreyaproxies-proxy Proxy Vendor
aktif-proxy Proxy Vendor
auproxies-proxy Proxy Vendor
balala-proxy Proxy Vendor
buyproxies Proxy Product
buyproxies-proxy Proxy Vendor
ccproxy Proxy Product
croxy-proxy Proxy Vendor
cwfproxy Proxy Product
cyber-ssh-proxy Proxy Vendor
ezproxies Proxy Product
ezproxies-proxy Proxy Vendor
ezproxy Proxy Product
fine Proxy Product
fine-proxy Proxy Vendor
frp Proxy Product
geosurf Proxy Product
geosurf-proxy Proxy Vendor
ghelper-proxy Proxy Vendor
go-simple-tunnel Proxy Vendor
hex-proxy Proxy Vendor
highproxies Proxy Product
highproxies-proxy Proxy Vendor
hype Proxy Product
hype-proxy Proxy Vendor
icloud-relay Proxy Product
icloud-relay-proxy Proxy Vendor
ipidea-proxy Proxy Vendor
iplease-proxy Proxy Vendor
iprent Proxy Product
iprent-proxy Proxy Vendor
iproxy-vn-proxy Proxy Vendor
iproyal Proxy Product
iproyal-proxy Proxy Vendor
just-my-socks-proxy Proxy Vendor
kproxy Proxy Vendor
lexic-proxy Proxy Vendor
luminati Proxy Product
luminati-proxy Proxy Vendor
meson-network Proxy Product
meson-network-proxy Proxy Vendor
mirageid-proxy Proxy Vendor
modmissioncritical Proxy Product
modmissioncritical-proxy Proxy Vendor
myprivateproxy Proxy Vendor
newipnow Proxy Product
newipnow-proxy Proxy Vendor
niuability-proxy Proxy Product
nkn Proxy Vendor
nodestop-proxy Proxy Vendor
nps Proxy Vendor
nym Proxy Vendor
oculus-proxy Proxy Vendor
ok-best-proxy Proxy Vendor
open-proxy Proxy Vendor
open-shadowsocks-proxy Proxy Vendor
opentunnel-proxy Proxy Vendor
opera-mini-proxy Proxy Vendor
oxylabs Proxy Product
oxylabs-proxy Proxy Product
packetflip-proxy Proxy Vendor
packetstream Proxy Vendor
pingproxies Proxy Product
pingproxies-proxy Proxy Vendor
privateproxy Proxy Product
proxiesfo Proxy Product
proxiesfo-proxy Proxy Vendor
proxify Proxy Product
proxify-proxy Proxy Vendor
proxy6 Proxy Vendor
proxybonanza Proxy Product
proxyempire Proxy Product
proxyline Proxy Product
proxylistpro Proxy Vendor
proxyrack Proxy Product
proxys Proxy Vendor
proxyseller Proxy Product
proxysite Proxy Vendor
proxysocks5 Proxy Vendor
proxyspider Proxy Vendor
proxywow Proxy Product
rampageserver-proxy Proxy Vendor
rapidseedbox-proxy Proxy Vendor
rayobyte Proxy Product
rayobyte-proxy Proxy Vendor
serverdestroyer-proxy Proxy Vendor
shiftproxy Proxy Vendor
shopsocks5-proxy Proxy Vendor
smartproxy Proxy Product
sneakerserver Proxy Product
sneakerserver-proxy Proxy Vendor
soax-proxy Proxy Product
socks Proxy Type
squid Proxy Product
sshkit-proxy Proxy Vendor
sshmonth-proxy Proxy Vendor
ssl-private Proxy Product
ssl-private-proxy Proxy Vendor
ssr-huoxin-proxy Proxy Vendor
statsolutions-proxy Proxy Vendor
super-ultimate-browser-proxy Proxy Vendor
syncthing Proxy Vendor
tinyproxy Proxy Product
titanium-network-proxy Proxy Vendor
tor-proxy Proxy Vendor
troywell-proxy Proxy Vendor
trustedproxies Proxy Product
trustedproxies-proxy Proxy Vendor
twmyhome-proxy Proxy Vendor
unblockme-proxy Proxy Vendor
v2ray Proxy Vendor
v6proxies-proxy Proxy Vendor
volantssh-proxy Proxy Vendor
webshare Proxy Product
webshare-proxy Proxy Vendor
wonder-proxy Proxy Vendor
zproxy Proxy Product
zyte Proxy Product
zyte-proxy Proxy Vendor
residential This tag identifies IP address ranges associated with Internet service providers that provide Internet connectivity to residential homes and businesses.
Sub-Tags (26)
Name Description
alwayson-internet Residential Vendor
at&t Residential Internet Vendor
auburn-essential-services Residential Vendor
beeline Residential Internet Vendor
cellcom Residential Internet Vendor
centurylink Residential Vendor
charter Residential Vendor
comcast Residential Internet Vendor
cox-communications Residential Vendor
earthlink Residential Vendor
embratel Residential Vendor
ftth-telecom Residential Vendor
fusion-connect Residential Vendor
hot-net Residential Vendor
jazztel Residential Vendor
long-lines-internet Residential Vendor
mediacom Residential Internet Vendor
orange-espagne Residential Vendor
pavlov-media Residential Vendor
rostelecom Residential Vendor
saimanet-telecom Residential Vendor
salam Residential Vendor
sat-trakt Residential Vendor
spectrum Residential Vendor
verizon Residential Internet Vendor
windstream Residential Vendor
risknet Risk networks are tagged with the "risknet" tag. This tag is used to identify IP addresses belonging to hosting providers that have been associated with an elevated level of suspicious and/or malicious behavior.
Sub-Tags (1)
Name Description
bulletproof Bulletproof Hosting Providers under RiskNet are also labeled with the bulletproof child tag. This tag is used to identify IP addresses and networks belonging to hosting providers that provide customers with a high degree of anonymity, and activity originating from such IP addresses has been associated with highly suspicious and/or malicious behavior.
router The 'ROUTER' tag denotes IP addresses associated with devices running public accessible services that identify them as router software or firmware. Typically these are Small Office/Home Office (SOHO)routers. Cybercriminals frequently target Small Office/Home Office (SOHO) routers, aiming to capitalize on potential security weaknesses inherent in these devices. ROUTER IP addresses can have child tags that represent vendors and device model information if available.
Sub-Tags (53)
Name Description
alotcer Router Vendor
asus Router Vendor
Sub-Tags (11)
Name Description
gt-ax11000 Asus Product
merlin-koolshare Asus Product
r6300v2 Asus Product
r7000 Asus Product
rt-ac66u-b1 Asus Product
rt-ac68u Asus Product
rt-ac87u Asus Product
rt-ac88u Asus Product
rt-ax56u Asus Product
rt-ax82u Asus Product
zenwifi-ax-series Asus Product
calix Router Vendor
cerio Router Vendor
checkpoint Router Vendor
cisco Router Vendor
Sub-Tags (10)
Name Description
anyconnect Cisco Product
ap541n Cisco Product
asa Cisco Product
asa5510 Cisco Product
asr9010 Cisco Product
firewall-unk-model Cisco Product
ironport Cisco Product
pix Cisco Product
rv320 Cisco Product
rv325 Cisco Product
comtrend Router Vendor
cradlepoint Router Vendor
cudy Router Vendor
cyberoam Router Vendor
d-link Router Vendor
Sub-Tags (29)
Name Description
adsl-router D-link Product
dap-2590 D-link Product
dap-2660 D-link Product
dap-2690 D-link Product
dcm-604 D-link Product
dcm-704 D-link Product
dir-100 D-link Product
dir-320 D-link Product
dir-615 D-link Product
dir-620c1 D-link Product
dir-650in D-link Product
dir-815 D-link Product
dir-825 D-link Product
dro-5020 D-link Product
dsl-2520u D-link Product
dsl-2600u D-link Product
dsl-2640nru D-link Product
dsl-2680 D-link Product
dsl-2730r D-link Product
dsr-series D-link Product
dwl-8610ap D-link Product
dwr-921 D-link Product
firewall Router Type
go-dsl-n151 D-link Product
unified-svcs D-link Product
voip-router D-link Product
vpn-router Router Type
wired-router D-link Product
wireless-router Router Type
dasan Router Vendor
Sub-Tags (7)
Name Description
h150n Router Product
h660gm Router Product
h660rm Router Product
h660w Router Product
h660wm Router Product
h662gr Router Product
h665 Router Product
draytek Router Vendor
Sub-Tags (3)
Name Description
vigor Router Product
vigor2960 Router Product
vigor2960 Router Product
fiberhome Router Vendor
firewall Router Type
fortinet Router Vendor
Sub-Tags (11)
Name Description
fg100a Fortinet Product
fg100c Fortinet Product
fg100d Fortinet Product
fg100e Fortinet Product
fg100f Fortinet Product
fgt30e Fortinet Product
fortigate Fortinet Product
fortiguard Fortinet Product
fortiwifi Fortinet Product
fortiwifi-90d Fortinet Product
vm Fortinet Product
four-faith Router Vendor
gemtek Router Vendor
gl-inet Router Vendor
hillstone Router Vendor
hsgq Router Vendor
huawei Router Vendor
inseego Router Vendor
irz Router Vendor
lb-link Router Vendor
linksys Router Vendor
Sub-Tags (44)
Name Description
befsr41 Linksys Product
befsr81 Linksys Product
befsx41 Linksys Product
befvp41 Linksys Product
befw11s4 Linksys Product
dd-wrt Linksys Product
e1000 Linksys Product
e1200 Linksys Product
e1700 Linksys Product
e2100 Linksys Product
e2500 Linksys Product
e3000 Linksys Product
e3200 Linksys Product
e4200 Linksys Product
e900 Linksys Product
ea2700 Linksys Product
ea3500 Linksys Product
ea4500 Linksys Product
ea6100 Linksys Product
ea6350 Linksys Product
ea6400 Linksys Product
ea6900 Linksys Product
ea7300 Linksys Product
ea8300 Linksys Product
ea9200 Linksys Product
lrt214 Linksys Product
lrt224 Linksys Product
pap2-voip Linksys Product
rv016 Linksys Product
rv042 Linksys Product
rv082 Linksys Product
rvs4000 Linksys Product
spa-series Linksys Product
wrt1200ac Linksys Product
wrt160n Linksys Product
wrt1900ac Linksys Product
wrt1900acs Linksys Product
wrt310n Linksys Product
wrt3200acm Linksys Product
wrt320n Linksys Product
wrt400n Linksys Product
wrt54g Linksys Product
wrt600n Linksys Product
wrv200 Linksys Product
mikrotik Router Vendor
Sub-Tags (114)
Name Description
ccr1009-7g-1c Mikrotik Product
ccr1009-7g-1c-1s+ Mikrotik Product
ccr1009-8g-1s Mikrotik Product
ccr1009-8g-1s-1s+ Mikrotik Product
ccr1016-12g Mikrotik Product
ccr1016-12s-1s+ Mikrotik Product
ccr1036-12g-4s Mikrotik Product
ccr1036-8g-2s+ Mikrotik Product
ccr1072-1g-8s+ Mikrotik Product
ccr2004-16g-2s+ Mikrotik Product
ccr2004-1g-12s+2xs Mikrotik Product
ccr2004-1g-2xs-pcie Mikrotik Product
ccr2116-12g-4s+ Mikrotik Product
ccr2216-1g-12xs-2xq Mikrotik Product
crs106-1c-5s Mikrotik Product
crs109-8g-1s-2hnd Mikrotik Product
crs112-8g-4s Mikrotik Product
crs112-8p-4s Mikrotik Product
crs125-24g-1s Mikrotik Product
crs125-24g-1s-2hnd Mikrotik Product
crs210-8g-2s+ Mikrotik Product
crs212-1g-10s-1s+ Mikrotik Product
crs226-24g-2s+ Mikrotik Product
crs305-1g-4s+ Mikrotik Product
crs309-1g-8s+ Mikrotik Product
crs310-1g-5s-4s+ Mikrotik Product
crs312-4c+8xg Mikrotik Product
crs317-1g-16s+ Mikrotik Product
crs318-16p-2s+ Mikrotik Product
crs318-1fi-15fr-2s Mikrotik Product
crs326-24g-2s+ Mikrotik Product
crs326-24s+2q+ Mikrotik Product
crs328-24p-4s+ Mikrotik Product
crs328-4c-20s-4s+ Mikrotik Product
crs354-48g-4s+2q+ Mikrotik Product
crs354-48p-4s+2q+ Mikrotik Product
rb1000 Mikrotik Product
rb1100 Mikrotik Product
rb1100ah Mikrotik Product
rb1100ahx2 Mikrotik Product
rb1100dx4 Mikrotik Product
rb1100hx2 Mikrotik Product
rb1100x4 Mikrotik Product
rb1200 Mikrotik Product
rb133 Mikrotik Product
rb133c3 Mikrotik Product
rb2011il Mikrotik Product
rb2011ils Mikrotik Product
rb2011l Mikrotik Product
rb2011ls Mikrotik Product
rb2011uas Mikrotik Product
rb2011uas-2hnd Mikrotik Product
rb2011uias Mikrotik Product
rb2011uias-2hnd Mikrotik Product
rb3011uias Mikrotik Product
rb333 Mikrotik Product
rb4011igs+ Mikrotik Product
rb4011igs+5hacq2hnd Mikrotik Product
rb411 Mikrotik Product
rb411a Mikrotik Product
rb411ah Mikrotik Product
rb411ar Mikrotik Product
rb411gl Mikrotik Product
rb411l Mikrotik Product
rb411u Mikrotik Product
rb411uahr Mikrotik Product
rb433 Mikrotik Product
rb433ah Mikrotik Product
rb433gl Mikrotik Product
rb433l Mikrotik Product
rb433uah Mikrotik Product
rb433uahl Mikrotik Product
rb433ul Mikrotik Product
rb435g Mikrotik Product
rb450 Mikrotik Product
rb450g Mikrotik Product
rb450gx4 Mikrotik Product
rb493ah Mikrotik Product
rb493g Mikrotik Product
rb5009ug+s+ Mikrotik Product
rb5009upr+s+ Mikrotik Product
rb511 Mikrotik Product
rb532 Mikrotik Product
rb532a Mikrotik Product
rb600 Mikrotik Product
rb600a Mikrotik Product
rb711-2hn Mikrotik Product
rb711-5hn Mikrotik Product
rb711-5hn-mmcx Mikrotik Product
rb711-5hn-u Mikrotik Product
rb711-5hnd Mikrotik Product
rb711a-5hn-mmcx Mikrotik Product
rb711g-5hnd Mikrotik Product
rb711ga-5hnd Mikrotik Product
rb711ua-2hnd Mikrotik Product
rb750 Mikrotik Product
rb750g Mikrotik Product
rb750gl Mikrotik Product
rb750gr2 Mikrotik Product
rb750gr3 Mikrotik Product
rb750p Mikrotik Product
rb750r2 Mikrotik Product
rb750up Mikrotik Product
rb750upr2 Mikrotik Product
rb751g-2hnd Mikrotik Product
rb751u-2hnd Mikrotik Product
rb760igs Mikrotik Product
rb800 Mikrotik Product
rb850gx2 Mikrotik Product
rb911-5hacd Mikrotik Product
rb911-5hn Mikrotik Product
rb911-5hnd Mikrotik Product
rb911g-2hpnd Mikrotik Product
routeros Mikrotik Product
netgear Router Vendor
Sub-Tags (27)
Name Description
d6100 Netgear Product
dg632 Netgear Product
dg834g Netgear Product
dg834gl Netgear Product
dg834n Netgear Product
dgn1000 Netgear Product
dgn1000v3 Netgear Product
fvs336g Netgear Product
fvs336gv2 Netgear Product
fvx538 Netgear Product
home-consumer-products Netgear Product
orbi Netgear Product
orbi-mini Netgear Product
prosafe Netgear Product
r6100 Netgear Product
r9000 Netgear Product
wndr3800 Netgear Product
wndr3800ch Netgear Product
wndrmacv2 Netgear Product
wnr1000v2 Netgear Product
wnr2000v3 Netgear Product
wnr2000v4 Netgear Product
wnr2000v5 Netgear Product
wnr3500l Netgear Product
wnr612v2 Netgear Product
wnr614 Netgear Product
xwn5001 Router Product
pakedge Router Vendor
palo-alto Router Vendor
Sub-Tags (1)
Name Description
global-protect Palo Alto Product
peplink Router Vendor
pfsense Router Vendor
qnap Router Vendor
ralink Router Vendor
ruckus Router Vendor
ruijie Router Vendor
semtech Router Vendor
sonicwall Router Vendor
sophos Router Vendor
synology Router Vendor
telesquare Router Vendor
teltonika Router Vendor
tenda Router Vendor
topsec Router Vendor
tp-link Router Vendor
Sub-Tags (38)
Name Description
8840t TP-Link Product
archer-a2 TP-Link Product
archer-a5 TP-Link Product
archer-c20 TP-Link Product
archer-c5 TP-Link Product
archer-c50 TP-Link Product
archer-c7 TP-Link Product
archer-c9 TP-Link Product
archer-vr1600 TP-Link Product
archer-vr600 TP-Link Product
ec120-f5 TP-Link Product
ec220-g5 TP-Link Product
mr200 TP-Link Product
mr3020 TP-Link Product
mr3420 TP-Link Product
mr400 TP-Link Product
mr600 TP-Link Product
mr6400 TP-Link Product
vr400 TP-Link Product
w8970 TP-Link Product
wdr3500 TP-Link Product
wr1042nd TP-Link Product
wr1043nd TP-Link Product
wr2543nd TP-Link Product
wr710n TP-Link Product
wr740n TP-Link Product
wr741nd TP-Link Product
wr743nd TP-Link Product
wr802n TP-Link Product
wr841hp TP-Link Product
wr841n TP-Link Product
wr842nd TP-Link Product
wr850n TP-Link Product
wr940n TP-Link Product
wr941nd TP-Link Product
xc220-g3v TP-Link Product
xn020-g3 TP-Link Product
xr500v TP-Link Product
ubiquiti-networks Router Vendor
vdsl-router Router Type
vpn-router Router Type
watchguard Router Vendor
wavlink Router Vendor
wireless-router Router Type
zte Router Vendor
zyxel Router Vendor
satellite The Satellite tag signifies IP addresses linked to satellite connectivity. These IP addresses represent Very Small Aperture Terminals (VSAT) and Satellite ISP IP addresses used by their customers.
Sub-Tags (8)
Name Description
gilat Satellite Vendor
hughes-network Satellite Vendor
intelsat Satellite Vendor
ses Satellite Vendor
starlink Satellite Product
turksat Satellite Vendor
viasat Satellite Vendor
vsat Satellite Type
scanner IP addresses tagged as a SCANNER have been observed scanning the Internet. This scanning activity could potentially signify the presence of compromised machines, potentially harnessed by malicious actors to identify and exploit vulnerabilities in other systems connected to the network. Some of the IP addresses tagged as a SCANNER may have additional child tags that provide more insight into the activity. For example, SHODAN or CENSYS child tags may be used to tag IP addresses from known vendors that scan the Internet, or child tags such as SSH-SCANNER are used to identify scanning activity observed scanning port 22 (SSH).
Sub-Tags (51)
Name Description
adb-scanner Scanner Type
alphastrike-labs Scanner Vendor
ant-lab Scanner Vendor
arbor-networks Scanner Vendor
binary-edge Scanner Vendor
censys Scanner Vendor
colorado-state-university Scanner Vendor
cups-scanner Scanner Type
cyber-resilience Scanner Vendor
cybergreen Scanner Vendor
dataplane Scanner Vendor
dhs Scanner Vendor
driftnet Scanner Vendor
fh-munster-university Scanner Vendor
fofa Scanner Vendor
ftp-scanner Scanner Type
georgia-tech Scanner Vendor
internet-census Scanner Vendor
internet-measurement Scanner Vendor
internet-research-project-linode Scanner Vendor
intrinsec Scanner Vendor
ipip Scanner Vendor
leakix Scanner Vendor
neo4j-scanner Scanner Type
netsec-scan Scanner Vendor
onyphe Scanner Vendor
open-port-stats Scanner Vendor
palo-alto Scanner Vendor
Sub-Tags (1)
Name Description
cortex-xpanse Scanner Product
pnap Scanner Vendor
quadmetrics Scanner Vendor
qualys Scanner Vendor
rapid7 Scanner Vendor
Sub-Tags (1)
Name Description
project-sonar Scanner Product
rdp-scanner Scanner Type
recyber Scanner Vendor
redis-scanner Scanner Type
ripe-atlas Scanner Vendor
router-scanner Scanner Type
shadow-server Scanner Vendor
shodan Scanner Vendor
sql-scanner Scanner Type
ssh-scanner Scanner Type
telnet-scanner Scanner Type
threat-sinkhole Scanner Vendor
united-parcel-service Scanner Vendor
university-of-colorado Scanner Vendor
university-of-michigan Scanner Vendor
university-of-munich Scanner Vendor
university-of-sydney Scanner Vendor
vnc-scanner Scanner Type
vpn-scanner Scanner Type
winshare-scanner Scanner Type
shared-host Shared host based on number of PDNS domains associated with IP
sinkhole The sinkhole tag refers to the IP addresses engaged in DNS sinkholing of malicious domains, directing them to a controlled IP address. The child tag "sinkhole-ns" specifically identifies the name servers participating in the sinkholing process. IP addresses lacking this sub-tag represent the actual sinkhole IPs responsible for receiving the redirected traffic.
Sub-Tags (1)
Name Description
sinkhole-ns Sinkhole Type
tarpit The TARPIT tag identified IP addresses with a device that purposely delays incoming scanning connections. IP addresses tied to these devices often have a large number of open ports. This technique can be used as a defense mechanism to slow down scanning activity by exhausting the attackers resources.
top-site Top sites identifies IP addresses that received the highest recurring web (http-s) traffic in the last 7 days and are associated with domains that have the highest amount of passive DNS records. Top sites are currently limited to the top 40,000 IP addresses and will be expanded in future updates.
tor Tor Consensus IPs
vpn The 'VPN' label is utilized to identify IP addresses associated with Virtual Private Networks (VPNs). This umbrella term encompasses an array of commercial VPN service providers, such as NordVPN, ExpressVPN, among several others, that offer consumer-facing services designed to enhance online privacy and security. In addition to commercial VPN services, the 'VPN' tag also includes IP addresses known to be operating as VPN endpoints. These endpoints often facilitate remote access to a particular network, which can be a critical function for businesses with remote employees, ensuring secure, encrypted access to company resources from potentially unsecured locations. Child tags are available for specific vendor and products if identified.
Sub-Tags (548)
Name Description
1-vpn VPN Vendor
12vpx-vpn VPN Vendor
1click-vpn VPN Vendor
24vc-vpn VPN Vendor
4nx-vpn VPN Vendor
4vpn VPN Vendor
7vpn VPN Vendor
abc-vpn VPN Vendor
abvpn VPN Vendor
ace-vpn VPN Vendor
activpn VPN Vendor
actmobile-vpn VPN Vendor
adguard-vpn VPN Vendor
adtranquility-vpn VPN Vendor
air-vpn VPN Vendor
airvpn VPN Vendor
akunssh-vpn VPN Vendor
all-safe-vpn VPN Vendor
all-vpn VPN Vendor
aloha-browser-vpn VPN Vendor
alt-vpn VPN Vendor
anonine VPN Vendor
anonine-vpn VPN Vendor
anonymousvpn VPN Vendor
anonymox-vpn VPN Vendor
anti-filter-vpn VPN Vendor
any-vpn VPN Vendor
appntox-vpnpro-vpn VPN Vendor
aprovpn VPN Vendor
aptinfo-vpn VPN Vendor
armor-vpn VPN Vendor
astar-vpn VPN Vendor
astrill-vpn VPN Vendor
atlas-vpn VPN Vendor
atspeed-vpn VPN Vendor
aura-vpn VPN Vendor
avast VPN Vendor
avast-secure-browser-vpn VPN Vendor
avira VPN Vendor
azino-vpn VPN Vendor
azire VPN Vendor
azirevpn VPN Vendor
batman-ru-vpn VPN Vendor
bb-vpn VPN Vendor
bekhar-vpn VPN Vendor
belka-vpn VPN Vendor
beranga-super-vpn VPN Vendor
bigmama-vpn VPN Vendor
bite-vpn VPN Vendor
blackberry-vpn VPN Vendor
blackbox-vpn VPN Vendor
blackvpn VPN Vendor
borderless-vpn VPN Vendor
bot-vpn VPN Vendor
boxpn-vpn VPN Vendor
breakwall-vpn VPN Vendor
bright-vpn VPN Vendor
bro-vpn VPN Vendor
browsec-vpn VPN Vendor
browser-xxx-vpn VPN Vendor
btguard-vpn VPN Vendor
bull-vpn VPN Vendor
bullet-vpn VPN Vendor
bvpn VPN Vendor
cactus-vpn VPN Vendor
cactusvpn VPN Vendor
ccrypto-vpn VPN Vendor
celo-vpn VPN Vendor
cheap-vpn VPN Vendor
cheapnews-vpn VPN Vendor
checkpoint VPN Vendor
cheetah-vpn VPN Vendor
citizen-vpn VPN Vendor
confirmed-vpn VPN Vendor
core4-vpn VPN Vendor
corea-vpn VPN Vendor
courvix-vpn VPN Vendor
coverme-vpn VPN Vendor
covernet-vpn VPN Vendor
cryptostorm-vpn VPN Vendor
ct-vpn VPN Vendor
cyber-ghost-vpn VPN Vendor
cyberghost VPN Vendor
daily-vpn VPN Vendor
deeper-network VPN Vendor
deeper-network-vpn VPN Vendor
deepweb-vpn VPN Vendor
defence-vpn VPN Vendor
digi VPN Vendor
digitalssh-vpn VPN Vendor
disconnect-vpn VPN Vendor
dot-vpn VPN Vendor
drock-vpn VPN Vendor
drsoft VPN Vendor
drsoft-vpn VPN Vendor
dudeji-vpn VPN Vendor
earth-vpn VPN Vendor
easy-hide-ip-vpn VPN Vendor
easy-vpn VPN Vendor
ectunnel-vpn VPN Vendor
emptyun-vpn VPN Vendor
encrypt-secure-servers-vpn VPN Vendor
encryptme-vpn VPN Vendor
enikma-vpn VPN Vendor
epic-browser-vpn VPN Vendor
epro-android-vpn VPN Vendor
esvpnapp-vpn VPN Vendor
everaccountable-vpn VPN Vendor
express-vpn VPN Vendor
expressvpn VPN Vendor
ezshield-vpn VPN Vendor
f-vpn VPN Vendor
fairy-vpn VPN Vendor
fanqiang-vpn VPN Vendor
fastestvpn VPN Vendor
fastssh-vpn VPN Vendor
fastvpnim-vpn VPN Vendor
filbaz-vpn VPN Vendor
fine-vpn VPN Vendor
firefly-vpn VPN Vendor
firenet-vpn VPN Vendor
first-vpn VPN Vendor
flow-vpn VPN Vendor
fly-vpn VPN Vendor
flynet-vpn VPN Vendor
flyvpn VPN Vendor
fornex-vpn VPN Vendor
foxyproxy VPN Vendor
frbs-vpn VPN Vendor
free-zone-vpn VPN Vendor
freedome VPN Vendor
freedome-vpn VPN Vendor
freenet-cafe-vpn VPN Vendor
freenet-robot-vpn VPN Vendor
freeopenvpn VPN Vendor
freessl-vpn VPN Vendor
freesstpvpn VPN Vendor
freetech-turbo-vpn VPN Vendor
freevpn4you-vpn VPN Vendor
freevpnapp-vpn VPN Vendor
froot VPN Vendor
froot-vpn VPN Vendor
frost-vpn VPN Vendor
fuji-vpn VPN Vendor
gecko-vpn VPN Vendor
geoedge-vpn VPN Vendor
geosurf VPN Vendor
getbehindme-vpn VPN Vendor
getflix-vpn VPN Vendor
gfk-marketing-vpn VPN Vendor
gm-vpn VPN Vendor
go2https-vpn VPN Vendor
goat-vpn VPN Vendor
google-one-vpn VPN Vendor
google-vpn VPN Vendor
goon-vpn VPN Vendor
goose-vpn VPN Vendor
goosevpn VPN Vendor
gozar-online-vpn VPN Vendor
green-vpn VPN Vendor
greenssh-vpn VPN Vendor
gringo-vpn VPN Vendor
guardian-vpn VPN Vendor
gvpn VPN Vendor
halo-vpn VPN Vendor
haoduobq-vpn VPN Vendor
hardened-vpn VPN Vendor
hatunnel-plus-vpn VPN Vendor
hellfire-vpn VPN Vendor
hide-my-ass-vpn VPN Vendor
hide-my-ip-vpn VPN Vendor
hide-my-name-vpn VPN Vendor
hideip-vpn VPN Vendor
hideme VPN Vendor
hideme-vpn VPN Vendor
hidessh-vpn VPN Vendor
hitun-vpn VPN Vendor
hma VPN Vendor
hola-vpn VPN Vendor
holytech-vpn VPN Vendor
hotspot-vpn VPN Vendor
hotspotshield VPN Vendor
hotvpn VPN Vendor
hoxx-vpn VPN Vendor
hyper-vpn VPN Vendor
identity-cloaker-vpn VPN Vendor
impr0-vpn VPN Vendor
in-berlin-vpn VPN Vendor
infvpn VPN Vendor
ininja-vpn VPN Vendor
innovative-connecting VPN Vendor
innovative-connecting-vpn VPN Vendor
ipburger-vpn VPN Vendor
ipchanger-vpn VPN Vendor
ipredator-vpn VPN Vendor
ipro-vpn VPN Vendor
ipsec VPN Type
ipvanish VPN Vendor
ipvanish-vpn VPN Vendor
ironsocket-vpn VPN Vendor
itop-accelerator-vpn VPN Vendor
itop-vpn VPN Vendor
ivacy-vpn VPN Vendor
ivanti VPN Vendor
Sub-Tags (1)
Name Description
connect-secure Ivanti Product
ivpn VPN Vendor
jagoan-vpn VPN Vendor
jelly-vpn VPN Vendor
jumpsrv-vpn VPN Vendor
jupitervpn VPN Vendor
just-vpn VPN Vendor
k2-vpn VPN Vendor
kakao-vpn VPN Vendor
kangarif-vpn VPN Vendor
keen-vpn VPN Vendor
keenvpn VPN Vendor
king-vpn VPN Vendor
kiwi-vpn VPN Vendor
kn-vpn VPN Vendor
kob VPN Vendor
kob-vpn VPN Vendor
kobz-vpn VPN Vendor
kuaifan-vpn VPN Vendor
l2tp VPN Type
lancom VPN Vendor
lantern-vpn VPN Vendor
lava-vpn VPN Vendor
lavabit-vpn VPN Vendor
le-vpn VPN Vendor
le-vpn VPN Vendor
lighthouse-vpn VPN Vendor
lime-vpn VPN Vendor
liquid-vpn VPN Vendor
lnvpn VPN Vendor
luminati VPN Vendor
luna-vpn VPN Vendor
mainssh-vpn VPN Vendor
masterio-vpn VPN Vendor
melon-vpn VPN Vendor
mikrotik VPN Vendor
monkey-vpn VPN Vendor
monster-vpn VPN Vendor
moon-vpn VPN Vendor
mullvad VPN Vendor
mullvad-vpn VPN Vendor
multi-vpn VPN Vendor
my-devil-vpn VPN Vendor
mybrit-vpn VPN Vendor
mysterium VPN Vendor
mysterium-vpn VPN Vendor
mytty-vpn VPN Vendor
mytunneling-vpn VPN Vendor
myvpnbg-vpn VPN Vendor
n-vpn VPN Vendor
namecheap-vpn VPN Vendor
namu-vpn VPN Vendor
near-vpn VPN Vendor
netflixvpn VPN Vendor
netfree-vpn VPN Vendor
netshade-vpn VPN Vendor
newvpn VPN Vendor
nginx VPN Product
nielsen-app-vpn VPN Vendor
njalla-vpn VPN Vendor
nord-vpn VPN Vendor
nordvpn VPN Vendor
norton-vpn VPN Vendor
nova-vpn VPN Vendor
nurichina-vpn VPN Vendor
octane-vpn VPN Vendor
octo-vpn VPN Vendor
okay-vpn VPN Vendor
oko-vpn VPN Vendor
one-host-vpn VPN Vendor
openvpn VPN Type
openvpn VPN Vendor
opera VPN Vendor
opera-vpn VPN Vendor
osmozis-vpn VPN Vendor
ostrich-vpn VPN Vendor
ovpn VPN Vendor
oxylabs-proxy VPN Vendor
oyster-vpn VPN Vendor
panda-vpn VPN Vendor
pandapro-vpn VPN Vendor
paran-vpn VPN Vendor
pearl-vpn VPN Vendor
pentaloop-vpn VPN Vendor
perfect-privacy VPN Vendor
perfect-privacy-vpn VPN Vendor
perimeter81-vpn VPN Vendor
pevpn VPN Vendor
phantom-avira-vpn VPN Vendor
pia VPN Vendor
pia-vpn VPN Vendor
pigeon-vpn VPN Vendor
pinoyground-vpn VPN Vendor
plex-vpn VPN Vendor
power-vpn VPN Vendor
pptp VPN Type
premiumize-vpn VPN Vendor
privacy-hero-vpn VPN Vendor
privado-vpn VPN Vendor
privatetunnel-vpn VPN Vendor
privatevpn VPN Vendor
privatewifi-vpn VPN Vendor
prosto-vpn VPN Vendor
proton-vpn VPN Vendor
protonvpn VPN Vendor
provpn VPN Vendor
provpn-world-vpn VPN Vendor
proxynvpn VPN Vendor
psiphon3-vpn VPN Vendor
pure-vpn VPN Vendor
purevpn VPN Vendor
quark-vpn VPN Vendor
quickq-vpn VPN Vendor
qustodio-parental-vpn VPN Vendor
ra4w-vpn VPN Vendor
rabbit-vpn VPN Vendor
race-vpn VPN Vendor
rapid-vpn VPN Vendor
rasya-computer-vpn VPN Vendor
refresh-vpn VPN Vendor
resi-vpn VPN Vendor
rgntunnel-vpn VPN Vendor
riseup-vpn VPN Vendor
rocket-vpn VPN Vendor
rus-vpn VPN Vendor
rvpn VPN Vendor
ryn-vpn VPN Vendor
safer-vpn VPN Vendor
safesurf-vpn VPN Vendor
salamander-vpn VPN Vendor
samsung-vpn VPN Vendor
sanctuary-star-vpn VPN Vendor
sasaki-vpn VPN Vendor
saturn-vpn VPN Vendor
secret-vpn VPN Vendor
secure-android-vpn VPN Vendor
secvpn VPN Vendor
seed4me-vpn VPN Vendor
sekai-vpn VPN Vendor
senovpn VPN Vendor
sentinel-vpn VPN Vendor
sharehub-vpn VPN Vendor
shellfire-vpn VPN Vendor
shvpn VPN Vendor
siege-vpn VPN Vendor
signalsecure-vpn VPN Vendor
skyvpn VPN Vendor
slick-vpn VPN Vendor
slowdns-vpn VPN Vendor
smart-vpn VPN Vendor
smarty-dns-vpn VPN Vendor
smile-vpn VPN Vendor
snap-vpn VPN Vendor
snapmaster-vpn VPN Vendor
snowd-vpn VPN Vendor
soax-proxy VPN Vendor
softether VPN Product
sonicwall VPN Vendor
Sub-Tags (1)
Name Description
ssl-vpn Sonicwall Product
sousoukuai-vpn VPN Vendor
speed-ssh-vpn VPN Vendor
speedify-vpn VPN Vendor
speedvpnapp-vpn VPN Vendor
spod-vpn VPN Vendor
ssh0-vpn VPN Vendor
sshmax-vpn VPN Vendor
sshocean-vpn VPN Vendor
sshplus-vpn VPN Vendor
sshssl-vpn VPN Vendor
sshstores-vpn VPN Vendor
ssronline-vpn VPN Vendor
sstp VPN Type
sstpvpn VPN Vendor
ssvpn-ru-vpn VPN Vendor
star-app-vpn VPN Vendor
star-vpn VPN Vendor
start-vpn VPN Vendor
steganos-vpn VPN Vendor
streamvia-vpn VPN Vendor
strong-hold-vpn VPN Vendor
strong-vpn VPN Vendor
strongvpn VPN Vendor
stunnelvip-vpn VPN Vendor
summer-time-vpn VPN Vendor
sunrise-vpn VPN Vendor
sunssh-vpn VPN Vendor
supervpn VPN Vendor
supervpn360-vpn VPN Vendor
surf-easy-vpn VPN Vendor
surfshark VPN Vendor
surfshark-vpn VPN Vendor
swiss-vpn VPN Vendor
switch-vpn VPN Vendor
tailscale-derp VPN Vendor
tala-vpn VPN Vendor
tango-privacy-vpn VPN Vendor
tap-vpn VPN Vendor
taxi-vpn VPN Vendor
tcpvpn VPN Vendor
techoragon-vpn VPN Vendor
tg-vpn VPN Vendor
thevpn-kr-vpn VPN Vendor
thunder-vpn VPN Vendor
thundernet VPN Vendor
tiger-vpn VPN Vendor
tik-vpn VPN Vendor
tikvpn VPN Vendor
time-vpn VPN Vendor
tls-vpn VPN Vendor
today-vpn VPN Vendor
tomato-vpn VPN Vendor
tor-guard-vpn VPN Vendor
torguard VPN Vendor
touch-vpn VPN Vendor
touchvpn VPN Vendor
transocks-vpn VPN Vendor
trendmicro-vpn VPN Vendor
trust-zone-vpn VPN Vendor
tunnelbear VPN Vendor
tunnelbear-vpn VPN Vendor
tunnelsats-vpn VPN Vendor
turbo-vpn VPN Vendor
turbolite-vpn VPN Vendor
u2play-vpn VPN Vendor
ufo-vpn VPN Vendor
uktv-vpn VPN Vendor
ultrasurf-vpn VPN Vendor
unblock-master-vpn VPN Vendor
union-vpn VPN Vendor
unique-vpn VPN Vendor
unlimitedvpnpro-vpn VPN Vendor
unlocator-vpn VPN Vendor
unseen-online-vpn VPN Vendor
urban-vpn VPN Vendor
usaip-vpn VPN Vendor
useed-vpn VPN Vendor
uvpn VPN Vendor
v2net-vpn VPN Vendor
v2ss-vpn VPN Vendor
v6-vpn VPN Vendor
vanished-vpn VPN Vendor
veee-plus-vpn VPN Vendor
veepn VPN Vendor
veepn-vpn VPN Vendor
vfulup-vpn VPN Vendor
viet-pn-vpn VPN Vendor
vietpn-vpn VPN Vendor
virtual-shield-vpn VPN Vendor
vowinc-vpn VPN Vendor
vpn-ac VPN Vendor
vpn-ac VPN Vendor
vpn-connect VPN Vendor
vpn-ht VPN Vendor
vpn-master-android VPN Vendor
vpn-monster VPN Vendor
vpn-pink VPN Vendor
vpn-shield VPN Vendor
vpn-ss VPN Vendor
vpn-super-free VPN Vendor
vpn-surf VPN Vendor
vpn24 VPN Vendor
vpn4games VPN Vendor
vpn6 VPN Vendor
vpn99 VPN Vendor
vpnable VPN Vendor
vpnalliance VPN Vendor
vpnarea VPN Vendor
vpnauction VPN Vendor
vpnbaron VPN Vendor
vpnbook VPN Vendor
vpnbrand VPN Vendor
vpncenter-co VPN Vendor
vpncity VPN Vendor
vpner VPN Vendor
vpnfacile VPN Vendor
vpngate VPN Vendor
vpnguard-online VPN Vendor
vpnhack VPN Vendor
vpnhispeed VPN Vendor
vpnhost11 VPN Vendor
vpnhostingcz VPN Vendor
vpnify VPN Vendor
vpnjantit VPN Vendor
vpnline VPN Vendor
vpnme VPN Vendor
vpnone VPN Vendor
vpnonline VPN Vendor
vpnow VPN Vendor
vpnpoint VPN Vendor
vpnpro VPN Vendor
vpnreactor VPN Vendor
vpnresellers VPN Vendor
vpnrunfast VPN Vendor
vpnsecure VPN Vendor
vpnstores- VPN Vendor
vpnsweb VPN Vendor
vpntt VPN Vendor
vpntunnel VPN Vendor
vpnuk VPN Vendor
vpnunlimited VPN Vendor
vpnunlimitedapp VPN Vendor
vpnvault VPN Vendor
vpnvip VPN Vendor
vpnvision VPN Vendor
vtrspeed-vpn VPN Vendor
vypr-vpn VPN Vendor
vyprvpn VPN Vendor
wakoopa-vpn VPN Vendor
wannaflix-vpn VPN Vendor
warp-vpn VPN Vendor
warpvpn VPN Vendor
watch-uk-tv-vpn VPN Vendor
wcomes-vpn VPN Vendor
we-vpn VPN Vendor
webzilla-vpn VPN Vendor
wevpn VPN Vendor
whitelabel-vpn VPN Vendor
whoer-vpn VPN Vendor
windscribe VPN Vendor
windscribe-vpn VPN Vendor
winston-vpn VPN Vendor
wireguard VPN Type
witopia-vpn VPN Vendor
wizard-merlin-vpn VPN Vendor
wlvpn VPN Vendor
worldvpn VPN Vendor
xamjyssvpn VPN Vendor
xbox-vpn VPN Vendor
xeovo-vpn VPN Vendor
xgc-vpn VPN Vendor
xiaohouzi-vpn VPN Vendor
xirvik-vpn VPN Vendor
xsoft-surf-vpn VPN Vendor
xtunnel-vpn VPN Vendor
xunyou-game-vpn VPN Vendor
xy-vpn VPN Vendor
yoyoip-vpn VPN Vendor
yyyip-vpn VPN Vendor
zebra-vpn VPN Vendor
zen-vpn VPN Vendor
zenmate VPN Vendor
zenmate-vpn VPN Vendor
zide-vpn VPN Vendor
zoog-vpn VPN Vendor
zoogvpn VPN Vendor
zpn-vpn VPN Vendor
Scout API - General Information

Example Workflow

  1. Search for a specific IP or domain name. - GET https://scout.cymru.com/api/scout/search?query=jquery.com&days=30
    • An IP will redirect to the details view.
    • A domain name will list IP(s) in the search results associated with the domain.
  2. Get more details for IP - GET https://scout.cymru.com/api/scout/ip/{ip}/details?days=30
    • The details endpoint will offer the highest level of detail using a variety of enrichments.

Supported Date Time Formats

  • All users can submit the days parameter.
  • If your subscription allows custom date ranges, any days value up to your max searchable days is allowed. Otherwise you must send one of the fixed days available to you.
  • All Scout API date parameters are formatted YYYY-MM-DD and should be in UTC without a timestamp.
    • 1999-12-31
Return Code Description
200 Success - Normal return.
400 Bad Request - One or more issues was found with your search parameters or the request was malformed.
401 Authentication Error - There was an error with your username and/or password or authorization token.
403 Authorization Error - You are not authorized to view this resource.
429 One of:
  • Request Rate Exceeded - The maximum of 1 request(s) per second was exceeded.
  • Maximum concurrent requests have been exceeded.
  • You have exceeded the query limit.
500 Internal Error - There was an internal server error. Please contact support to investigate this.
GET /api/scout/usage

This endpoint returns a summary of usage and limits from the API.

Resource URL

https://scout.cymru.com/api/scout/usage

Resource Information

Response Formats JSON
Requires authentication Yes
HTTP Method GET 

curl --user username:password --request GET \
  --url 'https://scout.cymru.com/api/scout/usage'
                                

curl --request GET --url 'https://scout.cymru.com/api/scout/usage' \
  --header 'Authorization: Token valid_api_token'
                                

import requests

url = "https://scout.cymru.com/api/scout/usage"

payload = ""
headers = {
    #Basic Auth with username and password
    'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" #Basic base64.b64encode('username:password')
    # Or
    # API Auth with valid_api_key
    'Authorization': "Token valid_api_key" #Example 'Authorization': "Token e54d5128b1023bf52c9939a44ed0c3949eb5e56
    }

response = requests.request("GET", url, data=payload, headers=headers)
                                

{
    "used_queries": 6,
    "remaining_queries": 994,
    "query_limit": 1000,
    "foundation_api_usage": {
      "used_queries": 20,
      "remaining_queries": 980,
      "query_limit": 1000
    }    
}
GET /api/scout/ip/{ip}/details

Returns a detailed view of IP address relationships.

Resource URL

https://scout.cymru.com/api/scout/ip/{ip}/details

Parameters Values
ip
required 		The IP Address to request details for.
days Relative offset in days from current time in UTC. It cannot exceed the maximum range of days.
size The size of the response, in records, to return.
sections
A comma separated string, comprised of these identifiers:
  • summary
  • proto_by_ip
  • whois
Default Sections (Shown in Output JSON): 
summary,whois

Resource Information

Response Formats JSON
Requires authentication Yes
HTTP Method GET 

curl --user username:password --request GET \
  --url 'https://scout.cymru.com/api/scout/ip/104.18.213.12/details?days=30'
                                

curl --request GET --url 'https://scout.cymru.com/api/scout/ip/104.18.213.12/details?days=30' \
  --header 'Authorization: Token valid_api_token'
                                

import requests

url = "https://scout.cymru.com/api/scout/ip/104.18.213.12/details?days=30"

payload = ""
headers = {
    #Basic Auth with username and password
    'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" #Basic base64.b64encode('username:password')
    # API Auth with valid_api_key
    'Authorization': "Token valid_api_key" #Example 'Authorization': "Token e54d5128b1023bf52c9939a44ed0c3949eb5e56
    }

response = requests.request("GET", url, data=payload, headers=headers)
                                

{
  "request_id": "b9ea75c2-3665-5b74-94aa-4abd2bb35224",
  "ip": "104.18.213.12",
  "size": 1000,
  "start_date": "2024-11-22",
  "end_date": "2024-12-22",
  "sections": [
    "summary",    "proto_by_ip",    "whois"  ],
  "usage": {
    "used_queries": 6,
    "remaining_queries": 994,
    "query_limit": 1000,
    "foundation_api_usage": {
      "used_queries": 20,
      "remaining_queries": 980,
      "query_limit": 1000
    }  },
  "summary": {
    "total": 1,
    "ip": "104.18.213.12",
    "start_date": "2024-11-22",
    "end_date": "2024-12-22",
    "geo_ip_cc": "US",
    "tags": [
      {
        "id": 176,
        "name": "cdn",
        "children": [
          {
            "id": 210,
            "name": "cloudflare",
            "children": null
          }
        ]
      }
    ],
    "reverse_hostnames": null,
    "bgp_asn": 0,
    "bgp_asname": "",
    "whois": {
      "asn": 13335,
      "as_name": "CLOUDFLARENET",
      "net_name": "CLOUDFLARENET",
      "org_name": "Cloudflare, Inc."
    },
    "pdns": {
      "total": 174,
      "top_pdns": [
        {
          "event_count": 111,
          "domain": "jquery.com",
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22"
        },
        {
          "event_count": 25,
          "domain": "api.jquery.com",
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22"
        },
        {
          "event_count": 18,
          "domain": "learn.jquery.com",
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22"
        },
        {
          "event_count": 14,
          "domain": "blog.jquery.com",
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22"
        },
        {
          "event_count": 6,
          "domain": "plugins.jquery.com",
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22"
        }
      ]
    },
    "open_ports": {
      "total": 1,
      "top_open_ports": [
        {
          "event_count": 1,
          "port": 8880,
          "protocol": 6,
          "protocol_text": "TCP",
          "service": "cddbp-alt",
          "inferred_service_name": null,
          "first_seen": "2024-12-22",
          "last_seen": "2024-12-22"
        }
      ]
    },
    "certs": {
      "top_certs": [
        {
          "issuer": "CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US",
          "issuer_common_name": "DigiCert TLS RSA SHA256 2020 CA1",
          "common_name": "www.example.org",
          "subject": "CN=www.example.org, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, ST=California, C=US",
          "port": 443,
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22",
          "self_signed": false,
          "not_before": "2024-11-22",
          "not_after": "2024-12-22",
          "md5": "749bbbeb4a6cb23c205c9850b35bed6a",
          "sha1": "f2aad73d32683b716d2a7d61b51c6d5764ab3899",
          "sha256": "5ef2f214260ab8f58e55eea42e4ac04b0f171807d8d1185fddd67470e9ab6096"
        }
      ]
    },
    "tag_timeline": {
      "data": [
        {
          "tag": {
            "id": 176,
            "name": "cdn",
            "description": "The CDN tag characterizes IP addresses associated with Content Delivery Networks (CDNs). A Content Delivery Network (CDN) is a system of distributed servers strategically positioned around the world. Its primary purpose is to deliver web content, such as images, videos, scripts, and other static files, to end users in a faster, and more efficient manner. CDNs are sometimes associated with serving content for multiple different customers and can be an indication of possible shared hosting environment. The CDN tag has child tags to represent specific CDN vendors, such as CDN77, AKAMAI, and more.",
            "parent_ids": null,
            "css_color": "#8A532C",
            "parents": null
          },
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22"
        },
        {
          "tag": {
            "id": 210,
            "name": "cloudflare",
            "description": "CDN Vendor",
            "parent_ids": [
              176
            ],
            "css_color": "#9D6034",
            "parents": [
              {
                "id": 176,
                "name": "cdn",
                "description": "The CDN tag characterizes IP addresses associated with Content Delivery Networks (CDNs). A Content Delivery Network (CDN) is a system of distributed servers strategically positioned around the world. Its primary purpose is to deliver web content, such as images, videos, scripts, and other static files, to end users in a faster, and more efficient manner. CDNs are sometimes associated with serving content for multiple different customers and can be an indication of possible shared hosting environment. The CDN tag has child tags to represent specific CDN vendors, such as CDN77, AKAMAI, and more.",
                "parent_ids": null,
                "css_color": "#8A532C",
                "parents": null
              }
            ]
          },
          "first_seen": "2024-11-22",
          "last_seen": "2024-12-22"
        }
      ]
    },
    "insights": {
      "overall_rating": "no_rating",
      "total": 6,
      "insights": [
        {
          "rating": "no_rating",
          "message": "104.18.213.12 has been identified as a cloudflare content delivery network (CDN) IP. CDNs are distributed network of servers strategically placed around the world to efficiently deliver content."
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'jquery.com' may have expired on: 2024-12-22"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'api.jquery.com' may have expired on: 2024-12-22"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'learn.jquery.com' may have expired on: 2024-12-22"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'blog.jquery.com' may have expired on: 2024-12-22"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'plugins.jquery.com' may have expired on: 2024-12-22"
        }
      ]
    },
    "fingerprints": {
      "top_fingerprints": null
    }
  },
  "proto_by_ip": {
    "request_id": "d68f9ec8-55a5-5001-8551-3c98509d70c2",
    "total": 156,
    "ip": "104.18.213.12",
    "size": 1000,
    "start_date": "2024-11-22",
    "end_date": "2024-12-22",
    "data": {
      "dates": [
        "2024-11-22",
        "2024-11-23",
        "2024-11-24",
        "2024-11-25",
        "2024-11-26",
        "2024-11-27",
        "2024-11-28",
        "2024-11-29",
        "2024-11-30",
        "2024-12-01",
        "2024-12-02",
        "2024-12-03",
        "2024-12-04",
        "2024-12-05",
        "2024-12-06",
        "2024-12-07",
        "2024-12-08",
        "2024-12-09",
        "2024-12-10",
        "2024-12-11",
        "2024-12-12",
        "2024-12-13",
        "2024-12-14",
        "2024-12-15",
        "2024-12-16",
        "2024-12-17",
        "2024-12-18",
        "2024-12-19",
        "2024-12-20",
        "2024-12-21"
      ],
      "protocols": [
        1,
        6,
        17
      ],
      "proto_by_date": [
        {
          "proto": 1,
          "keyword": "ICMP",
          "data": [
            {
              "count": 6,
              "date": "2024-11-22"
            },
            {
              "count": 20,
              "date": "2024-11-23"
            },
            {
              "count": 21,
              "date": "2024-11-24"
            },
            {
              "count": 17,
              "date": "2024-11-25"
            },
            {
              "count": 11,
              "date": "2024-11-26"
            },
            {
              "count": 20,
              "date": "2024-11-27"
            },
            {
              "count": 22,
              "date": "2024-11-28"
            },
            {
              "count": 14,
              "date": "2024-11-29"
            },
            {
              "count": 24,
              "date": "2024-11-30"
            },
            {
              "count": 15,
              "date": "2024-12-01"
            },
            {
              "count": 9,
              "date": "2024-12-02"
            },
            {
              "count": 11,
              "date": "2024-12-03"
            },
            {
              "count": 1,
              "date": "2024-12-04"
            },
            {
              "count": 6,
              "date": "2024-12-05"
            },
            {
              "count": 18,
              "date": "2024-12-06"
            },
            {
              "count": 19,
              "date": "2024-12-07"
            },
            {
              "count": 14,
              "date": "2024-12-08"
            },
            {
              "count": 21,
              "date": "2024-12-09"
            },
            {
              "count": 13,
              "date": "2024-12-10"
            },
            {
              "count": 8,
              "date": "2024-12-11"
            },
            {
              "count": 23,
              "date": "2024-12-12"
            },
            {
              "count": 25,
              "date": "2024-12-13"
            },
            {
              "count": 8,
              "date": "2024-12-14"
            },
            {
              "count": 0,
              "date": "2024-12-15"
            },
            {
              "count": 10,
              "date": "2024-12-16"
            },
            {
              "count": 15,
              "date": "2024-12-17"
            },
            {
              "count": 15,
              "date": "2024-12-18"
            },
            {
              "count": 3,
              "date": "2024-12-19"
            },
            {
              "count": 12,
              "date": "2024-12-20"
            },
            {
              "count": 19,
              "date": "2024-12-21"
            }
          ]
        },
        {
          "proto": 6,
          "keyword": "TCP",
          "data": [
            {
              "count": 9,
              "date": "2024-11-22"
            },
            {
              "count": 11,
              "date": "2024-11-23"
            },
            {
              "count": 17,
              "date": "2024-11-24"
            },
            {
              "count": 20,
              "date": "2024-11-25"
            },
            {
              "count": 24,
              "date": "2024-11-26"
            },
            {
              "count": 3,
              "date": "2024-11-27"
            },
            {
              "count": 19,
              "date": "2024-11-28"
            },
            {
              "count": 15,
              "date": "2024-11-29"
            },
            {
              "count": 6,
              "date": "2024-11-30"
            },
            {
              "count": 12,
              "date": "2024-12-01"
            },
            {
              "count": 18,
              "date": "2024-12-02"
            },
            {
              "count": 23,
              "date": "2024-12-03"
            },
            {
              "count": 19,
              "date": "2024-12-04"
            },
            {
              "count": 25,
              "date": "2024-12-05"
            },
            {
              "count": 3,
              "date": "2024-12-06"
            },
            {
              "count": 9,
              "date": "2024-12-07"
            },
            {
              "count": 6,
              "date": "2024-12-08"
            },
            {
              "count": 11,
              "date": "2024-12-09"
            },
            {
              "count": 5,
              "date": "2024-12-10"
            },
            {
              "count": 5,
              "date": "2024-12-11"
            },
            {
              "count": 23,
              "date": "2024-12-12"
            },
            {
              "count": 17,
              "date": "2024-12-13"
            },
            {
              "count": 1,
              "date": "2024-12-14"
            },
            {
              "count": 4,
              "date": "2024-12-15"
            },
            {
              "count": 12,
              "date": "2024-12-16"
            },
            {
              "count": 11,
              "date": "2024-12-17"
            },
            {
              "count": 11,
              "date": "2024-12-18"
            },
            {
              "count": 5,
              "date": "2024-12-19"
            },
            {
              "count": 25,
              "date": "2024-12-20"
            },
            {
              "count": 2,
              "date": "2024-12-21"
            }
          ]
        },
        {
          "proto": 17,
          "keyword": "UDP",
          "data": [
            {
              "count": 16,
              "date": "2024-11-22"
            },
            {
              "count": 7,
              "date": "2024-11-23"
            },
            {
              "count": 6,
              "date": "2024-11-24"
            },
            {
              "count": 22,
              "date": "2024-11-25"
            },
            {
              "count": 3,
              "date": "2024-11-26"
            },
            {
              "count": 18,
              "date": "2024-11-27"
            },
            {
              "count": 19,
              "date": "2024-11-28"
            },
            {
              "count": 0,
              "date": "2024-11-29"
            },
            {
              "count": 25,
              "date": "2024-11-30"
            },
            {
              "count": 17,
              "date": "2024-12-01"
            },
            {
              "count": 16,
              "date": "2024-12-02"
            },
            {
              "count": 21,
              "date": "2024-12-03"
            },
            {
              "count": 6,
              "date": "2024-12-04"
            },
            {
              "count": 14,
              "date": "2024-12-05"
            },
            {
              "count": 2,
              "date": "2024-12-06"
            },
            {
              "count": 21,
              "date": "2024-12-07"
            },
            {
              "count": 24,
              "date": "2024-12-08"
            },
            {
              "count": 11,
              "date": "2024-12-09"
            },
            {
              "count": 7,
              "date": "2024-12-10"
            },
            {
              "count": 24,
              "date": "2024-12-11"
            },
            {
              "count": 13,
              "date": "2024-12-12"
            },
            {
              "count": 4,
              "date": "2024-12-13"
            },
            {
              "count": 15,
              "date": "2024-12-14"
            },
            {
              "count": 24,
              "date": "2024-12-15"
            },
            {
              "count": 6,
              "date": "2024-12-16"
            },
            {
              "count": 22,
              "date": "2024-12-17"
            },
            {
              "count": 25,
              "date": "2024-12-18"
            },
            {
              "count": 21,
              "date": "2024-12-19"
            },
            {
              "count": 17,
              "date": "2024-12-20"
            },
            {
              "count": 4,
              "date": "2024-12-21"
            }
          ]
        }
      ]
    }
  },
  "whois": {
    "modified": "2021-05-26",
    "asn": 13335,
    "cidr": "104.16.0.0/12",
    "as_name": "CLOUDFLARENET",
    "bgp_asn": 0,
    "bgp_asn_name": "",
    "net_name": "CLOUDFLARENET",
    "net_handle": "NET-104-16-0-0-1",
    "description": "",
    "cc": "US",
    "city": "San Francisco",
    "address": "[\"101 Townsend Street\"]",
    "abuse_contact_id": "ABUSE2916-ARIN",
    "about_contact_role": "Abuse",
    "about_contact_person": "",
    "about_contact_email": "abuse@cloudflare.com",
    "about_contact_phone": "+1-650-319-8930",
    "about_contact_country": "US",
    "about_contact_city": "San Francisco",
    "about_contact_address": "[\"101 Townsend Street\"]",
    "admin_contact_id": "",
    "admin_contact_role": "",
    "admin_contact_person": "",
    "admin_contact_email": "",
    "admin_contact_phone": "",
    "admin_contact_country": "",
    "admin_contact_city": "",
    "admin_contact_address": "",
    "tech_contact_id": "ADMIN2521-ARIN",
    "tech_contact_role": "Admin",
    "tech_contact_person": "",
    "tech_contact_email": "rir@cloudflare.com",
    "tech_contact_phone": "+1-650-319-8930",
    "tech_contact_country": "US",
    "tech_contact_city": "San Francisco",
    "tech_contact_address": "[\"101 Townsend Street\"]",
    "org_id": "CLOUD14",
    "org_name": "Cloudflare, Inc.",
    "org_email": "abuse@cloudflare.com,noc@cloudflare.com,rir@cloudflare.com",
    "org_phone": "+1-650-319-8930",
    "org_country": "US",
    "org_city": "San Francisco",
    "org_address": "101 Townsend Street",
    "mnt_by_email": "",
    "mnt_lower_email": "",
    "mnt_router_email": ""
  }
}
GET /api/scout/ip/foundation

Returns critical information about an IP(s) that shows up in alerts or security incidents.

Resource URL

https://scout.cymru.com/api/scout/ip/foundation

Parameters Values
ips
required
1 max IP(s) 		The IP Address(es) to request details for. A comma separated string of 1 or more IP(s) e.g. 104.18.213.12,93.184.216.34.

Resource Information

Response Formats JSON
Requires authentication Yes
HTTP Method GET 

curl --user username:password --request GET \
  --url 'https://scout.cymru.com/api/scout/ip/foundation?ips=104.18.213.12,93.184.216.34'
                                

curl --request GET --url 'https://scout.cymru.com/api/scout/ip/foundation?ips=104.18.213.12,93.184.216.34' \
  --header 'Authorization: Token valid_api_token'
                                

import requests

url = "https://scout.cymru.com/api/scout/ip/foundation?ips=104.18.213.12,93.184.216.34"

payload = ""
headers = {
    #Basic Auth with username and password
    'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" #Basic base64.b64encode('username:password')
    # API Auth with valid_api_key
    'Authorization': "Token valid_api_key" #Example 'Authorization': "Token e54d5128b1023bf52c9939a44ed0c3949eb5e56
    }

response = requests.request("GET", url, data=payload, headers=headers)
                                

{
  "request_id": "8dc7e6d4-968a-5595-b99e-af0620260487",
  "ips": [
    "104.18.213.12",
    "93.184.216.34"
  ],
  "data": [
    {
      "ip": "104.18.213.12",
      "country_code": "US",
      "as_info": [
        {
          "asn": 13335,
          "as_name": "CLOUDFLARENET, US"
        }
      ],
      "insights": {
        "overall_rating": "no_rating",
        "insights": []
      },
      "tags": [
        {
          "id": 176,
          "name": "cdn",
          "children": [
            {
              "id": 210,
              "name": "cloudflare",
              "children": null
            }
          ]
        }
      ]
    },
    {
      "ip": "93.184.216.34",
      "country_code": "US",
      "as_info": [
        {
          "asn": 15133,
          "as_name": "EDGECAST, US"
        }
      ],
      "insights": {
        "overall_rating": "no_rating",
        "insights": []
      },
      "tags": [
        {
          "id": 176,
          "name": "cdn",
          "children": [
            {
              "id": 206,
              "name": "edgecast",
              "children": null
            }
          ]
        }
      ]
    }
  ],
  "usage": {
    "used_queries": 6,
    "remaining_queries": 994,
    "query_limit": 1000,
    "foundation_api_usage": {
      "used_queries": 20,
      "remaining_queries": 980,
      "query_limit": 1000
    }    
  }
}

Copyright © 2007-2024 All rights reserved. Information may not be disseminated without prior consent.