Scout Insight Documentation
Searching

Search Suggestions Pane

The following tabs are available in the suggestions auto-complete pane that appears under the Scout search form query input field, when typing and/or toggling the arrow keys in the search input field. Typing in the search form input will filter against the suggestions/values available under each respective tab. The tab selected will be stored in local storage and remembered on page reload, for quick access.

Documentation Example


  Search Scout is available under the Ultimate Subscription Tier. Please Contact Us to Upgrade.


This tab pane will contain dynamic search examples from the latest relevant insights:
  • 4 Search Examples (as seen below) w/ IPs/Domains, 2 of each, fanged and de-fanged

This tab pane will contain the user's Scout Search History as a list of previously searched queries. Executing a new search or re-loading the page will show the previously executed search within the list. If no search has yet been executed by the Scout user, they will see the default notification "Please execute a search to view your search history.".
Screenshot Example Scout Suggestions Autocomplete Pane

Search Examples

  • 104.18.213.12
  • 93[.]184[.]216[.]34
  • jquery.com
  • example[.]com
IP Details

Scout is a threat investigation and hunting platform used to identify and track malicious infrastructure on the internet.

Details Page Tabs

The details page separates information about a searched IP Address into various tabs.

  • Summary
  • Whois
Summary

This tab shows summary information for the queried IP Address.

Whois

This tab shows Whois information for the IP Address.

Pivoting

Pivots are used to find more details on different fields or branch off into new investigations. Pivoting is supported on IP Addresses and domain names within Scout and other Pure Signal products.

IP Pivoting

By default, visiting an IP's details will show the top results by count. A pivot link to the right of the IP address is provided to refine that IP's details using your original search. Not all fields in the original search can be applied, so the pivot link only contains fields which can be applied in this context (see supported fields below).

  • Visit the IP's details without a refined search by clicking the IP address
  • Using a Refined Search Pivot on the IP address in Scout
  • Create a Scout Query (requires Scout subscription)

Examples of pivot links to the right of IP Addresses

These options to pivot can appear in a few spots that feature IP addresses

  • IPs found in multi-view results
  • IP Details Summary Identity panel
  • IPs under the IP Details Communications Tab (Scout Ultimate only)

Domain Pivoting

Domains can pivot to a new Scout Query. This includes domains found on PDNS domain names and common names in X.509 certificates when they appear in search results or an IP's detailed view.

Insights

Insights appear on an IP address's summary view and offer useful information at a glance such as:

  • Combinations of malicious tags
  • Suspicious activities
  • Peculiar domains
  • Recently expired domain records

Insights are sorted by rank of descending maliciousness (malicious, suspicious, followed by informational). The overall rating of the IP is determined by the most malicious insight and appears left of the IP Address. A maximum of ten insights are shown per IP Address searched.

Usage Limits

Scout

Searches are monthly-based and expire at the end of each month. A remaining monthly balance of searches is shown, in real-time in the upper right-hand corner, as a fraction of used searches over the maximum monthly search limit. When the balance is zero, no more searches can be issued until the first day of the following month.

For IP searches, the remaining balance is decremented after each search submission. Users can view all the results in all tabs, without further balance decrement.

For searches returning multi-view results, such as advanced and domain searches, the balance is decremented after:

  • Each search submission
  • Clicking on an IP in the result set, which in turn executes a new IP search.

Note: The following conditions will resubmit a search, and thus decrement the balance as described above:

  • Refreshing the page while reviewing the results of any search
  • Visiting a URL that executes an IP or advanced search

Additional searches can be purchased at any time by contacting your support representative.

Summary Visualizations

Overview Graph

The Overview graph shows the searched IP's top features such as:

  • The IP's tags
  • Open ports
  • Domain names (Grouped by root domain)
  • X.509 subjects

The segments are based on the first seen (inclusive) and last seen (non-inclusive) occurrence of each attribute within the search window. Domain names may be grouped by the root domain, and Open Ports will be grouped when they occur on the same date range. Beneath the Overview is a supporting bar chart providing a count of communication events accross protocols. This corresponds to the Communications graph.

Communications Graph

The Communications Graph is a stacked bar chart, detailing communicated protocols over the search window. Clicking on the legend entries will filter for a specific protocol. Clicking additional legend entries includes more protocols. Toggling them all to hidden will restore the full graph.

Other Graphs

The Services, Tags, ASNs, and Country Codes graphs show a percentage breakdown of the top ten features over time for the searched IP and remote IPs. Note: each column may not add to 100% when there are uncategorized events. Bars may add up to over 100% when there is overlap between categories. Clicking on the legend entries will filter to that specific series. Clicking more legend entries will include additional series. Hiding all series will restore the full graph.

Tags

Tags are a classification system in flows results that identifies IP addresses that exhibit certain types of behavior in flow data. They are displayed as badges next to IP addresses, which can then be used to filter out certain kinds of traffic, such as filtering out scanners, or looking for controllers in a botnet. IP addresses are further classified into sub-tags, which can belong to one or more parent tags.

Name Description
blockchain The blockchain tag identifies infrastructure that utilizes blockchain technologies. This tag covers a range of blockchain applications, including cryptocurrency as well as other implementations of blockchain methodologies.
Sub-Tags (5)
Name Description
btc Bitcoin is the ticker symbol and common abbreviation for Bitcoin, a decentralized digital currency that records transactions on a distributed ledger known as a blockchain. | Reference: https://bitcoin.org/
eth Ethereum refers to Ether, the native cryptocurrency token of the Ethereum blockchain platform, which enables smart contracts and decentralized applications. | Reference: https://ethereum.org/
oxen Oxen is a privacy-focused cryptocurrency and blockchain platform that provides a foundation for private financial transactions and secure communications tools. | Reference: https://Oxen.io/
solana Solana is a high-performance blockchain platform designed to host decentralized, scalable applications using a unique proof-of-history consensus mechanism. | Reference: https://Solana.com/
xmr Monero is the currency symbol for Monero, a blockchain-based cryptocurrency designed to provide anonymity by obscuring senders, recipients, and transaction amounts. | Reference: https://www.getmonero.org/
bogon Bogons are defined as Martians (private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598) and netblocks that have not been allocated to a Regional Internet Registry (RIR) by the Internet Assigned Numbers Authority.
bot Indicates a malware infection at the specific, associated address.
Sub-Tags (77)
Name Description
abstealer ABStealer is an information stealing malware designed to harvest sensitive data, such as credentials and financial information, and exfiltrate it to a command and control server. | Reference: https://any.run/malware-trends/abstealer
aldibot Aldibot is a malware family primarily utilized for conducting Distributed Denial of Service (DDoS) attacks and allowing remote code execution on compromised hosts. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.aldibot
amadey Amadey is a botnet and malware loader that infects systems to steal information and download additional malicious payloads. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
andromeda Andromeda (also known as Gamarue) is a modular botnet known for its ability to download additional malicious plugins, such as keyloggers or socks proxies. It creates a network of infected computers that can be rented out for various cybercriminal tasks, including spam and DDoS. | Reference: https://attack.mitre.org/software/S0367/
azorult Azorult is a powerful information stealer and downloader capable of extracting browsing history, cookies, cryptocurrency wallets, and desktop files from compromised machines. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_azorult.a
banload Banload is a Trojan-downloader family, historically prevalent in Brazil, designed to infiltrate systems and download additional banking malware to steal financial information. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.banload
betabot BetaBot is a bot family designed to disable antivirus software and steal sensitive login credentials from compromised systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.neurevt
blackenergy BlackEnergy is a malware toolkit that evolved from a simple DDoS bot into a complex cyber espionage and sabotage tool, notably used against industrial control systems (ICS). | Reference: https://attack.mitre.org/software/S0089/
bluebot BlueBot is a botnet malware family typically used to establish command and control over infected hosts for the purpose of executing remote tasks or DDoS attacks. | Reference: https://www.virustotal.com/gui/search/bluebot
bolek Bolek is a versatile banking trojan that inherits capabilities from the Zeus and Carberp families, featuring advanced web injects and traffic interception tools. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.bolek
citadel Citadel is a banking trojan derived from the ZeuS source code, designed to steal financial credentials and facilitate man-in-the-browser attacks against online banking systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.citadel
cobaltstrike Cobalt Strike is a legitimate adversary simulation framework used for red teaming, though its Beacon payload is frequently repurposed by threat actors for command and control and post-exploitation tasks. | Reference: https://attack.mitre.org/software/S0154/
conficker Conficker is a well-known worm and bot family that exploits vulnerabilities in Windows services to propagate and form massive botnets. | Reference: https://www.cisa.gov/news-events/analysis-reports/ar16-306a
corebot CoreBot is a modular malware strain that originated as an information stealer but was developed to include banking trojan capabilities such as web injections. | Reference: https://securityintelligence.com/corebot-malware-new-banking-trojan-on-the-block/
coresys CoreSys is a malware family often functioning as a system infector or bot, utilized to compromise the integrity of a host operating system and establish a connection to a command server. | Reference: https://www.virustotal.com/gui/search/coresys
darkcomet DarkComet is a well-known Remote Access Trojan (RAT) that grants attackers full administrative control over a victim's machine, including keylogging and webcam access. | Reference: https://www.cisa.gov/news-events/analysis-reports/ar18-184a
diamondfox DiamondFox is a modular botnet sold on underground forums that provides attackers with a variety of plugins for credential theft, DDoS attacks, and keylogging. | Reference: https://blog.checkpoint.com/2016/05/11/diamondfox-a-crystalline-botnet/
dirtjumper DirtJumper is a malware kit primarily designed to perform Distributed Denial of Service (DDoS) attacks against specified targets. The bot family allows an attacker to command infected machines to flood a target server with traffic, disrupting its availability. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.dirtjumper
dofoil Dofoil, often referred to as SmokeLoader, is a malware downloader family used to drop additional malicious payloads, such as cryptominers and info stealers, onto infected systems. | Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Dofoil
emotet Emotet is a notorious modular malware strain that evolved from a banking Trojan into a distributor for other threats, managing a vast botnet for spamming and dropping ransomware. | Reference: https://www.cisa.gov/uscert/ncas/alerts/aa20-280a
enfal The Enfal bot family consists of downloader and backdoor malware strains used primarily for long-term espionage and maintaining persistence within high-value networks. | Reference: https://www.mandiant.com/resources/blog/lurid-malware-targets
godzilla In the context of a bot family, the Godzilla webshell acts as the agent on the victim server, executing instructions sent from the attacker's controller to manipulate files and processes. | Reference: https://www.cisa.gov/uscert/ncas/analysis-reports/ar21-259a
gozi2 Gozi2 is an evolution of the Gozi/Ursnif banking trojan family, designed to inject malicious scripts into web browsers to steal financial credentials and personal data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi
goznym Goznym is a hybrid banking Trojan that combines the stealth of the Nymaim malware with the banking fraud capabilities of the Gozi ISFB malware to steal millions from financial institutions. | Reference: https://www.europol.europa.eu/media-press/newsroom/news/goznym-malware-cybercriminal-network-dismantled
gumblar Gumblar is a legacy malware family that compromised websites to redirect visitors to exploit kits, subsequently infecting users to steal FTP credentials and propagate further. | Reference: https://nakedsecurity.sophos.com/2009/05/19/gumblar-variant-doing-the-rounds/
http_post When labeled as a bot family, http_post indicates a group of bots that rely on sending data via HTTP POST requests to communicate with their Command and Control servers. This tag describes the behavior of the communication channel rather than a specific unique malware strain. | Reference: https://attack.mitre.org/techniques/T1071/001/
isrstealer ISRStealer is a credential-harvesting malware designed to extract saved passwords from web browsers and other local applications. It functions as a simple bot that compiles stolen data and transmits it to a remote server managed by the attacker. | Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2014-060413-4328-99
jedobot Jedobot is a Trojan malware family designed to compromise systems to steal sensitive data and potentially download further malicious payloads. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_jedo.b
kasidet Kasidet (also known as Neutrino Bot) is a malware family capable of conducting DDoS attacks, scraping memory for credit card data, and downloading additional payloads. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.kasidet
katrina This tag denotes the command and control infrastructure used to manage the Katrina botnet and issue instructions to compromised hosts. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.katrina
keybase KeyBase is a keylogger malware agent designed to record keystrokes, capture screenshots, and steal clipboard data from infected systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.keybase
kins KINS (or Kins) is a banking Trojan and crimeware toolkit derived from the Zeus and SpyEye source codes, specifically engineered to target financial institutions and steal user credentials. | Reference: https://securityintelligence.com/kins-malware-new-variant-of-zeus-spyeye-banking-trojans/
kpot Kpot is an information stealer malware designed to extract passwords, cryptocurrency wallets, and cookies from web browsers and other applications. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.kpot
kratos Kratos is a Trojan malware family used by threat actors to compromise systems, often functioning as a Remote Access Trojan (RAT) or dropper. | Reference: https://app.any.run/tasks/tags/kratos/
kronos Kronos is a banking trojan bot family capable of harvesting online banking credentials through form grabbing and web injection techniques. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.kronos
locky Locky is a ransomware bot family that spreads via malicious email attachments to encrypt victim files and demand payment for their release. | Reference: https://www.cisa.gov/news-events/alerts/2016/02/17/locky-ransomware
lokibot Lokibot is a prolific information-stealing malware designed to harvest credentials from web browsers, email clients, and IT administration tools on infected Windows and Android devices. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.lokibot
madness Madness is a malware strain often functioning as a ransomware-as-a-service (RaaS) toolkit that encrypts victim files while simultaneously acting as an information stealer to harvest credentials. | Reference: https://www.bleepingcomputer.com/news/security/new-madness-ransomware-tries-to-be-cool-fails-hard/
marcher Marcher is a mobile banking trojan targeting Android devices that uses overlay attacks to trick users into entering credit card details and login credentials. | Reference: https://www.checkpoints.com/android-marcher-trojan/
matsnu Matsnu is a malware family that functions as a trojan, often utilized for spam distribution and downloading additional payloads onto compromised systems. The bot communicates with a C2 server to receive configuration updates and commands for specific tasks. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/matsnu
minerpanel MinerPanel refers to a malware strain or interface designed specifically to deploy and manage cryptocurrency miners on infected victim machines without their consent. | Reference: https://www.fortinet.com/blog/threat-research/cryptojacking-malware-campaign
mirai Mirai is a malware family that primarily infects Linux-based Internet of Things (IoT) devices, enslaving them into a botnet used to launch massive Distributed Denial of Service (DDoS) attacks. | Reference: https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/
nanocore NanoCore is a Remote Access Trojan (RAT) bot family that grants attackers control over a victim's machine, including webcam surveillance and keylogging. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore
neverquest Neverquest, also widely known as Vawtrak, is a sophisticated banking Trojan and botnet used to steal user credentials through web injections, keylogging, and remote screenshots. | Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/us-cert-alert-ta16-144a
nymaim Nymaim is a malware downloader and ransomware family that initially focuses on locking screens but evolved to download banking trojans. The bot family is stealthy, using obfuscation to hide its communication with the attacker's infrastructure. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.nymaim
optima Optima is a malicious bot family and software kit designed to steal credentials and facilitate distributed denial-of-service (DDoS) attacks. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TROJ_OPTIMA.A
pandabanker PandaBanker is a modular banking trojan based on the Zeus malware source code, designed to perform man-in-the-browser attacks to steal financial credentials. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.pandabanker
pandora Pandora is a malware family, often derived from Mirai source code, that targets IoT devices to create botnets for launching distributed denial-of-service (DDoS) attacks. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.linux.pandora.a
pincher As a bot family, Pincher refers to the specific agents deployed on victim machines that execute the LdPinch code to harvest credentials. These bots collect data locally and transmit it back to the operator, often clearing tracks after execution. | Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2005-062816-1153-99
ponyloader Pony (often referred to as Fareit) is a malware family that functions as both an information stealer and a downloader, widely used to harvest stored credentials from various applications. | Reference: https://attack.mitre.org/software/S0453/
poseidon Poseidon is the agent side of the malware family, functioning as a backdoor capable of harvesting system information and executing commands from a remote server. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/osx.poseidon
poseidon-findstr Poseidon-findstr likely refers to a specific module or behavioral signature within the Poseidon malware family dedicated to searching for specific strings or data patterns on a host. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/osx.poseidon
predatorthethief PredatorTheThief is an information-stealing malware sold on underground forums that extracts passwords, browser data, and cryptocurrency wallet information to send to an attacker. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.predatorthethief
proxyback ProxyBack is a malware family designed to turn infected computers into internet proxy servers, allowing attackers to route malicious traffic through the victim's connection. | Reference: https://unit42.paloaltonetworks.com/proxyback-a-new-proxy-trojan/
pua PUA (Potentially Unwanted Application) in a controller context refers to the backend infrastructure used to distribute adware bundles or manage the configuration of unwanted software. | Reference: https://www.trendmicro.com/vinfo/us/security/definition/potentially-unwanted-application
qakbot Qakbot (Qbot) is a prevalent banking trojan bot family that has evolved into a delivery vehicle for ransomware and other high-impact malware. | Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-239a
quant Quant (or Quant Loader) is a malicious downloader sold on underground forums, designed to distribute other malware families such as ransomware or credential stealers onto a victim's machine. It acts as an initial access broker, maintaining persistence and communicating with a C2 panel. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.quant_loader
raccoonstealer RaccoonStealer is a popular malware-as-a-service bot family specialized in collecting passwords, cookies, and cryptocurrency wallet data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.raccoon
ranbyus Ranbyus is a banking trojan and bot agent known for using Domain Generation Algorithms (DGA) to communicate with its servers and manipulate web traffic. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.ranbyus
redline RedLine is a popular malware-as-a-service information stealer capable of collecting saved credentials, credit card data, and cryptocurrency wallet information from infected hosts. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
rovnix Rovnix is a sophisticated rootkit and bootkit capable of infecting the Volume Boot Record (VBR) to maintain persistence and inject malicious code into the operating system. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.rovnix
smartapp SmartApp refers to a tag of malicious applications or bot family that disguises itself as legitimate software to compromise mobile or desktop devices. | Reference: https://threatpost.com/google-play-malware-smart-apps/159234/
smokeloader SmokeLoader is a modular malware downloader widely used to load other malicious payloads onto systems while employing sophisticated evasion techniques to hide from security tools. | Reference: https://attack.mitre.org/software/S0226/
solar Solar (often associated with SolarMarker or Jupyter) is a malware family known for using SEO poisoning to infect systems, functioning primarily as a backdoor and information stealer. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.solarmarker
stealrat StealRAT is a spam-focused botnet malware that compromises web servers and systems to utilize their resources for sending massive volumes of junk email. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/STEALRAT
suprememiner SupremeMiner is a type of cryptojacking malware that covertly utilizes the processing power of an infected computer to mine cryptocurrencies like Monero. | Reference: https://malware.wikia.org/wiki/SupremeMiner
teslacrypt TeslaCrypt is a notorious ransomware family that targeted gaming-related files and other data for encryption, demanding payment for a decryption key before its master key was eventually released. | Reference: https://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
tinba Tinba (short for Tiny Banker) is an extremely small banking trojan known for its compact file size and ability to perform man-in-the-browser attacks. The bot family targets financial institutions by hooking into browsers to sniff network traffic and steal login credentials. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TINBA
trickbot TrickBot is a modular banking trojan and malware distribution vehicle used by cybercriminals to steal credentials, spread laterally through networks, and deploy ransomware. | Reference: https://attack.mitre.org/software/S0266/
trusteer IBM Trusteer (specifically Trusteer Rapport) is a legitimate endpoint security software designed to protect users from financial malware and phishing attacks, though it is often a tag used in threat intelligence to identify malware specifically coded to bypass or target this software. | Reference: https://www.ibm.com/products/trusteer-rapport
tsunami Tsunami (also known as Kaiten) is a Linux-based backdoor and botnet malware primarily used to launch distributed denial of service (DDoS) attacks and execute remote commands. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/elf.tsunami
umbra Umbra is a bot family that typically functions as a loader, used by threat actors to evade detection and drop additional malicious payloads. | Reference: https://tria.ge/s?q=family%3Aumbra
urlzone URLZone (also known as Bebloh) is a banking trojan that resides on victim machines to manipulate banking transactions and steal financial credentials. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.bebloh
vawtrak The Vawtrak controller infrastructure manages the distribution of configuration files, web injects, and commands to the infected bots to orchestrate financial fraud campaigns. | Reference: https://unit42.paloaltonetworks.com/unit42-vawtrak-v2-new-tricks/
vertexnet VertexNet is an older HTTP-based botnet loader written in .NET, designed to steal credentials and execute arbitrary files on infected systems. It communicates with a centralized command interface to receive instructions and upload stolen data. | Reference: https://www.f-secure.com/v-descs/worm_w32_vertex.shtml
xorddos XorDDoS is a Linux-based bot family that compiles botnets to launch high-bandwidth distributed denial-of-service attacks against targets. | Reference: https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
xswkit Xswkit refers to a specific malware family or exploit toolkit, often associated with Chinese-language cybercrime tools, designed to compromise systems for remote control. | Reference: https://www.virustotal.com/gui/file/be173510526367520e5c9b60589255627255140645607027a4128f1173618451/detection
cdn The CDN tag characterizes IP addresses associated with Content Delivery Networks (CDNs). A Content Delivery Network (CDN) is a system of distributed servers strategically positioned around the world. Its primary purpose is to deliver web content, such as images, videos, scripts, and other static files, to end users in a faster, and more efficient manner. CDNs are sometimes associated with serving content for multiple different customers and can be an indication of possible shared hosting environment. The CDN tag has child tags to represent specific CDN vendors, such as CDN77, AKAMAI, and more.
Sub-Tags (22)
Name Description
akamai Akamai is one of the world's largest content delivery network (CDN) and cloud service providers, responsible for serving a significant percentage of global web traffic. | Reference: https://www.Akamai.com/
alibaba Alibaba Cloud offers a suite of cloud computing services, including a content delivery network, to support the data processing and bandwidth needs of online businesses. | Reference: https://www.alibabacloud.com/
amazon AWS, specifically through its AWS division, provides on-demand cloud computing platforms and APIs, including storage, networking, and content delivery services. | Reference: https://aws.AWS.com/
baishancloud BaishanCloud is a global edge cloud service provider offering content delivery networks (CDN) and cloud security solutions. | Reference: https://www.baishancloud.com
bunny Bunny (Bunny.net) is a performance-focused content delivery network known for its speed and developer-friendly tools for optimizing website content delivery. | Reference: https://Bunny.net/
cachefly Cachefly is a content delivery network service provider that specializes in high-throughput delivery of static rich media content using TCP Anycast routing. | Reference: https://www.Cachefly.com/
cdn-networks CDNetworks is a global content delivery network and cloud security provider with a focus on web performance and media delivery in emerging markets. | Reference: https://www.cdnetworks.com/
cdn77 CDN77 is a content delivery network provider that offers secure and reliable global content delivery solutions for live streaming and video-on-demand services. | Reference: https://www.CDN77.com/
cloudflare Cloudflare provides content delivery network (CDN) services, DDoS mitigation, and internet security features to optimize and protect web properties. | Reference: https://www.Cloudflare.com/
edgecast EdgeCast (now part of Edgio) functions as a content delivery network that accelerates the delivery of digital media and web content globally. | Reference: https://edg.io/
fastly Fastly operates an edge cloud platform and content delivery network designed to help developers build, secure, and deliver digital experiences at the edge of the network. | Reference: https://www.Fastly.com/
huawei Huawei is a global provider of information and communications technology (ICT) infrastructure, manufacturing a wide range of devices including routers, cloud servers, and telecommunications equipment. | Reference: https://www.Huawei.com/en/
keycdn KeyCDN is a high-performance content delivery network that speeds up the delivery of assets such as images, videos, and scripts to users worldwide. | Reference: https://www.KeyCDN.com/
limelight-networks Limelight Networks (rebranded as Edgio) provides content delivery network services specifically optimized for high-quality video delivery and edge computing. | Reference: https://edg.io/
lumen Lumen Technologies offers a content delivery network and edge computing solutions tailored for enterprise application delivery and data processing. | Reference: https://www.Lumen.com/en-us/networking/cdn-edge-compute.html
meta Meta is a major technology conglomerate that owns and operates widely used social media and messaging platforms, including Facebook, Instagram, and WhatsApp. | Reference: https://about.Meta.com
Sub-Tags (2)
Name Description
instagram Instagram is a social media platform owned by Meta that utilizes massive content delivery network infrastructure to serve images and videos to users worldwide. | Reference: https://www.Instagram.com/
messenger Messenger is a proprietary instant messaging app and platform developed by Meta that facilitates text, voice, and video communication between users. | Reference: https://www.Messenger.com
microsoft Microsoft offers extensive cloud computing services via its Azure platform, facilitating application management, storage, and global content delivery. | Reference: https://azure.Microsoft.com/
ovh OVH (OVHcloud) is a global cloud provider that offers dedicated servers, private cloud, and public cloud services to manage and host web infrastructure. | Reference: https://www.ovhcloud.com/
singularcdn SingularCDN offers content delivery solutions aimed at accelerating website performance and ensuring reliable media streaming for global audiences. | Reference: https://SingularCDN.com/
stackpath StackPath is an edge computing platform that provides content delivery networks (CDN), virtual machines, and edge security services. | Reference: https://www.stackpath.com
tiktok TikTok is a short-form video hosting service that utilizes a vast content delivery network to stream user-generated content globally. | Reference: https://www.tiktok.com
wangsu Wangsu Science & Technology is a global infrastructure platform providing Content Delivery Network (CDN) and internet data center (IDC) services. | Reference: https://www.wangsu.com
cloud IP addresses with the CLOUD tag represent cloud computing infrastructure. These represent cloud services such as storage, databases, virtual machines and other functionality. The CLOUD tag has child tags to represent specific cloud providers, such as AMAZON, MICROSOFT, GOOGLE, and more. Other child tags can include specific functionality of the cloud service involved and region information if available.
Sub-Tags (15)
Name Description
alibaba Alibaba Cloud offers a suite of cloud computing services, including a content delivery network, to support the data processing and bandwidth needs of online businesses. | Reference: https://www.alibabacloud.com/
Sub-Tags (1)
Name Description
data-transmission-service The Alibaba Cloud Data Transmission Service (DTS) facilitates data migration, data synchronization, and subscription between different data sources. | Reference: https://www.alibabacloud.com/product/dts
amazon AWS, specifically through its AWS division, provides on-demand cloud computing platforms and APIs, including storage, networking, and content delivery services. | Reference: https://aws.AWS.com/
Sub-Tags (36)
Name Description
af-south Africa South refers to the Amazon Web Services (AWS) geographical region located in Cape Town, South Africa, hosting cloud infrastructure. | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
ap-east Asia Pacific East is the region code for the Amazon Web Services (AWS) infrastructure located in Hong Kong. | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
ap-northeast Asia Pacific Northeast encompasses several Amazon Web Services (AWS) regions located in Asia, specifically in Tokyo, Seoul, and Osaka. | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
ap-south Asia Pacific South designates the Amazon Web Services (AWS) regional infrastructure located in India, including Mumbai and Hyderabad. | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
ap-southeast Asia Pacific Southeast refers to the Amazon Web Services (AWS) regions serving Southeast Asia and Oceania, including locations like Singapore and Sydney. | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
api-gateway Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. | Reference: https://aws.amazon.com/API Gateway/
appflow Amazon Appflow is a fully managed integration service that enables the secure transfer of data between SaaS applications and AWS services. | Reference: https://aws.amazon.com/Appflow/
ca-central CA Central is the region code for Amazon Web Services (AWS) data centers located in Central Canada (Montreal). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
ca-west CA West identifies the Amazon Web Services (AWS) infrastructure region located in Western Canada (Calgary). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
chime Amazon Chime is a communications service that lets users meet, chat, and place business calls inside and outside their organization. | Reference: https://aws.amazon.com/Chime/
cloud9 AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug code with just a browser. | Reference: https://aws.amazon.com/Cloud9/
cloudfront CloudFront is a content delivery network (CDN) service offered by Amazon Web Services that securely delivers data, videos, applications, and APIs to customers globally with low latency. | Reference: https://aws.amazon.com/CloudFront/
cn-north CN North refers to the Amazon Web Services (AWS) region located in Beijing, China, operated by Sinnet. | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
codebuild AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. | Reference: https://aws.amazon.com/CodeBuild/
connect Amazon Connect is an easy-to-use omnichannel cloud contact center that helps companies provide superior customer service at a lower cost. | Reference: https://aws.amazon.com/Connect/
dynamodb Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale for internet-scale applications. | Reference: https://aws.amazon.com/DynamoDB/
ebs Amazon Elastic Block Store (Amazon EBS) provides easy-to-use, high-performance block storage volumes meant for use with Amazon EC2 instances. | Reference: https://aws.amazon.com/EBS/
ec2 Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud to make web-scale cloud computing easier for developers. | Reference: https://aws.amazon.com/EC2/
eu-central The EU Central tag refers to AWS geographic regions located in Central Europe, such as Frankfurt (EU Central-1) and Zurich (EU Central-2). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
eu-north The EU North tag designates the AWS geographic region located in Stockholm, Sweden (EU North-1). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
eu-south The EU South tag identifies AWS geographic regions located in Southern Europe, specifically Milan (EU South-1) and Spain (EU South-2). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
eu-west The EU West tag encompasses AWS geographic regions located in Western Europe, including Ireland (EU West-1), London (EU West-2), and Paris (EU West-3). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
global The Global tag refers to AWS services or infrastructure components that operate across all geographic regions rather than being region-specific, such as IAM or CloudFront. | Reference: https://aws.amazon.com/about-aws/Global-infrastructure/
global-accelerator Global Accelerator is a networking service provided by Amazon Web Services that improves the performance of users' traffic by routing it through the AWS global network infrastructure. | Reference: https://aws.amazon.com/Global Accelerator/
il-central The IL Central tag designates the AWS geographic region located in Tel Aviv, Israel (IL Central-1). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
kinesis Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so users can get timely insights and react quickly to new information. | Reference: https://aws.amazon.com/Kinesis/
me-central The Middle East Central tag refers to the AWS geographic region located in the United Arab Emirates (Middle East Central-1). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
me-south The Middle East South tag identifies the AWS geographic region located in Bahrain (Middle East South-1). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
route53 Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service designed to route end users to internet applications. | Reference: https://aws.amazon.com/Route53/
s3 Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. | Reference: https://aws.amazon.com/S3/
sa-east The South America East tag designates the AWS geographic region located in S√£o Paulo, Brazil (South America East-1). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
us-east The US East tag refers to AWS geographic regions located in the Eastern United States, specifically Northern Virginia (US East-1) and Ohio (US East-2). | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
us-gov-east The US Gov East tag identifies the AWS GovCloud (US-East) region, designed to host sensitive data and regulated workloads for U.S. government customers. | Reference: https://aws.amazon.com/govcloud-us/
us-gov-west The US Gov West tag designates the AWS GovCloud (US-West) region, providing an isolated cloud environment for U.S. government agencies and their partners. | Reference: https://aws.amazon.com/govcloud-us/
us-west US West refers to specific geographic regions (such as Northern California or Oregon) operated by Amazon Web Services for hosting cloud infrastructure and services. | Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
workspaces Amazon WorkSpaces is a fully managed desktop virtualization service that enables users to access a cloud-based Windows or Linux desktop from any supported device. | Reference: https://aws.amazon.com/WorkSpaces/
baidu Baidu is a multinational technology company that provides a comprehensive suite of cloud computing services, AI solutions, and internet-related products. The platform supports developers and enterprises with scalable storage, computing power, and big data processing capabilities. | Reference: https://intl.cloud.Baidu.com/
Sub-Tags (1)
Name Description
baidu-data-transmission-service The Baidu Data Transmission Service (DTS) facilitates data migration, real-time data synchronization, and data subscription between various storage engines within the Baidu Cloud environment. | Reference: https://cloud.baidu.com/product/dts.html
digitalocean DigitalOcean is a cloud infrastructure provider that simplifies cloud computing for developers by offering scalable virtual private servers known as Droplets. It provides a user-friendly platform for deploying, managing, and scaling applications and databases. | Reference: https://www.DigitalOcean.com/
google Google serves as a broad identifier for the suite of internet services, cloud infrastructure, and IoT integration capabilities provided by Google and the Google Cloud Platform. | Reference: https://cloud.Google.com/
huawei Huawei is a global provider of information and communications technology (ICT) infrastructure, manufacturing a wide range of devices including routers, cloud servers, and telecommunications equipment. | Reference: https://www.Huawei.com/en/
ibm IBM is a global technology corporation that offers a robust hybrid cloud platform and AI services through IBM Cloud. This infrastructure supports enterprise-grade computing, storage, and networking solutions for public, private, and hybrid environments. | Reference: https://www.IBM.com/cloud
linode Linode is a cloud hosting provider, now part of Akamai, that specializes in providing high-performance virtual private servers (VPS) running on Linux. It offers infrastructure-as-a-service (IaaS) solutions designed to help developers deploy and scale applications easily. | Reference: https://www.Linode.com/
microsoft Microsoft offers extensive cloud computing services via its Azure platform, facilitating application management, storage, and global content delivery. | Reference: https://azure.Microsoft.com/
Sub-Tags (74)
Name Description
azure Azure is Microsoft's comprehensive cloud computing platform that offers a vast range of services for building, deploying, and managing applications through a global network of data centers. | Reference: https://Azure.microsoft.com/en-us/
azure-action-group An Azure Action Group is a collection of notification preferences defined by the user to trigger specific responses or alerts when a condition is met within Azure Monitor. | Reference: https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups
azure-active-directory Azure Active Directory (now known as Microsoft Entra ID) is a cloud-based identity and access management service that enables employees to sign in and access external resources and internal applications. | Reference: https://learn.microsoft.com/en-us/entra/identity/
azure-active-directory-domain-services Azure Active Directory Domain Services provides managed domain services such as domain join, group policy, and LDAP without the need to deploy and manage domain controllers. | Reference: https://azure.microsoft.com/en-us/products/entra/domain-services
azure-api-management Azure API Management is a hybrid, multi-cloud platform that helps organizations publish, secure, observe, and analyze APIs connecting to backend services. | Reference: https://azure.microsoft.com/en-us/products/api-management
azure-app-configuration Azure App Configuration allows developers to centrally manage application settings and feature flags, effectively separating configuration data from code. | Reference: https://azure.microsoft.com/en-us/products/app-configuration
azure-app-service Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile backends in a fully managed cloud environment. | Reference: https://azure.microsoft.com/en-us/products/app-service
azure-application-insights-availability Azure Application Insights Availability enables developers to set up recurring web tests to monitor the responsiveness and uptime of applications from various locations worldwide. | Reference: https://learn.microsoft.com/en-us/azure/azure-monitor/app/availability-overview
azure-arc-infrastructure Azure Arc Infrastructure extends the Azure control plane to on-premises, edge, and multi-cloud environments, allowing for unified management of non-Azure resources. | Reference: https://azure.microsoft.com/en-us/products/azure-arc
azure-attestation Microsoft Azure Attestation is a unified solution used to remotely verify the trustworthiness of a platform and the integrity of the binaries running inside it. | Reference: https://azure.microsoft.com/en-us/products/Azure Attestation
azure-autonomous-development-platform The Azure Autonomous Development Platform provides cloud-based tools and compute services specifically designed to accelerate the development of Advanced Driver Assistance Systems (ADAS) and autonomous vehicles. | Reference: https://azure.microsoft.com/en-us/solutions/automotive/autonomous-driving
azure-backup Azure Backup is a scalable data protection solution that keeps application data secure by backing up workloads to the Microsoft Cloud. | Reference: https://azure.microsoft.com/en-us/products/backup
azure-batch-node-management Azure Batch Node Management handles the provisioning, monitoring, and scaling of compute nodes required to run large-scale parallel and high-performance computing (HPC) batch jobs. | Reference: https://azure.microsoft.com/en-us/products/batch
azure-bot-service Azure Bot Service provides an integrated development environment for building, testing, deploying, and managing intelligent bots that interact naturally with users. | Reference: https://azure.microsoft.com/en-us/products/bot-services
azure-chaos-studio Azure Chaos Studio is a managed service that helps improve application resilience by allowing organizations to orchestrate controlled fault injection and chaos engineering experiments. | Reference: https://azure.microsoft.com/en-us/products/chaos-studio
azure-cognitive-search Azure Cognitive Search (now known as Azure AI Search) is a cloud search service with built-in artificial intelligence capabilities that developers use to build rich search experiences into web and mobile applications. | Reference: https://learn.microsoft.com/en-us/azure/search/search-what-is-azure-search
azure-cognitive-services-management The Azure Cognitive Services Management tag refers to the administrative interfaces and APIs used to deploy, configure, and monitor AI services within the Azure platform. | Reference: https://learn.microsoft.com/en-us/azure/ai-services/what-are-ai-services
azure-connectors Azure Connectors are proxy wrappers around APIs that allow underlying services, such as Azure Logic Apps and Microsoft Power Automate, to communicate with Microsoft Cloud services and other applications. | Reference: https://learn.microsoft.com/en-us/connectors/connectors
azure-container-registry Azure Container Registry is a managed registry service based on the open-source Docker Registry 2.0, used for storing and managing private container images and related artifacts. | Reference: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-intro
azure-cosmos-db Azure Cosmos DB is a fully managed NoSQL and relational database for modern app development, offering single-digit millisecond response times and automatic scalability. | Reference: https://learn.microsoft.com/en-us/azure/cosmos-db/introduction
azure-data-explorer-management The Azure Data Explorer Management tag encompasses the control plane operations used to configure and maintain Azure Data Explorer clusters for real-time analysis of large volumes of data. | Reference: https://learn.microsoft.com/en-us/azure/data-explorer/data-explorer-overview
azure-data-factory Azure Data Factory is a cloud-based data integration service that allows users to create data-driven workflows for orchestrating and automating data movement and data transformation. | Reference: https://learn.microsoft.com/en-us/azure/data-factory/introduction
azure-databricks Azure Databricks is a unified data analytics platform that integrates with open-source Apache Spark clusters to provide an environment for data engineering, data science, and machine learning. | Reference: https://learn.microsoft.com/en-us/azure/databricks/
azure-dev-ops Azure DevOps provides a suite of development collaboration tools, including pipelines, repositories, and boards, to support the entire software development lifecycle. | Reference: https://learn.microsoft.com/en-us/azure/devops/user-guide/what-is-azure-devops
azure-dev-spaces Azure Dev Spaces was a development tool for Azure Kubernetes Service (AKS) that allowed developers to iteratively run and debug code directly in a Kubernetes cluster. | Reference: https://learn.microsoft.com/en-us/azure/dev-spaces/
azure-digital-twins Azure Digital Twins is a Platform as a Service (PaaS) offering that enables the creation of knowledge graphs based on digital models of entire environments, such as buildings or factories. | Reference: https://learn.microsoft.com/en-us/azure/digital-twins/overview
azure-dynamics365-for-marketing-email Azure Dynamics365 for Marketing Email refers to the backend infrastructure and services utilized by Dynamics 365 to facilitate the sending and management of marketing email campaigns. | Reference: https://learn.microsoft.com/en-us/dynamics365/marketing/prepare-marketing-emails
azure-event-grid Azure Event Grid is a highly scalable, serverless event broker that enables the integration of applications using event-driven architectures. | Reference: https://learn.microsoft.com/en-us/azure/event-grid/overview
azure-event-hub Azure Event Hub is a big data streaming platform and event ingestion service capable of receiving and processing millions of events per second. | Reference: https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-about
azure-file-sync Azure File Sync is a service that allows organizations to centralize their file shares in Azure Files while maintaining the flexibility, performance, and compatibility of an on-premises Windows Server. | Reference: https://learn.microsoft.com/en-us/azure/storage/file-sync/file-sync-introduction
azure-front-door Azure Front Door is a modern cloud content delivery network (CDN) service from Microsoft that provides fast, reliable, and secure access between users and applications' web content. | Reference: https://azure.microsoft.com/en-us/products/frontdoor/
azure-gateway-manager Azure Gateway Manager generally refers to the underlying infrastructure and management APIs responsible for handling various Azure gateway resources, such as VPN Gateways or Application Gateways. | Reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
azure-grafana Azure Grafana is a fully managed service that allows users to run Grafana, a popular open-source analytics and visualization platform, natively within the Azure cloud. | Reference: https://learn.microsoft.com/en-us/azure/managed-grafana/overview
azure-guest-and-hybrid-management Azure Guest and Hybrid Management involves services like Azure Arc that extend Azure management and governance capabilities to infrastructure located on-premises, at the edge, or in other clouds. | Reference: https://learn.microsoft.com/en-us/azure/azure-arc/overview
azure-hdinsight Azure HDInsight is a managed, full-spectrum, open-source analytics service in the cloud for enterprises, supporting frameworks like Hadoop, Apache Spark, and Kafka. | Reference: https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-overview
azure-healthcare-apis Azure Healthcare APIS provides a managed standards-based solution to enable the exchange of health data using protocols like FHIR, DICOM, and IoT connectors. | Reference: https://learn.microsoft.com/en-us/azure/healthcare-apis/healthcare-apis-overview
azure-information-protection Azure Information Protection is a cloud-based solution that enables organizations to discover, classify, and protect documents and emails by applying labels to content. | Reference: https://learn.microsoft.com/en-us/azure/information-protection/what-is-information-protection
azure-iot-hub Azure IoT Hub serves as a central cloud message hub for managed, bi-directional communication between an IoT application and its attached devices. | Reference: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-overview
azure-key-vault Azure Key Vault is a cloud service used to securely store and access secrets, including API keys, passwords, certificates, and cryptographic keys. | Reference: https://learn.microsoft.com/en-us/azure/key-vault/general/basic-concepts
azure-load-testing-instance-management The Azure Load Testing Instance Management functionality involves the backend provisioning and orchestration of compute resources required to run high-scale load tests against applications. | Reference: https://learn.microsoft.com/en-us/azure/load-testing/overview-what-is-azure-load-testing
azure-logic-apps Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate apps, data, services, and systems. | Reference: https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
azure-m365-management-activity-api The Azure M365 Management Activity API provides information about various user, admin, system, and policy actions and events from Microsoft 365 and Microsoft Entra activity logs. | Reference: https://learn.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference
azure-machine-learning Azure Machine Learning is a cloud-based service for accelerating and managing the machine learning project lifecycle, allowing users to build, train, and deploy models. | Reference: https://learn.microsoft.com/en-us/azure/machine-learning/overview-what-is-Azure Machine Learning
azure-microsoft-cloud-app-security Azure Microsoft Cloud App Security, now known as Microsoft Defender for Cloud Apps, is a Cloud Access Security Broker (CASB) that supports traffic log collection, policy enforcement, and threat detection. | Reference: https://learn.microsoft.com/en-us/defender-cloud-apps/what-is-defender-for-cloud-apps
azure-microsoft-fluid-relay Azure Microsoft Fluid Relay is a managed cloud service that supports the Fluid Framework to enable real-time collaboration and state synchronization across clients. | Reference: https://learn.microsoft.com/en-us/azure/azure-fluid-relay/overview
azure-monitor Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from cloud and on-premises environments to maximize application availability and performance. | Reference: https://learn.microsoft.com/en-us/azure/Azure Monitor/overview
azure-one-ds-collector The Azure One DS Collector is a telemetry ingestion endpoint used by Microsoft applications to send diagnostic and usage data to the One Data Set (OneDS) pipeline. | Reference: https://learn.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization
azure-open-datasets Azure Open Datasets are curated public datasets that developers and data scientists can use to add scenario-specific features to machine learning models. | Reference: https://learn.microsoft.com/en-us/azure/open-datasets/overview-what-are-open-datasets
azure-portal The Azure Portal is a web-based, unified console that allows users to build, manage, and monitor everything from simple web apps to complex cloud deployments. | Reference: https://learn.microsoft.com/en-us/azure/Azure Portal/Azure Portal-overview
azure-power-bi Azure Power BI is a collection of software services, apps, and connectors that work together to turn unrelated sources of data into coherent, visually immersive, and interactive insights. | Reference: https://learn.microsoft.com/en-us/power-bi/fundamentals/power-bi-overview
azure-power-platform-infra Azure Power Platform Infra refers to the underlying backend infrastructure and services that support the execution, connectivity, and management of Microsoft Power Platform components. | Reference: https://learn.microsoft.com/en-us/power-platform/admin/admin-documentation
azure-power-platform-plex Azure Power Platform Plex is a backend service component involved in the connectivity and management lifecycle of Microsoft Power Platform environments. | Reference: https://learn.microsoft.com/en-us/power-platform/
azure-power-query-online Azure Power Query Online is a data transformation and data preparation engine that allows users to connect to data sources and reshape data within a web browser environment. | Reference: https://learn.microsoft.com/en-us/power-query/power-query-what-is-power-query
azure-resource-manager Azure Resource Manager is the deployment and management service for Azure, providing a management layer to create, update, and delete resources in an Azure account. | Reference: https://learn.microsoft.com/en-us/azure/Azure Resource Manager/management/overview
azure-sccservice The Azure SCCService generally refers to backend service endpoints supporting the Microsoft Security and Compliance Center functionality for policy and risk management. | Reference: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/security-and-compliance-center
azure-security-center Azure Security Center, now part of Microsoft Defender for Cloud, is a unified infrastructure security management system that strengthens the security posture of data centers. | Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction
azure-security-compliance-center-powershell The Azure Security & Compliance Center PowerShell tag refers to the PowerShell modules and cmdlets used to automate management and data retrieval within the Microsoft Security and Compliance centers. | Reference: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online-powershell
azure-sentinel Azure Sentinel, now known as Microsoft Sentinel, is a scalable, cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. | Reference: https://azure.microsoft.com/en-us/services/microsoft-sentinel/
azure-service-bus Azure Service Bus is a fully managed enterprise message broker that utilizes message queues and publish-subscribe topics to decouple applications and services. | Reference: https://azure.microsoft.com/en-us/services/service-bus/
azure-service-fabric Azure Service Fabric is a distributed systems platform designed to package, deploy, and manage scalable and reliable microservices and containers. | Reference: https://azure.microsoft.com/en-us/services/service-fabric/
azure-signalr The Azure SignalR Service is a fully managed service that enables developers to easily add real-time web functionality to applications using the SignalR library. | Reference: https://azure.microsoft.com/en-us/services/signalr-service/
azure-site-recovery Azure Site Recovery is a disaster recovery as a service (DRaaS) solution that ensures business continuity by keeping applications and workloads running during outages. | Reference: https://azure.microsoft.com/en-us/services/site-recovery/
azure-sphere Azure Sphere is a comprehensive IoT security solution that includes a secured microcontroller unit (MCU), a custom Linux-based operating system, and a cloud-based security service. | Reference: https://azure.microsoft.com/en-us/services/Azure Sphere/
azure-sql Azure SQL refers to a family of managed, secure, and intelligent database products that use the SQL Server engine in the Azure cloud. | Reference: https://azure.microsoft.com/en-us/products/Azure SQL/
azure-stack Azure Stack is a portfolio of products that extend Azure services and capabilities to on-premises environments, enabling a consistent hybrid cloud experience. | Reference: https://azure.microsoft.com/en-us/products/Azure Stack/
azure-storage Azure Storage is a Microsoft cloud platform solution that provides massively scalable, durable, and secure storage for data, applications, and workloads. | Reference: https://azure.microsoft.com/en-us/product-tags/storage/
azure-traffic-manager Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions. | Reference: https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
azure-update-delivery Azure Update Delivery mechanisms, often utilizing Delivery Optimization, manage the efficient distribution of Windows updates and applications across networks to reduce bandwidth usage. | Reference: https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization
azure-video-analyzer-for-media Azure Video Analyzer for Media (formerly Video Indexer) allows users to extract insights such as spoken words, faces, and emotions from audio and video files using AI technologies. | Reference: https://azure.microsoft.com/en-us/services/video-indexer/
azure-web-pub-sub The Azure Web PubSub service enables developers to build real-time web applications using WebSockets and the publish-subscribe pattern for instant content updates. | Reference: https://azure.microsoft.com/en-us/services/web-pubsub/
azure-windows-admin-center Azure Windows Admin Center is a browser-based management toolset that lets you manage your Windows Servers, clusters, and hyper-converged infrastructure within the Azure portal. | Reference: https://learn.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm
azure-windows-virtual-desktop Azure Windows Virtual Desktop, now known as Azure Virtual Desktop, is a desktop and app virtualization service that runs on the cloud to deliver a secure remote work experience. | Reference: https://azure.microsoft.com/en-us/products/virtual-desktop/
microsoft-defender-for-identity Microsoft Defender for Identity is a cloud-based security solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats and compromised identities. | Reference: https://learn.microsoft.com/en-us/defender-for-identity/what-is
xbox-live Xbox Live is Microsoft's online multiplayer gaming and digital media delivery service that connects players across various devices. | Reference: https://www.xbox.com/en-US/live
oracle Oracle is a major technology company that provides the Oracle Cloud infrastructure, offering a wide range of integrated cloud services. These services include computing power, storage, and database management designed to support enterprise workloads and applications. | Reference: https://www.Oracle.com/cloud/
Sub-Tags (3)
Name Description
object-storage In the context of Oracle Cloud Infrastructure, Object Storage is an internet-scale, high-performance storage platform designed for reliable and cost-efficient data durability. | Reference: https://www.oracle.com/cloud/storage/Object Storage/
services-network The Services Network within Oracle Cloud generally refers to the underlying infrastructure, such as the Oracle Services Network, that provides secure access to Oracle services from a Virtual Cloud Network (VCN). | Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htm
virtual-cloud-network The Virtual Cloud Network (VCN) is a customizable, private network within Oracle Cloud Infrastructure that enables users to manage their cloud resources securely. It acts as a virtual version of a traditional data center network, offering control over IP address ranges, subnets, route tables, and gateways. | Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htm
ovh OVH (OVHcloud) is a global cloud provider that offers dedicated servers, private cloud, and public cloud services to manage and host web infrastructure. | Reference: https://www.ovhcloud.com/
rackspace Rackspace Technology is a cloud computing company that provides multi-cloud solutions and managed services for public and private cloud environments. Rackspace helps businesses design, manage, and optimize their cloud infrastructure across various platforms. | Reference: https://www.Rackspace.com/
vocus Vocus is a telecommunications and network services provider operating in Australia and New Zealand that offers cloud and connectivity solutions. Their infrastructure supports enterprise internet, data centers, and unified communications for businesses. | Reference: https://www.Vocus.com.au/
vultr Vultr is a cloud infrastructure provider that offers high-performance SSD cloud servers and a global footprint for deploying applications. It provides a standardized platform for developers to launch virtual instances and storage solutions quickly. | Reference: https://www.Vultr.com/
wicloud.id WiCloud serves as a cloud-based connectivity or hosting platform, typically associated with managed internet services and hotspot management solutions. It allows network administrators to manage user authentication and internet access within specific regional networks. | Reference: https://WiCloud/
controller Indicates a system that is providing command and control (aka C&C, C2) services for a botnet. Like the tag bot, there are numerous types of controllers and new families are added frequently.
Sub-Tags (297)
Name Description
404keylogger 404KeyLogger is a malicious surveillance tool designed to covertly record keystrokes on an infected machine to steal sensitive user information. This malware focuses on harvesting credentials and personal data for the operator. | Reference: https://malwarebazaar.abuse.ch/browse/tag/404KeyLogger/
abstealer ABStealer is a malware family whose controller component is designed to receive and organize sensitive data exfiltrated from victim machines. | Reference: https://bazaar.abuse.ch/browse/tag/ABStealer/
acr-stealer ACR Stealer is a malware family engineered to harvest credentials, financial information, and system details from compromised hosts. It is often distributed through cracked software or phishing and focuses on rapid data exfiltration. | Reference: https://tria.ge/s/family:acrstealer
adwind Adwind (also known as AlienSpy) is a cross-platform Remote Access Trojan (RAT) written in Java that enables attackers to control infected devices remotely. It provides extensive capabilities, including keylogging, webcam recording, and file theft across Windows, Mac, and Linux systems. | Reference: https://attack.mitre.org/software/S0144/
agenttesla AgentTesla is a prominent .NET-based Remote Access Trojan (RAT) and data stealer that is sold as malware-as-a-service. It specializes in stealing credentials from web browsers, email clients, and FTP clients, as well as capturing screenshots and keystrokes. | Reference: https://attack.mitre.org/software/S0331/
ahmyth AhMyth is an open-source Remote Administration Tool (RAT) designed for the Android operating system, providing a graphical interface to control devices remotely. It allows users to access the camera, file manager, and microphone, acting as a controller for the connected mobile device. | Reference: https://github.com/AhMyth/AhMyth-Android-RAT
aldibot AldiBot is a malware strain featuring a control panel that allows operators to execute DDoS attacks and steal sensitive information from infected machines. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.aldibot
amadey Amadey is a botnet and malware loader capable of performing system reconnaissance and downloading additional payloads onto a victim's machine. The Amadey controller panel allows operators to manage infected bots and task them with executing further malicious scripts or binaries. | Reference: https://blogs.blackberry.com/en/2020/01/threat-spotlight-Amadey-bot
amatera-stealer Amatera Stealer is a malicious tool designed to collect and exfiltrate sensitive user information, such as login credentials and browser history. It connects to a remote controller to deliver the stolen data and receive configuration updates. | Reference: https://triage-ops.com/family/amatera/
amos Amos (Atomic macOS Stealer) is a malware strain specifically targeting macOS systems to steal iCloud passwords, browser credits, and cryptocurrency wallets. It functions as a controller agent that packages local data and sends it to a remote command server. | Reference: https://www.malwarebytes.com/blog/news/2023/04/new-stealer-targets-mac-users-via-malvertising
anatsa Anatsa (also known as TeaBot) is an Android banking trojan that utilizes accessibility services to perform overlay attacks and steal login credentials for financial applications. The malware maintains communication with a controller to receive target lists and exfiltrate captured keystrokes. | Reference: https://www.threatfabric.com/blogs/Anatsa-teabot-the-hidden-threat
andromeda Andromeda (also known as Gamarue) is a modular controller family used to create botnets that distribute additional malware payloads and steal user information. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.andromeda
anubis Anubis is a prominent Android banking malware and Remote Access Trojan (RAT) capable of recording audio, capturing screenshots, and stealing SMS messages. It relies on a controller server to receive commands and store the data exfiltrated from the mobile device. | Reference: https://news.sophos.com/en-us/2018/08/07/Anubis-android-banking-malware-goes-global/
aresloader ARESloader is a malware loader designed to facilitate the initial infection of a system and subsequently download and execute secondary payloads. The controller component manages the distribution of these payloads to the infected hosts. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.ARESloader
aresrat AresRAT is a Python-based Remote Access Trojan that allows an operator to execute system commands, manage files, and capture screenshots on a compromised machine. It utilizes a web-based controller interface to manage the bots connected to the network. | Reference: https://github.com/sweetsoftware/Ares
arkeistealer Arkei Stealer is an information stealing malware that focuses on harvesting browser data, cryptocurrency wallets, and taking screenshots of the victim's desktop. It packages this data and transmits it to a remote controller server managed by the attacker. | Reference: https://www.malwarebytes.com/blog/threat-intelligence/2022/05/smoke-loader-drops-arkei-stealer-containing-log4j-exploit
arrowrat ArrowRAT is a remote access trojan that enables unauthorized control over a victim's computer, allowing for file manipulation and command execution. It communicates with a central controller to receive instructions and report the status of the infected machine. | Reference: https://triage-ops.com/family/ArrowRAT/
asyncrat AsyncRAT is an open-source Remote Access Tool (RAT) designed to remotely monitor and control computers through a secure, encrypted connection. It provides operators with capabilities such as screen viewing, keylogging, and payload injection. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.AsyncRAT
asyncrat AsyncRAT is an open-source remote administration tool that allows for encrypted remote monitoring and control, widely adopted by threat actors for malicious campaigns. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat
athenahttp AthenaHTTP is a cross-platform agent for the Mythic Command and Control framework that utilizes HTTP for communication across Windows, Linux, and macOS environments. It functions as a communication channel for operators to execute tasks on compromised endpoints. | Reference: https://github.com/MythicAgents/Athena
atlantida Atlantida is a malicious information stealer designed to extract sensitive data, such as passwords, cookies, and cryptocurrency wallet details, from infected systems. It often utilizes Telegram APIs as part of its command and control infrastructure. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Atlantida
aurotun-stealer Aurotun Stealer is a variant of information-stealing malware designed to siphon credentials and user data via established tunnels. It connects to a controller to offload harvested data from the victim machine. | Reference: https://tria.ge/231102-w7w2cahc47
avemaria Avemaria, also frequently referred to as Warzone RAT, is a remote access trojan that provides attackers with capabilities such as privilege escalation, remote desktop control, and keylogging. It is commercially available and widely used for unauthorized remote administration. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.ave_maria
azorult Azorult is a prevalent information stealer and malware downloader used to harvest browsing history, cookies, ID cards, and cryptocurrency information. It connects to a C2 panel where operators can view stolen logs and issue commands to download further malware. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Azorult
azorult Azorult is a widely used information stealer and downloader capable of harvesting browsing history, cookies, ID cards, and cryptocurrency wallets from infected systems. | Reference: https://any.run/malware-trends/azorult
banload Banload is a family of malware downloaders, prevalent in Brazil, designed specifically to deliver banking trojans onto victim machines to steal financial information. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.banload
bashlite Bashlite, also known as Gafgyt or Qbot, is a malware family that primarily infects Linux-based IoT devices to construct botnets for launching Distributed Denial of Service (DDoS) attacks. | Reference: https://attack.mitre.org/software/S0656/
bazarbackdoor BazaarBackdoor is a stealthy malware implant, often linked to the TrickBot group, designed to provide attackers with persistent access to high-value networks for espionage or ransomware deployment. | Reference: https://attack.mitre.org/software/S0534/
beavertail BeaverTail is a JavaScript-based malware downloader and information stealer often distributed via malicious npm packages or job recruitment lures by North Korean threat actors. | Reference: https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/
berbew Berbew is an older Trojan horse program that acts as a web proxy and password stealer, allowing attackers to route traffic through the infected machine and harvest credentials. | Reference: https://www.broadcom.com/support/security-center/writeup/2004-031715-1845-99
betabot BetaBot (also known as Neurevt) is a botnet controller system that manages infected hosts, allowing operators to steal login credentials and disable antivirus software. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.neurevt
betabot Beta Bot is a sophisticated banking trojan and botnet agent capable of disabling antivirus software, stealing login credentials, and executing distributed denial-of-service attacks. | Reference: https://www.proofpoint.com/us/daily-rules/Beta Bot
bianlian BianLian is a ransomware group and associated malware family that utilizes a custom Go-based backdoor to compromise networks and extort victims through data encryption and theft. | Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
billgates BillGates is a Linux-based malware family, often sharing code with the Elknot family, that connects infected servers into a botnet to perform DDoS attacks. | Reference: https://www.akamai.com/blog/security/BillGates-botnet-update
bitrat BitRAT is a feature-rich remote access trojan sold on cybercrime forums that provides attackers with capabilities for data exfiltration, cryptocurrency mining, and webcam surveillance. | Reference: https://any.run/malware-trends/BitRAT
bitterrat BitterRAT refers to the custom remote access trojan variants deployed by the Bitter APT group to conduct espionage and data theft against government and military targets. | Reference: https://attack.mitre.org/groups/G0073/
blackenergy BlackEnergy is a sophisticated trojan and command and control framework historically used for cyber-espionage and attacks against critical infrastructure sectors. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.blackenergy
blackguard Blackguard is a malware-as-a-service information stealer designed to extract sensitive data such as credentials, crypto wallets, and session cookies from infected systems. | Reference: https://www.zscaler.com/blogs/security-research/Blackguard-stealer-scouting-new-threat-actor
blacknetrat BlackNET RAT is an open-source remote access trojan and botnet that utilizes PHP-based command and control servers to manage infected clients and execute malicious commands. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.blacknet
blackshadesrat Blackshades RAT is a well-known remote access tool that allows attackers to control computers remotely, log keystrokes, and access peripheral devices like webcams. | Reference: https://www.fbi.gov/news/stories/blackshades-malware-globally-disrupted
blister Blister is a malware loader that is often signed with valid code signing certificates to evade detection while delivering payloads such as Cobalt Strike or other RATs. | Reference: https://www.elastic.co/security-labs/Blister-malware-campaign
bluebot BlueBot is a malware family often utilized as a command and control interface to manage botnets for activities such as DDoS attacks. | Reference: https://threatfox.abuse.ch/browse/tag/BlueBot/
bluebot BLUEbot is a malware botnet agent, often found in commodity hacking circles, used to establish command and control over infected systems for task execution or DDoS attacks. | Reference: https://github.com/topics/BLUEbot
bluenoroff BlueNoroff is a financially motivated threat group associated with the Lazarus Group, known for utilizing sophisticated malware to attack banks and cryptocurrency exchanges. | Reference: https://attack.mitre.org/groups/G0087/
blueshell BlueShell is a backdoor malware, often written in Go or Python, that provides attackers with remote shell capabilities and file management features on compromised Linux and Windows systems. | Reference: https://unit42.paloaltonetworks.com/atoms/BlueShell/
bolek Bolek is a polymorphic banking trojan derived from the code of Carberp and Zeus, capable of web injections, screen capture, and intercepting traffic. It employs a sophisticated controller system to manage infected hosts and steal sensitive financial information. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.bolek
bqtlock BQTlock is a strain of ransomware targeting Linux-based systems, specifically known for encrypting files and appending the extension ".bqt" to hold data hostage. | Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-ransomware-targeting-qnap-devices
broomstick Broomstick is a high-speed loader utility used by threat actors, notably associated with APT28, to facilitate the deployment of secondary malware payloads like CHOPSTICK. | Reference: https://www.mandiant.com/resources/blog/apt28-at-the-center-of-the-storm
bumblebee Bumblebee is a sophisticated malware loader associated with initial access brokers, designed to replace older loaders like BazarLoader and deliver payloads such as Cobalt Strike or ransomware. | Reference: https://www.proofpoint.com/us/blog/threat-insight/Bumblebee-is-still-transforming
chalubo Chalubo is a botnet malware family that targets Linux-based systems and IoT devices to perform distributed denial-of-service (DDoS) attacks and brute-force attempts. | Reference: https://unit42.paloaltonetworks.com/new-Chalubo-botnet-targets-poorly-secured-iot-devices/
chaos CHAOS is a multifunctional malware strain written in Go that operates as a ransomware builder, a worm, and a botnet capable of crypto mining and DDoS attacks. | Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/CHAOS-ransomware-variant-sides-with-russia
citadel Citadel is a prominent offshoot of the ZeuS banking trojan, featuring a robust controller infrastructure that allows operators to customize attacks and manage large botnets. It is primarily used to steal financial information and personal identity details through keylogging and form grabbing. | Reference: https://attack.mitre.org/software/S0123/
clearfake ClearFake is a malware distribution campaign utilizing compromised websites to display fake browser update overlays, tricking users into downloading malicious software like stealers. | Reference: https://sekoia.io/en/ClearFake-a-newcomer-to-the-fake-updates-threats-landscape/
cobaltstrike CobaltStrike is a commercial adversary emulation platform used for security assessments, but its "Beacon" payload is heavily abused by threat actors for persistent command and control. | Reference: https://attack.mitre.org/software/S0154/
coinminer Coinminer refers to a broad tag of malware that hijacks a victim's computing resources (CPU or GPU) to mine cryptocurrency for the attacker without the user's consent. | Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware
conficker Conficker is a notorious computer worm that targets Microsoft Windows systems by exploiting vulnerabilities in network services to form a massive botnet. It utilizes a peer-to-peer controller mechanism and domain generation algorithms (DGA) to receive updates and instructions. | Reference: https://attack.mitre.org/software/S0361/
coper An Android banking trojan that targets banking applications, primarily in Europe and South America, to steal credentials, intercept SMS messages, and perform keylogging. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/apk.Coper
copybara An Android banking trojan that utilizes overlay attacks and social engineering to steal user credentials and bypass multi-factor authentication measures. | Reference: https://www.cleafy.com/cleafy-labs/Copybara-a-new-android-trojan-on-the-rise
corebot CoreBot is a modular malware family that originated as an information stealer but was updated to include banking Trojan capabilities and a domain generation algorithm for its controller communication. | Reference: https://securityintelligence.com/corebot-malware-evolves-to-become-banking-trojan/
coresys While often a legitimate filename, in a malware context, Coresys likely refers to a malicious component or bot acting as a system process to mask its presence while communicating with a controller. | Reference: https://www.joesandbox.com/analysis/435132/0/html
craxsrat An Android Remote Access Trojan (RAT) that grants attackers extensive control over infected devices, including screen mirroring, file access, and location tracking. | Reference: https://blog.cyble.com/2023/02/24/CraxsRAT-new-android-rat-targeting-banking-applications/
crimsonrat A custom .NET Remote Access Trojan used primarily by the APT36 (Transparent Tribe) threat group to target diplomatic and military entities in South Asia. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.crimson
cryptbot An information stealer designed to harvest credentials from web browsers, cryptocurrency wallets, and system information from infected Windows machines. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.CryptBot
cybergate A widely available, older Remote Access Trojan (RAT) written in Delphi that provides attackers with capabilities such as keylogging, screen capture, and remote desktop control. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.CyberGate
danabot A modular banking trojan distributed via a Malware-as-a-Service model, capable of stealing credentials, taking screenshots, and acting as a loader for other malware. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.DanaBot
darkcomet A prominent Remote Access Trojan (RAT) originally developed as a security tool but widely adopted by threat actors for its comprehensive remote control capabilities. | Reference: https://attack.mitre.org/software/S0024/
darkcomet DarkComet is a legacy Remote Access Trojan (RAT) that provides a graphical interface for attackers to control systems, capture keystrokes, and access webcams. | Reference: https://attack.mitre.org/software/S0334/
darkgate A sophisticated commodity loader and malware family that supports remote code execution, privilege escalation, and information theft, often sold to other threat actors. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Darkgate
darktrackrat DarktrackRAT, often referred to as DarkTrack, is a remote administration tool used by attackers to monitor victims via webcam, log keystrokes, and steal credentials. | Reference: https://app.any.run/tasks/866d9290-766e-4444-a957-3f33663b6526/
darkvision-rat DarkVision RAT is a remote access tool available for purchase that provides attackers with VNC (Virtual Network Computing) capabilities and diverse system management functions. | Reference: https://twitter.com/malwrhunterteam/status/1231945199580499968
darkwatchman DarkWatchman is a lightweight JavaScript-based remote access trojan and keylogger that utilizes the Windows Registry for fileless persistence and command storage. | Reference: https://www.withsecure.com/en/expertise/blog-posts/DarkWatchman-a-new-evolution-in-fileless-malware
dbatloader-stage1 DBATLoader Stage1 is an initial downloader often written in Delphi, responsible for retrieving and executing subsequent malicious payloads like Remcos RAT or Formbook from cloud storage services. | Reference: https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-payloads-targeting-european-users
dcrat DCRAT (DarkCrystal RAT) is a modular, low-cost remote access trojan that allows attackers to steal data, execute remote commands, and extend functionality through plugins. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.DCRAT
ddosia DDosia is a project and toolset developed by the NoName057(16) group, designed to recruit volunteers and manage bots for conducting Distributed Denial of Service (DDoS) attacks. | Reference: https://blog.sekoia.io/following-noname05716-ddosia-project-s-targets/
diamondfox DiamondFox is a modular botnet toolkit that provides attackers with a variety of plugins for credential theft, distributed denial of service (DDoS) attacks, and keylogging. | Reference: https://research.checkpoint.com/2017/diamondfox-botnet-a-modular-approach/
dirtjumper DirtJumper is a commercial DDoS toolkit and command panel widely sold in underground markets, allowing attackers to orchestrate flood attacks against web targets. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.dirtjumper
disgomoji DISGOMOJI is a Linux-based malware that uses the Discord messaging platform for command and control, interpreting emojis sent by the attacker as operational commands. | Reference: https://www.volexity.com/blog/2024/06/13/DISGOMOJI-malware-used-to-target-government-of-india/
dofoil Dofoil (also known as SmokeLoader) is a malicious downloader that uses a controller infrastructure to install other malware, such as cryptominers or info-stealers, onto victim machines. It uses sophisticated evasion techniques to hide its command and control traffic. | Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2fDofoil
doplugs DOPLUGS is a malware framework, functioning as a downloader and backdoor, that is commonly used by the Mustang Panda group as a variant of the PlugX malware. | Reference: https://www.trendmicro.com/en_us/research/24/a/earth-preta-uses-DOPLUGS-malware-to-target-asia.html
dridex Dridex is a peer-to-peer banking trojan and botnet loader known for stealing financial credentials and facilitating the deployment of other threats like ransomware. | Reference: https://attack.mitre.org/software/S0030/
ducktail Ducktail is an information-stealing malware operation that specifically targets individuals with access to Facebook Business accounts to hijack advertising credits and steal browser cookies. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Ducktail
emmenhtal Emmenhtal (often associated with the "Emmental" operation) is a malware campaign technique that bypasses two-factor authentication by tricking users into installing a malicious Android app alongside a Windows component. | Reference: https://securelist.com/the-Emmenhtal-operation/64328/
emotet Emotet is a modular malware family that started as a banking trojan and evolved into a prolific botnet loader used to distribute other threats like ransomware. | Reference: https://attack.mitre.org/software/S0367/
empiredownloader Empire Downloader is a malicious file downloader often distributed via exploit kits to retrieve and execute secondary malware payloads on compromised systems. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TROJ_EMPIRE.SMA
enfal The Enfal bot family consists of downloader and backdoor malware strains used primarily for long-term espionage and maintaining persistence within high-value networks. | Reference: https://www.mandiant.com/resources/blog/lurid-malware-targets
ermac Ermac is an Android banking trojan that overlays fake login windows on top of legitimate financial apps to steal credentials and intercept two-factor authentication codes. | Reference: https://www.threatfabric.com/blogs/Ermac-another-cerberus-reborn
eye-pyramid Eye Pyramid is a malware strain used in targeted cyber-espionage campaigns to exfiltrate email correspondence and sensitive files from infected computers. | Reference: https://www.trendmicro.com/en_us/research/17/a/Eye Pyramid-behind-ongoing-cyberespionage-operation-italy.html
fabookie Fabookie is an information stealer that specifically targets Facebook session cookies and credentials to facilitate account hijacking and advertising fraud. | Reference: https://www.welivesecurity.com/2023/02/09/facebook-accounts-under-attack-fake-chatgpt/
fakeupdates FakeUpdates (also known as SocGholish) is a JavaScript-based loader that gains initial access by masquerading as a legitimate browser update to trick users into downloading malware. | Reference: https://attack.mitre.org/software/S0552/
fatalrat FatalRat is a remote access trojan that provides attackers with control over a victim's system, including capabilities to capture keystrokes and execute arbitrary commands. | Reference: https://blog.talosintelligence.com/FatalRat/
fickerstealer Ficker Stealer is a Rust-based information stealer offered as a service that collects data from web browsers, FTP clients, and cryptocurrency wallets. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Ficker Stealer
formbook FormBook is a prevalent information stealer sold as Malware-as-a-Service (MaaS) that harvests credentials, captures screenshots, and logs keystrokes from compromised Windows systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.FormBook
gcleaner GCleaner (GarbageCleaner) is a fake system optimization utility that functions as a malware loader to distribute other threats, such as Azorult and BitRAT, onto the victim's machine. | Reference: https://www.zscaler.com/blogs/security-research/GCleaner-story-fake-cleaner
get2 Gt2 is a sophisticated downloader primarily used by the threat group TA505 to profile victim systems and facilitate the installation of secondary malware payloads. | Reference: https://attack.mitre.org/software/S0408/
gh0strat GhostRAT is a well-known remote access trojan (RAT) with open-source code that grants attackers complete control over infected endpoints, including audio and video recording capabilities. | Reference: https://attack.mitre.org/software/S0032/
ghostsocks GhostSocks is a trojan that infects devices to convert them into residential proxies, allowing attackers to route malicious traffic through the victim's connection. | Reference: https://blog.netlab.360.com/GhostSocks-and-chameleon/
glupteba Glupteba is a blockchain-enabled botnet and loader that uses the Bitcoin blockchain for resilient command and control communication while mining cryptocurrency and distributing other malware. | Reference: https://blog.google/threat-analysis-group/disrupting-Glupteba-operation/
goatrat GoatRAT is an Android banking trojan that uses automated transfer systems (ATS) to perform unauthorized financial transactions on the victim's device. | Reference: https://cyble.com/blog/GoatRAT-automated-transfer-system/
gobrat GobRAT is a remote access trojan written in the Go programming language that targets Linux-based routers and servers to enable persistent remote control. | Reference: https://blogs.jpcert.or.jp/en/2023/02/GobRAT.html
godfather Godfather is a mobile banking trojan capable of generating overlay screens on Android devices to steal login credentials and bypass two-factor authentication. | Reference: https://www.group-ib.com/blog/Godfather-trojan/
godzilla In the context of a bot family, the Godzilla webshell acts as the agent on the victim server, executing instructions sent from the attacker's controller to manipulate files and processes. | Reference: https://www.cisa.gov/uscert/ncas/analysis-reports/ar21-259a
golddigger GoldDigger is a banking trojan targeting Android and iOS users, primarily in the APAC region, designed to steal facial recognition biometrics and banking credentials. | Reference: https://www.group-ib.com/blog/GoldDigger-family/
gomorrahstealer Gomorrah Stealer is an information-stealing malware often sold as a service, capable of extracting passwords, cookies, and files from a compromised system. | Reference: https://cyble.com/blog/gomorrah-stealer/
gootloader GootLoader is an initial access framework that leverages search engine optimization (SEO) poisoning to direct victims to compromised sites where they download the malware. | Reference: https://redcanary.com/blog/GootLoader/
gorilla Gorilla is a variant of the Mirai botnet family specifically designed to infect IoT devices and recruit them into a network for launching DDoS attacks. | Reference: https://www.fortinet.com/blog/threat-research/new-mirai-variant-Gorilla
gozi Gozi (also known as Ursnif or ISFB) is a long-standing banking trojan used by cybercriminals to steal financial information and facilitate subsequent malware infections. | Reference: https://attack.mitre.org/software/S0386/
gozi2 Gozi2 refers to the command infrastructure for a sophisticated evolution of the Gozi/Ursnif banking trojan family used for data theft. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi
goznym GozNym is a sophisticated banking trojan created by combining the source code of the Gozi ISFB malware with the Nymaim dropper to steal online banking credentials. It utilizes a controller infrastructure to manage botnets and facilitate financial theft through web injection. | Reference: https://exchange.xforce.ibmcloud.com/collection/GozNym-v20-77292266710bcf3f
grandoreiro Grandoreiro is a banking trojan operating as a Malware-as-a-Service (MaaS) that primarily targets users in Latin America and Europe to steal financial credentials. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Grandoreiro
gremlin In the context of malicious infrastructure, Gremlin refers to a specific Remote Access Trojan (RAT) or malware strain capable of controlling compromised endpoints, though it shares a name with a legitimate chaos engineering platform. | Reference: https://threatfox.abuse.ch/browse/tag/Gremlin/
gumblar Gumblar is a legacy code-injection botnet that compromised legitimate websites to redirect visitors to malicious servers via drive-by downloads. | Reference: https://en.wikipedia.org/wiki/Gumblar
hijackloader HijackLoader is a modular malware loader designed to evade defense mechanisms and deliver various secondary payloads, such as information stealers, to infected systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.HijackLoader
hookbot Hookbot (also known as Hook) is an Android banking malware that functions as a Remote Access Trojan (RAT), enabling operators to interact with the device's user interface remotely. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/apk.hook
http_post When labeled as a bot family, http_post indicates a group of bots that rely on sending data via HTTP POST requests to communicate with their Command and Control servers. This tag describes the behavior of the communication channel rather than a specific unique malware strain. | Reference: https://attack.mitre.org/techniques/T1071/001/
hydra Hydra is a banking trojan predominantly targeting Android devices, designed to steal credentials through overlay attacks and banking fraud mechanisms. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/apk.Hydra
icedid IcedID, also known as BokBot, is a modular banking trojan that has evolved into a loader capable of delivering other malware, including ransomware, to compromised networks. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.IcedID
irata IRATA is an Android malware family used for surveillance and information theft, often disguised as legitimate applications to deceive users. | Reference: https://www.cleafy.com/cleafy-labs/IRATA-a-new-android-trojan-acting-as-ir-government
isfb Isfb is a banking trojan source code, related to Gozi and Ursnif, which is used to inject malicious content into web browsers and steal user data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Isfb
isrstealer ISRStealer is an information-stealing malware kit that utilizes a web-based panel to collect and display credentials harvested from browsers and applications on infected hosts. | Reference: https://www.zscaler.com/blogs/security-research/rise-info-stealers
janelarat JanelaRAT is a remote access trojan targeting financial and cryptocurrency data, largely focusing on victims in Latin America and Portugal. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.JanelaRAT
jedobot Jedobot is a malware strain often associated with the Jedo proxy botnet, which compromises servers to use them for spam or illicit traffic routing. The controller infrastructure is used to monetize the infected hosts by selling access to the proxy network. | Reference: https://heimdalsecurity.com/blog/security-alert-pseudo-darkleech-campaign-leads-jedo-bot-malware/
joker Joker is a persistent family of Android "fleeceware" and spyware that subscribes victims to premium services without their consent and steals SMS messages. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/apk.Joker
kaiji Kaiji is a botnet malware, written in the Go programming language, that targets IoT devices and Linux servers via SSH and Telnet brute-force attacks to conduct DDoS operations. | Reference: https://blog.malwarebytes.com/threat-analysis/2020/05/Kaiji-new-chinese-linux-malware-turning-to-golang/
kaiten Kaiten (often identified as Tsunami) is an IRC-based backdoor and DDoS bot known for its widely available source code, which allows threat actors to easily compile it for various architectures, including IoT devices. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ELF_KAITEN.SM
kasidet Kasidet, frequently referred to as Neutrino Bot, is malware capable of stealing sensitive data, conducting DDoS attacks, and executing commands received from a remote control server. | Reference: https://unit42.paloaltonetworks.com/unit42-analysis-neutrino-bot-Kasidet-malware-family/
katrina This tag denotes the command and control infrastructure used to manage the Katrina botnet and issue instructions to compromised hosts. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.katrina
keitaro Keitaro is a legitimate traffic distribution system (TDS) that is frequently abused by threat actors to redirect victims to malicious content or exploit kits while filtering out security researchers and bots. | Reference: https://blog.malwarebytes.com/threat-intelligence/2019/07/Keitaro-tds-observed-in-malvertising-campaigns/
keybase KeyBase is a keylogger malware agent designed to record keystrokes, capture screenshots, and steal clipboard data from infected systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.keybase
kins Kins is a banking trojan toolkit based on the Zeus source code that utilizes a control panel to manage botnets and execute web injections. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.kins
koi-loader Koi Loader is a malicious downloader designed to retrieve and install additional payloads, such as stealers or ransomware, onto a compromised system while evading detection. | Reference: https://threatmon.io/Koi Loader-analysis/
koi-stealer Koi Stealer is an information-stealing malware strain capable of harvesting sensitive user data, including login credentials and cryptocurrency wallet information. | Reference: https://cyble.com/blog/Koi Stealer-distributed-via-malicious-websites/
konni Konni is a Remote Access Trojan (RAT) historically linked to North Korean threat actors, capable of stealing data, executing arbitrary code, and bypassing User Account Control (UAC). | Reference: https://attack.mitre.org/software/S0356/
korplug Korplug, widely known as PlugX, is a modular Remote Access Trojan (RAT) frequently used by Chinese state-sponsored groups for espionage, data exfiltration, and maintaining persistent access. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/Korplug
kpot Kpot is an information stealing malware designed to extract account credentials, cryptocurrency wallets, and system data for exfiltration to a remote server. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.kpot
kratos Kratos is a malware family (often appearing as a remote access trojan or ransomware) designed to facilitate unauthorized remote control and data extortion. | Reference: https://threatfox.abuse.ch/browse/tag/Kratos/
kronos Kronos is a banking malware family that uses a centralized panel to collect stolen credentials and manage web injection configurations. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.kronos
l3monrat L3monrat is an open-source remote administration tool for Android devices that allows attackers to manage files, view contacts, and track the device's real-time location. | Reference: https://github.com/D3VL/L3MON
laplasclipper LaplasClipper is a cryptocurrency clipper malware that monitors the victim's clipboard for wallet addresses and replaces them with an address controlled by the attacker to hijack transactions. | Reference: https://blog.cyble.com/2022/11/02/the-rise-of-laplas-clipper/
latrodectus Latrodectus is a sophisticated malware loader, believed to be a successor to IcedID, used by initial access brokers to deploy payloads like Cobalt Strike on compromised networks. | Reference: https://www.proofpoint.com/us/blog/threat-insight/Latrodectus-spider-bytes-new-malware-loader
lightspy lightSpy is a sophisticated mobile implant targeting iOS devices, capable of stealing files, recording audio, and tracking location, often delivered via "watering hole" attacks. | Reference: https://securelist.com/ios-exploit-chain-deploys-lightSpy-malware/96407/
limerat LimeRAT is a remote access trojan with ransomware capabilities that can lock screens, encrypt files, and harvest credentials, often utilized by lower-skilled cybercriminals. | Reference: https://www.fortinet.com/blog/threat-research/LimeRAT-malware
locky Locky is a notorious strain of ransomware that encrypts victim files using strong encryption algorithms and demands a ransom payment for the decryption key. | Reference: https://attack.mitre.org/software/S0456/
loda LODA (also known as LodaRAT) is a Remote Access Trojan written in AutoIt that allows attackers to record audio, capture keystrokes, and exfiltrate data from victim machines. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.LODA
lokibot LokiBot is a widely used information stealer designed to harvest credentials from various applications, including web browsers, email clients, and IT administration tools. | Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-266a
lucifer Lucifer is a hybrid DDoS botnet and cryptojacking malware that targets Windows systems by exploiting vulnerabilities to spread laterally and mine cryptocurrency. | Reference: https://unit42.paloaltonetworks.com/Lucifer-new-cryptojacking-and-ddos-hybrid-malware/
lumma Lumma (or LummaC2) is a sophisticated malware-as-a-service information stealer that aggressively targets cryptocurrency wallets and two-factor authentication extensions. | Reference: https://www.outpost24.com/blog/lummac2-stealer-analyzing-the-latest-version
madness Madness is a controller family associated with commodity malware kits that provide ransomware and password-stealing capabilities to attackers. | Reference: https://www.pcrisk.com/removal-guides/16281-madness-ransomware
marcher Marcher is a mobile banking trojan targeting Android devices that uses overlay attacks to harvest login credentials for banking apps and credit card details. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/apk.marcher
mars Mars refers to the malware family Mars Stealer, which is an updated derivative of the Oski stealer designed to grab data from browsers and crypto plugins. | Reference: https://3xp0rt.com/posts/Mars-stealer
marsstealer Mars Stealer is a specialized information stealing malware that collects grabber files, browser credentials, and crypto wallet information to send back to a C2 server. | Reference: https://blog.morphisec.com/mars-stealer-redline-stealer
masslogger MASSLOGGER is a .NET-based spyware and keylogger capable of stealing credentials from multiple applications, including Outlook, Chrome, and Discord. | Reference: https://blog.talosintelligence.com/MASSLOGGER-new-campaign/
matanbuchus Matanbuchus is a malware-as-a-service loader used by threat actors to download and execute secondary malicious payloads, such as Cobalt Strike, on a victim's network. | Reference: https://unit42.paloaltonetworks.com/Matanbuchus-malware-as-a-service/
matsnu Matsnu is a Trojan and botnet family known for using a distinct Domain Generation Algorithm (DGA) to establish contact with its command and control infrastructure for spam distribution. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.matsnu
medusa Medusa is a name associated with multiple malware families, most notably a Mirai-based botnet used for DDoS attacks and a ransomware-as-a-service operation. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.medusa_locker
meduza-stealer Meduza Stealer is a Windows-based information stealer that emphasizes operational security and evading detection by antivirus solutions while harvesting user data. | Reference: https://www.uptycs.com/blog/Meduza Stealer-new-stealer-on-the-rise
metastealer MetaStealer is an information stealer designed to compete with RedLine Stealer, capable of extracting stored passwords, cookies, and cryptocurrency wallet data. | Reference: https://www.sentinelone.com/labs/MetaStealer-filling-the-void-left-by-racoon-stealer-identifying-new-variants/
minerpanel MinerPanel is a command and control interface specifically designed to manage networks of infected devices dedicated to illicit cryptocurrency mining. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.minerpanel
mintsloader MintsLoader is a loader malware specifically designed to deploy the MintStealer payload onto a target system while attempting to evade detection. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.MintsLoader
mintstealer MintStealer is an information stealing malware designed to identify and exfiltrate sensitive user data and credentials from infected Windows machines. | Reference: https://tria.ge/s/family:MintStealer
mirai Mirai is a prominent botnet malware that infects Linux-based IoT devices, turning them into remotely controlled bots for large-scale network attacks. | Reference: https://www.cloudflare.com/learning/ddos/glossary/Mirai-botnet/
mispadu Mispadu is a banking Trojan family targeting Latin America that utilizes overlay attacks to steal credentials and captures screenshots of infected systems. | Reference: https://www.welivesecurity.com/2019/11/19/Mispadu-banking-trojan-haunting-latin-america/
moobot MooBot is a Mirai-based botnet variant that targets unpatched IoT devices and routers to aggregate them into a network for conducting Distributed Denial of Service (DDoS) attacks. | Reference: https://unit42.paloaltonetworks.com/MooBot-mirai-variant/
mozi Mozi is a peer-to-peer (P2P) botnet that infects IoT devices via weak Telnet passwords and known exploits to execute DDoS attacks and data exfiltration. | Reference: https://blog.lumen.com/Mozi-new-p2p-botnet-takes-over-netgear-d-link-and-huawei-routers/
mysticstealer MysticStealer is a sophisticated information-stealing malware sold as a service that targets web browser data, cryptocurrency wallets, and steam credentials. | Reference: https://www.zscaler.com/blogs/security-research/mystic-stealer-new-malware-service-launching-cyberattacks
n-w0rm N-W0RM is a modular malware family, often functioning as a Remote Access Trojan (RAT) or botnet agent, capable of executing commands and stealing information from infected hosts. | Reference: https://bazaar.abuse.ch/browse/tag/N-W0RM/
nanocore NanoCore is a widely used Remote Access Trojan (RAT) featuring a modular plugin architecture that allows operators to surveil victims, control the mouse, and steal files. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.NanoCore
neptune Neptune is a malware family often functioning as a backdoor or exploit kit that allows attackers to execute commands and download further payloads onto a compromised host. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Neptune
netsupportmanagerrat NetSupportManagerRAT refers to the malicious abuse of the legitimate NetSupport Manager remote administration tool to maintain unauthorized access and control over victim environments. | Reference: https://www.sentinelone.com/labs/common-tools-techniques-series-chapter-2-netsupport-manager/
netwirerc NetWireRC is the remote controller component of the NetWire RAT, a cross-platform malware known for its ability to log keystrokes and steal payment card information. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.netwire
neverquest Neverquest (also known as Vawtrak) is a highly sophisticated banking Trojan designed to steal login credentials and facilitate fraudulent transactions through complex web injection mechanisms. | Reference: https://www.justice.gov/opa/pr/russian-national-sentenced-operating-neverquest-malware-targeted-thousands-victims
ngioweb Ngioweb is a proxy botnet malware designed to turn infected devices into residential proxies that relay malicious traffic for threat actors. | Reference: https://research.checkpoint.com/2019/pink-parsons-the-exploits-of-a-malware-architect/
nitol Nitol is a botnet family often spread through removable drives that connects to a command and control server to initiate Distributed Denial of Service (DDoS) attacks. | Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Nitol
njrat njRAT is a highly prevalent .NET-based Remote Access Trojan (RAT) that enables attackers to control files, log keystrokes, and access the webcam of infected machines. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.njRAT
njrat njRAT (also known as Bladabindi) is a widely available Remote Access Trojan (RAT) that enables attackers to control infected machines, log keystrokes, and capture screenshots. | Reference: https://attack.mitre.org/software/S0385/
northstar NorthStar is a Command and Control (C2) framework often used in red teaming operations to manage implants and facilitate communication with compromised systems. | Reference: https://github.com/f11snipe/NorthStar
nymaim Nymaim is a malware downloader and dropper that initially delivered ransomware but evolved to distribute banking trojans and other malicious modules. | Reference: https://attack.mitre.org/software/S0393/
octo Octo is a sophisticated Android banking Trojan that provides attackers with remote access capabilities, including screen streaming and on-device fraud execution. | Reference: https://www.threatfabric.com/blogs/Octo-android-banking-trojan-new-campaigns
octopus Octopus is an open-source Command and Control (C2) server designed to execute and manage PowerShell agents on compromised endpoints during security assessments. | Reference: https://github.com/mhaskar/Octopus
optima Optima is a malicious toolkit and control panel, often associated with the Blackhole exploit kit, used by attackers to manage DDoS botnets and payload distribution. | Reference: https://krebsonsecurity.com/2012/03/the-optima-ddos-botnet/
orcusrat OrcusRAT is a Remote Access Trojan (RAT) capable of providing attackers with extensive administrative control over a victim's machine, including plugin support for custom malicious features. | Reference: https://unit42.paloaltonetworks.com/unit42-orcus-rat-falsely-labeled-remote-administration-tool/
osint The osint (Open Source Intelligence) tag is applied where the only source of the tagged information was found through open source reporting.
oskistealer OskiStelaer is an information-stealing malware strain capable of harvesting credentials, cryptocurrency wallet data, and browser history from infected systems. | Reference: https://www.sentinelone.com/blog/oski-stealer-malware-analysis/
panda-stealer Panda Stealer is a malware variant derived from Collector Stealer that focuses on exfiltrating cryptocurrency wallet data and application credentials from compromised devices. | Reference: https://www.trendmicro.com/en_us/research/21/e/Panda Stealer-new-info-stealer-targets-cryptocurrency-wallets.html
pandabanker PandaBanker is a controller family based on the Zeus banking trojan, used to manage campaigns focused on financial fraud and credential theft. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.panda_banker
pandora Pandora is a malware family, often identified as a mobile Trojan or ransomware, designed to compromise system integrity to facilitate unauthorized control or data extortion. | Reference: https://www.cleafy.com/cleafy-labs/Pandora-a-new-android-trojan-compromising-users-via-smishing
phemedrone-stealer Phemedrone Stealer is an open-source information stealing malware written in C# that targets sensitive data stored in web browsers, cryptocurrency wallets, and messaging applications. | Reference: https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-Phemedrone Stealer-payload.html
phonk Phonk is a malware strain, often utilized as a stealer or loader, that threat actors use to harvest sensitive user data and credentials from victim systems. | Reference: https://bazaar.abuse.ch/browse/tag/Phonk/
phorpiex Phorpiex is a prominent botnet known for distributing sextortion spam, ransomware, and cryptocurrency mining payloads through a large network of infected hosts. | Reference: https://research.checkpoint.com/2019/Phorpiex-trij/
pikabot PikaBot is a modular malware loader and backdoor used by threat actors to facilitate initial access and distribute secondary payloads like ransomware. | Reference: https://www.zscaler.com/blogs/security-research/technical-analysis-PikaBot
pincher As a bot family, Pincher refers to the specific agents deployed on victim machines that execute the LdPinch code to harvest credentials. These bots collect data locally and transmit it back to the operator, often clearing tracks after execution. | Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2005-062816-1153-99
pink Pink is a large-scale P2P botnet primarily targeting IoT devices to facilitate distributed denial-of-service (DDoS) attacks and network intrusion. | Reference: https://blog.netlab.360.com/Pink-botnet-english/
plugx PlugX is a modular remote access trojan (RAT) widely utilized by Chinese state-sponsored actors to execute commands, transfer files, and maintain persistence on victim networks. | Reference: https://attack.mitre.org/software/S0013/
poisonivyrat PoisonIvyRAT is a well-known remote access trojan that provides a graphical user interface for attackers to control infected machines and steal sensitive data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy
pony Pony is a prolific information stealer and malware downloader primarily designed to harvest credentials from hundreds of applications and join the host to a botnet. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Pony
ponyloader PonyLoader is a malware family that functions as both an information stealer and a downloader, utilizing a web panel to manage vast quantities of stolen user credentials. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.pony
poseidon Poseidon is the agent side of the malware family, functioning as a backdoor capable of harvesting system information and executing commands from a remote server. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/osx.poseidon
poseidon-findstr Poseidon (often identified by specific string patterns like findstr) is a malware framework used for command and control, commonly associated with targeted attacks and data exfiltration. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.poseidon
poseidon-stealer Poseidon Stealer is a malware family designed to exfiltrate credentials, cryptocurrency wallets, and system information from compromised hosts to a remote command and control server. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/mac.poseidon
predatorthethief Predator the Thief is an information stealing malware sold on underground forums that collects passwords, browser data, and cryptocurrency wallets to send back to the operator. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.predator_the_thief
privateloader Private Loader is a malicious downloader family used as a pay-per-install service to distribute various payloads, such as stealers and ransomware, onto victim machines. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Private Loader
prometei Prometei is a multi-modular botnet that utilizes various exploits to spread laterally and deploy cryptocurrency miners on infected systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Prometei
proxyback ProxyBack is a malware family that turns an infected computer into an internet proxy server, allowing attackers to route traffic through the victim's connection. The controller manages these proxies to facilitate anonymity for other malicious activities. | Reference: https://unit42.paloaltonetworks.com/proxyback-a-new-proxy-trojan/
pua PUA (Potentially Unwanted Application) in a controller context refers to the backend infrastructure used to distribute adware bundles or manage the configuration of unwanted software. | Reference: https://www.trendmicro.com/vinfo/us/security/definition/potentially-unwanted-application
pupy Pupy is an open-source, cross-platform remote administration tool (RAT) and post-exploitation framework written in Python, featuring an in-memory execution engine. | Reference: https://github.com/n1nj4sec/Pupy
purecrypter PureCrypter is a malware crypter sold as a service that obfuscates malicious payloads to evade antivirus detection and deliver various RATs and stealers. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.PureCrypter
purelogs-stealer PureLogs Stealer is a malware strain designed to extract sensitive data such as browser cookies, passwords, and cryptocurrency wallet files from infected systems. | Reference: https://tria.ge/s?q=family%3Apurelogs
purerat PureRAT is a remote access trojan, often associated with the PureCoder suite, that provides attackers with capabilities to control desktops, manage files, and execute commands. | Reference: https://any.run/malware-trends/PureRAT
qakbot Qakbot (also known as Qbot) is a modular banking trojan that evolved into a malware dropper widely used to deliver ransomware and other malicious payloads. | Reference: https://attack.mitre.org/software/S0650/
quant Quant (specifically Quant Loader) is a commercial malware downloader sold in underground forums, designed to distribute various malicious payloads based on geographic and system criteria. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.quant_loader
quasar QuasarRAT (or QuasarRAT) is an open-source remote administration tool written in C# that is often repurposed by threat actors for espionage and network control. | Reference: https://github.com/QuasarRAT/QuasarRAT
quasar Quasar (or QuasarRAT) is an open-source, C#-based remote administration tool that is legitimate for administration but frequently repurposed by adversaries for network exploitation and surveillance. | Reference: https://attack.mitre.org/software/S0262/
raccoonstealer RaccoonStealer is a popular malware-as-a-service information stealer capable of collecting credentials, cookies, and autofill data from a wide range of applications. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.raccoon
ramnit Ramnit is a worm and banking trojan that spreads by infecting executable files and removable drives to steal banking credentials and sensitive information. | Reference: https://attack.mitre.org/software/S0435/
ranbyus Ranbyus is a banking trojan and botnet controller designed to intercept network traffic and inject malicious code into web sessions to steal financial data. | Reference: https://www.broadcom.com/support/security-center/writeup/2012-071110-3814-99
ransomhub RansomHub is a Ransomware-as-a-Service (RaaS) operation that provides affiliates with encryption tools and a platform to extort victims for financial gain. | Reference: https://www.symantec.com/blogs/threat-intelligence/RansomHub-ransomware-raas
rat A Remote Access Trojan (RAT) (Remote Access Trojan) is a general classification for malware that allows an attacker to covertly control a computer and execute commands from a remote location. | Reference: https://www.malwarebytes.com/Remote Access Trojan (RAT)
recordbreaker RecordBreaker is an information stealer, widely identified as the revamped version of Raccoon Stealer (v2), designed to exfiltrate credentials and cryptocurrency data. | Reference: https://blog.sekoia.io/raccoon-stealer-v2-part-2-deep-dive-into-the-code/
redline Redline Stealer is a malware-as-a-service strain that harvests saved credentials, credit card information, and autocomplete data from web browsers and other applications. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
rekoobe Rekoobe is a Linux-based Trojan that acts as a backdoor, allowing attackers to execute shell commands and maintain persistent control over compromised servers. | Reference: https://blog.intezer.com/research/linux/Rekoobe-linux-trojan-still-active/
remcosprorat RemcosProRAT is a commercial Remote Access Trojan (RAT) often utilized by threat actors to gain full control over infected systems, enabling surveillance, file management, and command execution. | Reference: https://attack.mitre.org/software/S0332/
remcosrat RemcosRAT is a commercial remote administration tool that is frequently abused by threat actors to gain unauthorized control over victim endpoints and capture keystrokes. | Reference: https://www.fortinet.com/blog/threat-research/remcos-rat-new-variant-analysis
resolverrat ResolverRAT is a malicious remote access tool typically associated with targeted attacks, designed to execute commands and maintain persistence on compromised hosts. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.resolver
responder Responder is an LLMNR, NBT-NS, and MDNS poisoner tool used to capture credentials and hashes by impersonating services on a local network. | Reference: https://github.com/lgandx/Responder
revengerat RevengeRAT is a publicly available, open-source remote access trojan coded in C# that enables attackers to manage infected systems and deploy plugins. | Reference: https://cofense.com/knowledge-center/malware-analysis-center/RevengeRAT/
rhadamanthys Rhadamanthys is a sophisticated information stealer written in C++ that targets user credentials, crypto wallets, and browser information, often distributed via malvertising. | Reference: https://research.checkpoint.com/2023/Rhadamanthys-a-new-stealer-is-out-in-the-wild/
rhysida Rhysida is a ransomware-as-a-service operation that encrypts victim files and threatens to leak stolen data to pressure organizations into paying a ransom. | Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a
risepro RisePro is an information stealer often distributed by pay-per-install services that extracts sensitive data, including credit cards and passwords, from infected systems. | Reference: https://flashpoint.io/blog/RisePro-stealer-and-pay-per-install-malware-market/
rms Remote Manipulator System (RMS) (Remote Manipulator System) is legitimate remote desktop software that is frequently repackaged by cybercriminals to maintain persistent, unauthorized access to victim machines. | Reference: https://www.malwarebytes.com/blog/news/2018/12/remote-manipulator-system-legitimate-software-used-maliciously
rovnix Rovnix is a sophisticated bootkit and banking trojan that infects the Volume Boot Record (VBR) to maintain high-level persistence and facilitate data theft. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.rovnix
salatstealer SalatStealer is a malicious information stealer designed to harvest sensitive user data, such as login credentials and browser history, for exfiltration. | Reference: https://tria.ge/230113-k16yxsge5x/behavioral1
satacom Satacom is a malware family known for injecting malicious extensions into web browsers to steal cryptocurrency and manipulate user web traffic. | Reference: https://securelist.com/Satacom-downloader-with-browser-extension-delivery/109932/
sectoprat SectopRAT is a secondary Remote Access Trojan (RAT) tailored for specific operations, often associated with the Confucius APT group to maintain access to compromised systems. It enables attackers to execute commands and manipulate files on the victim's machine. | Reference: https://www.zscaler.com/blogs/security-research/confucius-APT-android-spyware
shadowpad ShadowPad is a modular backdoor widely utilized by various Chinese espionage groups, offering a flexible plugin architecture for diverse operational needs. It serves as a primary persistence mechanism and command platform within compromised networks. | Reference: https://www.mandiant.com/resources/blog/ShadowPad-malware-analysis
sharkbot SharkBot is a sophisticated Android banking trojan designed to steal credentials and initiate fraudulent money transfers on infected mobile devices. It utilizes accessibility services to bypass multi-factor authentication and control the user interface. | Reference: https://www.cleafy.com/cleafy-labs/SharkBot-a-new-generation-of-android-trojan
sidewinder Sidewinder refers to the custom malware arsenal and tooling used by the Sidewinder APT group (also known as Rattlesnake) for cyberespionage. These tools are often deployed via malicious documents to establish a foothold in target environments. | Reference: https://www.trendmicro.com/en_us/research/20/f/Sidewinder-apt-uses-new-malware-arsenal.html
silence Silence describes the primary malware framework used by the Silence APT group, designed specifically for attacking financial institutions. This modular set of tools allows operators to conduct reconnaissance, monitor activities, and execute commands within banking networks. | Reference: https://www.group-ib.com/resources/research-hub/Silence-2-0-going-global/
smartapp SmartApp typically refers to a family of web shells or malicious control panels used by attackers to maintain access and issue commands to compromised web servers. | Reference: https://threatfox.abuse.ch/browse/tag/SmartApp/
smartloader SmartLoader is a malware component designed to facilitate the distribution and execution of various payloads, including ransomware and information stealers. It acts as an intermediary stage to bypass security controls before launching the main threat. | Reference: https://tria.ge/230623-t4mzasfg75
smokedham SMOKEDHAM is a .NET-based backdoor that allows threat actors to execute arbitrary PowerShell commands and capture screenshots from compromised hosts. It is often distributed via phishing campaigns involving malicious documents. | Reference: https://blog.talosintelligence.com/smoked-ham-backdoor/
smokeloader SmokeLoader is a well-known modular malware downloader that is sold on underground forums and used to install a variety of other malicious software. It employs complex anti-analysis techniques to evade detection while retrieving payloads from its command and control servers. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.SmokeLoader
socks5-systemz Socks5 Systemz is a botnet that converts infected devices into residential SOCKS5 proxies, which are then sold for illicit traffic relaying. This infrastructure allows threat actors to mask their traffic by routing it through compromised consumer devices. | Reference: https://www.bleepingcomputer.com/news/security/socks5systemz-proxy-botnet-infects-10-000-systems-worldwide/
solar Often associated with the SolarMarker (or Jupyter) malware, Solar is a .NET-based backdoor and information stealer that utilizes SEO poisoning for distribution to establish control over victim machines. | Reference: https://www.crowdstrike.com/blog/solarmarker-backdoor-technical-analysis/
solarmarker SolarMarker, also known as Jupyter, is a .NET-based backdoor and infostealer heavily distributed through SEO poisoning techniques. It provides attackers with persistent command and control capabilities and is capable of executing additional payloads. | Reference: https://www.crowdstrike.com/blog/SolarMarker-backdoor-technical-analysis/
sparkrat SparkRAT is an open-source, cross-platform remote administration tool written in Go that is frequently adopted by threat actors for command and control. It offers a web-based interface to manage infected systems across Windows, Linux, and macOS. | Reference: https://www.sentinelone.com/blog/dragonspark-attacks-evade-detection-with-SparkRAT-and-golang-source-code-interpretation/
spybanker SpyBanker is a family of banking trojans designed to monitor user activity and steal online banking credentials. It often employs overlay techniques or browser redirection to capture sensitive financial information. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/SpyBanker
spyder Spyder is a modular backdoor often associated with the APT41 threat group, capable of collecting system information and executing secondary payloads. It serves as a versatile tool for maintaining presence and expanding control within a compromised network. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Spyder
spynote SpyNote is a feature-rich Android Remote Access Trojan (RAT) that allows attackers to track location, record audio, and exfiltrate data from infected mobile devices. | Reference: https://www.threatfabric.com/blogs/SpyNote-rat-targeting-financial-institutions
squidloader SquidLoader is a malicious loader identified in campaigns aimed at delivering Cobalt Strike beacons while employing obfuscation techniques to avoid detection. | Reference: https://oalabs.openanalysis.net/
stealc Stealc is a customizable information-stealing malware sold as a service, designed to extract sensitive data such as browser cookies and cryptocurrency wallet information. | Reference: https://blog.sekoia.io/Stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-momentum/
stealrat StealRAT is a malware family used to compromise compromised web servers, turning them into a botnet primarily utilized for distributing spam emails. | Reference: https://www.abuse.ch/blog/StealRAT-analysis/
strelastealer StrelaStealer is a specialized information-stealing malware designed to specifically target and exfiltrate email login credentials from Outlook and Thunderbird clients. | Reference: https://unit42.paloaltonetworks.com/StrelaStealer-campaigns/
strrat StrRAT is a Java-based Remote Access Trojan (RAT) known for its ability to steal credentials and its "crimeware" module that renames files to simulate a ransomware attack. | Reference: https://www.microsoft.com/en-us/security/blog/2021/05/20/new-sophisticated-email-based-attack-deploys-StrRAT-and-ratty/
supershell SuperShell is a multi-platform Command and Control (C2) framework and reverse shell tool used to manage remote connections and execute commands on targeted servers. | Reference: https://github.com/tdragon6/SuperShell
suprememiner Suprememiner is a cryptojacking malware family that hijacks the processing power of infected computers to mine cryptocurrency, such as Monero, without the user's knowledge. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.suprememiner
systembc SystemBC is a proxy malware and backdoor often utilized by ransomware groups to conceal Command and Control traffic and facilitate persistent access. | Reference: https://news.sophos.com/en-us/2020/12/16/SystemBC-a-christmas-gift-for-ransomware-actors/
t34loader T34loader refers to the loading mechanisms and webshells associated with the OilRig (APT34) group, used to maintain access and execute code on compromised networks. | Reference: https://unit42.paloaltonetworks.com/oilrig-targets-government/
teslacrypt TeslaCrypt is a now-defunct ransomware family that utilized a command and control infrastructure to manage encryption keys and demand payments from victims, specifically targeting gaming-related files. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.teslacrypt
tinba Tinba (Tiny Banker) is a controller family for a banking trojan known for its small file size and ability to perform web injections to steal financial data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.tinba
tinyloader TinyLoader is a lightweight malware loader designed to have a small footprint, allowing it to download and execute secondary payloads while evading antivirus detection. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.tiny_loader
tofsee TofSee is a modular botnet primarily used for sending spam emails, mining cryptocurrency, and conducting click fraud campaigns. It employs a resilient command and control infrastructure to update its modules and receive tasks. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.TofSee
trickbot TrickBot is a sophisticated and modular banking trojan that evolved into a multi-purpose malware platform capable of delivering ransomware and other malicious payloads. It utilizes a complex command and control network to manage infected bots and spread laterally across networks. | Reference: https://attack.mitre.org/software/S0266/
trickmo TrickMo is an Android banking trojan designed to intercept SMS messages, specifically to bypass two-factor authentication (2FA) and steal transaction authentication numbers (TANs). It is often associated with the TrickBot gang and focuses on mobile financial fraud. | Reference: https://www.cert-bund.de/advisoryshort/CB-K20-0227
trusteer IBM Trusteer (specifically Trusteer Rapport) is a legitimate endpoint security software suite designed to protect organizations against financial fraud and malware. While it appears in threat data, it is typically listed as a target that malware attempts to bypass, rather than acting as a malicious controller itself. | Reference: https://www.ibm.com/products/trusteer
tsunami Tsunami (also known as Kaiten) is a Linux-based backdoor and DDoS bot that communicates via Internet Relay Chat (IRC) channels. It allows controllers to issue commands for various flood attacks and execute arbitrary shell commands on the infected host. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/elf.Tsunami
uadmin Uadmin refers to a centralized administration panel, often associated with phishing kits, used by attackers to manage campaigns and view stolen credentials in real-time. This web-based interface acts as the controller for collecting data harvested from victims. | Reference: https://urlscan.io/search/#filename:%22uadmin%22
umbra Umbra (often known as Umbra Loader) is a malware family designed to facilitate the downloading of additional payloads and the theft of sensitive user data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.umbra
unam Unam Web Panel (often associated with the Unam Web Panel Web Panel or Keylogger) is a software tool used to monitor and control infected machines, typically harvesting keystrokes and system information. The panel provides a dashboard for attackers to view logs and manage the botnet. | Reference: https://vimeo.com/49527878
urlzone URLZone is a sophisticated banking Trojan and management panel capable of manipulating transactions, stealing credentials, and calculating the value of victims to prioritize theft. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.urlzone
valleyrat ValleyRAT is a Remote Access Trojan (RAT) that has been observed targeting Chinese-speaking users, capable of loading plugins to execute various malicious tasks. It communicates with a C2 server to receive instructions for file manipulation and process execution. | Reference: https://www.fortinet.com/blog/threat-research/ValleyRAT-campaign-targeting-chinese-speakers
vawtrak The Vawtrak controller infrastructure manages the distribution of configuration files, web injects, and commands to the infected bots to orchestrate financial fraud campaigns. | Reference: https://unit42.paloaltonetworks.com/unit42-vawtrak-v2-new-tricks/
vbrevshell VBREVShell is a reverse shell script, typically written in VBScript, that establishes a connection from a compromised host back to an attacker's controller. This tool allows for the remote execution of command-line instructions on Windows systems. | Reference: https://github.com/t3rry0/VBREVShell
venomrat VenomRAT is a remote access trojan based on the QuasarRAT source code, featuring capabilities such as keylogging, password recovery, and remote desktop surveillance. It allows operators to maintain persistent control over infected systems through a graphical controller interface. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.VenomRAT
vertexnet VertexNet is a .NET-based HTTP botnet loader and information stealer that communicates with a centralized panel to execute DDoS attacks or download additional malware. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.vertexnet
vidar Vidar is an information-stealing malware capable of harvesting browser history, cryptocurrency wallets, and saved credentials from infected machines. It functions by retrieving configuration settings from a command and control server (or social media profiles) before exfiltrating data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Vidar
viperrat ViperRAT is a sophisticated mobile espionage tool targeting Android devices, known for its use in campaigns against the Israeli Defense Forces. It includes extensive surveillance features such as microphone recording, camera capture, and location tracking controlled via C2. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/apk.ViperRAT
vjw0rm Vjw0rm is a VBScript-based worm and Remote Access Trojan (RAT) that spreads via removable USB drives and communicates with a C2 server. It is capable of executing arbitrary code, updating itself, and stealing clipboard data. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.Vjw0rm
vo1d vo1d is a backdoor malware specifically targeting Android-based TV boxes, allowing attackers to remotely download and install third-party software. It establishes a connection to a command and control server to receive instructions and update its components. | Reference: https://news.drweb.com/show/?i=14902
vshell VShell is an open-source post-exploitation framework that is modular, cross-platform and customizable. It was developed and is primarily operated by native Chinese speakers.
warmcookie WarmCookie is a backdoor tool used to fingerprint compromised machines, capture screenshots, and deploy additional payloads. It communicates via HTTP cookies to receive commands from its controller infrastructure. | Reference: https://www.elastic.co/security-labs/dipping-into-danger
warzone-rat Warzone RAT (also known as Ave Maria) is a commodity remote access trojan that offers features like UAC bypass, remote webcam capture, and RDP functionality. It provides a user-friendly controller panel for attackers to manage multiple infected victims simultaneously. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.ave_maria
whitesnakestealer WhitesnakeStealer is a malicious information stealer marketed on underground forums, designed to extract sensitive data such as credentials, cookies, and cryptocurrency wallets from Windows systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.whitesnake
wikiloader WikiLoader is a sophisticated malware downloader often employed by initial access brokers to deliver secondary payloads, such as banking trojans, while evading detection. | Reference: https://www.proofpoint.com/us/blog/threat-insight/WikiLoader-slippery-new-loader-delivering-ursnif
winos Winos (often related to the Gh0st RAT family) is a remote access trojan that provides attackers with control over infected systems, enabling file manipulation and data exfiltration. | Reference: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/BKDR_WINOS.D
wshrat WshRAT, also known as Houdini, is a Visual Basic Script-based remote access trojan that allows operators to execute commands and steal data through a JavaScript-based infrastructure. | Reference: https://any.run/malware-trends/WshRAT
wyrmspy WyrmSpy is an Android spyware family attributed to the APT41 group, capable of collecting sensitive user data, recording audio, and tracking the device's location. | Reference: https://www.lookout.com/threat-intelligence/article/WyrmSpy-dragonegg-surveillanceware-apt41
xehookstealer XehookStealer is an information-stealing malware designed to harvest login credentials, cookies, and other sensitive personal data from a victim's web browsers. | Reference: https://otx.alienvault.com/pulse/632c8e3f7c4611598442e31e
xenorat XenoRAT is an open-source remote access trojan written in C# that provides threat actors with comprehensive control over compromised systems, including features for keylogging and screen capture. | Reference: https://github.com/moop182/XenoRAT
xloader xLoader is a malware-as-a-service information stealer and botnet that evolved from Formbook, targeting both macOS and Windows systems to harvest credentials and other private data. | Reference: https://research.checkpoint.com/2021/time-to-check-the-maps-malware-evolution-from-formbook-to-xLoader/
xmrig xmrig is a legitimate, high-performance Monero cryptocurrency miner that is frequently abused by threat actors to hijack system resources and mine crypto without the owner's consent. | Reference: https://redcanary.com/threat-detection-report/threats/xmrig/
xorddos Xor DDoS is a Linux-based trojan used to amass large botnets of compromised servers, which are then utilized to launch distributed denial-of-service (DDoS) attacks. | Reference: https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-Xor DDoS-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
xpertrat XpertRAT is a remote access trojan that enables an attacker to gain unauthorized control over a victim's computer to steal data and execute arbitrary code. | Reference: https://www.symantec.com/blogs/threat-intelligence/XpertRAT-backdoor
xswkit Xswkit refers to a malicious toolkit or web shell controller used by attackers to maintain persistence and manage files on compromised web servers. | Reference: https://feodotracker.abuse.ch/browse/tag/xswkit/
xtremerat XtremeRAT is a widely distributed remote access trojan written in Delphi that allows attackers to capture audio, manipulate files, and steal credentials from compromised Windows systems. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.XtremeRAT
xworm XWorm is a versatile remote access trojan and malware tool sold on underground markets, offering capabilities ranging from ransomware execution to DDoS attacks and data theft. | Reference: https://any.run/malware-trends/XWorm
zeroaccessrat ZeroAccessRAT, often referred to as the ZeroAccess rootkit, is a sophisticated botnet malware used primarily for Bitcoin mining and click fraud operations. | Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.zeroaccess
zgrat zgRAT is a remote access trojan that establishes a connection to a command and control server, enabling threat actors to perform remote administrative tasks on the victim's machine. | Reference: https://otx.alienvault.com/pulse/604f5e7f1c437f4469796e68
zloader Zloader is a banking trojan and loader derived from the Zeus malware family, designed to steal credentials and facilitate the distribution of additional payloads like ransomware. | Reference: https://www.cisa.gov/uscert/ncas/alerts/aa21-209a
gen-ai IP addresses tagged with GenAI are tied to services linked to LLM/AI tooling for coding, scripting. Includes MCP Servers.
Sub-Tags (1)
Name Description
mcp-servers MCP Servers utilize the Model Context Protocol to provide a standardized way for AI assistants to access external data and tools, preventing data silos. | Reference: https://modelcontextprotocol.io/introduction
honeypot The 'HONEYPOT' tag is used to flag IP addresses that exhibit characteristics resembling honeypots. Honeypots are specialized server systems designed to mimic vulnerabilities, intentionally luring potential attackers. Honeypots come in various types and may be associated with related child tags, such as 'GASPOT'.
Sub-Tags (5)
Name Description
dionaea Dionaea is a low-interaction honeypot meant to trap malware exploiting vulnerabilities exposed by services offered over a network. | Reference: https://dionaea.readthedocs.io/
gaspot Gaspot is a low-interaction honeypot designed to simulate the Veeder-Root Guardian AST, a tank gauge system found in gas stations. | Reference: https://github.com/sjhilt/GasPot
kippo Kippo is a medium-interaction SSH honeypot designed to log brute force attacks and capture the entire shell interaction of an adversary. | Reference: https://github.com/desaster/kippo
port-anomaly Honeypot IP addresses with the 'port-anomaly' tag are IPs that have an unusual open port profile. This could either represent an IP that is a honeypot or a network security appliance.
ultraseek Ultraseek is a legacy enterprise search engine software used to index and search internal documents, signatures of which are sometimes emulated in deceptive environments. | Reference: https://en.wikipedia.org/wiki/Ultraseek_Server
ics IP Addresses with the ICS tag are associated with industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems. The devices found here are programmable logic controllers (PLCs), remote terminal units (RTUs), sensors, actuators, and also software that helps manage these devices, such as SCADA and human-machine interfaces (HMIs). Child tags exist for ICS that help identify vendors of these devices and software, such as JOHNSON_CONTROLS and SIEMENS.
Sub-Tags (123)
Name Description
accuenergy Accuenergy manufactures high-accuracy power metering solutions and energy measurement instruments designed for industrial and commercial facility management. | Reference: https://www.Accuenergy.com/
advantage-controls Advantage Controls specializes in manufacturing water cooling tower controllers, pumps, and boiler monitoring systems for industrial water treatment applications. | Reference: https://www.advantagecontrols.com/
airtek-technologies Airtek Technologies supplies building automation systems and HVAC control solutions aimed at enhancing energy management in commercial environments. | Reference: http://www.airtek.ca/
alerton Alerton is a Honeywell business that designs and manufactures building automation systems (BAS) specifically for heating, ventilation, and air conditioning control. | Reference: https://www.Alerton.com/
american-auto-matrix American Auto-Matrix, now integrated into Cylon (ABB), developed open-protocol building automation solutions and controllers for facility management. | Reference: https://www.cylon.com/
amit Amit Wireless designs and manufactures industrial cellular gateways, modems, and embedded systems to facilitate IoT and M2M connectivity. | Reference: https://www.amitwireless.com/
anybus Anybus, a brand by HMS Networks, produces gateways and wireless solutions that allow industrial devices to communicate across different network standards. | Reference: https://www.Anybus.com/
aquicore Aquicore provides a comprehensive ESG data and analytics platform that helps real estate portfolios monitor utility consumption and building operations. | Reference: https://www.Aquicore.com/
asi-controls ASI Controls manufactures digital control products and software designed to integrate seamlessly into building automation and energy management strategies. | Reference: https://www.asicontrols.com/
automated-logic Automated Logic develops intuitive building management systems, such as the WebCTRL platform, to optimize energy efficiency and occupant comfort. | Reference: https://www.automatedlogic.com/
automation-direct Automation Direct is a major distributor of industrial automation products, including PLCs, HMIs, and drives, serving the engineering and manufacturing sectors. | Reference: https://www.automationdirect.com/
Sub-Tags (1)
Name Description
c-more-hmi The C-more HMI is a line of industrial Human Machine Interface touch panels manufactured by AutomationDirect for controlling and monitoring machinery. | Reference: https://www.automationdirect.com/adc/shopping/catalog/hmi_(human_machine_interface)
broadwin-technology Broadwin Technology is known for developing web-based HMI/SCADA software, notably the WebAccess software now associated with Advantech. | Reference: https://www.advantech.com/
brodersen Brodersen Systems manufactures remote telemetry units (RTUs) and automation controllers specifically designed for critical infrastructure and utility monitoring. | Reference: https://Brodersen.com/
carel-industries Carel Industries designs control solutions for air conditioning, refrigeration, and heating systems, with a focus on high-efficiency industrial applications. | Reference: https://www.carel.com/
carrier Carrier is a global provider of heating, air-conditioning, and refrigeration solutions, offering smart building technologies and industrial cold chain systems. | Reference: https://www.Carrier.com/
Sub-Tags (1)
Name Description
i-vu The i-Vu system is a web-based building automation interface developed by Carrier to allow facilities managers to control HVAC equipment and lighting. | Reference: https://www.carrier.com/commercial/en/us/software/i-Vu-building-automation-system/
cimetrics CIMetrics is a technology provider specializing in building automation and analytics, particularly known for its products and tools that facilitate BACnet communication and system integration. | Reference: https://www.CIMetrics.com/
codesys Codesys is a manufacturer-independent software platform used for the project engineering and programming of industrial control systems compliant with the IEC 61131-3 standard. | Reference: https://www.Codesys.com/
contemporary-controls Contemporary Controls designs and manufactures networking and control products, such as switches and routers, for the building automation and industrial automation industries. | Reference: https://www.ccontrols.com/
control-applications Control Applications Ltd. (CA) develops and manufactures Building Management Systems (BMS) and electrical control systems, including DDC controllers and software for facility management. | Reference: http://www.ddc.co.il/
cp3 The CP3 is an enterprise-class 3-Series control system processor by Crestron, designed to integrate and automate audio, video, lighting, and environmental systems. | Reference: https://www.crestron.com/
cp3-r The CP3-R is a dedicated 3-Series control processor optimized to run the Crestron Home operating system for orchestrating smart home automation devices. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/CP3-R
cp3n The CP3N is a Crestron 3-Series Control System designed to manage and integrate entertainment, AV, lighting, and HVAC systems, featuring a dedicated high-speed control subnet port. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/CP3N
cp4-r The CP4-R is a 4-Series control system built to run the Crestron Home OS, providing enhanced processing power for residential automation applications. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/CP4-R
crestron Crestron manufactures advanced control and automation systems used in commercial and residential settings to manage audiovisual equipment, lighting, and environmental controls. | Reference: https://www.Crestron.com/
cylon-controls Cylon Controls, now part of ABB, provides scalable building automation and energy management systems designed to control heating, ventilation, and air conditioning (HVAC) in commercial buildings. | Reference: https://new.abb.com/low-voltage/products/building-automation/product-range/abb-cylon
daikin Daikin is a multinational manufacturing company specializing in air conditioning, heating, ventilation, and refrigeration equipment for residential, commercial, and industrial applications. | Reference: https://www.Daikin.com/
data In the context of industrial control systems, COPA-DATA refers to the raw information, process variables, and historical records generated by sensors and controllers essential for operational monitoring. | Reference: https://www.cisa.gov/news-events/news/COPA-DATA-historians-industrial-control-systems
delta-controls Delta Controls manufactures building automation systems and software, offering products like the O3 Sensor Hub to manage HVAC, lighting, and access control in facilities. | Reference: https://deltacontrols.com/
delta-dore Delta Dore is a French company that designs and manufactures smart home and building management solutions, focusing on energy monitoring, security, and comfort control. | Reference: https://www.deltadore.co.uk/
deos-controls DEOS Controls develops and produces energy-efficient building automation systems (BAS) and HVAC control solutions, including programmable controllers and management software. | Reference: https://www.deos-ag.com/
digi Digi International provides Internet of Things (IoT) connectivity products, such as cellular routers and serial-to-Ethernet servers, used to connect industrial equipment to networks. | Reference: https://www.Digi.com/
din-ap2 The DIN-AP2 is a DIN rail-mounted Crestron 2-Series automation processor designed to facilitate lighting and automation control in professional cabinet installations. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/DIN-AP2
distech-controls Distech Controls offers connected building management solutions and programmable controllers designed to optimize energy efficiency and occupant comfort in commercial spaces. | Reference: https://www.Distech Controls.com/
dmps3-4k-350-c The DMPS3-4K-350-C is a 3-Series 4K DigitalMedia presentation system that functions as a comprehensive system controller, video scaler, and audio DSP for multimedia environments. | Reference: https://www.crestron.com/Products/Video/DigitalMedia-Presentation-Systems/DMPS3-4K-350-C
eaton-corp Eaton Corp is a global power management company that provides energy-efficient solutions, electrical components, and industrial control systems to manage electrical, hydraulic, and mechanical power. | Reference: https://www.eaton.com/
ecs ECS refers to Electronic Control Systems or specific system integrators like Elite Control Systems that provide process control and safety solutions for industrial sectors. | Reference: https://elitecontrols.com/
ekinex Ekinex specializes in developing and manufacturing wall-mounted devices and control systems based on the KNX standard for home and building automation. | Reference: https://www.Ekinex.com/
emerson Emerson is a global technology and engineering company that provides automation solutions, including the DeltaV and Ovation distributed control systems, for industrial markets. | Reference: https://www.Emerson.com/
everex EverEx was a manufacturer of personal computers and hardware whose legacy equipment may still be utilized within older industrial control system environments or HMIs. | Reference: https://en.wikipedia.org/wiki/EverEx
ewon Ewon, a brand of HMS Networks, manufactures industrial VPN routers and gateways designed to facilitate secure remote access and monitoring of industrial machines and PLCs. | Reference: https://www.Ewon.biz/
exor-international Exor International designs and manufactures Human Machine Interface (HMI) solutions, industrial PCs, and software for the industrial automation sector. | Reference: https://www.exorint.com/
fastwel Fastwel is a manufacturer of high-reliability industrial computers, programmable controllers, and embedded systems often designed for use in harsh operational environments. | Reference: https://www.Fastwel.com/
fieldserver-technologies FieldServer Technologies produces protocol gateways and routers designed to enable communication between disparate building automation and fire safety systems. | Reference: https://www.msasafety.com/
fuel-gauge A fuel gauge in an industrial context is a sensor or monitoring system used to measure and report the level of liquid fuel within storage tanks for operational management. | Reference: https://en.wikipedia.org/wiki/Fuel_gauge
global-control-solutions Global Control Solutions (GCS) manufactures building automation systems and controllers designed to efficiently manage HVAC, lighting, and energy usage in commercial facilities. | Reference: http://www.gcscontrol.com/
grundfos Grundfos is a leading global pump manufacturer that provides connected pumping systems and water technology solutions for industrial and commercial applications. | Reference: https://www.Grundfos.com/
hmi A Human-Machine Interface (HMI) is a dashboard or user interface that connects a person to a machine, system, or device, commonly used in industrial settings to visualize data and control processes. | Reference: https://www.isa.org/intech-home/2019/september-october/features/HMI-design-best-practices
honeywell Honeywell is a multinational conglomerate that produces a wide range of commercial and consumer products, including industrial control systems, building technologies, and aerospace systems. | Reference: https://www.Honeywell.com/
iconics Iconics provides automation software solutions, including SCADA, HMI, and IoT analytics, used to visualize and control critical infrastructure and manufacturing processes. | Reference: https://Iconics.com/
infinite-automation Infinite Automation Systems is the developer of Mango, a web-based SCADA and IIoT platform used for data acquisition, monitoring, and control in various industrial sectors. | Reference: https://infiniteautomation.com/
infocon-holdings Infocon Holdings designs and manufactures telemetry and control equipment, specifically offering GSM-based monitoring solutions for industrial applications. | Reference: https://www.infocon.co.za/
intesis Intesis specializes in communication gateway solutions for building automation, enabling the integration of air conditioning units and smart building systems. | Reference: https://www.Intesis.com/
iv-produkt IV Produkt is a Swedish manufacturer of energy-efficient air handling units and ventilation systems that are often integrated into building management networks. | Reference: https://www.ivprodukt.com/
johnson-controls Johnson Controls is a global leader in smart building technologies, producing HVAC equipment, fire detection systems, and the Metasys building automation system. | Reference: https://www.johnsoncontrols.com/
katronic Katronic manufactures clamp-on ultrasonic flow meters used for non-invasive flow measurement of liquids in industrial process control applications. | Reference: https://www.Katronic.com/
kieback-peter Kieback&Peter is a provider of building automation solutions, specializing in software and hardware for the energy-efficient control of heating, ventilation, and air conditioning. | Reference: https://www.Kieback Peter.com/
kmc-controls KMC Controls designs and manufactures open, secure building automation systems and IoT solutions for controlling indoor environmental quality and energy usage. | Reference: https://www.kmccontrols.com/
lantronix Lantronix provides secure data access and management solutions for the Industrial Internet of Things (IIoT), including device gateways and out-of-band management tools. | Reference: https://www.Lantronix.com/
Sub-Tags (4)
Name Description
altair-engineering Altair Engineering provides software and cloud solutions for simulation, high-performance computing (HPC), and data analytics often used in industrial design and engineering. | Reference: https://www.altair.com/
micro-com Micro-Comm (often referenced as Micro-Comm) provides SCADA and automation control systems specifically designed to manage water and wastewater utility infrastructure. | Reference: https://micro-comm-inc.com
Sub-Tags (1)
Name Description
scadaview-csx ScadaView-CSX is a web-based SCADA hosting platform provided by Micro-Comm, designed specifically to monitor water and wastewater utility systems. | Reference: https://micro-comm-inc.com/products/scadaview.html
saf-tehnika SAF Tehnika designs and manufactures microwave data transmission equipment commonly used in utility, public safety, and industrial networks. | Reference: https://www.saftehnika.com/
xport The XPort is an embedded Ethernet device server module by Lantronix that enables device manufacturers to add network connectivity to products with serial interfaces. | Reference: https://www.lantronix.com/products/XPort/
leviton Leviton manufactures electrical wiring devices, lighting energy management systems, and commercial automation solutions used in residential and industrial infrastructure. | Reference: https://www.Leviton.com/
lg LG is a global electronics and telecommunications conglomerate that produces a wide variety of connected consumer appliances and industrial HVAC solutions. | Reference: https://www.LG.com/
Sub-Tags (2)
Name Description
ac-smart-bacnet-gateway The AC Smart BACnet Gateway is a central controller developed by LG that facilitates the integration of their HVAC units into third-party building automation networks. | Reference: https://lghvac.com/commercial/product-type/?productTypeId=a2x44000003XGjuAAG
acp-bacnet-gateway The ACP BACnet Gateway is a device manufactured by LG that acts as an interface between LG air conditioning systems and building management systems using the BACnet protocol. | Reference: https://lghvac.com/commercial/product-type/?productTypeId=a2x44000003XGjuAAG
liebert-corporation The Liebert Corporation, a brand of Vertiv, manufactures power, cooling, and infrastructure management systems designed primarily for data centers and critical industrial networks. | Reference: https://www.vertiv.com/en-us/about/liebert/
log-gmbh LOG GmbH provides automation software and hardware solutions, often utilized in environmental engineering and process control for water and sewage treatment facilities. | Reference: http://www.Solar-Log GmbH.de/
loytec Loytec Electronics offers a range of products for building automation, including controllers, touch panels, and gateways that support various communication protocols like BACnet. | Reference: https://www.Loytec.com/
lutron Lutron is a manufacturer specializing in lighting control systems and smart home automation solutions used in both residential and commercial facility management. | Reference: https://www.Lutron.com
mass-electronics Mass Electronics designs and manufactures electronic systems, often focusing on intelligent transportation system components and display signage for industrial transit applications. | Reference: https://masstransit.network/directory/company/10014769/Mass Electronics
mbs-gmbh MBS GmbH is a German manufacturer of industrial and building automation hardware, widely known for producing gateways and communication solutions for protocols like BACnet and Modbus. | Reference: https://www.mbs-solutions.de/en
mc3 The MC3 is a compact Crestron 3-Series control system featuring an on-screen display interface and built-in wireless Infinet EX capabilities for home automation. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/MC3
mc4 The MC4 is a small form factor 4-Series control system designed by Crestron to manage single-room AV configurations and small-scale automation setups. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/MC4
mc4-r The MC4-R is a 4-Series media controller specifically engineered to run the Crestron Home operating system for residential smart home deployments. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/MC4-R
mcquay McQuay was a global corporation that manufactured commercial heating, ventilation, and air conditioning (HVAC) systems, a brand that is now integrated into Daikin Applied. | Reference: https://www.daikinapplied.com
mitsubishi-electric Mitsubishi Electric is a major manufacturer of electrical and electronic equipment, including industrial automation systems like programmable logic controllers (PLCs) and drive products. | Reference: https://www.mitsubishielectric.com
modbus Modbus is a standard serial communication protocol originally published by Modicon for use with programmable logic controllers (PLCs) to enable communication between industrial electronic devices. | Reference: https://Modbus.org
modbus-bridge A Modbus bridge is a networking device or software component used to connect different Modbus segments, such as bridging a Modbus TCP network with a Modbus RTU serial bus. | Reference: https://modbus.org/tech.php
modbus-gateway A Modbus gateway is a communication device that converts data between Modbus and other protocols, or between different physical layers of Modbus networks, to facilitate system integration. | Reference: https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways
moxa MOXA creates industrial networking, computing, and automation solutions designed to enable connectivity for the Industrial Internet of Things (IIoT). | Reference: https://www.MOXA.com/en/
multi-tech Multi-Tech Systems designs and manufactures communications equipment for the industrial internet of things (IIoT), including routers, modems, and LoRaWAN gateways. | Reference: https://www.multitech.com
neuberger Neuberger is a company specializing in building automation systems, offering solutions for room automation, monitoring, and facility management within clean room and industrial environments. | Reference: https://www.Neuberger.net
nordex Nordex is a manufacturer of wind turbines that designs, produces, and maintains large-scale wind power systems for the renewable energy sector. | Reference: https://www.nordex-online.com/
obvius Obvius manufactures data acquisition and energy monitoring solutions, such as the AcquiSuite, which are used to collect metering data in industrial and commercial environments. | Reference: https://www.Obvius.com
oj-electronics OJ Electronics is a manufacturer of electronic controls for underfloor heating and HVAC systems, focusing on ventilation and temperature management solutions. | Reference: https://ojelectronics.com
panasonic Panasonic is a major multinational electronics corporation that manufactures diverse technology ranging from consumer smart devices to industrial automation sensors and controllers. | Reference: https://industry.Panasonic.eu/factory-automation
Sub-Tags (1)
Name Description
fp-web-server The FP web server is a specialized unit by Panasonic that connects FP-series PLCs to an Ethernet network for remote monitoring and data logging. | Reference: https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/FP web server
philips-lighting Philips Lighting, now operating as Signify, produces lighting products and systems for consumer, professional, and IoT-enabled building environments. | Reference: https://www.signify.com
phoenix-controls Phoenix Controls provides precision airflow control systems used primarily in critical environments like laboratories, healthcare facilities, and vivariums to ensure safety and energy efficiency. | Reference: https://www.phoenixcontrols.com
plc A PLC (Programmable Logic Controller) is a ruggedized industrial digital computer adapted for the control of manufacturing processes, such as assembly lines or robotic devices. | Reference: https://en.wikipedia.org/wiki/Programmable_logic_controller
pro2 The PRO2 is a legacy Crestron 2-Series professional dual bus control system equipped with an extensive range of control ports for complex integrated systems. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/PRO2
pro3 The PRO3 is a robust Crestron 3-Series control system designed for demanding commercial applications requiring high processing speed and extensive port expansion. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/PRO3
pymodbus pymodbus is a full Modbus protocol implementation written in Python, allowing developers to create Modbus synchronous and asynchronous clients and servers. | Reference: https://github.com/pymodbus-dev/pymodbus
pyng-hub The PYNG-HUB serves as the central control processor for the legacy Crestron Pyng system, linking wireless accessories and mobile apps for home automation. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/PYNG-HUB
qm-rmc The QM-RMC is a compact Room Media Controller that integrates Crestron QuickMedia technology to manage AV signals and system control over a single cable. | Reference: https://www.crestron.com/Products/Video/QuickMedia/QuickMedia-Receivers-Controllers/QM-RMC
red-lion Red Lion Controls manufactures industrial automation and networking solutions, including human-machine interfaces (HMIs), panel meters, and Ethernet switches. | Reference: https://www.redlion.net
regin Regin is a global company that develops products and systems for building automation, ranging from field devices to SCADA software for energy conservation. | Reference: https://www.regincontrols.com
reliable-controls Reliable Controls specializes in the design and manufacture of internet-connected building automation controls and software for the facility management sector. | Reference: https://www.reliablecontrols.com/
rle-technologies RLE Technologies provides critical facility monitoring solutions, including leak detection and environmental monitoring systems for data centers. | Reference: https://www.rletech.com/
rmc3 The RMC3 is a compact Crestron 3-Series Room Media Controller designed to provide control and monitoring for a single room or device in networked environments. | Reference: https://www.crestron.com/Products/Control-Hardware-Software/Hardware/Control-Systems/RMC3
rockwell Rockwell (Rockwell Automation) is a major provider of industrial automation and information solutions, including Allen-Bradley control systems and FactoryTalk software. | Reference: https://www.rockwellautomation.com/
rs RS (RS Automation) manufactures industrial motion control technology and robots used in semiconductor and display manufacturing environments. | Reference: http://www.rsautomation.co.kr/
samsung Samsung is a technology giant known for its broad ecosystem of connected consumer electronics, semiconductors, and smart home platforms like SmartThings. | Reference: https://www.Samsung.com/
sauter-ag Sauter AG offers building management systems and room automation solutions focused on energy efficiency and climate control. | Reference: https://www.sauter-controls.com/
sbc-electronics SBC Electronics (Saia-Burgess Controls) produces Programmable Logic Controllers (PLCs), HMIs, and energy meters for infrastructure automation. | Reference: https://saia-pcd.com/
schneider-electric Schneider Electric is a global specialist in energy management and automation, producing a wide range of hardware and software for industrial control systems. | Reference: https://www.se.com/
Sub-Tags (2)
Name Description
bmx-series The BMX series refers to hardware modules, such as processors and power supplies, associated with the Modicon M340 automation platform by Schneider Electric. | Reference: https://www.se.com/ww/en/product-range/1468-modicon-m340/
modicon Modicon is a brand of Programmable Logic Controllers (PLCs) owned by Schneider Electric, widely credited with introducing the first PLCs to the industrial market. | Reference: https://www.se.com/us/en/brand/Modicon/
scl-controls SCL Controls provides building automation and temperature control solutions, often specializing in HVAC integration and energy management. | Reference: https://www.sclcontrols.com/
serotonin serotonin (serotonin Software) develops the Mango Automation platform, a web-based software solution used for SCADA, HMI, and IIoT applications. | Reference: https://serotonin.com/
servisys Servisys is an authorized distributor and integrator of building automation and temperature control products, often working with Honeywell systems. | Reference: https://www.Servisys.com/
shina-system Shina System is a technology provider that develops environmental monitoring equipment and industrial control solutions, such as the LIG series. | Reference: http://www.shinasystem.co.kr/
siemens Siemens is a multinational technology powerhouse that manufactures a vast array of industrial automation products, including SIMATIC PLCs and SCADA systems. | Reference: https://www.Siemens.com/
Sub-Tags (1)
Name Description
climatrix The Climatix tag refers to the Climatix range of scalable HVAC controllers manufactured by Siemens for Original Equipment Manufacturers (OEMs). | Reference: https://www.siemens.com/global/en/products/buildingtechnologies/hvac/oem/climatix.html
smc SMC (SMC Corporation) manufactures pneumatic control engineering components and actuators used to support industrial automation machinery. | Reference: https://www.smcworld.com/
softdel-systems SoftDel Systems connects devices and enterprises by providing industrial IoT solutions and BACnet protocol stacks for building automation. | Reference: https://www.softdel.com/
softplc-corp SoftPLC Corp develops software-based Programmable Logic Controllers (PLCs) and communication gateways for open architecture industrial control. | Reference: http://softplc.com/
strato Strato (Strato Automation) manufactures building automation controllers and software designed for HVAC and access control applications. | Reference: https://www.stratoautomation.com/
swegon Swegon produces intelligent indoor climate systems and ventilation units that often integrate into broader building management networks. | Reference: https://www.Swegon.com/
swg-automation SWG Automation manufactures automated gate motors and door operating systems used for physical access control and perimeter security. | Reference: https://swgautomation.co.za/
tac TAC (Tour Andover Controls), now part of Schneider Electric, provided building automation solutions including the Vista and Xenta product lines. | Reference: https://www.se.com/
tekon-avtomatika Tekon Avtomatika is a Russian engineering and manufacturing company that specializes in producing microprocessor-based process control systems and instrumentation for industrial automation. | Reference: https://tekon.ru/en/
Sub-Tags (2)
Name Description
kio-series The KIO series refers to a line of distributed input/output (I/O) modules manufactured by TEKON-Avtomatika for use in industrial automation and control systems. | Reference: https://tekon.ru/en/products/io-modules/
kun-series The KUN series consists of industrial controllers and interface converters produced by TEKON-Avtomatika, designed to manage data flow and logic within operational technology environments. | Reference: https://tekon.ru/en/products/controllers/
telkonet Telkonet offers intelligent automation platforms, such as the EcoSmart energy management system, primarily designed for the hospitality and commercial markets to control HVAC and electrical usage. | Reference: https://www.Telkonet.com/
tps-co-ltd TPS Co Ltd refers to TPS Co., Ltd., a manufacturer involved in industrial solutions, often associated with gateway devices, embedded systems, or control equipment used in automation contexts. | Reference: http://www.tps.co.jp/
trane Trane is a global manufacturer of heating, ventilating, and air conditioning (HVAC) systems and building management controls used in residential, commercial, and industrial settings. | Reference: https://www.Trane.com/
trend-controls Trend Controls is a manufacturer of Building Energy Management Systems (BEMS) that monitor and control heating, ventilation, and air conditioning services in various facility types. | Reference: https://www.trendcontrols.com/
tridium Tridium is a technology company best known for developing the Niagara Framework, a software platform that integrates diverse systems and devices into a unified automation environment. | Reference: https://www.Tridium.com/
Sub-Tags (1)
Name Description
niagara-framework Developed by Tridium, the Niagara Framework is a universal software infrastructure that enables the integration and management of diverse devices and systems into a unified platform. | Reference: https://www.tridium.com/us/en/products-services/Niagara Framework
unitronics Unitronics designs and manufactures Programmable Logic Controllers (PLCs) with integrated Human Machine Interfaces (HMI) intended for the control and automation of industrial machines. | Reference: https://www.Unitronics.com/
vertiv Vertiv provides critical digital infrastructure technologies, including power management, thermal cooling, and IT management systems for data centers and communication networks. | Reference: https://www.Vertiv.com/
view-inc View Inc manufactures smart building technologies, specifically dynamic "smart glass" windows that automatically adjust tint to control heat and glare. | Reference: https://view.com/
Sub-Tags (1)
Name Description
smart-window The Smart Window tag refers to intelligent, network-connected glass systems manufactured by View Inc. that dynamically adjust tint based on environmental conditions. | Reference: https://view.com/
wago Wago produces components for electrical connections and electronic automation, including I/O systems, controllers, and interface modules used in industrial engineering. | Reference: https://www.Wago.com/
wit-sa WIT SA is a French company that designs and manufactures equipment for remote maintenance, telemetry, and SCADA applications in the water and energy sectors. | Reference: https://www.wit.fr/
iot IP addresses that have been observed with a publicly accessible IOT(Internet of Things) device such as IP cameras, smart TVs, printers and DVRs. IOT devices provide 'smart' capabilities by collecting and exchanging data over the Internet or providing more accessibility to various services. IOT devices are targeted by attackers by gaining unauthorized access and infecting devices to participate in botnet operations.
Sub-Tags (73)
Name Description
airplay AirPlay is a proprietary wireless communication protocol stack developed by Apple Inc. that allows for the streaming of audio, video, device screens, and photos between devices. | Reference: https://www.apple.com/AirPlay/
alibi Alibi Security supplies video surveillance technology, providing IP cameras and recording solutions for business and residential protection. | Reference: https://www.alibisecurity.com/
avn801 The AVN801 is a specific model of network camera manufactured by AVTECH, featuring "Push Video" notifications and compact IP surveillance capabilities. | Reference: https://www.avtech.com.tw/
avtech AVTECH is a manufacturer of professional CCTV and IP surveillance products, including push-video cameras, DVRs, and NVR systems used for security monitoring. | Reference: https://www.AVTECH.com.tw/
axis Axis refers to Axis Communications, a company that manufactures network cameras, access control systems, and network audio devices for the physical security and video surveillance industries. | Reference: https://www.Axis.com/
Sub-Tags (5)
Name Description
206 The Axis 206 is a legacy network camera from Axis Communications designed for indoor remote monitoring over local area networks or the internet. | Reference: https://www.axis.com/
207w The Axis 207W is a wireless network camera manufactured by Axis Communications, offering compact video surveillance with built-in microphone capabilities. | Reference: https://www.axis.com/
215 The Axis 215 is a Pan-Tilt-Zoom (PTZ) network camera that features 360-degree panning and auto-flip functionality for continuous surveillance tracking. | Reference: https://www.axis.com/
2120 The Axis 2120 is an early generation network camera produced by Axis Communications, featuring motion detection and a built-in web server for image transmission. | Reference: https://www.axis.com/
m1054 The Axis M1054 is a compact network camera designed for smart indoor security, featuring Power over Ethernet (PoE) support and a passive infrared (PIR) sensor. | Reference: https://www.axis.com/
biomark biomark provides RFID tagging technology and specialized tracking systems often used for biological research, fisheries monitoring, and animal identification. | Reference: https://www.biomark.com/
Sub-Tags (1)
Name Description
mts The mts (often referring to the Meridian Testing System or similar Molecular Testing Systems) in this context is a component often found in BioMark diagnostic equipment or industrial IoT setups used for automated testing and data collection. | Reference: https://www.biomark.com/
blikvm BliKVM is an open-source hardware and software solution that provides KVM (Keyboard, Video, Mouse) over IP functionality for remote server management and control. | Reference: https://BliKVM.org/
blue-iris Blue Iris is a video security software application for Windows systems that enables users to remotely view, record, and manage feeds from up to 64 IP cameras or webcams. | Reference: https://blueirissoftware.com/
bluesound Bluesound is an audio company that manufactures a wireless multi-room music ecosystem designed to stream high-resolution audio. | Reference: https://www.bluesound.com/
boa-web-server The boa-web-server is a lightweight, open-source embedded web server often utilized in older IoT devices and routers. | Reference: http://www.boa.org/
bosch bosch Security Systems manufactures a broad range of safety and communications products, including video surveillance cameras, intrusion detection, and fire alarm systems. | Reference: https://www.boschsecurity.com/
Sub-Tags (1)
Name Description
videojet videojet refers to the video encoding and transmission systems, historically associated with Bosch Security Systems, used in CCTV and surveillance networks. | Reference: https://www.boschsecurity.com/
bose Bose is a well-known manufacturer of audio equipment, producing devices such as smart speakers, headphones, and home entertainment systems. | Reference: https://www.bose.com/
comet Comet System is a manufacturer of IoT sensors and dataloggers designed to measure and record environmental conditions such as temperature, humidity, and atmospheric pressure. | Reference: https://www.cometsystem.com/
contec Contec refers to Contec Medical Systems, a manufacturer of networked medical devices like patient monitors and ECGs, or Contec Co., Ltd., which produces industrial IoT and automation technology. | Reference: https://www.Contec.com/
Sub-Tags (1)
Name Description
solarview SolarView is a photovoltaic power generation monitoring system developed by Contec for visualizing and managing solar energy data. It is an IoT solution used in industrial and residential settings to track power output and system status. | Reference: https://www.contec.com/
crestron Crestron manufactures advanced control and automation systems used in commercial and residential settings to manage audiovisual equipment, lighting, and environmental controls. | Reference: https://www.Crestron.com/
d-link D-Link is a global provider of networking and connectivity products, manufacturing hardware such as switches, surveillance cameras, and routers for consumers and businesses. | Reference: https://www.dlink.com/
Sub-Tags (8)
Name Description
dcs-2121 The DCS-2121 is a D-Link wireless megapixel network camera designed for remote monitoring and video streaming to mobile phones and web browsers. | Reference: https://eu.dlink.com/uk/en/products/DCS-2121-wireless-internet-camera
dcs-2130 The DCS-2130 is a D-Link HD Wireless N Cube network camera offering 720p resolution and ePTZ functionality for home or office surveillance. | Reference: https://eu.dlink.com/uk/en/products/DCS-2130-hd-wireless-n-cube-network-camera
dcs-5020l The DCS-5020L is a wireless day/night cloud camera from D-Link featuring pan and tilt capabilities and integrated Wi-Fi extension support. | Reference: https://eu.dlink.com/uk/en/products/DCS-5020L-wireless-day-night-pan-tilt-cloud-camera
dcs-900 The DCS-900 is a wired D-Link internet camera designed to provide basic remote video surveillance via a standard Ethernet connection. | Reference: https://support.dlink.com/ProductInfo.aspx?m=DCS-900
dcs-910 The DCS-910 is a wired network camera by D-Link that connects to a 10/100 Fast Ethernet network to stream video to remote locations. | Reference: https://support.dlink.com/ProductInfo.aspx?m=DCS-910
dcs-920 The DCS-920 is a wireless G internet camera from D-Link that allows users to monitor home or office environments without needing network cabling. | Reference: https://support.dlink.com/ProductInfo.aspx?m=DCS-920
dcs-930l The DCS-930L is a cloud-enabled Wireless N home network camera designed by D-Link for remote video monitoring through a web browser or mobile app. | Reference: https://support.dlink.com/ProductInfo.aspx?m=DCS-930L
dcs-932lb1 The DCS-932LB1 represents a specific hardware revision of D-Link's Day/Night Cloud Camera, featuring infrared LEDs for viewing in low-light environments. | Reference: https://support.dlink.com/ProductInfo.aspx?m=DCS-932L
dahua Dahua Technology is a leading provider of video-centric smart IoT solutions, manufacturing video surveillance products such as IP cameras, NVRs, and AI-enabled security devices. | Reference: https://www.dahuasecurity.com/
dicom-solutions DICOM Solutions generally refers to systems and software that utilize the Digital Imaging and Communications in Medicine standard to transmit, store, and display medical imaging information. | Reference: https://www.dicomstandard.org/
domoticz Domoticz is a lightweight, open-source home automation system designed to monitor and configure various devices like lights, switches, and sensors within a local network. | Reference: https://www.Domoticz.com/
dptech DPtech (Zhejiang Dapeng Technology) is a provider of network security and application delivery products, including firewalls and VPNs that are often integrated into IoT network architectures. | Reference: http://www.DPtech.com/
dts-digitial DTS Digital refers to brands or distributors associated with digital security equipment, specifically CCTV systems and digital video recorders used for surveillance. | Reference: https://www.dtsdigitalcctv.co.uk/
dvr A DVR (Digital Video Recorder) is an electronic device that records video in a digital format to a disk drive, commonly used in closed-circuit television systems to capture footage from analog cameras. | Reference: https://en.wikipedia.org/wiki/Digital_video_recorder
everfocus EverFocus is a global manufacturer specializing in industrial PC and surveillance security equipment, including mobile digital video recorders and network cameras. | Reference: https://www.EverFocus.com/
foscam Foscam is a leading manufacturer of IP video cameras and network video recorder solutions used for indoor and outdoor monitoring. | Reference: https://www.foscam.com/
geovision GeoVision is a security company that manufactures intelligent video surveillance systems, including IP cameras, capture cards, and access control hardware. | Reference: http://www.GeoVision.com.tw/
google Google serves as a broad identifier for the suite of internet services, cloud infrastructure, and IoT integration capabilities provided by Google and the Google Cloud Platform. | Reference: https://cloud.Google.com/
Sub-Tags (2)
Name Description
chromecast A Chromecast is a family of digital media dongles developed by Google that enables users to play internet-streamed audio-visual content on a high-definition television or home audio system. | Reference: https://store.google.com/us/product/Chromecast
nest-hub The Google Nest Hub is a smart home display device that functions as a central controller for connected IoT devices and services. | Reference: https://store.google.com/product/nest_hub_2nd_gen
hanwha-vision Hanwha Vision is a global provider of comprehensive video surveillance solutions, offering products such as IP cameras, storage devices, and management software. | Reference: https://hanwhavision.com/
Sub-Tags (1)
Name Description
snd-6014 The SND-6014 is a full HD network dome camera manufactured by Hanwha Vision (formerly Samsung Techwin) designed for video surveillance applications. | Reference: https://www.hanwhavision.com/en/product/snd-6011/
hid HID Global provides identity management products, such as physical access control cards, readers, and biometric sensors that are frequently integrated into IoT security networks. | Reference: https://www.hidglobal.com/
Sub-Tags (1)
Name Description
vertex The HID Vertex series consists of network-based access control controllers and interface modules used to manage door access, alarm inputs, and lock outputs in physical security systems. | Reference: https://www.hidglobal.com/products/access-control/controllers/Vertex
hikvision Hikvision is a prominent manufacturer and supplier of video surveillance equipment and IoT solutions, including a wide range of IP cameras, recorders, and alarm systems. | Reference: https://www.Hikvision.com/
hipcam Hipcam specializes in smart building solutions, specifically providing video doorbells and access control concierge systems that allow users to manage entry via mobile applications. | Reference: https://www.Hipcam.com/
home-assistant Home Assistant is an open-source home automation software that prioritizes local control and privacy, allowing users to integrate and manage smart devices from various manufacturers. | Reference: https://www.Home Assistant.io/
homebridge Homebridge is a lightweight NodeJS server that emulates the iOS HomeKit API, allowing users to integrate smart home devices that do not natively support HomeKit with Apple devices. | Reference: https://Homebridge.io/
hp HP (Hewlett-Packard) is a major technology company that produces a vast array of hardware, including network-connected printers and computers that function as IoT endpoints. | Reference: https://www.HP.com/
Sub-Tags (10)
Name Description
designjet The Designjet is a line of large-format printers manufactured by HP, designed primarily for engineering, architecture, and professional graphics applications requiring high-precision output. | Reference: https://www.hp.com/us-en/printers/large-format/Designjet-plotters.html
deskjet The Deskjet is a brand of inkjet printers by HP designed for domestic and small office use, offering basic printing, scanning, and copying functionalities. | Reference: https://www.hp.com/us-en/printers/Deskjet.html
envy HP Envy represents a premium line of consumer electronics, including all-in-one printers and laptops, focused on high-quality aesthetics and multimedia performance. | Reference: https://www.hp.com/us-en/printers/Envy.html
ilo HP ILO (Integrated Lights-Out) is a proprietary embedded server management technology that facilitates out-of-band management and remote configuration of HPE ProLiant servers. | Reference: https://www.hpe.com/us/en/servers/integrated-lights-out-ILO.html
ink-tank The HP Ink Tank series features a high-capacity ink reservoir system that replaces traditional cartridges to support high-volume printing at a lower cost per page. | Reference: https://www.hp.com/in-en/printers/Ink Tank.html
inkjet While a broad technology term, an Inkjet in the context of HP refers to their extensive range of printers that recreate digital images by propelling droplets of ink onto paper. | Reference: https://www.hp.com/us-en/printers/Inkjet-printers.html
officejet The OfficeJet is a series of inkjet printers and all-in-ones from HP specifically engineered to meet the productivity and connectivity needs of small to medium-sized businesses. | Reference: https://www.hp.com/us-en/printers/OfficeJet.html
pagewide HP PageWide technology utilizes a stationary printhead bar that spans the entire width of the page, allowing for faster print speeds and improved reliability in business environments. | Reference: https://www.hp.com/us-en/printers/PageWide.html
photosmart The Photosmart series is a legacy line of HP inkjet printers and scanners that was optimized for printing high-resolution photographs and digital images. | Reference: https://support.hp.com/us-en/product/series/hp-Photosmart-plus-all-in-one-printer-series-b210/4023238
smart-tank The HP Smart Tank is a modern collection of cartridge-free printers offering a refillable tank system and wireless mobile printing capabilities for home and office use. | Reference: https://www.hp.com/us-en/printers/Smart Tank.html
icatch iCatch Technology focuses on designing intelligent image processing SoCs (System on Chips) used in automotive imaging, home security cameras, and other digital imaging devices. | Reference: https://www.icatchtek.com/
intelbras Intelbras is a Brazilian technology manufacturer that produces security, communication, and energy solutions, including cameras, routers, and access control systems. | Reference: https://www.Intelbras.com/
interelogix Interlogix provided residential and commercial security solutions, including intrusion detection systems and video surveillance hardware, prior to winding down operations in North America. | Reference: https://www.firesecurityproducts.com/
Sub-Tags (1)
Name Description
truvision The TruVision line by Interlogix encompasses a range of video surveillance products, including DVRs, NVRs, and IP cameras, designed for commercial and residential security. | Reference: https://firesecurityproducts.com/en/bu/video
ip-camera An IP camera (Internet Protocol camera) is a type of digital video camera that receives control data and sends image data via an IP network, commonly used for surveillance. | Reference: https://en.wikipedia.org/wiki/IP_camera
jeedom Jeedom is an open-source home automation software that allows central management of various connected devices through a web interface or mobile application. | Reference: https://www.Jeedom.com/
jetkvm JetKVM is a hardware-based KVM over IP solution that allows users to remotely control a computer's keyboard, video, and mouse via a web browser. | Reference: https://JetKVM.com
kbvision Kbvision provides a range of security technology solutions, including CCTV cameras and recording systems for various surveillance applications. | Reference: https://kbvisiongroup.com/
lg LG is a global electronics and telecommunications conglomerate that produces a wide variety of connected consumer appliances and industrial HVAC solutions. | Reference: https://www.LG.com/
lilin LILIN is a manufacturer of IP video cameras, recording devices, and software used in network surveillance systems. | Reference: https://www.meritlilin.com
Sub-Tags (1)
Name Description
prd-800 The PDR-800 is a standalone HD video decoder manufactured by LILIN, designed to display video streams from IP cameras onto a monitor without requiring a PC. | Reference: https://www.meritlilin.com/index.php/en/product/PRD800
luma Luma offers high-definition surveillance solutions, including analog and IP cameras, primarily designed for professional integrator installation. | Reference: https://www.snapone.com/luma-surveillance
mobotix MOBOTIX is a German manufacturer that produces intelligent IP video systems and software for professional security and surveillance. | Reference: https://www.MOBOTIX.com
moxa MOXA creates industrial networking, computing, and automation solutions designed to enable connectivity for the Industrial Internet of Things (IIoT). | Reference: https://www.MOXA.com/en/
Sub-Tags (1)
Name Description
nport-serial-server An NPort Serial Server is a device specifically designed by Moxa to connect legacy serial interface devices to an Ethernet network for industrial automation and remote management. | Reference: https://www.moxa.com/en/products/industrial-edge-connectivity/serial-device-servers/general-device-servers/nport-5100-series
nad-electronics NAD-electronics is a high-performance audio brand specializing in amplifiers, receivers, and other hi-fi components. | Reference: https://nadelectronics.com/
nanokvm NanoKVM is an affordable, open-source based RISC-V KVM over IP device developed to provide remote management capabilities for computers. | Reference: https://NanoKVM.com
netflix Netflix is a subscription-based streaming service whose application is frequently embedded in smart TVs, set-top boxes, and other connected media devices. | Reference: https://www.Netflix.com
Sub-Tags (1)
Name Description
nrdp The NDRP (Netflix Ready Device Platform) is a software environment and SDK provided by Netflix to manufacturers, enabling streaming capabilities on smart TVs and set-top boxes. | Reference: https://netflixtechblog.com/
netwave Netwave refers to a specific type of firmware commonly found in various IP cameras and network video hardware devices. | Reference: https://www.netcamwatcher.com
orthanic Orthanic (commonly a reference to Orthanc) is an open-source DICOM server used for the management and transfer of medical imaging data. | Reference: https://www.orthanc-server.com
panasonic Panasonic is a major multinational electronics corporation that manufactures diverse technology ranging from consumer smart devices to industrial automation sensors and controllers. | Reference: https://industry.Panasonic.eu/factory-automation
pikvm PiKVM is a DIY-friendly, open-source KVM over IP software platform designed to run on Raspberry Pi hardware for remote system administration. | Reference: https://PiKVM.org
plex-server The Plex Server (Plex Media Server) is a digital media player system that organizes video, audio, and photos to stream them to client devices. | Reference: https://www.plex.tv
poly Poly is a communications technology company that manufactures video and voice conferencing hardware and software solutions. | Reference: https://www.Poly.com
qualvision Qualvision designs and manufactures video intercom systems and IP-based surveillance equipment for building security and access control. | Reference: http://www.Qualvision.com
reecam Reecam is a brand of IP surveillance cameras that allow for remote network video monitoring and recording. | Reference: http://www.Reecam.cn
reolink Reolink is a consumer electronics company specializing in smart security cameras and DVR systems for home and business protection. | Reference: https://Reolink.com
samsung Samsung is a technology giant known for its broad ecosystem of connected consumer electronics, semiconductors, and smart home platforms like SmartThings. | Reference: https://www.Samsung.com/
Sub-Tags (1)
Name Description
sl In the context of Samsung electronics, SL refers to the model prefix for the Samsung Xpress and ProXpress line of laser printers and multi-function peripherals. | Reference: https://support.hp.com/us-en/products/printers/samsung-printers
sanyo Sanyo is a major electronics brand (now a subsidiary of Panasonic) that produced various connected devices including IP security cameras. | Reference: https://www.panasonic.com
socomec Socomec manufactures low voltage energy performance equipment, including connected power switching and UPS monitoring systems. | Reference: https://www.Socomec.com
Sub-Tags (1)
Name Description
net-vision Net Vision is a network interface and management card manufactured by Socomec, allowing for the remote monitoring and control of UPS systems via web browser or SNMP. | Reference: https://www.socomec.com/en/p/Net Vision-card
sony Sony is a multinational conglomerate that manufactures a wide range of connected devices, including smart TVs and network surveillance cameras. | Reference: https://www.Sony.com
Sub-Tags (1)
Name Description
playstation A PlayStation is a home video game console system developed by Sony Interactive Entertainment that offers high-performance gaming, multimedia streaming, and online network connectivity. | Reference: https://www.PlayStation.com
tandberg Tandberg was a manufacturer of high-definition video conferencing systems that is now part of Cisco's telepresence product line. | Reference: https://www.cisco.com
tasmota Tasmota is open-source firmware designed for ESP8266 and ESP32 chipsets, allowing local control of smart home devices without cloud dependency. | Reference: https://tasmota.github.io/docs/
tinypilot Tinypilot is a KVM over IP device that provides browser-based remote management of computers without requiring software installation. | Reference: https://tinypilotkvm.com
tivo TiVo is a digital video recorder (DVR) and streaming media player that aggregates content from various broadcast and internet sources. | Reference: https://www.TiVo.com
trendnet TRENDnet is a global provider of networking and surveillance hardware solutions, delivering products such as routers, switches, and IP cameras for home and business users. | Reference: https://www.TRENDnet.com
Sub-Tags (1)
Name Description
tvip-422w The TVIP-422W refers to the TRENDnet TV-IP422W, which is a Pan/Tilt/Zoom internet camera designed for day and night surveillance. | Reference: https://www.trendnet.com/products/archive/TV-IP422W
ubiquiti-networks Ubiquiti Networks is a technology company known for its UniFi and EdgeMax product lines, providing wireless data communication and enterprise networking equipment. | Reference: https://ui.com/
Sub-Tags (1)
Name Description
unifi-video UniFi Video is a software platform and hardware ecosystem developed by Ubiquiti Networks for managing IP surveillance cameras and storing video recordings. | Reference: https://www.ui.com/products/#unifivideo
visonhitech Visonhitech is a manufacturer specializing in industrial and security camera systems, providing intelligent imaging solutions for surveillance applications. | Reference: http://www.Visonhitech.com
vivotek VIVOTEK is a global provider of IP surveillance solutions, manufacturing network cameras, video servers, and NVRs for security systems. | Reference: https://www.VIVOTEK.com
Sub-Tags (2)
Name Description
fd8134v The Vivotek FD8134V is a fixed dome network camera equipped with a vandal-proof housing and built-in IR illuminators for day and night surveillance. | Reference: https://www.vivotek.com/FD8134V
ip7131 The Vivotek IP7131 is a cost-effective network camera designed for indoor use, featuring real-time MPEG-4 and MJPEG compression and 802.11b/g WLAN connectivity. | Reference: https://www.vivotek.com/IP7131
webcamxp WebCamXP is a popular webcam and network camera management software designed to monitor, record, and stream multiple video sources on Windows systems. | Reference: http://www.WebCamXP.com
xiongmai Xiongmai (Hangzhou Xiongmai Technology) is a manufacturer of video surveillance components, such as camera modules and DVR boards, frequently used by various original equipment manufacturers (OEMs). | Reference: http://www.xiongmaitech.com
Sub-Tags (1)
Name Description
netsurveillance NetSurveillance refers to the default web interface title and software components found on OEM IP cameras and DVRs manufactured by Xiongmai and its white-label partners. | Reference: https://www.xiongmaitech.com/en/
yawcam Yawcam (Yet Another WebCAM software) is a free, Java-based software application that allows users to capture and stream video from connected webcams. | Reference: https://www.Yawcam.com
yealink yealink is a global provider of unified communication and collaboration solutions, specializing in VoIP phones, video conferencing systems, and collaboration endpoints. | Reference: https://www.yealink.com
malware IP Addresses where a malicious file was hosted recently. All malware samples downloaded are checked against AV signatures to confirm they are malicious. IP addresses that are on shared hosting or CDNs are excluded from this tag.
messaging IP addresses tagged as messaging are used to identify infrastructure for common messaging applications and networks, such as Discord, WhatsAPP, Telegram and can include more closed messaging servers using XMPP.
Sub-Tags (16)
Name Description
discord Discord is a VoIP and instant messaging social platform that enables communities to communicate via voice calls, video calls, text messaging, and media files. | Reference: https://Discord.com
eitaa eitaa is an Iranian instant messaging application that provides chat and channel features similar to other major messaging platforms. | Reference: https://eitaa.com
element Element is a secure collaboration and messaging application built on the Matrix open standard, focusing on decentralized communication and end-to-end encryption. | Reference: https://Element.io
mattermost Mattermost is an open-source, self-hostable online chat service that provides secure collaboration, file sharing, and workflow integration for teams. | Reference: https://Mattermost.com
max Max is a state-backed Russian messaging, developed by the social media company VK, be used as a single platform for communication, accessing government services, and online shopping, and is being pre-installed on all new smartphones and tablets sold in Russia. | Reference: https://en.wikipedia.org/wiki/Max_(app)
meta Meta is a major technology conglomerate that owns and operates widely used social media and messaging platforms, including Facebook, Instagram, and WhatsApp. | Reference: https://about.Meta.com
Sub-Tags (1)
Name Description
whatsapp WhatsApp is a freeware, cross-platform centralized instant messaging and voice-over-IP (VoIP) service owned by Meta that utilizes end-to-end encryption. | Reference: https://www.WhatsApp.com
qq QQ is a widely used Chinese instant messaging software service developed by Tencent that offers chat, online games, and other social services. | Reference: https://im.QQ.com
rocketchat Rocket.Chat is an open-source communications platform that enables real-time team chat, file sharing, and video conferencing with high customizability. | Reference: https://rocket.chat
signal Signal is a cross-platform centralized messaging service known for its focus on privacy and security through the use of rigorous end-to-end encryption. | Reference: https://Signal.org
slack Slack is a channel-based messaging platform designed for teams that facilitates collaboration through text, voice, and video communication. | Reference: https://Slack.com
telegram Telegram is a cloud-based mobile and desktop messaging app that prioritizes speed and security through encryption features. | Reference: https://Telegram.org
threema Threema is a paid, end-to-end encrypted instant messaging application for mobile devices that emphasizes user anonymity and data privacy. | Reference: https://Threema.ch
viber Viber, also known as Rakuten Viber, is a cross-platform voice over IP (VoIP) and instant messaging software application. | Reference: https://www.Viber.com
wechat WeChat is a multi-purpose Chinese app developed by Tencent that provides instant messaging, social media, and mobile payment services. | Reference: https://www.WeChat.com
wickr Wickr is an encrypted communication platform owned by AWS that offers secure messaging, voice calling, and file sharing for individuals and enterprises. | Reference: https://aws.amazon.com/wickr/
xmpp-server An XMPP Server is a system that implements the Extensible Messaging and Presence Protocol to handle the routing of XML data streams for real-time communication. | Reference: https://xmpp.org
mobile This tag identifies IP address ranges associated with Internet service providers that provide Internet connectivity via cellular networks and associated wireless technology such as 4G and 5G.
Sub-Tags (10)
Name Description
at&t AT&T is a multinational telecommunications holding company that provides mobile telephone services and fixed telephone/internet services. | Reference: https://www.att.com/
beeline Beeline is a major telecommunications brand operated by VimpelCom that provides mobile and fixed-line internet services primarily in Russia and the CIS region. | Reference: https://moskva.Beeline.ru/
jazztel jazztel is a telecommunications brand operating in Spain that offers broadband, television, and mobile telephony services. | Reference: https://www.jazztel.com
megafon Megafon is a major Russian telecommunications company that provides mobile phone, internet, and related digital services across the country. | Reference: https://moscow.Megafon.ru
mobile-telesystems Mobile TeleSystems (MTS) is the largest mobile network operator in Russia, offering wireless communication, broadband, and pay TV services. | Reference: https://moskva.mts.ru
mtn-irancell MTN Irancell is a leading telecommunications services provider in Iran offering 2G, 3G, and 4G mobile network services. | Reference: https://irancell.ir
orange-espagne Orange Espagne is the Spanish subsidiary of the multinational telecommunications corporation Orange, providing mobile, landline, and internet services in Spain. | Reference: https://www.orange.es/
t-mobile T-Mobile is a widely recognized brand used by the German telecommunications company Deutsche Telekom for its mobile network subsidiaries worldwide. | Reference: https://www.T-Mobile.com
verizon Verizon is a large American telecommunications conglomerate known for providing wireless network services and residential fiber-optic internet. | Reference: https://www.Verizon.com/
vodafone-group Vodafone Group is a British multinational telecommunications conglomerate that operates mobile and fixed networks across Asia, Africa, Europe, and Oceania. | Reference: https://www.vodafone.com
nas IP addresses with the NAS tag signify devices referred to as network attached storage (NAS) devices. These are commonly utilized as file servers on local networks as they make data available over a network. NAS tagged IP addresses can have child tags that represent vendors and device model information if identified.
Sub-Tags (6)
Name Description
asustor ASUSTOR is a brand specializing in Network Attached Storage (NAS) solutions and private cloud storage devices, operating as a subsidiary of ASUS. | Reference: https://www.ASUSTOR.com/
proftpd ProFTPD is a highly configurable, open-source FTP server software package often embedded within Network Attached Storage operating systems to facilitate file transfers. | Reference: http://www.ProFTPD.org/
qnap QNAP Systems, Inc. is a manufacturer of Network Attached Storage (NAS) appliances used for data storage, virtualization, and surveillance solutions. | Reference: https://www.QNAP.com/
synology Synology is a technology company specializing in Network-Attached Storage (NAS) appliances, IP surveillance solutions, and networking equipment. Synology devices are widely used for data backup, file sharing, and multimedia streaming in both home and business environments. | Reference: https://www.Synology.com/
Sub-Tags (1)
Name Description
disk-station DiskStation refers to the series of Network Attached Storage (NAS) appliances produced by Synology, often running the DiskStation Manager (DSM) operating system. | Reference: https://www.synology.com
truenas TrueNAS is an enterprise-grade, open-source network-attached storage (NAS) operating system developed by iXsystems, based on FreeBSD and Linux. | Reference: https://www.TrueNAS.com/
zyxel ZyXEL is a manufacturer of networking hardware that produces a wide range of products including routers, switches, firewalls, and wireless access points. ZyXEL solutions cater to service providers, businesses, and home users seeking connectivity infrastructure. | Reference: https://www.ZyXEL.com/
Sub-Tags (46)
Name Description
2812 The 2812 (specifically the P-2812 series) is a multi-functional wireless VoIP gateway and router manufactured by Zyxel for residential and business connectivity. | Reference: https://openwrt.org/toh/zyxel/p-2812hnu-f1
ies-series-msan The IES Series MSAN refers to the Integrated Exhaustive Service (IES) series of Multi-Service Access Nodes by Zyxel, used by telecom operators to deliver DSL and VoIP services. | Reference: https://www.zyxel.com/global/en/products/dsl-cpe
keenetic-4g The Keenetic 4G is a wireless router model originally developed under the Zyxel brand, designed specifically to support 3G/4G USB modems for mobile internet access. | Reference: https://keenetic.com/en/Keenetic 4G
keenetic-air The Keenetic Air is a dual-band AC1200 Wi-Fi router intended to provide extended wireless coverage and mesh Wi-Fi capabilities for home networks. | Reference: https://keenetic.com/
keenetic-dsl The Keenetic DSL is a modem router designed to connect users to the internet via ADSL2+ or VDSL2 telephone lines while providing Wi-Fi coverage. | Reference: https://keenetic.com/
keenetic-extra The Keenetic Extra is a dual-band Wi-Fi router optimized for handling multiple client devices and ensuring stable wireless performance. | Reference: https://keenetic.com/
keenetic-giga The Keenetic GIGA refers to the Zyxel Keenetic Giga, a Gigabit Ethernet router designed for high-speed home networking and internet connectivity. It features USB ports for 3G/4G modems and supports various connection protocols. | Reference: https://keenetic.com/en/Keenetic GIGA
keenetic-iii The Keenetic III is a legacy wireless router model designed to facilitate home networking and support various USB modem connections. | Reference: https://keenetic.com/
keenetic-lite The Keenetic Lite is a Wi-Fi router designed for reliable home internet connectivity, featuring multiple operating modes and Ethernet ports for wired devices. | Reference: https://keenetic.com/
keenetic-lte The Keenetic LTE is a desktop router featuring a built-in 4G/LTE modem to provide internet access via cellular networks. | Reference: https://keenetic.com/
keenetic-series The Keenetic Series encompasses a line of wireless routers originally manufactured by Zyxel (now an independent brand) known for their flexibility and modular operating system. These devices are used for home and small office network management. | Reference: https://keenetic.com/en
keenetic-viva The Keenetic Viva is a gigabit Wi-Fi router equipped with USB ports for connecting modems or storage drives, functioning as a central network hub. | Reference: https://keenetic.com/
keenetic-vox The Keenetic Vox is a multifunctional internet center that includes built-in support for IP telephony (VoIP) and DECT handset functionality. | Reference: https://keenetic.com/
linux-os The Linux OS tag denotes the open-source Linux operating system kernel, which serves as the underlying firmware foundation for many embedded devices, including Zyxel routers. It manages hardware resources and system processes within the networking equipment. | Reference: https://www.kernel.org/
lte3301 The LTE3301 is a Zyxel LTE indoor router designed to provide mobile broadband connectivity via 4G LTE, 3G, and 2G networks. It allows users to switch between wired and mobile connections for uninterrupted internet access. | Reference: https://www.zyxel.com/global/en/products/mobile-broadband/4g-lte-indoor-router-LTE3301-m209
lte3302 The LTE3302 identifies the Zyxel LTE3302 Series, a portable 4G LTE indoor router equipped with battery support for mobile usage. It is designed to deliver wireless broadband access in locations without fixed infrastructure. | Reference: https://www.zyxel.com/global/en/products/mobile-broadband/4g-lte-indoor-router-LTE3302-series
lte3316 The LTE3316 refers to the Zyxel LTE3316, a 4G LTE-A indoor router that supports Cat. 6 speeds and concurrent dual-band wireless connectivity. It is built to provide high-speed internet and voice services for residential users. | Reference: https://www.zyxel.com/global/en/products/mobile-broadband/4g-lte-a-indoor-i-ad-LTE3316-m604
modems The Modem tag covers a broad tag of Zyxel hardware devices responsible for modulating and demodulating signals for DSL, cable, or fiber connections. These devices function as the bridge between a local network and an Internet Service Provider. | Reference: https://www.zyxel.com/global/en/products/dsl-cpe
n4100-gateway The N4100 Gateway refers to the Zyxel N4100 WLAN Hotspot Gateway, a device designed to manage internet access and billing for hospitality and business venues. It includes features for user authentication and bandwidth management. | Reference: https://www.zyxel.com/support/support_landing_page.shtml?product=N4100
nbg-series The NBG Series consists of Zyxel's wireless home routers designed for high-performance multimedia streaming and gaming. These routers typically offer features like dual-band Wi-Fi and Quality of Service (QoS) management. | Reference: https://www.zyxel.com/global/en/products/wifi-router
nr7101 The NR7101 is a Zyxel 5G New Radio (NR) outdoor router designed to deliver ultra-high-speed mobile broadband to premises. It is built to withstand outdoor environments while capturing 5G signals for indoor network distribution. | Reference: https://www.zyxel.com/global/en/products/mobile-broadband/5g-nr-outdoor-router-NR7101
nsa-210 The NSA210 is a 1-Bay Digital Media Server and Network Attached Storage device manufactured by ZyXEL for home data management. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA210
nsa-220 The NSA220 is a 2-Bay Network Storage Appliance from ZyXEL designed to store, protect, and share files over a home network. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA220
nsa-220-plus The NSA-220 Plus is an upgraded version of ZyXEL's 2-Bay Network Attached Storage appliance featuring enhanced processing capabilities. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA220%20Plus
nsa-221 The NSA221 is a 2-Bay Media Server and NAS device by ZyXEL intended to serve as a personal cloud for home users. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA221
nsa-310 The NSA310 is a compact 1-Bay Media Server developed by ZyXEL to provide easy file sharing and media streaming functionality. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA310
nsa-310s The NSA310s is an entry-level 1-Bay Media Server from ZyXEL designed for personal cloud storage and multimedia streaming. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA310S
nsa-320 The NSA320 is a 2-Bay Power Media Server by ZyXEL built to handle higher performance requirements for home network storage. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA320
nsa-320s The NSA-320S is a 2-bay Network Attached Storage (NAS) media server manufactured by ZyXEL for home user data storage and streaming. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA320S
nsa-325 The NSA-325 is a 2-Bay Power Plus Media Server created by ZyXEL to provide network storage and multimedia streaming capabilities. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NSA325
nsa-325-v2 The NSA-325 V2 is an updated hardware iteration of ZyXEL's 2-bay Network Attached Storage device, offering enhanced performance for personal cloud usage. | Reference: https://www.zyxel.com/global/en/support/download?model=NSA325%20v2
nsa-326 The NSA-326 (often marketed as the NAS326) is an entry-level 2-bay Personal Cloud Storage device developed by ZyXEL for remote access and backup. | Reference: https://www.zyxel.com/global/en/products/nas/nas326
nsa-540 The NSA-540 is a 4-bay Network Attached Storage (NAS) appliance from ZyXEL designed to provide higher capacity storage and RAID capabilities for home networks. | Reference: https://www.zyxel.com/us/en-us/support/download?model=NAS540
nsa-542 The NSA-542 (typically known as NAS542) is a 4-bay Personal Cloud Storage unit manufactured by ZyXEL for centralized data management and sharing. | Reference: https://www.zyxel.com/global/en/products/nas/nas542
nwa-series The NWA Series denotes Zyxel's line of wireless access points (APs) aimed at small to medium-sized businesses and enterprise deployments. These devices facilitate scalable Wi-Fi coverage and centralized network management. | Reference: https://www.zyxel.com/global/en/products/wireless
p-2601hn-f1 The P-2601HN-F1 is a Zyxel 802.11n ADSL2+ VoIP IAD (Integrated Access Device) router designed for high-speed internet and voice services. It combines DSL connectivity, wireless networking, and VoIP capabilities in a single unit. | Reference: https://www.zyxel.com/support/download_landing/product/p_2601hn_f1_12.shtml
p-660hn-51 The P-660HN-51 refers to the Zyxel P-660HN-51, an ADSL2+ 4-port gateway with built-in 802.11n wireless technology. It is a legacy residential gateway used for broadband access and local networking. | Reference: https://www.zyxel.com/support/download_landing/product/p_660hn_51_12.shtml
prestige-series The Prestige Series is a legacy line of Zyxel broadband routers and modems, widely used for ADSL and ISDN connections in home and small office environments. The series established Zyxel's presence in the early broadband market. | Reference: https://www.zyxel.com/
sbg3300 The SBG3300 refers to the Zyxel SBG3300 Series, which are Wireless N VDSL2 Combo WAN Small Business Gateways. They offer multi-WAN connectivity options including VDSL2, ADSL2+, and GbE WAN for reliable business networking. | Reference: https://www.zyxel.com/uk/en/products/dsl-cpe/SBG3300-n-series
v300-voip-phone The V300 VoIP Phone tag refers to VoIP hardware or gateway capabilities within Zyxel's V-series product line (such as the V300 VDSL gateways) that support Voice over IP functionalities. These devices facilitate internet-based telephony alongside standard data routing. | Reference: https://www.zyxel.com/
vdsl-router A VDSL router is a networking device that connects a local network to the internet using Very-high-bit-rate Digital Subscriber Line technology over telephone lines. | Reference: https://en.wikipedia.org/wiki/VDSL
vmg4325-b10a The VMG4325-B10A is a Zyxel VDSL2 gateway featuring wireless AC connectivity and gigabit Ethernet ports. It is designed for service providers to deliver high-speed triple-play services (data, voice, and video) to subscribers. | Reference: https://www.zyxel.com/
vsg-series The VSG Series encompasses Zyxel's VDSL2 Service Gateways, which are high-performance bonding gateways used by service providers. These devices are designed to extend bandwidth and loop reach for high-speed broadband deployment. | Reference: https://www.zyxel.com/
vsg1435-b101 The VSG1435-B101 refers to a specific model in the Zyxel VDSL2 Service Gateway line, designed for high-bandwidth applications. It typically functions as a bonding gateway to aggregate multiple VDSL lines for increased speed. | Reference: https://www.zyxel.com/
zyair-wireless-series The ZyAIR Wireless refers to a legacy family of Zyxel wireless networking products, including adapters, access points, and gateways. These devices were designed to provide IEEE 802.11b/g/a wireless connectivity for personal and business use. | Reference: https://www.zyxel.com/
zywall-series The ZyWALL Series consists of business-grade VPN firewalls and gateways manufactured by Zyxel to provide robust network security and connectivity for small to medium-sized organizations. | Reference: https://www.zyxel.com/global/en/products/security/vpn-firewalls
openresolvers Identifies an IP associated with a domain name system (DNS) service that answers any DNS query from anyone. Openresolvers are often used in DNS amplification and reflection attacks.
orb Operational Relay Box (ORB) networks are infrastructures employed by threat groups, including Advanced Persistent Threats (APTs), to act as proxy networks that obscure their operational activities.
Sub-Tags (4)
Name Description
alpha ALPHA nodes are part of a distinct Operational Relay Box (ORB) network controlled by China-aligned threat groups to conduct exploitation activity. ALPHA is a proxy network consisting of actor-leased VPS. | Reference: https://www.team-cymru.com/post/an-introduction-to-operational-relay-box-orb-networks-unpatched-forgotten-and-obscured
bravo BRAVO nodes are part of a distinct Operational Relay Box (ORB) network controlled by China-aligned threat groups to conduct exploitation activity. BRAVO is a proxy network consisting of compromised IoT/SOHO devices. | Reference: https://www.team-cymru.com/post/an-introduction-to-operational-relay-box-orb-networks-unpatched-forgotten-and-obscured
charlie CHARLIE nodes are part of a distinct Operational Relay Box (ORB) network controlled by China-aligned threat groups to conduct exploitation activity. CHARLIE is a proxy network consisting of compromised IoT/SOHO devices and actor-leased VPS. | Reference: https://www.team-cymru.com/post/an-introduction-to-operational-relay-box-orb-networks-unpatched-forgotten-and-obscured
quad7 Quad7 (or 7777 botnet) is a botnet operation that compromises home routers to create a network of operational relay boxes (ORBs) for covert tunneling and password spraying. | Reference: https://blog.sekoia.io/Quad7-botnet-targeting-tp-link-routers/
ost IP addresses tagged as endpoints with a known Offensive Security Tool. These tools are often used by penetration testers or security teams. In some cases these can also be used by bad actors. Included in this tag are those endpoints that act like a command and control or callback server. Examples include Gophish, Deimos, Cobaltstrike. If an OST indicator is suspected of malicious activity, it will appear under CONTROLLER.
Sub-Tags (33)
Name Description
adaptixc2 AdaptixC2 is an open-source red teaming Command and Control framework designed for managing agents and executing post-exploitation tasks. | Reference: https://github.com/AdaptixSDK/Adaptix
arl ARL (Asset Reconnaissance Lighthouse) is a reconnaissance platform designed to map digital footprints, scan ports, and manage asset information for security testing. | Reference: https://github.com/TophantTechnology/ARL
beef beef (The Browser Exploitation Framework) is a penetration testing tool that focuses on the web browser, allowing an attacker to hook and control a victim's browser session. | Reference: https://beefproject.com/
brute-ratel Brute Ratel (Brute Ratel C4) is an advanced commercial Command and Control (C2) framework used by Red Teams to simulate sophisticated adversary tradecraft. | Reference: https://bruteratel.com/
burp-collaborator Burp Collaborator is a network service included in Burp Suite that helps attackers detect invisible vulnerabilities by capturing out-of-band interactions triggered by the target application. | Reference: https://portswigger.net/burp/documentation/collaborator
caldera Caldera is a cyber security framework designed by MITRE to automate adversary emulation and assist red teams in manual assessments. | Reference: https://github.com/mitre/Caldera
cobaltstrike Cobalt Strike is a commercial adversary simulation software used by red teams to execute targeted attacks and simulate the post-exploitation actions of advanced threat actors. | Reference: https://www.CobaltStrike.com/
covenant Covenant is a collaborative .NET Command and Control (C2) framework designed to highlight the attack surface of .NET usage in red team operations. | Reference: https://github.com/cobbr/Covenant
deimos Deimos is a post-exploitation Command and Control (C2) framework written in Golang, designed to manage compromised machines across multiple operating systems. | Reference: https://github.com/DeimosC2/DeimosC2
geacon Geacon is an open-source implementation of a Cobalt Strike Beacon written in Go, allowing operators to utilize Cobalt Strike infrastructure against non-Windows targets like macOS and Linux. | Reference: https://github.com/darkr4y/Geacon
gophish GoPhish is an open-source phishing framework designed to help security organizations and penetration testers simulate real-world phishing attacks to test user awareness. | Reference: https://getgophish.com/
hak5-cloud-c2 Hak5 Cloud C2 is a centralized management interface that allows users to remotely monitor and control fleets of physical Hak5 penetration testing devices. | Reference: https://c2.hak5.org/
hashtopolis Hashtopolis is a multi-platform client-server tool designed to distribute Hashcat password cracking tasks across multiple computers. | Reference: https://github.com/Hashtopolis/server
havoc Havoc is a modern, malleable Command and Control framework that provides red teamers with a specialized payload generator and post-exploitation management capabilities. | Reference: https://github.com/HavocFramework/Havoc
http-revshell HTTP-revshell is a tool designed to establish a reverse shell connection over HTTP or HTTPS, helping penetration testers bypass firewall restrictions that block non-web traffic. | Reference: https://github.com/3xpl01tc0d3r/HTTP-revshell
impacket Impacket is a collection of Python classes for working with network protocols, widely used by security professionals for packet manipulation, lateral movement, and credential dumping. | Reference: https://github.com/fortra/Impacket
interactsh Interactsh is an open-source tool for detecting out-of-band interactions, used by researchers to identify vulnerabilities like blind SQL injection or SSRF by capturing external callbacks. | Reference: https://github.com/projectdiscovery/Interactsh
jspspy JspSpy is a browser-based webshell written in JSP, utilized to manage files and execute commands on compromised Java-based web servers. | Reference: https://github.com/manning23/JspSpy
ligolo-ng Ligolo-ng is an advanced tunneling tool that uses TUN interfaces to establish pivoting capabilities during penetration tests, avoiding the complexity of SOCKS proxies. | Reference: https://github.com/nicocha30/Ligolo-ng
metasploit Metasploit is a comprehensive penetration testing framework that provides tools for discovering vulnerabilities, developing exploits, and managing security assessments. | Reference: https://www.Metasploit.com/
modlishka Modlishka is a reverse proxy tool used for phishing campaigns that can bypass two-factor authentication (2FA) by proxying traffic between the victim and the target site in real-time. | Reference: https://github.com/drk1wi/Modlishka
mythic Mythic is a collaborative, multi-user Command and Control (C2) framework that features a pluggable architecture, allowing operators to integrate various agents and tools. | Reference: https://docs.Mythic-c2.net/
nessus Nessus is a widely deployed vulnerability scanner used to detect potential security issues, misconfigurations, and patch deficiencies on IT infrastructure. | Reference: https://www.tenable.com/products/Nessus
nimplant Nimplant is a lightweight, cross-platform Command and Control implant written in Nim, designed to demonstrate the language's utility in offensive security operations. | Reference: https://github.com/CasperGN/Nimplant
osint The osint (Open Source Intelligence) tag is applied where the only source of the tagged information was found through open source reporting.
platypus Platypus is a platform-independent reverse shell manager written in Go, designed to allow penetration testers to manage multiple reverse shell sessions simultaneously. | Reference: https://github.com/wanglu/Platypus
poshc2 PoshC2 is a proxy-aware Command and Control framework used by red teams to manage post-exploitation activities and lateral movement within a network. | Reference: https://github.com/nettitude/PoshC2
rengine reNgine is an automated reconnaissance framework designed for web applications that streamlines the vulnerability assessment process by aggregating scan results. | Reference: https://github.com/yogeshojha/reNgine
responder Responder is an LLMNR, NBT-NS, and MDNS poisoner tool used to capture credentials and hashes by impersonating services on a local network. | Reference: https://github.com/lgandx/Responder
sliver Sliver is an open-source, cross-platform adversary emulation framework designed to provide robust Command and Control capabilities for red team operations. | Reference: https://github.com/BishopFox/Sliver
stowaway Stowaway is a multi-stage proxy tool written in Go that enables security professionals to manage network traffic through complex network topologies during penetration tests. | Reference: https://github.com/ph4ntonn/Stowaway
viper VIPER is a graphical intranet penetration tool that visualizes and automates the operation of the Metasploit Framework for easier management. | Reference: https://github.com/FunnyWolf/VIPER
vshell VShell is an open-source post-exploitation framework that is modular, cross-platform and customizable. It was developed and is primarily operated by native Chinese speakers.
p2p P2P is a tag describing IPs that are observed in Peer-to-peer activity, where devices act as peers and can directly share resources and data.
Sub-Tags (4)
Name Description
bittorrent BitTorrent is a communication protocol for peer-to-peer file sharing that enables the decentralized distribution of data and electronic files over the Internet. | Reference: https://www.BitTorrent.com/
ipfs InterPlanetary File System (InterPlanetary File System) is a peer-to-peer network and protocol designed to store and share data in a distributed file system to create a more resilient web. | Reference: https://InterPlanetary File System.tech/
runonflux RunOnFlux is a decentralized cloud computing network that enables the deployment and management of scalable, decentralized applications (dApps). | Reference: https://RunOnFlux.io/
syncthing Syncthing is an open-source, continuous file synchronization program that securely synchronizes files between two or more computers without a central server. | Reference: https://Syncthing.net/
phishing Identifies a host that has been implicated in hosting a malicious phishing page.
proxy The tag, PROXY, identifies IP addresses running popular proxy software. In the context of network architecture, proxies can operate as are intermediary servers between clients and other servers, bridging the communication between these two ends. Proxies can be used to mask IP addresses of either the server or the client on either side, adding a layer of security/privacy. PROXY tags also have child tags that represent common proxy software found running, such as SQUID or TINYPROXY.
Sub-Tags (121)
Name Description
agreyaproxies-proxy AgreyaProxies is a proxy service provider that facilitates anonymous web browsing and IP masking for various online activities. | Reference: https://agreyaproxies.com/
aktif-proxy Aktif-Proxy is a proxy service provider offering IP rotation and anonymity solutions, often utilized for accessing region-locked content or web automation. | Reference: https://Aktif-Proxy.com/
auproxies-proxy AUProxies is a service providing proxy servers, generally focusing on Australian IP addresses or specific regional markets for users requiring local presence. | Reference: https://auproxies.com/
balala-proxy Balala-Proxy is a network proxy service used to route internet traffic through alternative IP addresses, often for the purpose of scraping or automation. | Reference: http://www.Balala-Proxy.com/
buyproxies BuyProxies is a commercial service provider that offers shared and dedicated private proxy servers for web browsing and automated software integration. | Reference: https://BuyProxies.org/
buyproxies-proxy BuyProxies is a commercial provider offering anonymous dedicated and semi-dedicated proxy servers for internet usage. | Reference: https://buyproxies.org
ccproxy CCProxy is a user-friendly proxy server software for Windows that enables a connection to the Internet to be shared within a Local Area Network (LAN). | Reference: https://www.youngzsoft.net/CCProxy/
croxy-proxy CroxyProxy is a web-based proxy service that allows users to access websites and web applications anonymously directly through a browser interface without installing software. | Reference: https://www.croxyproxy.com/
cwfproxy CWFProxy is a process name often associated with legitimate web filtering software, such as Corel Web Filter Proxy, which manages and filters local network traffic. | Reference: https://www.file.net/process/CWFProxy.exe.html
cyber-ssh-proxy CyberSSH is a tunneling tool, often distributed as a mobile application, that utilizes the SSH protocol to create secure connections and modify network requests. | Reference: https://play.google.com/store/apps/details?id=com.cyberssh.cybersshproxy
ezproxies EZProxies is a commercial provider that offers various types of proxy solutions, including residential and datacenter IP addresses, for online anonymity. | Reference: https://EZProxies.com/
ezproxies-proxy EZProxies is a service provider that offers anonymous HTTP/HTTPS and SOCKS proxies for various web browsing needs. | Reference: https://www.ezproxies.com
ezproxy EZproxy is a middleware web proxy server program used extensively by libraries to provide authenticated access to restricted websites and academic databases for off-site users. | Reference: https://www.oclc.org/en/EZproxy.html
fine FineProxy, in the context of proxies, refers to FineProxy, a commercial service provider offering a wide range of server and residential proxies for data collection and anonymity. | Reference: https://fineproxy.org/
fine-proxy FineProxy is a server proxy vendor that provides a wide range of shared and private proxy servers from multiple international locations. | Reference: https://fineproxy.org
frp Fast Reverse (Proxy) (Fast Reverse Proxy) is a high-performance, open-source reverse proxy application that helps expose a local server behind a NAT or firewall to the Internet. | Reference: https://github.com/fatedier/Fast Reverse (Proxy)
geosurf GeoSurf is a premium residential proxy service provider that allows users to access geo-targeted content and browse the web via gateways in various global locations. | Reference: https://www.GeoSurf.com/
geosurf-proxy Geosurf-proxy provides residential IPs and VPN masking solutions used for verifying local content and conducting web research. | Reference: https://www.geosurf.com/
ghelper-proxy Ghelper refers to the proxy capabilities integrated into Ghelper, a browser extension designed to assist users in managing connections and bypassing regional web restrictions. | Reference: https://ghelper.net/
go-simple-tunnel Go Simple Tunnel (often styled as GOST) is a secure tunnel written in the Go language that supports multi-hop proxy chains and various tunneling protocols. | Reference: https://github.com/ginuerzh/gost
hex-proxy Hex-Proxy generally refers to proxy services or tools, such as the HexTech VPN suite, utilized to mask a user's identity and encrypt internet traffic. | Reference: https://hextechvpn.com/
highproxies HighProxies is a commercial infrastructure provider that sells private, shared, and residential proxy servers optimized for various social media and classified ads platforms. | Reference: https://www.HighProxies.com/
highproxies-proxy Highproxies-proxy supplies private and shared datacenter proxies optimized for tasks like social media management and classified ad posting. | Reference: https://www.highproxies.com/
hype HypeProxies often refers to HypeProxies Proxy or similar services that provide specialized, high-speed proxies frequently used for retail automation and sneaker bots. | Reference: https://hypeunique.com/
hype-proxy HypeProxy provides dedicated mobile 4G proxies specifically tailored for social media management and automation tasks. | Reference: https://hypeproxy.io
icloud-relay iCloud Relay (iCloud Private Relay) is an Apple privacy service that routes internet traffic through two separate relays to hide the user's IP address and browsing activity. | Reference: https://support.apple.com/en-us/102602
icloud-relay-proxy iCloud Private Relay is an internet privacy service by Apple that encrypts DNS records and masks the user's IP address during browsing. | Reference: https://support.apple.com/en-us/102602
ipidea-proxy IPIDEA-Proxy is a global proxy service provider that offers a large pool of residential and datacenter IP addresses for enterprise data collection and web scraping. | Reference: https://www.ipidea.net/
iplease-proxy IPLease is a service provider that supplies dedicated 4G/5G mobile proxies and residential IPs to assist with online anonymity and account management. | Reference: https://iplease.io/
iprent IPRent is a service that allows users to rent proxy servers and IP addresses, providing infrastructure for tasks requiring network anonymity. | Reference: https://IPRent.net/
iprent-proxy IPRent is a proxy service provider allowing users to rent IP addresses and proxy servers for managed connectivity. | Reference: https://www.iprent.net
iproxy-vn-proxy IProxy VN Proxy generally refers to mobile proxy generation tools or services focused on providing Vietnamese (VN) IP addresses for bypassing geo-restrictions. | Reference: https://iproxy.online/
iproyal IPRoyal is a commercial proxy provider offering an extensive network of residential, sneaker, and datacenter proxies for diverse professional and personal use cases. | Reference: https://IPRoyal.com/
just-my-socks-proxy Just My Socks is a Shadowsocks-based proxy service operated by BandwagonHost, designed to provide reliable internet access and bypass network censorship. | Reference: https://justmysocks.net/
kproxy KProxy is a free web proxy service that allows users to surf the internet anonymously and bypass local restrictions directly through a browser extension or web interface. | Reference: https://www.KProxy.com/
lexic-proxy Lexic refers to network traffic routed through infrastructure owned by Lexic Pty Ltd, a provider known for offering hosting and IP transit services often utilized for VPNs. | Reference: https://ipinfo.io/AS210644
luminati Luminati (now rebranded as Bright Data) is a data collection platform that provides a massive residential proxy network for web scraping and market research. | Reference: https://brightdata.com/
luminati-proxy Luminati-proxy refers to the service provided by Luminati Networks (rebranded as Bright Data), offering a large residential IP network for data collection. | Reference: https://brightdata.com/
meson-network Meson Network is a decentralized bandwidth marketplace that aggregates idle bandwidth from residential users to create a content delivery network and proxy layer. | Reference: https://meson.network/
meson-network-proxy Meson Network acts as a decentralized bandwidth marketplace that aggregates idle bandwidth from users to create a bandwidth exchange network. | Reference: https://meson.network
mirageid-proxy MirageID refers to proxy services, often residential, provided by MirageID to help users mask their digital fingerprints and browse anonymously. | Reference: https://mirageid.com/
modmissioncritical MOD Mission Critical is a managed service provider that offers network infrastructure solutions, including enterprise-grade proxy and hosting capabilities. | Reference: https://modmc.com/
modmissioncritical-proxy Mod Mission Critical is a digital infrastructure provider that offers managed network services, including Content Delivery Networks (CDN) and hosting. | Reference: https://modmissioncritical.com
mudfish Mudfish is a network accelerator and VPN service designed to optimize routing paths and reduce latency for online gaming traffic. | Reference: https://Mudfish.net/
myprivateproxy MyPrivateProxy is a commercial provider that offers private and shared HTTP/HTTPS proxies tailored for social media management and SEO tasks. | Reference: https://www.MyPrivateProxy.net/
newipnow NewIPNow is a web proxy service that allows users to browse the internet using different IP addresses to protect their identity and access restricted content. | Reference: https://NewIPNow.com/
newipnow-proxy NewIPNow is a vendor that sells private, dedicated HTTP proxies, allowing users to browse the web with different IP addresses. | Reference: https://newipnow.com
niuability-proxy Niuability-Proxy refers to traffic routed through Niuability Technology, a cloud and hosting provider whose infrastructure is sometimes used to host proxy endpoints. | Reference: https://ipinfo.io/AS136800
nkn NKN (New Kind of Network) is a peer-to-peer network connectivity protocol and ecosystem powered by a public blockchain for decentralized data transmission. | Reference: https://nkn.org/
nodestop-proxy Nodestop refers to VPN or proxy services hosted on the infrastructure of NodeStop, a Virtual Private Server (VPS) and hosting provider. | Reference: https://nodestop.com/
nps NPS is a lightweight, high-performance open-source proxy server designed for intranet penetration, supporting TCP, UDP, and HTTP traffic forwarding. | Reference: https://github.com/ehang-io/NPS
nym Nym is a privacy infrastructure platform that utilizes a mixnet to encrypt and relay traffic, protecting user metadata and communication patterns. | Reference: https://nymtech.net/
oculus-proxy Oculus Proxies refers to the backend networking and proxy infrastructure used by Meta's Oculus VR devices to communicate with servers and deliver content. | Reference: https://www.meta.com/quest/
ok-best-proxy OK Best-Proxy refers to network traffic originating from OK BEST LLC, an entity providing IP transit services that can be used for hosting proxy servers. | Reference: https://ipinfo.io/AS394711
open-proxy An Open-Proxy is a proxy server that is accessible to any internet user without authentication, often due to accidental misconfiguration by the server administrator. | Reference: https://en.wikipedia.org/wiki/Open_proxy
open-shadowsocks-proxy Open Shadowsocks refers to publicly accessible servers running the Shadowsocks protocol, a secure socks5 proxy designed to protect internet traffic. | Reference: https://shadowsocks.org/
opentunnel-proxy OpenTunnel refers to services or applications that utilize SSH tunneling to provide secure, encrypted internet access for users. | Reference: https://opentunnel.net/
opera-mini-proxy Opera Mini-Proxy is the server-side compression infrastructure used by the Opera Mini browser to reduce data consumption and accelerate page loading for mobile devices. | Reference: https://dev.opera.com/articles/opera-mini-and-javascript/
oxylabs Oxylabs is a web intelligence platform offering premium proxy services and data scraping solutions for large-scale public data gathering. | Reference: https://oxylabs.io/
oxylabs-proxy Oxylabs refers to the large-scale residential and datacenter proxy networks provided by Oxylabs for public web data gathering. | Reference: https://oxylabs.io/
packetflip-proxy Packet Flip is a networking service designed to lower latency and improve connection stability for voice applications like Discord. | Reference: https://packetflip.com/
packetstream PacketStream is a residential proxy network that allows business users to access the web through bandwidth shared by peer-to-peer participants. | Reference: https://PacketStream.io/
pingproxies PingProxies is a service provider offering premium residential and datacenter proxies designed for high-speed automated tasks and secure browsing. | Reference: https://PingProxies.com/
pingproxies-proxy Ping Proxies is a premium proxy provider specializing in residential and datacenter proxies optimized for automation and high-speed connections. | Reference: https://pingproxies.com
privateproxy PrivateProxy is a long-standing provider that supplies dedicated private IP addresses and proxy services for market research and anonymity. | Reference: https://PrivateProxy.me/
proxiesfo ProxiesFo (Proxies.fo) provides static ISP and residential proxy solutions intended for use cases requiring high stability and anonymity. | Reference: https://proxies.fo/
proxiesfo-proxy Proxies.fo is a vendor supplying residential and datacenter proxies often used for data aggregation and web scraping. | Reference: https://proxies.fo
proxify ProxyFI generally refers to commercial proxy services, such as ProxyFI.io, that offer rotating residential IPs for bypassing geo-restrictions and data scraping. | Reference: https://ProxyFI.io/
proxify-proxy Proxify is a web-based anonymity service that allows users to bypass network restrictions and hide their IP address while browsing. | Reference: https://proxify.com
proxy6 Proxy6 is an infrastructure service that allows customers to rent individual IPv4 and IPv6 proxy addresses from various geographic locations. | Reference: https://Proxy6.net/en/
proxybonanza ProxyBonanza is a commercial provider offering shared and dedicated HTTP and SOCKS5 proxies for browser anonymity and data retrieval. | Reference: https://ProxyBonanza.com/
proxyempire ProxyEmpire is a service that supplies residential and mobile proxies, granting access to a network of IP addresses for web scraping and geo-targeting. | Reference: https://ProxyEmpire.io/
proxyline ProxyLine offers specialized individual IPv4 and IPv6 proxy rentals tailored for tasks such as social media management and software parsing. | Reference: https://ProxyLine.net/
proxylistpro ProxyListPro is an online directory that aggregates and lists free public HTTP and SOCKS proxies available for general internet use. | Reference: http://www.ProxyListPro.com/
proxyrack Proxyrack is a large-scale infrastructure provider offering rotating residential and datacenter proxies for enterprise and personal applications. | Reference: https://www.Proxyrack.com/
proxys ProxyS refers to the service provider ProxyS.io, which rents out anonymous residential and datacenter proxy servers for secure connectivity. | Reference: https://ProxyS.io/en
proxyseller Proxy-Seller is a marketplace that enables users to purchase private SOCKS5 and HTTPS proxies specifically targeted for various social platforms and games. | Reference: https://proxy-seller.com/
proxysite ProxySite is a popular web-based proxy service that allows users to browse the internet anonymously and bypass filters directly through a web interface. | Reference: https://www.ProxySite.com/
proxysocks5 ProxySocks5 refers to services or lists specialized in providing proxies that utilize the SOCKS5 protocol for flexible traffic routing. | Reference: http://www.ProxySocks5.com/
proxyspider Proxy-Spider is a tool and service designed to scrape, test, and provide lists of working public proxies from sources across the internet. | Reference: https://Proxy-Spider.io/
proxywow ProxyWow is a proxy service provider that delivers anonymous IP addresses to facilitate secure browsing and mask user identity. | Reference: https://ProxyWow.com/
rampageserver-proxy Rampage Server-Proxy refers to the proxy infrastructure services offered by Rampage, typically utilized for low-latency connections in automated retail purchasing. | Reference: https://twitter.com/RamPage_Shop
rapidseedbox-proxy RapidSeedbox denotes the IPv4 and IPv6 proxy solutions provided by the RapidSeedbox hosting platform, known for high-bandwidth capabilities. | Reference: https://www.rapidseedbox.com/proxy
rayobyte Rayobyte is a major US-based proxy provider that supplies enterprise-grade residential, ISP, and datacenter proxies for data collection and SEO. | Reference: https://Rayobyte.com/
rayobyte-proxy Rayobyte-proxy is a provider of residential, data center, and ISP proxies designed to facilitate web scraping and data aggregation. | Reference: https://rayobyte.com/
serverdestroyer-proxy ServerDestroyer-Proxy refers to proxy infrastructure associated with the Server Destroyer service, which provides proxies often utilized for high-demand automated tasks like sneaker botting. | Reference: https://twitter.com/serverdestroyer
shiftproxy Shiftproxy is a residential proxy service that offers rotating IP addresses to facilitate anonymous web scraping, data collection, and ad verification. | Reference: https://Shiftproxy.io/
shopsocks5-proxy Shopsocks5 refers to a marketplace service, such as shopsocks5.com, that provides SOCKS5 proxy connections allowing users to route traffic through specific IP addresses. | Reference: http://shopsocks5.com/
smartproxy SmartProxy is a major commercial provider offering a network of residential and datacenter proxies used by businesses for market research and accessing geo-restricted data. | Reference: https://SmartProxy.com/
sneakerserver Sneaker Server provides specialized hosting infrastructure and proxies designed to help users run automated software for purchasing limited-edition footwear with low latency. | Reference: https://Sneaker Server.com/
sneakerserver-proxy Sneaker Server provides specialized low-latency dedicated servers and proxies designed primarily to run sneaker copping software. | Reference: https://sneakerserver.com
soax-proxy Soax is a residential and mobile proxy service platform that offers whitelisted IP addresses for legitimate data collection and ad verification purposes. | Reference: https://soax.com/
socks SOCKS is a standard internet protocol that exchanges network packets between a client and server through a proxy server, routing traffic through a specified IP address to mask the origin. | Reference: https://datatracker.ietf.org/doc/html/rfc1928
squid Squid is a widely used open-source caching proxy for the Web supporting HTTP, HTTPS, and FTP, designed to reduce bandwidth usage and improve response times by caching content. | Reference: http://www.Squid-cache.org/
sshkit-proxy SSHKit refers to the tunneling services provided by SSHKit, which offers SSH and VPN accounts to facilitate secure, encrypted connections and bypass network restrictions. | Reference: https://sshkit.com/
sshmonth-proxy SSHMonth is a service provider that supplies SSH tunneling accounts, allowing users to create secure proxies for internet browsing or firewall circumvention. | Reference: https://www.sshmonth.com/
ssl-private SSL private refers to services offered by SSLPrivateProxy, a company providing dedicated IP addresses and proxies specialized for high anonymity and social media management. | Reference: https://www.sslprivateproxy.com/
ssl-private-proxy SSLPrivateProxy offers high-anonymity private proxies and VPNs, supporting both HTTP/HTTPS and SOCKS protocols for secure browsing. | Reference: https://www.sslprivateproxy.com
ssr-huoxin-proxy Ssrhuoxin utilizes ShadowsocksR (SSR), a secure SOCKS5 proxy implementation designed to protect internet traffic and bypass deep packet inspection firewalls. | Reference: https://github.com/shadowsocksrr/shadowsocksr
statsolutions-proxy StatSolutions identifies traffic or infrastructure associated with Stat Solutions, a provider often categorized as a residential or datacenter proxy network used for traffic routing. | Reference: https://viz.greynoise.io/tags/stat-solutions-proxy
super-ultimate-browser-proxy Super Ultimate Browser-Proxy is a browser extension or client-side tool designed to route web traffic through intermediary servers to facilitate anonymous browsing and access geo-blocked content. | Reference: https://chrome.google.com/webstore/detail/super-proxy-vpn/
syncthing Syncthing is an open-source, continuous file synchronization program that securely synchronizes files between two or more computers without a central server. | Reference: https://Syncthing.net/
tinyproxy TinyProxy is a lightweight, open-source HTTP/HTTPS proxy daemon for POSIX operating systems, designed to be fast and consume minimal system resources. | Reference: https://TinyProxy.github.io/
titanium-network-proxy Titanium Network refers to web proxy services maintained by the Titanium Network community, which are designed to help users bypass content filters and internet censorship. | Reference: https://titaniumnetwork.org/
tor-proxy The Tor network is a free, open-source software that enables anonymous communication by directing internet traffic through a worldwide, volunteer overlay network. | Reference: https://www.torproject.org
traffic-monetizer TrafficMonetizer refers to software applications that allow users to share their unused internet bandwidth with a network in exchange for payment, effectively acting as residential proxy nodes. | Reference: https://trafficmonetizer.com/
troywell-proxy Troywell-Proxy is a VPN and proxy browser extension that allows users to bypass geo-restrictions and browse the internet anonymously by routing traffic through various server locations. | Reference: https://troywell.com/
trustedproxies TrustedProxies is a commercial proxy provider specializing in enterprise-grade proxy solutions for SEO monitoring, data scraping, and market research. | Reference: https://www.TrustedProxies.com/
trustedproxies-proxy Trustedproxies-proxy offers enterprise-grade proxy server solutions specifically tailored for SEO data gathering and rank tracking. | Reference: https://www.trustedproxies.com/
twmyhome-proxy Twmyhome-Proxy identifies proxy infrastructure or dynamic DNS services associated with the domain twmyhome.com, often linked to residential IP addresses in Taiwan. | Reference: https://www.virustotal.com/gui/domain/twmyhome.com/
unblockme-proxy Unblock-Me-Proxy refers to web-based proxy services or VPN applications designed to unblock websites and bypass network restrictions by masking the user's IP address. | Reference: https://Unblock-Me-Proxy.com/
v2ray V2Ray is a set of network tools within Project V designed to build specific network protocols and proxy configurations for bypassing network restrictions. | Reference: https://www.v2fly.org/en_US/
v2raya v2rayA is a web-based graphical user interface client for Linux that simplifies the configuration and management of the V2Ray core. | Reference: https://github.com/v2rayA/v2rayA
v6proxies-proxy V6proxies refers to the infrastructure provided by V6Proxies, a commercial service specializing in rotating IPv6 and residential IPv4 proxy solutions. | Reference: https://v6proxies.com/
volantssh-proxy VolantSSH refers to proxy or SSH tunneling services associated with Volant, a provider of VPS and network hosting infrastructure. | Reference: https://volant.io/
webshare WebShare is a commercial proxy provider that offers a variety of datacenter and residential proxy servers for tasks requiring IP rotation and anonymity. | Reference: https://www.WebShare.io/
webshare-proxy Webshare-proxy is a service offering accessible datacenter and residential proxy servers with a focus on speed and anonymity. | Reference: https://www.webshare.io/
wonder-proxy WonderProxy is a localized proxy service that enables developers and QA teams to test geo-targeted content and localization accuracy from servers worldwide. | Reference: https://wonderproxy.com/
zproxy zProxy is a commercial proxy service provider that offers residential and datacenter IP addresses tailored for web scraping and data collection. | Reference: https://zProxy.io/
zyte Zyte is a web data extraction platform that provides smart proxy management services and developer tools specifically designed for web scraping. | Reference: https://www.Zyte.com/
zyte-proxy Zyte-proxy, often utilized via the Zyte Smart Proxy Manager, is a solution for managing proxies and handling browser fingerprinting during web scraping. | Reference: https://www.zyte.com/
residential This tag identifies IP address ranges associated with Internet service providers that provide Internet connectivity to residential homes and businesses.
Sub-Tags (26)
Name Description
alwayson-internet AlwaysOn Internet is an internet service provider that specializes in delivering fixed wireless and high-speed internet connectivity to residential and business customers. | Reference: https://alwayson.co.za/
at&t AT&T is a multinational telecommunications holding company that provides mobile telephone services and fixed telephone/internet services. | Reference: https://www.att.com/
auburn-essential-services Auburn Essential Services is a municipal service provider operated by the City of Auburn, Indiana, delivering fiber-optic internet and telecommunications to the local community. | Reference: https://auburnessentialservices.net/
beeline Beeline is a major telecommunications brand operated by VimpelCom that provides mobile and fixed-line internet services primarily in Russia and the CIS region. | Reference: https://moskva.Beeline.ru/
cellcom Cellcom is a regional wireless service provider and ISP offering voice, data, and internet services, primarily operating in the Upper Midwest of the United States. | Reference: https://www.Cellcom.com/
centurylink centurylink, now operating under the brand Lumen Technologies, is a global technology company providing communications, network services, and residential internet. | Reference: https://www.centurylink.com/
charter Charter Communications is a telecommunications and mass media company that offers services under the Spectrum brand, including cable television, internet, and telephone. | Reference: https://corporate.Charter.com/
comcast Comcast Corporation is a global media and technology company that provides residential cable, internet, and phone services primarily through its Xfinity brand. | Reference: https://corporate.Comcast.com/
cox-communications cox communications is a major American broadband communications and entertainment company providing digital cable television, telecommunications, and home automation services. | Reference: https://www.cox.com/
earthlink Earthlink is an American internet service provider that delivers high-speed internet access to residential and business customers across the United States. | Reference: https://www.Earthlink.net/
embratel Embratel is a major Brazilian telecommunications company that provides voice, data, and residential internet services to customers across the country. | Reference: https://www.Embratel.com.br/
ftth-telecom ftth telecom refers to an internet service provider utilizing Fiber-to-the-Home technology to deliver high-speed broadband connectivity to residential subscribers. | Reference: https://bgp.he.net/AS45669
fusion-connect Fusion Connect is a managed communications and managed security provider that offers cloud solutions and internet connectivity for business and residential environments. | Reference: https://www.fusionconnect.com/
hot-net hot net is an internet service provider, part of the Hot Telecommunication Systems group, delivering residential infrastructure and broadband services in Israel. | Reference: https://www.hot.net.il/
jazztel jazztel is a telecommunications brand operating in Spain that offers broadband, television, and mobile telephony services. | Reference: https://www.jazztel.com
long-lines-internet Long Lines Internet is a regional telecommunications company in the United States providing cable, phone, and broadband services to residential communities. | Reference: https://longlines.com/
mediacom Mediacom is a United States cable television and communications provider offering high-speed residential internet primarily to smaller markets in the Midwest and South. | Reference: https://mediacomcable.com/
orange-espagne Orange Espagne is the Spanish subsidiary of the multinational telecommunications corporation Orange, providing mobile, landline, and internet services in Spain. | Reference: https://www.orange.es/
pavlov-media PAVLOV MEDIA is a network provider specializing in delivering high-speed internet and broadband solutions to multi-dwelling units, such as student housing and apartments. | Reference: https://pavlovmedia.com/
rostelecom rostelecom is Russia's largest integrated provider of digital services, offering telecommunications and residential internet access to a vast majority of the country. | Reference: https://www.company.rt.ru/en/
saimanet-telecom Saimanet Telecom is a telecommunications operator based in Kyrgyzstan that provides broadband internet access and data transmission services to residential clients. | Reference: https://saima.kg/
salam salam is a Saudi Arabian telecommunications company (formerly ITC) that offers fixed-line, mobile, and internet data services to the residential and commercial sectors. | Reference: https://salam.sa/en
sat-trakt sat-trakt is a telecommunications distributor in Serbia providing cable television, telephony, and residential internet services. | Reference: https://sattrakt.com/
spectrum Spectrum is the trade name for Charter Communications, a telecommunications company providing residential internet, cable TV, and telephone services. | Reference: https://www.spectrum.com/
verizon Verizon is a large American telecommunications conglomerate known for providing wireless network services and residential fiber-optic internet. | Reference: https://www.Verizon.com/
windstream windstream is a provider of voice and data network communications, delivering residential fiber and kinetic internet services across the United States. | Reference: https://www.windstream.com/
risknet Risk networks are tagged with the "risknet" tag. This tag is used to identify IP addresses belonging to hosting providers that have been associated with an elevated level of suspicious and/or malicious behavior.
Sub-Tags (1)
Name Description
bulletproof Bulletproof Hosting Providers under RiskNet are also labeled with the bulletproof child tag. This tag is used to identify IP addresses belonging to hosting providers that provide customers with a high degree of anonymity, and activity originating from such IP addresses has been associated with suspicious and/or malicious behavior.
rmm IP addresses tagged with the Remote Monitoring & Management (RMM) tag are identified as endpoints running software such as TeamViewer, AnyDesk, and others, which provide remote access and control of hosts.
Sub-Tags (3)
Name Description
anydesk AnyDesk is a proprietary remote desktop application that provides platform-independent remote access to personal computers and other devices. | Reference: https://AnyDesk.com/
meshcentral MeshCentral is an open-source remote monitoring and management web server designed for remotely managing computers and devices over local networks or the internet. | Reference: https://MeshCentral.com/
teamviewer TeamViewer is a widely used software application for remote control, desktop sharing, online meetings, and file transfer between computers. | Reference: https://www.TeamViewer.com/
router The 'ROUTER' tag denotes IP addresses associated with devices running public accessible services that identify them as router software or firmware. Typically these are Small Office/Home Office (SOHO)routers. Cybercriminals frequently target Small Office/Home Office (SOHO) routers, aiming to capitalize on potential security weaknesses inherent in these devices. ROUTER IP addresses can have child tags that represent vendors and device model information if available.
Sub-Tags (58)
Name Description
alotcer Alotcer (Xiamen Alotcer Communication Technology) specializes in industrial IoT communication products, including cellular routers and modems designed for machine-to-machine (M2M) applications. | Reference: https://www.Alotcer.com/
asus Asus is a multinational computer hardware company that manufactures a wide range of networking devices, including high-performance consumer and gaming Wi-Fi routers. | Reference: https://www.Asus.com/networking-iot-servers/wifi-routers/all-series/
Sub-Tags (11)
Name Description
gt-ax11000 The GT-AX11000 is a high-performance ROG Rapture gaming router manufactured by Asus, featuring tri-band Wi-Fi 6 capabilities. | Reference: https://rog.asus.com/networking/rog-rapture-GT-AX11000-model/
merlin-koolshare Merlin-KoolShare refers to a modified version of the Asuswrt-Merlin firmware, often used to extend the functionality of Asus routers and compatible hardware. | Reference: https://koolshare.cn/
r6300v2 The R6300v2 is a wireless router model originally by Netgear, though it is frequently categorized with Asus when modified to run ported Asuswrt firmware. | Reference: https://www.netgear.com/support/product/R6300v2.aspx
r7000 The R7000 (Nighthawk AC1900) is a popular Netgear router that is often flashed with third-party firmware, including ports of Asuswrt, placing it in this tag. | Reference: https://www.netgear.com/home/wifi/routers/R7000/
rt-ac66u-b1 The RT-AC66U B1 is a dual-band AC1750 Wi-Fi router manufactured by ASUS, designed to provide high-speed networking for home environments. | Reference: https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/RT-AC66U B1/
rt-ac68u The RT-AC68U is a popular ASUS AC1900 dual-band gigabit Wi-Fi router known for its reliable performance and coverage range. | Reference: https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rtac68u/
rt-ac87u The RT-AC87U is an ASUS wireless dual-band gigabit router featuring a 4x4 antenna design to deliver AC2400 class speeds. | Reference: https://www.asus.com/us/supportonly/RT-AC87U/helpdesk_knowledge/
rt-ac88u The RT-AC88U is a dual-band AC3100 gigabit Wi-Fi gaming router by ASUS that includes eight LAN ports for extensive wired connectivity. | Reference: https://www.asus.com/us/networking-iot-servers/wifi-routers/asus-wifi-routers/RT-AC88U/
rt-ax56u The RT-AX56U is an ASUS AX1800 dual-band Wi-Fi 6 router designed to support multiple devices efficiently using OFDMA and MU-MIMO technology. | Reference: https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/RT-AX56U/
rt-ax82u The RT-AX82U is an ASUS AX5400 dual-band Wi-Fi 6 gaming router characterized by its customizable lighting effects and mobile gaming prioritization modes. | Reference: https://www.asus.com/networking-iot-servers/wifi-routers/asus-gaming-routers/RT-AX82U/
zenwifi-ax-series The ZENWiFi AX Series refers to a line of ASUS Wi-Fi 6 mesh networking systems designed to provide seamless whole-home internet coverage. | Reference: https://www.asus.com/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/filter?series=zenwifi-wifi-systems
calix Calix Inc provides cloud platforms and systems for service providers, including the GigaSpire BLAST series of Wi-Fi routers and optical network terminals (ONTs). | Reference: https://www.Calix Inc.com/
cerio Cerio Corporation develops professional networking solutions, such as wireless bridges, PoE switches, and high-power routers tailored for enterprise and ISP deployments. | Reference: https://www.Cerio.com.tw/en/
checkpoint Checkpoint Software Technologies provides cybersecurity solutions, including Quantum network security gateways and routing appliances used to secure enterprise network traffic. | Reference: https://www.Checkpoint.com/
cisco Cisco Systems is a global leader in networking technology, manufacturing an extensive portfolio of routers and switches for enterprise, service provider, and small business environments. | Reference: https://www.Cisco.com/c/en/us/products/routers/index.html
Sub-Tags (10)
Name Description
anyconnect Cisco AnyConnect is a unified security endpoint agent that provides secure virtual private network (VPN) access and other security services for remote users. | Reference: https://www.cisco.com/c/en/us/products/security/AnyConnect-secure-mobility-client/index.html
ap541n The AP541N is a Cisco Small Business Pro Wireless Access Point that supports 802.11n clustering to simplify the management of multiple access points. | Reference: https://www.cisco.com/c/en/us/products/collateral/wireless/small-business-500-series-wireless-access-points/data_sheet_c78-566238.html
asa Cisco Adaptive Security Appliance (ASA) (Adaptive Security Appliance) is a family of security devices that combines firewall, antivirus, intrusion prevention, and VPN capabilities into a single unit. | Reference: https://www.cisco.com/c/en/us/products/security/Adaptive Security Appliance (ASA)-5500-x-series-next-generation-firewalls/index.html
asa5510 The ASA5510 is a specific hardware model within the legacy Cisco ASA 5500 Series of Adaptive Security Appliances, originally designed for small-to-medium businesses. | Reference: https://www.cisco.com/c/en/us/support/security/asa-5510-adaptive-security-appliance/model.html
asr9010 The ASR9010 is a high-performance carrier-grade router belonging to the Cisco ASR 9000 Series, engineered for edge networks and high-bandwidth aggregation. | Reference: https://www.cisco.com/c/en/us/support/routers/asr-9010-aggregation-services-router/model.html
firewall-unk-model AdtranQuility is a component of the AdTranquility spam protection suite, utilizing a Virtual Private Network to enhance user privacy and block unwanted notifications. | Reference: https://www.adtranquility.com/
ironport IronPort refers to a brand of email and web security appliances acquired by Cisco, which utilize SenderBase technology to filter spam and malware. | Reference: https://www.cisco.com/c/en/us/services/acquisitions/IronPort.html
pix The Cisco Pix (Private Internet Exchange) was a popular line of IP firewall appliances that preceded the modern Cisco ASA series. | Reference: https://en.wikipedia.org/wiki/Cisco_PIX
rv320 The rv320 is a Cisco dual gigabit WAN VPN router designed to provide reliable and secure connectivity for small business networks. | Reference: https://www.cisco.com/c/en/us/products/routers/rv320-dual-gigabit-wan-vpn-router/index.html
rv325 The rv325 is a Cisco dual gigabit WAN VPN router featuring a built-in 14-port switch to support higher capacity small business environments. | Reference: https://www.cisco.com/c/en/us/products/routers/rv325-dual-gigabit-wan-vpn-router/index.html
comtrend Comtrend designs and manufactures advanced networking equipment, including DSL/VDSL routers and residential gateways primarily distributed through telecommunication service providers. | Reference: https://us.Comtrend.com/
cradlepoint Cradlepoint specializes in cloud-delivered wireless edge WAN solutions, offering 4G LTE and 5G routers designed for enterprise and industrial connectivity. | Reference: https://Cradlepoint.com/
cudy Cudy focuses on networking and wireless products, offering a variety of Wi-Fi routers, mesh systems, and LTE gateways suitable for home and small office use. | Reference: https://www.Cudy.com/
cyberoam Cyberoam provided identity-based Unified Threat Management (UTM) appliances and routers before being acquired and integrated into Sophos network security products. | Reference: https://www.sophos.com/en-us/support/Cyberoam-end-of-life
d-link D-Link is a global provider of networking and connectivity products, manufacturing hardware such as switches, surveillance cameras, and routers for consumers and businesses. | Reference: https://www.dlink.com/
Sub-Tags (29)
Name Description
adsl-router The tag ADSL ROUTER generally refers to D-Link networking devices that integrate an ADSL modem with routing capabilities for broadband internet access. | Reference: https://www.dlink.com/en/products/dsl-3788-ac1200-vsol-vdsl-adsl-modem-router
dap-2590 The DAP-2590 is a D-Link AirPremier N Dual Band PoE Access Point designed to provide versatile wireless coverage for business-class networks. | Reference: https://www.dlink.com/en/products/DAP-2590-wireless-n-dual-band-poe-access-point
dap-2660 The DAP-2660 is a D-Link Wireless AC1200 Simultaneous Dual Band PoE Access Point built for deploying high-speed wireless in indoor business environments. | Reference: https://www.dlink.com/en/products/DAP-2660-wireless-ac1200-simultaneous-dual-band-poe-access-point
dap-2690 The DAP-2690 is a D-Link AirPremier N Simultaneous Dual-Band PoE Access Point designed for business environments to create secure and manageable wireless networks. It supports Power over Ethernet (PoE) and operates on both 2.4GHz and 5GHz frequency bands. | Reference: https://eu.dlink.com/uk/en/products/DAP-2690-wireless-n-simultaneous-dual-band-poe-access-point
dcm-604 The DCM-604 is a D-Link DOCSIS 3.0 Cable Modem intended to provide high-speed internet access via cable connection networks. It is designed to facilitate broadband connectivity for residential and small office users. | Reference: https://www.dlink.com.br/produto/DCM-604/
dcm-704 The DCM-704 is a wireless cable modem gateway manufactured by D-Link that combines DOCSIS 3.0 technology with Wi-Fi routing capabilities. This device serves as a central hub for home networking, delivering both internet access and local wireless connectivity. | Reference: https://fccid.io/KA2CM704
dir-100 The DIR-100 is a compact D-Link Ethernet Broadband Router designed to allow multiple computers to share a single internet connection. It features a built-in 4-port switch and firewall protection for home networking setups. | Reference: https://eu.dlink.com/uk/en/products/DIR-100-ethernet-broadband-router
dir-320 The DIR-320 is a D-Link Wireless G Router that includes a USB print server port and support for specific 3G USB adapters to share mobile internet connections. It provides 802.11g wireless connectivity and standard Ethernet routing functions. | Reference: https://eu.dlink.com/uk/en/products/DIR-320-wireless-g-print-server-router
dir-615 The DIR-615 is a widely used D-Link Wireless N300 Router that delivers enhanced speed and range compared to older 802.11g technology. It is designed for home users requiring a stable wireless connection for daily internet activities. | Reference: https://eu.dlink.com/uk/en/products/DIR-615-wireless-n-300-router
dir-620c1 The DIR-620C1 refers to a specific hardware revision (C1) of the D-Link DIR-620 Wireless N Router. It serves as a budget-friendly wireless access point and router, often supporting 3G/4G modems via USB in specific regional firmware versions. | Reference: https://tsar3000.com/product/d-link-dir-620-rev-c1-firmware/
dir-650in The DIR-650IN is a D-Link Wireless N300 Router equipped with high-gain antennas to improve wireless coverage and signal stability. It is tailored for home environments to support multiple device connections simultaneously. | Reference: https://www.dlink.com/en/products/DIR-650IN-wireless-n300-router
dir-815 The DIR-815 is a D-Link Wireless AC1200 Dual Band Router that offers simultaneous dual-band connectivity for combined wireless speeds. Its cylindrical form factor is designed to provide optimal signal distribution for media streaming and gaming. | Reference: https://eu.dlink.com/uk/en/products/DIR-815-wireless-ac1200-dual-band-cloud-router
dir-825 The DIR-825 is a D-Link Wireless AC1200 Dual Band Gigabit Router that combines high-speed 802.11ac Wi-Fi with Gigabit Ethernet ports. It is built to handle high-bandwidth applications like HD video streaming across multiple devices. | Reference: https://eu.dlink.com/uk/en/products/DIR-825-ac1200-high-gain-wi-fi-gigabit-router
dro-5020 The DRO-5020 is an older model D-Link residential gateway router designed for broadband connection sharing. It provides basic routing capabilities and network address translation for small home networks. | Reference: https://www.superbestaudiofriends.org/index.php?threads/d-link-DRO-5020-adsl-router.8080/
dsl-2520u The DSL-2520U is a D-Link ADSL2+ Ethernet/USB Combo Router that connects a computer or network to the internet via high-speed DSL. It functions as a bridge or router to manage upstream and downstream data traffic. | Reference: https://www.dlink.com.ph/product/DSL-2520U-adsl2-ethernetusb-combo-router/
dsl-2600u The DSL-2600U is a D-Link Wireless G ADSL2+ Router that integrates a modem and a wireless router into a single device. It is designed to provide cost-effective wireless internet access for home users. | Reference: https://www.dlink.com.au/home-solutions/DSL-2600U-wireless-g-adsl2-modem-router
dsl-2640nru The DSL-2640NRU is a regional variant of the D-Link Wireless N ADSL2+ Modem Router, offering speeds up to 150 Mbps. It serves as an all-in-one networking solution for connecting to DSL services and creating a local Wi-Fi network. | Reference: https://tsar3000.com/product/d-link-dsl-2640-nru-firmware/
dsl-2680 The DSL-2680 is a D-Link Wireless N150 ADSL2+ Modem Router designed for easy setup and energy efficiency. It provides a compact solution for sharing a high-speed DSL internet connection wirelessly. | Reference: https://eu.dlink.com/uk/en/products/DSL-2680-wireless-n-150-adsl2-modem-router
dsl-2730r The DSL-2730R is a D-Link Wireless N150 ADSL2+ Modem Router that features 4 Ethernet ports and integrated firewall protection. It allows users to create a secure wireless network for sharing photos, files, and music. | Reference: https://www.dlink.com.my/product/dsl-2730e-wireless-n-150-adsl2-modem-router/
dsr-series The DSR Series refers to D-Link Unified Services Routers, such as the DSR-250, DSR-500, and DSR-1000, which are designed for small to medium-sized businesses. These devices provide secure VPN capabilities, advanced management features, and high-performance routing. | Reference: https://eu.dlink.com/uk/en/products/DSR Series-unified-services-routers
dwl-8610ap The DWL-8610AP is a D-Link Unified Wireless AC1750 Dual-Band Access Point intended for business-class deployments. It supports high-speed wireless connectivity and can be managed centrally via D-Link Wireless Controllers. | Reference: https://eu.dlink.com/uk/en/products/DWL-8610AP-wireless-ac1750-dual-band-unified-access-point
dwr-921 The DWR-921 is a D-Link 4G LTE Router that allows users to access and share mobile broadband networks by inserting a SIM card. It includes Ethernet ports and Wi-Fi capabilities to distribute the 4G LTE internet connection to multiple devices. | Reference: https://eu.dlink.com/uk/en/products/DWR-921-4g-lte-router
firewall A Firewall is a fundamental network security device or software that monitors and filters incoming and outgoing network traffic based on an organization's security policies. | Reference: https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
go-dsl-n151 The GO-DSL-N151 is a D-Link Wireless N150 ADSL2+ Easy Modem Router designed for simplicity and ease of use in home networks. It combines a modem and router to provide essential internet connectivity and wireless sharing functions. | Reference: https://eu.dlink.com/uk/en/products/GO-DSL-N151-wireless-n-150-adsl2-easy-modem-router
unified-svcs The Unified Services tag refers to the Unified Services Router series (such as the DSR series) manufactured by D-Link, designed to provide comprehensive network solutions for small-to-medium businesses. These devices combine various networking services, including VPN and firewall capabilities, into a single integrated platform. | Reference: https://www.dlink.com/en/products/dsr-250-unified-services-router
voip-router A Voice Over IP Router in the context of D-Link refers to networking hardware that integrates Voice over IP (VoIP) capabilities directly into the router infrastructure. This allows users to manage both data and voice traffic through a single device interface. | Reference: https://eu.dlink.com/uk/en/products/dvg-n5402sp-wireless-n-Voice Over IP Router
vpn-router A VPN router is a router specifically configured with built-in Virtual Private Network client or server capabilities to encrypt network traffic for connected devices. | Reference: https://www.pcmag.com/picks/the-best-vpn-routers
wired-router AirVPN is a security-centric Virtual Private Network service operated by activists that emphasizes high-standard encryption and strict no-logging policies. | Reference: https://airvpn.org/
wireless-router A wireless router is a hardware device that performs the functions of a router and also includes a wireless access point to provide Wi-Fi connectivity. | Reference: https://en.wikipedia.org/wiki/Wireless_router
dasan DASAN (now part of DZS) manufactures telecommunications equipment, including GPON OLTs and routers used effectively in global broadband access networks. | Reference: https://dzsi.com/
Sub-Tags (7)
Name Description
h150n The H150N is a compact GPON Optical Network Terminal (ONT) manufactured by Dasan Networks (now DZS) intended for high-speed fiber internet access. It serves as a customer premises equipment (CPE) device to convert optical signals into electrical signals for residential connectivity. | Reference: https://dzs.com/
h660gm The Dasan H660GM is a GPON Optical Network Terminal designed to provide gigabit broadband services and voice features for home and small office environments. It typically acts as a gateway connecting the local area network to the service provider's passive optical network. | Reference: https://dzs.com/
h660rm The H660RM is a specific model of GPON ONT from Dasan Networks that facilitates high-bandwidth data transmission over fiber optic lines. It is deployed by internet service providers to deliver triple-play services (data, voice, and video) to subscribers. | Reference: https://dzs.com/
h660w The Dasan H660W is a GPON ONT device that typically includes integrated Wi-Fi capabilities to support wireless connectivity within customer premises. It functions as a bridge between the optical fiber network and wireless client devices. | Reference: https://dzs.com/
h660wm The H660WM is a Dasan Networks GPON ONT model that offers both wired and wireless networking options for residential users. It is designed to handle high-speed internet traffic while managing local network distribution. | Reference: https://dzs.com/
h662gr The Dasan H662GR is an optical network terminal used in fiber-to-the-home (FTTH) deployments to deliver broadband internet access. This device ensures compatibility with GPON standards for efficient data downlink and uplink. | Reference: https://dzs.com/
h665 The H665 is a compact GPON ONT by Dasan Networks, typically featuring a single Gigabit Ethernet port for high-speed connectivity. It is designed for simple, streamlined deployment in residential fiber networks where minimal on-premise hardware footprint is desired. | Reference: https://dzs.com/
draytek DrayTek manufactures networking equipment, specifically the Vigor series of routers and firewalls designed to provide secure connectivity for small to medium-sized businesses. | Reference: https://www.DrayTek.com/
Sub-Tags (3)
Name Description
vigor Vigor is a series of firewall routers and networking hardware manufactured by DrayTek, designed to provide secure connectivity for small to medium-sized businesses. | Reference: https://www.draytek.com/products/vigor-routers/
vigor2960 Browser Xxx-VPN generally refers to a tag of mobile browser applications integrated with VPN functionality, often marketed for accessing age-restricted or blocked content. | Reference: https://apkpure.com/search?q=browser+vpn
vigor2960 The DrayTek Vigor2960 is a high-performance dual-WAN firewall router designed for medium-sized enterprises with high throughput requirements. It emphasizes secure remote access with capacity for up to 200 concurrent VPN tunnels. | Reference: https://www.draytek.com/support/product-legacy/Vigor2960
fiberhome fiberhome Telecommunication Technologies is a major provider of optical transmission equipment, including routers and fiber-optic network terminals for telecommunication networks. | Reference: https://www.fiberhome.com/en/
firewall A Firewall is a fundamental network security device or software that monitors and filters incoming and outgoing network traffic based on an organization's security policies. | Reference: https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
fortinet Fortinet provides cybersecurity solutions such as physical firewalls and SD-WAN appliances, including the popular FortiGate router series used for securing network edges. | Reference: https://www.Fortinet.com/
Sub-Tags (11)
Name Description
fg100a The FG100A refers to the FortiGate-100A, an older Unified Threat Management (UTM) appliance manufactured by Fortinet. It was designed to provide firewall, antivirus, and intrusion prevention services for small-to-medium enterprise networks. | Reference: https://www.fortinet.com/products/next-generation-firewall
fg100c The Fortinet FG100C is the FortiGate-100C multi-threat security appliance that integrates firewall, IPSec/SSL VPN, and traffic shaping. It was built to deliver comprehensive network protection and policy enforcement for mid-sized organizations. | Reference: https://www.fortinet.com/products/next-generation-firewall
fg100d The FG100D identifies the FortiGate-100D, a Next-Generation Firewall (NGFW) designed to provide high-performance threat protection and simplified management. It features dedicated security processors to handle encrypted traffic and advanced malware protection. | Reference: https://www.fortinet.com/products/next-generation-firewall
fg100e The FortiGate 100E (FG100E) is a dedicated Next-Generation Firewall (NGFW) appliance designed by Fortinet to provide security and networking capabilities for mid-sized enterprise environments. | Reference: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_100E_Series.pdf
fg100f The FG100F, or FortiGate 100F, is a network security appliance featuring purpose-built ASICs and SD-WAN capabilities to deliver high-performance threat protection. | Reference: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_100F_Series.pdf
fgt30e Specifically designed for small businesses and branch offices, the FGT30E (FortiGate 30E) is a compact firewall appliance that offers unified threat management. | Reference: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_30E.pdf
fortigate FortiGate is the flagship line of physical and virtual firewalls from Fortinet, designed to provide deep packet inspection and network security across various scales of infrastructure. | Reference: https://www.fortinet.com/products/next-generation-firewall
fortiguard FortiGuard is the threat intelligence and security subscription service that updates Fortinet devices with the latest signatures for intrusion prevention, antivirus, and web filtering. | Reference: https://www.FortiGuard.com/
fortiwifi The FortiWiFi series consists of security appliances that integrate the firewall capabilities of FortiGate with a built-in wireless access point for secure Wi-Fi connectivity. | Reference: https://www.fortinet.com/products/next-generation-firewall/entry-level
fortiwifi-90d The FortiWiFi 90D is a legacy unified threat management device that combines wired switching, wireless networking, and firewall protection into a single desktop appliance. | Reference: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_90D_Series.pdf
vm In the context of Fortinet networking, the VM tag refers to virtual machine form factors of their appliances, such as FortiGate-VM, used to secure virtualized data centers and clouds. | Reference: https://www.fortinet.com/products/VM
four-faith Four-Faith specializes in IoT communication technology, manufacturing industrial routers, gateways, and modems designed to operate in harsh environments. | Reference: https://www.fourfaith.com/
gemtek Gemtek Technology is a leading wireless broadband manufacturer that produces routers, gateways, and networking modules often rebranded by telecom service providers. | Reference: http://www.Gemtek.com.tw/
gl-inet GL.iNet designs compact, OpenWrt-based travel routers and IoT gateways that emphasize privacy features and customization options for advanced users. | Reference: https://www.GL.iNet.com/
hillstone Hillstone Networks offers infrastructure protection solutions, including Next-Generation Firewalls (NGFWs) and secure routers designed for enterprise network environments. | Reference: https://www.hillstonenet.com/
hsgq HSGQ is a brand of optical communication equipment manufactured by Shenzhen HSGQ Technology, specializing in EPON/GPON OLTs and ONUs for broadband networks. | Reference: https://www.HSGQ.com
huawei Huawei is a global provider of information and communications technology (ICT) infrastructure, manufacturing a wide range of devices including routers, cloud servers, and telecommunications equipment. | Reference: https://www.Huawei.com/en/
hytec-inter Hytec-Inter is a Japanese technology firm that develops and distributes industrial networking solutions, including specialized routers and modems for video transmission and M2M applications. | Reference: https://hytec.co.jp/eng/
inseego Inseego is a US-based industry leader in 5G and intelligent IoT device-to-cloud solutions, known for producing mobile hotspots and fixed wireless access routers. | Reference: https://Inseego.com
irz iRZ is a manufacturer of wireless communication devices, offering a range of industrial 3G/4G routers, modems, and GSM gateways designed for IoT and automation systems. | Reference: https://en.iRZ.net
juniper Juniper Networks is a multinational corporation that develops high-performance networking products, including enterprise routers, switches, and security software. | Reference: https://www.Juniper.net
lb-link LB-Link is a brand owned by B-Link Electronic Limited that manufactures consumer networking products such as Wi-Fi routers, adapters, and signal repeaters. | Reference: http://www.LB-Link.cn
linksys Linksys is a prominent American brand of data networking hardware, providing wired and wireless routers tailored for home and small business environments. | Reference: https://www.Linksys.com
Sub-Tags (44)
Name Description
befsr41 The BEFSR41 is a classic 4-port EtherFast cable/DSL router manufactured by Linksys, historically used to share broadband internet connections in home networks. | Reference: https://www.linksys.com/support-product?sku=BEFSR41
befsr81 The BEFSR81 is an 8-port wired router from Linksys designed to facilitate local area networking and internet sharing for small office environments. | Reference: https://www.linksys.com/support-product?sku=BEFSR81
befsx41 The BEFSX41 is a Linksys EtherFast cable/DSL firewall router that includes VPN endpoint capabilities to support secure remote connections. | Reference: https://www.linksys.com/support-product?sku=BEFSX41
befvp41 The BEFVP41 is a dedicated VPN router manufactured by Linksys, designed to manage encrypted tunnels for connecting remote networks or users securely. | Reference: https://www.linksys.com/support-product?sku=BEFVP41
befw11s4 The BEFW11S4 is an early Wireless-B broadband router from Linksys that integrates a 4-port switch with wireless connectivity for home users. | Reference: https://www.linksys.com/support-product?sku=BEFW11S4
dd-wrt DD-WRT is a Linux-based open-source firmware often installed on consumer routers, such as Linksys models, to enhance performance and add advanced networking features. | Reference: https://DD-WRT.com/
e1000 The Linksys E1000 is a basic Wireless-N router designed to provide wireless internet connectivity and wired switching for home networking setups. | Reference: https://www.linksys.com/support-product?sku=E1000
e1200 The E1200 is a Linksys N300 Wi-Fi router offering standard wireless speeds and security features for everyday home internet usage. | Reference: https://www.linksys.com/support-product?sku=E1200
e1700 The Linksys E1700 is a Wireless-N router that differentiates itself by including Gigabit Ethernet ports to support high-speed wired data transfer. | Reference: https://www.linksys.com/support-product?sku=E1700
e2100 The E2100 (often associated with the Linksys E2100L USB adapter or Advanced N router series) is networking hardware designed to facilitate wireless connectivity for consumer devices. | Reference: https://www.linksys.com/support-product?sku=E2100L
e2500 The Linksys E2500 is an advanced dual-band Wireless-N router designed to provide internet connectivity and home networking coverage on both 2.4 GHz and 5 GHz bands. | Reference: https://www.linksys.com/support-product?sku=E2500
e3000 The Linksys E3000 is a high-performance dual-band Wireless-N router optimized for streaming multimedia content and gaming across a home network. | Reference: https://www.linksys.com/support-product?sku=E3000
e3200 The Linksys E3200 is a dual-band Wireless-N router featuring Gigabit Ethernet ports to support high-speed wired connections and fast wireless transfer rates. | Reference: https://www.linksys.com/support-product?sku=E3200
e4200 The Linksys E4200 is a maximum-performance dual-band Wireless-N router designed to handle heavy bandwidth usage and connect multiple devices in a home theater environment. | Reference: https://www.linksys.com/support-product?sku=E4200
e900 The Linksys E900 is a basic Wireless-N300 router providing standard wireless speeds and reliable connectivity for smaller homes or apartments. | Reference: https://www.linksys.com/support-product?sku=E900
ea2700 The Linksys EA2700 is an N600 dual-band router compatible with Linksys Smart Wi-Fi software for remote network management and prioritization. | Reference: https://www.linksys.com/support-product?sku=EA2700
ea3500 The Linksys EA3500 is an N750 dual-band router equipped with Gigabit Ethernet ports and USB support for shared storage within a home network. | Reference: https://www.linksys.com/support-product?sku=EA3500
ea4500 The Linksys EA4500 is an N900 dual-band router designed to support high-bandwidth applications like HD video streaming through optimized wireless technology. | Reference: https://www.linksys.com/support-product?sku=EA4500
ea6100 The Linksys EA6100 is an AC1200 dual-band Smart Wi-Fi router that delivers next-generation Wireless-AC speeds for faster data transfer. | Reference: https://www.linksys.com/support-product?sku=EA6100
ea6350 The Linksys EA6350 is an AC1200+ dual-band Smart Wi-Fi router featuring a USB 3.0 port and Gigabit Ethernet for enhanced connectivity and storage sharing. | Reference: https://www.linksys.com/support-product?sku=EA6350
ea6400 The Linksys EA6400 is an AC1600 dual-band Smart Wi-Fi router marketed as a solution for video enthusiasts requiring smooth video streaming capabilities. | Reference: https://www.linksys.com/support-product?sku=EA6400
ea6900 The Linksys EA6900 is an AC1900 Smart Wi-Fi router utilizing a dual-core processor to manage heavy network traffic and improve wireless range. | Reference: https://www.linksys.com/support-product?sku=EA6900
ea7300 The Linksys EA7300 is a MAX-STREAM AC1750 MU-MIMO Gigabit Wi-Fi router designed to provide simultaneous high-speed data to multiple devices. | Reference: https://www.linksys.com/support-product?sku=EA7300
ea8300 The Linksys EA8300 is a MAX-STREAM AC2200 tri-band router that offers three dedicated Wi-Fi bands to reduce interference and increase total throughput. | Reference: https://www.linksys.com/support-product?sku=EA8300
ea9200 The Linksys EA9200 is an AC3200 tri-band Smart Wi-Fi router built to deliver maximum performance and connectivity for households with many connected devices. | Reference: https://www.linksys.com/support-product?sku=EA9200
lrt214 The Linksys LRT214 is a business-class Gigabit VPN router designed to facilitate secure site-to-site and remote access VPN connections for small offices. | Reference: https://www.linksys.com/support-product?sku=LRT214
lrt224 The Linksys LRT224 is a dual WAN Gigabit VPN router that provides load balancing and failover capabilities to ensure continuous internet connectivity for businesses. | Reference: https://www.linksys.com/support-product?sku=LRT224
pap2-voip The Linksys PAP2 VOIP (often branded as PAP2T) is an Internet Phone Adapter that enables users to connect standard analog telephones to a Voice over IP (VoIP) service. | Reference: https://www.linksys.com/support-product?sku=PAP2T
rv016 The Linksys RV016 is a 10/100 16-Port VPN Router designed for small businesses, offering multiple ports for wired connections and support for numerous VPN tunnels. | Reference: https://www.cnet.com/reviews/linksys-RV016-10-100-16-port-vpn-router-review/
rv042 The Linksys RV042 is a 4-port VPN router featuring dual WAN ports, allowing small businesses to utilize a second internet connection for backup or increased bandwidth. | Reference: https://www.linksys.com/support-product?sku=RV042
rv082 The RV082 is a dual-WAN VPN router originally manufactured by Linksys and Cisco Small Business, designed to provide secure remote access and load balancing for small offices. | Reference: https://www.cisco.com/c/en/us/support/routers/RV082-dual-wan-vpn-router/model.html
rvs4000 The RVS4000 is a 4-port Gigabit security router produced by Linksys and Cisco, featuring intrusion prevention system (IPS) capabilities and high-speed network connectivity. | Reference: https://www.cisco.com/c/en/us/support/routers/RVS4000-4-port-gigabit-security-router/model.html
spa-series The Spa Series refers to a line of Analog Telephone Adapters (ATAs) and IP phones developed by Linksys and Cisco for enabling Voice over IP (VoIP) communications. | Reference: https://www.cisco.com/c/en/us/products/unified-communications/spa112-2-port-phone-adapter/index.html
wrt1200ac The WRT1200AC is a dual-band gigabit Wi-Fi router from Linksys that utilizes a dual-core processor and is engineered to support open-source firmware modifications. | Reference: https://www.linksys.com/WRT1200AC-dual-band-gigabit-wi-fi-router/WRT1200AC.html
wrt160n The WRT160N is a Wireless-N broadband router manufactured by Linksys, designed with a sleek form factor to provide increased wireless speed and range for home networks. | Reference: https://www.linksys.com/support-product?sku=WRT160N
wrt1900ac The WRT1900AC is a high-performance dual-band gigabit router by Linksys, featuring an iconic four-antenna design and optimization for open-source firmware usage. | Reference: https://www.linksys.com/WRT1900AC-dual-band-gigabit-wi-fi-router/WRT1900AC.html
wrt1900acs The WRT1900ACS is an upgraded version of the Linksys WRT1900AC router, offering a faster processor and double the RAM for improved data transfer speeds. | Reference: https://www.linksys.com/WRT1900ACS-dual-band-gigabit-wi-fi-router/WRT1900ACS.html
wrt310n The WRT310N is a Wireless-N Gigabit router produced by Linksys, capable of delivering high-speed wired connections and broad wireless coverage for media-intensive applications. | Reference: https://www.linksys.com/support-product?sku=WRT310N
wrt3200acm The WRT3200ACM is a Linksys dual-band MU-MIMO gigabit router featuring Tri-Stream 160 technology and full open-source firmware support for advanced customization. | Reference: https://www.linksys.com/WRT3200ACM-dual-band-gigabit-wi-fi-router/WRT3200ACM.html
wrt320n The WRT320N is a dual-band Wireless-N Gigabit router from Linksys that allows users to operate on either the 2.4GHz or 5GHz radio band to minimize interference. | Reference: https://www.linksys.com/support-product?sku=WRT320N
wrt400n The WRT400N is a simultaneous dual-band Wireless-N router by Linksys, designed to run both 2.4GHz and 5GHz networks at the same time for optimized media streaming. | Reference: https://www.linksys.com/support-product?sku=WRT400N
wrt54g The WRT54G is a legacy 802.11g wireless router from Linksys, widely recognized for its reliability and its pivotal role in the popularity of third-party router firmware. | Reference: https://en.wikipedia.org/wiki/Linksys_WRT54G_series
wrt600n The WRT600N is a simultaneous dual-band Wireless-N router from Linksys that includes Storage Link technology for connecting USB storage devices to the network. | Reference: https://www.linksys.com/support-product?sku=WRT600N
wrv200 The WRV200 is a Wireless-G VPN router manufactured by Linksys, tailored for small businesses requiring secure remote access and wireless connectivity. | Reference: https://www.linksys.com/support-product?sku=WRV200
mikrotik MikroTik is a Latvian manufacturer of computer networking equipment that produces routers and wireless ISP systems powered by its proprietary RouterOS software. | Reference: https://MikroTik.com
Sub-Tags (114)
Name Description
ccr1009-7g-1c The CCR1009-7G-1C is a MikroTik Cloud Core Router powered by a 9-core Tilera CPU, featuring seven Gigabit Ethernet ports and a combo-port interface. | Reference: https://mikrotik.com/product/CCR1009-7G-1C
ccr1009-7g-1c-1s+ The ccr1009-7g-1c-1s+ is an industrial-grade router from MikroTik that includes seven Gigabit Ethernet ports, a combo port, and an SFP+ cage for 10G connectivity. | Reference: https://mikrotik.com/product/CCR1009-7G-1C-1Splus
ccr1009-8g-1s The CCR1009-8G-1S is a rack-mountable Ethernet router by MikroTik equipped with eight Gigabit Ethernet ports and one SFP port, driven by a 9-core processor. | Reference: https://mikrotik.com/product/CCR1009-8G-1S
ccr1009-8g-1s-1s+ The ccr1009-8g-1s-1s+ is a robust router from MikroTik featuring eight Gigabit Ethernet ports, one SFP port, and one SFP+ port for high-throughput networking. | Reference: https://mikrotik.com/product/CCR1009-8G-1S-1Splus
ccr1016-12g The CCR1016-12G is a carrier-grade router from MikroTik powered by a 16-core Tilera CPU and equipped with twelve Gigabit Ethernet ports. | Reference: https://mikrotik.com/product/CCR1016-12G
ccr1016-12s-1s+ The ccr1016-12s-1s+ is a fiber-focused router by MikroTik featuring a 16-core CPU, twelve SFP ports, and one SFP+ port for extensive fiber optic connectivity. | Reference: https://mikrotik.com/product/CCR1016-12S-1Splus
ccr1036-12g-4s The CCR1036-12G-4S is a carrier-grade industrial router featuring a 36-core Tilera CPU, 12 Gigabit Ethernet ports, and 4 SFP cages for optical fiber connectivity. It is designed to handle high-throughput routing tasks in enterprise network environments. | Reference: https://mikrotik.com/product/CCR1036-12G-4S
ccr1036-8g-2s+ The ccr1036-8g-2s+ is a high-performance router powered by a 36-core CPU, equipped with 8 Gigabit Ethernet ports and two SFP+ ports for 10G connectivity. It supports redundant power supplies and is built for fast encryption and packet processing. | Reference: https://mikrotik.com/product/CCR1036-8G-2Splus
ccr1072-1g-8s+ The ccr1072-1g-8s+ is a flagship industrial router capable of processing over 120 million packets per second, featuring a 72-core CPU and eight 10G SFP+ ports. It is designed for core routing applications requiring massive throughput and redundancy. | Reference: https://mikrotik.com/product/CCR1072-1G-8Splus
ccr2004-16g-2s+ The ccr2004-16g-2s+ is a cost-effective router featuring the Amazon Annapurna Labs Alpine v2 CPU, 16 Gigabit Ethernet ports, and two 10G SFP+ cages. It is optimized for single-core performance to handle heavy connection loads efficiently. | Reference: https://mikrotik.com/product/ccr2004_16g_2s_
ccr2004-1g-12s+2xs Designed for high-throughput fiber connections, the CCR2004-1G-12S+2XS offers twelve 10G SFP+ ports and two 25G SFP28 ports alongside a single Gigabit Ethernet port. It serves as a powerful aggregation router for professional networks. | Reference: https://mikrotik.com/product/ccr2004_1g_12s_2xs
ccr2004-1g-2xs-pcie The CCR2004-1G-2XS-PCIE is a unique Network Interface Card with full router capabilities, fitting into a PCIe slot to add 25 Gigabit networking and RouterOS features directly to a server. It allows a server to bypass its internal CPU for specific routing tasks. | Reference: https://mikrotik.com/product/ccr2004_1g_2xs_pcie
ccr2116-12g-4s+ The ccr2116-12g-4s+ is a powerful router utilizing a 16-core ARM CPU designed to overcome single-core performance limitations in heavy BGP operations, featuring 10G SFP+ connectivity. It combines high raw performance with the flexibility of the RouterOS platform. | Reference: https://mikrotik.com/product/ccr2116_12g_4s_
ccr2216-1g-12xs-2xq The CCR2216-1G-12XS-2XQ is a high-speed flagship router supporting 100 Gigabit networking with two QSFP28 ports and twelve 25G SFP28 ports. It leverages L3 hardware offloading to manage massive traffic volumes in large enterprise networks. | Reference: https://mikrotik.com/product/ccr2216_1g_12xs_2xq
crs106-1c-5s The CRS106-1C-5S is a compact desktop cloud router switch featuring five SFP cages and a combo Gigabit Ethernet/SFP port for flexible optical connectivity. It is powered by a 400MHz CPU and 128MB RAM, suitable for small-scale fiber distribution. | Reference: https://mikrotik.com/product/crs106_1c_5s
crs109-8g-1s-2hnd The CRS109-8G-1S-2HND is a "Cloud Router Switch" series device that combines an 8-port Gigabit switch with a built-in 2.4GHz high-power wireless access point. It provides full wire-speed switching with Layer 3 routing configuration options. | Reference: https://mikrotik.com/product/CRS109-8G-1S-2HND-IN
crs112-8g-4s The CRS112-8G-4S is a small, low-cost managed switch featuring eight Gigabit Ethernet ports and four SFP cages, running RouterOS. It allows for port switching, mirroring, and bandwidth limiting in a compact form factor. | Reference: https://mikrotik.com/product/CRS112-8G-4S-IN
crs112-8p-4s The CRS112-8P-4S is an 8-port Gigabit PoE switch with four SFP ports, capable of powering other devices via 802.3af/at or passive PoE. It includes independent 28V and 48V power supplies to manage different voltage requirements. | Reference: https://mikrotik.com/product/crs112_8p_4s_in
crs125-24g-1s The CRS125-24G-1S combines the functions of a fully featured router and a Layer 3 switch, offering 24 Gigabit ports and one SFP port. It is designed for Small Office/Home Office (SOHO) environments requiring high port density. | Reference: https://mikrotik.com/product/CRS125-24G-1S-IN
crs125-24g-1s-2hnd The CRS125-24G-1S-2HND is a SOHO gateway device featuring 24 Gigabit Ethernet ports, an SFP cage, and a built-in high-power 2.4GHz wireless AP. It acts as a central connectivity hub, merging switching, routing, and wireless capabilities. | Reference: https://mikrotik.com/product/CRS125-24G-1S-2HND-IN
crs210-8g-2s+ The crs210-8g-2s+ is a versatile switch offering eight Gigabit ports and two SFP+ cages, allowing for 10G connectivity in a compact form factor. It supports dual power supplies (DC jack and PoE-in) for flexible deployment. | Reference: https://mikrotik.com/product/CRS210-8G-2Splus-IN
crs212-1g-10s-1s+ The crs212-1g-10s-1s+ is a networking device designed for fiber optical installations, equipped with one Gigabit Ethernet port, ten SFP cages, and one 10G SFP+ cage. It is ideal for ISP distribution or organizing optical fiber networks. | Reference: https://mikrotik.com/product/CRS212-1G-10S-1Splus-IN
crs226-24g-2s+ The crs226-24g-2s+ is a rackmount Layer 3 switch featuring 24 Gigabit Ethernet ports and two 10G SFP+ ports for high-speed uplink capabilities. It provides full switch functionality with the option to use RouterOS for routing features. | Reference: https://mikrotik.com/product/CRS226-24G-2Splus-RM
crs305-1g-4s+ The crs305-1g-4s+ is a compact, fanless switch featuring four SFP+ ports for 10 Gigabit connectivity and one Gigabit Ethernet port for management. It supports both RouterOS and SwOS, allowing users to choose their preferred operating system. | Reference: https://mikrotik.com/product/crs305_1g_4s_in
crs309-1g-8s+ The crs309-1g-8s+ is a compact, fanless networking switch that provides eight 10G SFP+ slots and a single Gigabit Ethernet port for management. It offers significant switching capacity and non-blocking throughput in a silent, rack-mountable enclosure. | Reference: https://mikrotik.com/product/crs309_1g_8s_in
crs310-1g-5s-4s+ The crs310-1g-5s-4s+ is a fiber-focused switch designed for longer connections, featuring five 1G SFP ports, four 10G SFP+ ports, and a Gigabit Ethernet port. It utilizes a modern ARM v7 CPU to support hardware offloading for efficient switching. | Reference: https://mikrotik.com/product/crs310_1g_5s_4s_in
crs312-4c+8xg The CRS312-4C+8XG is a MikroTik Cloud Router Switch equipped with eight 10G RJ45 ports and four 10G combo ports, designed to remove bottlenecks in high-speed networks. | Reference: https://mikrotik.com/product/crs312_4c_8xg_rm
crs317-1g-16s+ The crs317-1g-16s+ is a rack-mountable Cloud Router Switch that provides sixteen SFP+ ports for high-performance 10GbE connectivity and Layer 3 switching features. | Reference: https://mikrotik.com/product/crs317_1g_16s_rm
crs318-16p-2s+ The crs318-16p-2s+, marketed as the netPower 16P, is an outdoor 18-port switch featuring sixteen Gigabit PoE-out ports and two SFP+ ports for powering multiple access points or cameras. | Reference: https://mikrotik.com/product/netpower_16p
crs318-1fi-15fr-2s The CRS318-1FI-15FR-2S, known as the netPower 15FR, is an outdoor switch with fifteen reverse PoE ports allowing the device to draw power from connected client lines. | Reference: https://mikrotik.com/product/netpower_15fr
crs326-24g-2s+ The crs326-24g-2s+ is a versatile Cloud Router Switch offering twenty-four Gigabit Ethernet ports and two SFP+ cages, suitable for both switching and routing configurations. | Reference: https://mikrotik.com/product/CRS326-24G-2SplusRM
crs326-24s+2q+ The crs326-24s+2q+ is a high-speed data center switch featuring twenty-four 10 Gbps SFP+ ports and two 40 Gbps QSFP+ ports for substantial throughput capacity. | Reference: https://mikrotik.com/product/crs326_24s_2q_rm
crs328-24p-4s+ The crs328-24p-4s+ is a 28-port switch that includes twenty-four Gigabit Ethernet ports with versatile PoE output options and four SFP+ ports for optical connectivity. | Reference: https://mikrotik.com/product/crs328_24p_4s_rm
crs328-4c-20s-4s+ The crs328-4c-20s-4s+ is a Cloud Router Switch designed with twenty SFP ports, four SFP+ ports, and four combo ports to support mixed fiber networking environments. | Reference: https://mikrotik.com/product/crs328_4c_20s_4s_rm
crs354-48g-4s+2q+ The crs354-48g-4s+2q+ is a high-density rackmount switch offering forty-eight Gigabit Ethernet ports along with four 10G SFP+ and two 40G QSFP+ interfaces. | Reference: https://mikrotik.com/product/crs354_48g_4splus2qplusrm
crs354-48p-4s+2q+ The crs354-48p-4s+2q+ is a powerful switch providing forty-eight Gigabit PoE ports, four 10G SFP+ ports, and two 40G QSFP+ ports for managing extensive powered network infrastructure. | Reference: https://mikrotik.com/product/crs354_48p_4s_2q_rm
rb1000 The RB1000 is a legacy high-performance RouterBOARD model enclosed in a rackmount case, featuring four Gigabit Ethernet ports and a PowerPC processor. | Reference: https://mikrotik.com/product/RB1000
rb1100 The RB1100 is a rackmount Gigabit router equipped with thirteen Ethernet ports and a PowerPC CPU, designed for core routing tasks in medium networks. | Reference: https://i.mt.lv/cdn/rb_files/RB1100-series-1355406086.pdf
rb1100ah The RB1100AH is an updated version of the RB1100 rackmount router, featuring thirteen Gigabit ports and hardware acceleration for improved encryption performance. | Reference: https://i.mt.lv/cdn/rb_files/RB1100AH-series-1355406155.pdf
rb1100ahx2 The RB1100AHX2 is a 1U rackmount router powered by a dual-core PowerPC CPU, providing thirteen Gigabit Ethernet ports and substantial packet processing capability. | Reference: https://mikrotik.com/product/RB1100AHX2
rb1100dx4 The RB1100DX4, formally the RB1100AHx4 Dude Edition, is a quad-core router with high-speed storage connectors specifically built to host The Dude monitoring server. | Reference: https://mikrotik.com/product/rb1100ahx4_dude_edition
rb1100hx2 The RB1100HX2 refers to the RB1100AHx2 model, a high-performance router with a dual-core processor and thirteen Gigabit ports for demanding network environments. | Reference: https://mikrotik.com/product/RB1100AHx2
rb1100x4 The RB1100X4 generally refers to the RB1100AHx4, a powerful rackmount router featuring a quad-core Annapurna Alpine CPU and thirteen Gigabit Ethernet ports. | Reference: https://mikrotik.com/product/rb1100ahx4
rb1200 The RB1200 is an affordable rackmount router equipped with ten Gigabit Ethernet ports and a PowerPC processor, serving as an entry-level core router. | Reference: https://mikrotik.com/product/RB1200
rb133 The RB133 is a legacy RouterBOARD platform featuring three Ethernet ports and three miniPCI slots, originally designed for custom wireless router builds. | Reference: https://mikrotik.com/product/RB133
rb133c3 The RB133C3 refers to the RB133c model, a compact legacy RouterBOARD featuring one Ethernet port and one miniPCI slot for basic wireless CPE applications. | Reference: https://mikrotik.com/product/RB133c
rb2011il The RB2011IL is a basic model in the MikroTik RouterBOARD 2011 series, featuring a multi-port device design with power injector capabilities on the last port but lacking an SFP cage. | Reference: https://mikrotik.com/product/RB2011IL-IN
rb2011ils The RB2011ILS is a low-cost multi-port router from MikroTik that includes a Gigabit SFP cage for fiber connectivity, serving as an upgrade to the standard Lite model. | Reference: https://mikrotik.com/product/RB2011ILS-IN
rb2011l The RB2011L is the most basic edition of the MikroTik RouterBOARD 2011 series, offering five Gigabit Ethernet ports and five Fast Ethernet ports without SFP support or extra RAM. | Reference: https://mikrotik.com/product/RB2011L-IN
rb2011ls The RB2011LS is a Lite version of the RouterBOARD 2011 series that includes an SFP cage for optical fiber transceivers alongside its standard copper Ethernet ports. | Reference: https://mikrotik.com/product/RB2011LS-IN
rb2011uas The RB2011UAS is an older revision of the 2011 series featuring USB support, increased RAM ('A'), and an SFP cage ('S') for versatile networking applications. | Reference: https://mikrotik.com/product/RB2011UiAS-RM
rb2011uas-2hnd The RB2011UAS-2HND is a multi-port wireless router equipped with a high-power 2.4GHz dual-chain 802.11n wireless interface, USB port, and SFP connectivity. | Reference: https://mikrotik.com/product/RB2011UiAS-2HnD-IN
rb2011uias The RB2011UIAS is a versatile multi-port router that includes a USB port, SFP cage, and PoE output ('i') on the last Ethernet port to power other devices. | Reference: https://mikrotik.com/product/RB2011UIAS-IN
rb2011uias-2hnd The RB2011UIAS-2HND is a comprehensive SOHO router featuring 10 Ethernet ports, an SFP cage, USB, and high-power 2.4GHz wireless capability. | Reference: https://mikrotik.com/product/RB2011UIAS-2HND-IN
rb3011uias The RB3011UIAS is a high-performance multi-port router utilizing an ARM architecture CPU, featuring ten Gigabit ports, an SFP cage, and USB 3.0 support. | Reference: https://mikrotik.com/product/RB3011UIAS-RM
rb333 The RB333 is a legacy PowerPC-based RouterBOARD from MikroTik designed with three Ethernet ports and three miniPCI slots for wireless expansion. | Reference: https://mikrotik.com/product/RB333
rb4011igs+ The rb4011igs+ is a powerful router featuring a quad-core Cortex A15 CPU, ten Gigabit Ethernet ports, and a 10Gbps SFP+ cage for high-speed connectivity. | Reference: https://mikrotik.com/product/rb4011igs_rm
rb4011igs+5hacq2hnd The RB4011IGS+5HACQ2HnD is a high-performance dual-band router equipped with four-chain 5GHz 802.11ac support and a dual-chain 2.4GHz wireless interface. | Reference: https://mikrotik.com/product/rb4011igs_5hacq2hnd_in
rb411 The RB411 is a small form-factor customer premises equipment (CPE) board featuring one Ethernet port and one MiniPCI slot for a wireless card. | Reference: https://mikrotik.com/product/RB411
rb411a The RB411A is a variant of the standard 411 board that features increased memory to handle more demanding routing tasks or larger routing tables. | Reference: https://mikrotik.com/product/RB411A
rb411ah The RB411AH is a high-performance version of the 411 series, equipped with a faster CPU and more RAM for higher throughput in CPE applications. | Reference: https://mikrotik.com/product/RB411AH
rb411ar The RB411AR is a RouterBOARD model that integrates a wireless radio directly onto the board ('R') alongside the standard Ethernet interface. | Reference: https://mikrotik.com/product/RB411AR
rb411gl The RB411GL is a Gigabit-enabled version of the 411 series, offering faster wired speeds while maintaining the small Lite form factor. | Reference: https://mikrotik.com/product/RB411GL
rb411l The RB411L is the "Lite" edition of the 411 series, designed as a cost-effective solution with a simplified component set for basic CPE needs. | Reference: https://mikrotik.com/product/RB411L
rb411u The RB411U is a small wireless router board that includes a USB port ('U'), allowing for the attachment of 3G/4G modems or storage. | Reference: https://mikrotik.com/product/RB411U
rb411uahr The RB411UAHR is a feature-rich board combining high performance ('AH'), a USB port ('U'), and an integrated wireless radio ('R') into a single device. | Reference: https://mikrotik.com/product/RB411UAHR
rb433 The RB433 is a classic RouterBOARD series hardware platform featuring three 10/100 Ethernet ports and three miniPCI slots for custom wireless configurations. | Reference: https://mikrotik.com/product/RB433
rb433ah The RB433AH is a high-performance version of the standard 433 series board, equipped with more RAM and a faster CPU for demanding network throughput. | Reference: https://mikrotik.com/product/RB433AH
rb433gl The RB433GL is a RouterBOARD model that upgrades the standard 433 architecture by including three Gigabit Ethernet ports for higher speed wired connectivity. | Reference: https://mikrotik.com/product/RB433GL
rb433l The RB433L is a "Lite" version of the 433 series, providing a cost-effective solution with three Ethernet ports and three miniPCI slots but a lighter processor specification. | Reference: https://mikrotik.com/product/RB433L
rb433uah The RB433UAH is a versatile RouterBOARD featuring two USB 2.0 ports, expanded RAM, and a high-speed CPU, building upon the standard 433 platform. | Reference: https://mikrotik.com/product/RB433UAH
rb433uahl The RB433UAHL is a variant of the UAH series that offers USB support and decent processing power, serving as a bridge between the lite and high-performance models. | Reference: https://mikrotik.com/product/RB433UAHL
rb433ul The RB433ul is a streamlined RouterBOARD model that includes a USB port for storage or 3G/4G modems alongside the standard three Ethernet and miniPCI interfaces. | Reference: https://mikrotik.com/product/RB433ul
rb435g The RB435G is a robust mainboard designed for building wireless access points, featuring five miniPCI slots, three Gigabit Ethernet ports, and two USB ports. | Reference: https://mikrotik.com/product/RB435G
rb450 The RB450 is a five-port Ethernet router board without wireless interfaces, designed to be used as a wired SOHO router or switch replacement. | Reference: https://mikrotik.com/product/RB450
rb450g The RB450G is an upgraded version of the RB450 that features five Gigabit Ethernet ports and increased RAM for faster packet processing. | Reference: https://mikrotik.com/product/RB450G
rb450gx4 The RB450GX4 is a modern update to the 450 series powered by a quad-core ARM CPU, supporting IPsec hardware encryption and five Gigabit Ethernet ports. | Reference: https://mikrotik.com/product/RB450GX4
rb493ah The RB493AH is a high-capacity RouterBOARD with nine Ethernet ports and three miniPCI slots, utilizing a faster CPU for complex network routing tasks. | Reference: https://mikrotik.com/product/RB493AH
rb493g The RB493G features nine Gigabit Ethernet ports and a high-speed switch chip, making it suitable for serving as a high-throughput central network router. | Reference: https://mikrotik.com/product/RB493G
rb5009ug+s+ The rb5009ug+s+ is a heavy-duty home lab router featuring USB 3.0, seven Gigabit ports, one 2.5 Gigabit port, and a 10G SFP+ cage. | Reference: https://mikrotik.com/product/rb5009ug_s_in
rb5009upr+s+ The rb5009upr+s+ is a powerful router identical to the standard 5009 model but features PoE-in and PoE-out capabilities on all eight Ethernet ports. | Reference: https://mikrotik.com/product/rb5009upr_s_in
rb511 The RB511 is a legacy RouterBOARD hardware platform designed with one Ethernet port and one miniPCI slot for basic wireless CPE applications. | Reference: https://mikrotik.com/product/RB500
rb532 The RB532 is a discontinued RouterBOARD model that provided three Ethernet ports and two miniPCI slots, formerly used for multi-interface wireless setups. | Reference: https://mikrotik.com/product/RB500
rb532a The RB532A is an enhanced version of the legacy RB532 board, featuring expanded RAM to support more demanding routing tables and configurations. | Reference: https://mikrotik.com/product/RB500
rb600 The RB600 is a legacy RouterBOARD based on the PowerPC architecture, featuring three Gigabit Ethernet ports and four miniPCI slots. | Reference: https://mikrotik.com/product/RB600
rb600a The RB600A is a variation of the PowerPC-based rb600 series, designed for high-throughput wireless routing with multiple interface options. | Reference: https://mikrotik.com/product/RB600
rb711-2hn The RB711-2HN is a small form factor MikroTik RouterBOARD featuring an integrated 2GHz 802.11n wireless card, designed for building customer premise equipment (CPE). This board typically includes one Ethernet port and a built-in wireless radio with MMCX connectors for external antennas. | Reference: https://mikrotik.com/product/RB711-2HN
rb711-5hn The RB711-5HN is a MikroTik wireless router board equipped with an integrated 5GHz 802.11a/n radio, intended for use in assembling low-cost wireless station equipment. It features a single Ethernet port and high output power capabilities for long-range links. | Reference: https://mikrotik.com/product/RB711-5HN
rb711-5hn-mmcx The RB711-5HN-MMCX is a specific variant of the MikroTik RB711 series featuring a 5GHz radio and a dedicated MMCX connector for attaching an external antenna. This router board is designed to be integrated into custom enclosures for wireless ISP applications. | Reference: https://mikrotik.com/product/RB711-5Hn-M
rb711-5hn-u The RB711-5HN-U is a RouterBOARD model that includes an integrated 5GHz wireless card and a USB port, allowing for 3G/4G modem connectivity or storage expansion. It serves as a versatile component for creating wireless clients or small access points. | Reference: https://mikrotik.com/product/RB711-5HN-U
rb711-5hnd The RB711-5HND is an upgraded version of the 711 series RouterBOARD that features a 5GHz 802.11a/n radio with dual-chain (MIMO) support for higher throughput. This device allows for dual-antenna configurations to utilize 2x2 MIMO technology. | Reference: https://mikrotik.com/product/RB711-5HND
rb711a-5hn-mmcx The RB711A-5HN-MMCX is a higher-license level variant of the RB711 series, featuring a 5GHz radio with an MMCX connector and RouterOS Level 4 support. This license level allows the board to function as a wireless Access Point (AP) rather than just a client device. | Reference: https://i.mt.lv/cdn/rb_files/RB711-120224104953.pdf
rb711g-5hnd The RB711G-5HND is a high-performance RouterBOARD featuring a Gigabit Ethernet port and a 5GHz dual-chain 802.11n wireless radio. The inclusion of the Gigabit port allows this device to fully utilize the speed potential of the 802.11n wireless standard. | Reference: https://mikrotik.com/product/RB711G-5HND
rb711ga-5hnd The RB711GA-5HND combines Gigabit Ethernet, dual-chain 5GHz wireless, and a RouterOS Level 4 license, making it suitable for use as a base station Access Point. This board is designed for high-throughput wireless ISP infrastructure. | Reference: https://mikrotik.com/product/RB711GA-5HND
rb711ua-2hnd The RB711UA-2HND is a versatile RouterBOARD featuring a 2.4GHz dual-chain wireless radio, a USB port, and a RouterOS Level 4 license. It is designed to act as a small Access Point with support for additional peripherals via USB. | Reference: https://mikrotik.com/product/RB711UA-2HND
rb750 The RB750 is a classic five-port 10/100 Ethernet router by MikroTik, widely used as a SOHO (Small Office/Home Office) router or MPLS edge device. It is a compact, plastic-cased unit powered by RouterOS without built-in wireless capabilities. | Reference: https://mikrotik.com/product/RB750
rb750g The RB750G is the Gigabit edition of the standard RB750, offering five Gigabit Ethernet ports for higher throughput in small network environments. It features a faster CPU than the base model to handle increased traffic loads. | Reference: https://mikrotik.com/product/RB750G
rb750gl The RB750GL is a cost-effective Gigabit SOHO router offering five Gigabit Ethernet ports in a compact plastic case. It was designed to provide affordable Gigabit switching and routing capabilities for home and small office networks. | Reference: https://mikrotik.com/product/RB750GL
rb750gr2 Also known as the "hEX," the RB750GR2 is a five-port Gigabit Ethernet router that replaced older models with improved performance and a compact design. It is a wired-only router intended for locations where wireless is not required or is handled by separate APs. | Reference: https://mikrotik.com/product/RB750GR2
rb750gr3 The RB750GR3, marketed as the "hEX," is a revised Gigabit Ethernet router featuring a dual-core CPU and hardware encryption acceleration. It is a popular, powerful device for managing network traffic, VPNs, and Dude server packages in a small form factor. | Reference: https://mikrotik.com/product/RB750GR3
rb750p The RB750P, often marketed as the "PowerBox," is an outdoor five-port Ethernet router capable of powering other devices via PoE (Power over Ethernet) on four of its ports. It is housed in a weather-resistant case for mounting on towers or masts. | Reference: https://mikrotik.com/product/RB750P-PBr2
rb750r2 The RB750R2, known as "hEX lite," is a budget-friendly five-port Ethernet router designed for basic home networking needs. It supports the full RouterOS feature set despite its small size and lower price point. | Reference: https://mikrotik.com/product/RB750R2
rb750up The RB750UP is a five-port Ethernet router that features a USB port and PoE output capabilities on ports 2 through 5. It allows network administrators to power attached devices like wireless APs directly from the router. | Reference: https://mikrotik.com/product/RB750UP
rb750upr2 The RB750UPR2, or "hEX PoE lite," is a compact router with five Ethernet ports, a USB port, and PoE output support. It is designed to act as a central controller and power source for a small cluster of powered network devices. | Reference: https://mikrotik.com/product/RB750UPR2
rb751g-2hnd The RB751G-2HND is a wireless SOHO Gigabit Access Point featuring five Gigabit Ethernet ports and a high-power 2.4GHz 802.11n wireless radio. It includes built-in antennas and an MMCX connector for an external antenna, suitable for office Wi-Fi coverage. | Reference: https://mikrotik.com/product/RB751G-2HND
rb751u-2hnd The RB751U-2HND is a wireless SOHO router with five 10/100 Ethernet ports, a high-power 2.4GHz wireless radio, and a USB 2.0 port. It serves as a standard home or small office wireless access point with added 3G modem support. | Reference: https://mikrotik.com/product/RB751U-2HND
rb760igs The RB760IGS, commercially known as the hEX S, is a five-port Gigabit Ethernet router from MikroTik that features an SFP port and PoE output capability. It is designed for locations where wireless connectivity is not required but high-speed wired performance is necessary. | Reference: https://mikrotik.com/product/hex_s
rb800 The RB800 is an advanced wireless platform and RouterBOARD from MikroTik equipped with three Gigabit Ethernet ports and four MiniPCI slots. It is designed to serve as a powerful wireless base station or high-performance router. | Reference: https://mikrotik.com/product/RB800
rb850gx2 The RB850GX2 is a dual-core PowerPC routerboard by MikroTik featuring five Gigabit Ethernet ports. It is engineered to handle high throughput rates for robust routing and firewall tasks. | Reference: https://mikrotik.com/product/RB850GX2
rb911-5hacd The RB911-5HACD is a small form-factor RouterBOARD from MikroTik that includes an integrated 5GHz 802.11ac dual-chain wireless card. It is typically used for building custom wireless customer premise equipment (CPE). | Reference: https://mikrotik.com/product/RB911-5HACD
rb911-5hn The RB911-5HN is a compact wireless routerboard by MikroTik featuring a built-in 5GHz single-chain wireless card and one 10/100 Ethernet port. It is designed for integration into low-cost wireless CPE devices. | Reference: https://mikrotik.com/product/RB911-5HN
rb911-5hnd The RB911-5HND is a MikroTik RouterBOARD equipped with an integrated 5GHz dual-chain wireless card and a 10/100 Ethernet port. This board is often utilized in assembling point-to-point wireless links. | Reference: https://mikrotik.com/product/RB911-5HND
rb911g-2hpnd The RB911G-2HPND is a high-power routerboard from MikroTik that features a Gigabit Ethernet port and an integrated 2.4GHz high-power dual-chain wireless card. It is suitable for applications requiring strong signal reach and higher wired throughput. | Reference: https://mikrotik.com/product/RB911G-2HPND
routeros RouterOS is the proprietary operating system based on the Linux kernel that powers MikroTik RouterBOARD hardware and turns PCs into routers. | Reference: https://mikrotik.com/software
netgear NETGEAR is a global networking company that delivers innovative products to consumers and businesses, including a wide array of Wi-Fi routers and mesh systems. | Reference: https://www.NETGEAR.com
Sub-Tags (27)
Name Description
d6100 The D6100 is a NETGEAR AC1200 WiFi DSL Modem Router that provides dual-band wireless connectivity and Gigabit wired ports. It is designed to deliver high-speed internet access for home networks. | Reference: https://www.netgear.com/support/product/D6100
dg632 The DG632 is a legacy ADSL modem router from NETGEAR that allows connectivity via either a USB or Ethernet port. It serves as a basic gateway for accessing ADSL broadband services. | Reference: https://www.netgear.com/support/product/DG632
dg834g The DG834G is a widely utilized wireless ADSL firewall router by NETGEAR that combines a modem, router, switch, and access point. It is known for providing secure and shared internet access for home and small office networks. | Reference: https://www.netgear.com/support/product/DG834G
dg834gl The DG834GL is a variant of the NETGEAR DG834G series that runs on a Linux-based operating system. This model is popular among enthusiasts for its compatibility with open-source firmware modifications. | Reference: https://www.netgear.com/support/product/DG834GL
dg834n The DG834N is a RangeMax NEXT Wireless ADSL2+ Modem Router from NETGEAR designed to offer extended wireless range using Draft N technology. It aims to provide faster file transfers and broader coverage than standard G routers. | Reference: https://www.netgear.com/support/product/DG834N
dgn1000 The DGN1000 is a NETGEAR N150 Wireless ADSL2+ Modem Router that offers essential internet connectivity and wireless sharing capabilities. It is an entry-level device intended for simple home networking setups. | Reference: https://www.netgear.com/support/product/DGN1000
dgn1000v3 The DGN1000V3 is the third hardware revision of the NETGEAR N150 Wireless ADSL2+ Modem Router series. It provides updated components for reliable basic broadband access and local networking. | Reference: https://www.netgear.com/support/product/DGN1000V3
fvs336g The FVS336G is a ProSafe Dual WAN Gigabit Firewall from NETGEAR designed for small business environments. It features load balancing and SSL VPN capabilities to ensure secure remote access and network uptime. | Reference: https://www.netgear.com/support/product/FVS336G
fvs336gv2 The FVS336GV2 is the second version of the NETGEAR ProSafe Dual WAN Gigabit Firewall, offering improved throughput and performance. It continues to serve businesses requiring redundant internet connections and secure VPN tunnels. | Reference: https://www.netgear.com/support/product/FVS336GV2
fvx538 The FVX538 is a robust ProSafe Dual WAN VPN Firewall by NETGEAR engineered for higher-demand business networks. It supports a large number of simultaneous VPN tunnels and provides advanced firewall features. | Reference: https://www.netgear.com/support/product/FVX538
home-consumer-products The Home Consumer Products tag categorizes the broad portfolio of NETGEAR networking devices intended for residential use. This includes popular product lines like Nighthawk routers and Orbi mesh systems designed for home internet connectivity. | Reference: https://www.netgear.com/home/
orbi Orbi is a flagship line of mesh Wi-Fi systems manufactured by Netgear, designed to provide high-speed and seamless wireless coverage across large homes or properties. | Reference: https://www.netgear.com/home/wifi/mesh/
orbi-mini The Orbi Mini is a compact variation of the Netgear Orbi mesh Wi-Fi system, offering the same tri-band connectivity features in a smaller hardware form factor. | Reference: https://www.netgear.com/support/product/RBK20.aspx
prosafe ProSAFE is a product line by Netgear that encompasses business-class networking hardware, including switches, firewalls, and wireless access points designed for reliability and security. | Reference: https://www.netgear.com/business/
r6100 The Netgear R6100 is a dual-band 802.11ac wireless router designed to provide high-speed internet connectivity for home networks. | Reference: https://www.netgear.com/support/product/R6100.aspx
r9000 The Netgear R9000, also known as the Nighthawk X10, is a high-performance smart Wi-Fi router built for heavy streaming and VR gaming with AD7200 speeds. | Reference: https://www.netgear.com/home/wifi/routers/R9000/
wndr3800 The Netgear WNDR3800 is a dual-band gigabit router from the N600 series, known for its premium features and support for open-source firmware platforms. | Reference: https://www.netgear.com/support/product/WNDR3800.aspx
wndr3800ch The Netgear WNDR3800CH is a service-provider-specific version of the WNDR3800 router, typically distributed by Charter Communications for residential customers. | Reference: https://www.netgear.com/support/product/WNDR3800CH.aspx
wndrmacv2 The Netgear WNDRMACV2 is a dual-band gigabit router specifically styled in white to aesthetically complement Apple Mac computers while providing standard networking functions. | Reference: https://www.netgear.com/support/product/WNDRMACV2.aspx
wnr1000v2 The Netgear WNR1000V2 is an entry-level wireless router offering N150 speeds, designed for basic internet sharing in small home environments. | Reference: https://www.netgear.com/support/product/WNR1000V2.aspx
wnr2000v3 The Netgear WNR2000V3 is the third iteration of the N300 wireless router, providing affordable and straightforward Wi-Fi connectivity for home users. | Reference: https://www.netgear.com/support/product/WNR2000V3.aspx
wnr2000v4 The Netgear WNR2000V4 is a hardware revision of the N300 router series that serves as a standard wireless access point and gateway for residential networks. | Reference: https://www.netgear.com/support/product/WNR2000V4.aspx
wnr2000v5 The Netgear WNR2000V5 is the fifth version of this N300 wireless router, continuing to offer essential connectivity and security features for home internet access. | Reference: https://www.netgear.com/support/product/WNR2000V5.aspx
wnr3500l The Netgear WNR3500L is a "RangeMax" wireless-N gigabit router that is notable for its Linux-based open-source capabilities, allowing for custom firmware installation. | Reference: https://www.netgear.com/support/product/WNR3500L.aspx
wnr612v2 The Netgear WNR612V2 is a compact wireless N150 router designed for portability and use in smaller spaces like apartments or dorm rooms. | Reference: https://www.netgear.com/support/product/WNR612V2.aspx
wnr614 The Netgear WNR614 is a cost-effective N300 wireless router featuring external antennas to enhance signal coverage for home networking. | Reference: https://www.netgear.com/support/product/WNR614.aspx
xwn5001 The Netgear XWN5001 is a Powerline 500 Wi-Fi access point that uses a building's existing electrical wiring to extend internet access to difficult-to-reach areas. | Reference: https://www.netgear.com/support/product/XWN5001.aspx
nokia Nokia is a major telecommunications corporation that provides network infrastructure, including service provider routers and residential broadband gateways. | Reference: https://www.Nokia.com
openwrt OpenWrt is an open-source Linux operating system designed for embedded devices, widely used as a flexible and customizable firmware replacement for commercial routers. | Reference: https://OpenWrt.org
pakedge Pakedge is a networking brand, now part of Snap One, that creates enterprise-grade routers and switches specifically designed for high-end residential and commercial AV installations. | Reference: https://www.snapone.com/brands/Pakedge
palo-alto Palo Alto Networks is a leading global cybersecurity provider known for its next-generation firewalls and cloud-centric security solutions. | Reference: https://www.paloaltonetworks.com/
Sub-Tags (1)
Name Description
global-protect GlobalProtect is a VPN client and security platform by Palo Alto Networks that provides secure remote access and mobile workforce protection. | Reference: https://www.paloaltonetworks.com/globalprotect
panabit Panabit is a Chinese technology provider offering intelligent application gateways and routers focused on network traffic analysis, control, and optimization. | Reference: https://www.Panabit.com
peplink Peplink manufactures SD-WAN routers and connectivity solutions that utilize SpeedFusion technology to combine multiple connections for increased network reliability. | Reference: https://www.Peplink.com
pfsense pfSense is an open-source firewall and router software distribution based on FreeBSD, used to provide secure networking solutions for homes and enterprises. | Reference: https://www.pfSense.org
qnap QNAP Systems, Inc. is a manufacturer of Network Attached Storage (NAS) appliances used for data storage, virtualization, and surveillance solutions. | Reference: https://www.QNAP.com/
ralink Ralink was a manufacturer of Wi-Fi chipsets used in many affordable routers and adapters before being acquired by MediaTek. | Reference: https://www.mediatek.com
ruckus Ruckus Networks provides high-performance wired and wireless networking equipment, including enterprise routers and access points optimized for high-density environments. | Reference: https://www.ruckusnetworks.com
ruijie ruijie Networks is a leading ICT infrastructure provider that manufactures a broad portfolio of switches, routers, and wireless solutions for various industries. | Reference: https://www.ruijienetworks.com
semtech Semtech is a supplier of high-performance semiconductors and IoT systems, offering cellular routers and gateways (often through its acquisition of Sierra Wireless). | Reference: https://www.Semtech.com
sonicwall SonicWall is a cybersecurity vendor that manufactures a range of network security appliances, including firewalls and VPN concentrators designed to protect network perimeters. | Reference: https://www.SonicWall.com/
sophos Sophos is a cybersecurity company that produces next-generation firewalls and routers designed to secure networks against advanced threats. | Reference: https://www.Sophos.com
synology Synology is a technology company specializing in Network-Attached Storage (NAS) appliances, IP surveillance solutions, and networking equipment. Synology devices are widely used for data backup, file sharing, and multimedia streaming in both home and business environments. | Reference: https://www.Synology.com/
telesquare Telesquare is a Korean manufacturer specializing in the development of LTE routers and IoT gateway devices for industrial applications. | Reference: http://www.Telesquare.co.kr/
teltonika Teltonika Networks manufactures industrial networking connectivity equipment, including the Teltonika series of routers and gateways designed for IoT and M2M communication. | Reference: https://Teltonika-networks.com/
tenda Tenda Technology is a supplier of networking devices and equipment, widely recognized for its affordable consumer wireless routers and switches. | Reference: https://www.tendacn.com/
topsec Beijing TopSec Science & Technology is a prominent network security company in China that produces firewalls and secure routers under the TopSec brand. | Reference: http://www.TopSec.com.cn/
tp-link TP-Link is a global provider of reliable networking devices and accessories, specifically known for its extensive range of Wi-Fi routers for home and business use. | Reference: https://www.TP-Link.com/
Sub-Tags (38)
Name Description
8840t The TP-Link TD-8840T is a 2-in-1 device that functions as both a high-speed ADSL2+ modem and a 4-port NAT router for wired home networking. | Reference: https://www.tp-link.com/us/home-networking/dsl-gateway/td-8840T/
archer-a2 The TP-Link Archer A2 is a dual-band AC750 wireless router designed to support high-bandwidth activities such as HD streaming and online gaming. | Reference: https://www.tp-link.com/my/home-networking/wifi-router/Archer A2/
archer-a5 The Archer A5 is an AC1200 wireless dual-band router manufactured by TP-Link designed to provide high-speed internet connections for home networking. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/Archer A5/
archer-c20 The Archer C20 is an AC750 wireless dual-band router from TP-Link that supports the 802.11ac standard for reliable home Wi-Fi. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/Archer C20/
archer-c5 The Archer C5 is an AC1200 wireless dual-band gigabit router equipped with USB ports for file sharing and gigabit Ethernet ports for fast wired connections. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/Archer C5/
archer-c50 The Archer C50 is an AC1200 wireless dual-band router that delivers combined wireless speeds of up to 1.2 Gbps for bandwidth-intensive tasks. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/Archer C50/
archer-c7 The Archer C7 is an AC1750 wireless dual-band gigabit router known for its long-range coverage and high-performance throughput. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/Archer C7/
archer-c9 The Archer C9 is an AC1900 wireless dual-band gigabit router that utilizes beamforming technology to deliver efficient wireless connections. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/Archer C9/
archer-vr1600 The Archer VR1600 (often VR1600v) is an AC1600 wireless dual-band gigabit VoIP VDSL/ADSL modem router designed to support varied broadband technologies. | Reference: https://www.tp-link.com/au/service-provider/dsl-router/archer-vr1600v/
archer-vr600 The Archer VR600 is an AC1600 wireless gigabit VDSL/ADSL modem router that offers versatile connectivity options including DSL, fiber, and cable. | Reference: https://www.tp-link.com/us/home-networking/dsl-gateway/Archer VR600/
ec120-f5 The EC120-F5 is an AC1200 wireless dual-band router specifically designed for Internet Service Providers, featuring Agile Config for simplified management. | Reference: https://service-provider.tp-link.com/wifi-router/EC120-F5/
ec220-g5 The EC220-G5 is an AC1200 wireless dual-band gigabit router tailored for ISPs, allowing for batch customization and remote management. | Reference: https://service-provider.tp-link.com/wifi-router/EC220-G5/
mr200 The MR200 (Archer MR200) is an AC750 wireless dual-band 4G LTE router that enables internet access via an integrated SIM card slot. | Reference: https://www.tp-link.com/en/home-networking/3g-4g-router/archer-MR200/
mr3020 The MR3020 is a portable 3G/4G wireless N router powered by USB, allowing users to easily share a mobile connection while traveling. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/tl-MR3020/
mr3420 The MR3420 is a 3G/4G wireless N router that allows users to share a 3G/4G mobile broadband connection via a compatible USB modem. | Reference: https://www.tp-link.com/en/home-networking/3g-4g-router/tl-MR3420/
mr400 The MR400 (Archer MR400) is an AC1200 wireless dual-band 4G LTE router that provides download speeds of up to 150 Mbps over mobile networks. | Reference: https://www.tp-link.com/en/home-networking/3g-4g-router/archer-MR400/
mr600 The MR600 (Archer MR600) is a 4G+ Cat6 AC1200 wireless dual-band gigabit router that supports carrier aggregation for enhanced data speeds. | Reference: https://www.tp-link.com/en/home-networking/3g-4g-router/archer-MR600/
mr6400 The MR6400 is a 300 Mbps wireless N 4G LTE router that enables Wi-Fi sharing of a 4G LTE network simply by inserting a SIM card. | Reference: https://www.tp-link.com/en/home-networking/3g-4g-router/tl-MR6400/
vr400 The VR400 (Archer VR400) is an AC1200 wireless VDSL/ADSL modem router featuring beamforming technology and USB connectivity for diverse home networking needs. | Reference: https://www.tp-link.com/en/home-networking/dsl-gateway/archer-VR400/
w8970 The W8970 (TD-W8970) is a 300 Mbps wireless N gigabit ADSL2+ modem router that acts as an all-in-one device for high-speed internet access. | Reference: https://www.tp-link.com/en/home-networking/dsl-gateway/td-W8970/
wdr3500 The WDR3500 (TL-WDR3500) is an N600 wireless dual-band router capable of transmitting 300 Mbps on both 2.4 GHz and 5 GHz bands simultaneously. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/tl-WDR3500/
wr1042nd The WR1042ND (TL-WR1042ND) is a 300 Mbps wireless N gigabit router equipped with detachable antennas designed to handle bandwidth-intensive applications. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/tl-WR1042ND/
wr1043nd The WR1043ND (specifically the TL-WR1043ND) is a 300Mbps Wireless N Gigabit Router manufactured by TP-Link, designed to handle high-bandwidth applications like video streaming and VoIP. | Reference: https://www.tp-link.com/us/support/download/tl-WR1043ND/
wr2543nd The WR2543ND (TL-WR2543ND) is a dual-band wireless gigabit router from TP-Link that supports 450Mbps transmission speeds at 5GHz and 300Mbps at 2.4GHz for robust home networking. | Reference: https://www.tp-link.com/us/support/download/tl-WR2543ND/
wr710n The WR710N (TL-WR710N) is a compact, pocket-sized wireless router by TP-Link designed to create instant Wi-Fi hotspots and extend networks while traveling. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/tl-WR710N/
wr740n The WR740N (TL-WR740N) is a combined wired and wireless network connection device from TP-Link that integrates a 4-port switch and provides 150Mbps wireless speeds. | Reference: https://www.tp-link.com/us/support/download/tl-WR740N/
wr741nd The WR741ND (TL-WR741ND) is a 150Mbps Wireless N router produced by TP-Link featuring a detachable antenna, aimed at facilitating small office and home office networks. | Reference: https://www.tp-link.com/us/support/download/tl-WR741ND/
wr743nd The WR743ND (TL-WR743ND) serves as a wireless AP/Client router from TP-Link, specifically designed to support Wireless Internet Service Provider (WISP) modes for sharing connections. | Reference: https://www.tp-link.com/us/support/download/tl-WR743ND/
wr802n The WR802N (TL-WR802N) is a nano-sized wireless N router by TP-Link, engineered for maximum portability to connect smartphones and tablets to the internet in various environments. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/tl-WR802N/
wr841hp The WR841HP (TL-WR841HP) is a high-power wireless N router from TP-Link equipped with high-gain antennas to boost signal range and penetrate obstacles in large spaces. | Reference: https://www.tp-link.com/my/home-networking/wifi-router/tl-WR841HP/
wr841n The WR841N (TL-WR841N) is a widely deployed 300Mbps Wireless N router manufactured by TP-Link, designed for wired and wireless network connections in small businesses and homes. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/tl-WR841N/
wr842nd The WR842ND (TL-WR842ND) is a multi-function wireless N router by TP-Link that includes a USB port for sharing printers, files, or media across a local network. | Reference: https://www.tp-link.com/us/support/download/tl-WR842ND/
wr850n The WR850N (TL-WR850N) is a high-speed wireless router from TP-Link offering 300Mbps connections, typically distributed by internet service providers for residential use. | Reference: https://www.tp-link.com/in/service-provider/wifi-router/tl-WR850N/
wr940n The WR940N (TL-WR940N) is a 450Mbps Wireless N router from TP-Link that utilizes MIMO technology to ensure high-speed performance for latency-sensitive applications. | Reference: https://www.tp-link.com/us/home-networking/wifi-router/tl-WR940N/
wr941nd The WR941ND (TL-WR941ND) is a wireless N router manufactured by TP-Link featuring three antennas to enhance wireless stability and coverage for bandwidth-heavy tasks. | Reference: https://www.tp-link.com/us/support/download/tl-WR941ND/
xc220-g3v The XC220-G3V is a Gigabit GPON router produced by TP-Link, providing AC1200 dual-band Wi-Fi and VoIP capabilities for fiber-optic internet connections. | Reference: https://www.tp-link.com/br/service-provider/gpon/XC220-G3V/
xn020-g3 The XN020-G3 is a 300Mbps Wireless N Gigabit GPON terminal by TP-Link, serving as an all-in-one device for accessing and sharing high-speed fiber internet. | Reference: https://www.tp-link.com/bd/service-provider/gpon/300mbps-wireless-n-gigabit-gpon-router/XN020-G3/
xr500v The XR500V is a dual-band gigabit GPON router manufactured by TP-Link that delivers wireless speeds up to 1200Mbps and supports VoIP functionalities. | Reference: https://www.tp-link.com/in/service-provider/gpon/XR500V/
ubiquiti-networks Ubiquiti Networks is a technology company known for its UniFi and EdgeMax product lines, providing wireless data communication and enterprise networking equipment. | Reference: https://ui.com/
vdsl-router A VDSL router is a networking device that connects a local network to the internet using Very-high-bit-rate Digital Subscriber Line technology over telephone lines. | Reference: https://en.wikipedia.org/wiki/VDSL
vpn-router A VPN router is a router specifically configured with built-in Virtual Private Network client or server capabilities to encrypt network traffic for connected devices. | Reference: https://www.pcmag.com/picks/the-best-vpn-routers
watchguard WatchGuard Technologies is a network security vendor that produces unified threat management appliances, including secure firewalls and routers. | Reference: https://www.WatchGuard.com/
wavlink WAVLINK provides a variety of computer connectivity solutions, including Wi-Fi routers, range extenders, and docking stations. | Reference: https://www.WAVLINK.com/
wireless-router A wireless router is a hardware device that performs the functions of a router and also includes a wireless access point to provide Wi-Fi connectivity. | Reference: https://en.wikipedia.org/wiki/Wireless_router
zte ZTE Corporation is a multinational telecommunications company that manufactures a wide array of networking hardware, including 5G and fiber-optic routers. | Reference: https://www.ZTE.com.cn/
zyxel ZyXEL is a manufacturer of networking hardware that produces a wide range of products including routers, switches, firewalls, and wireless access points. ZyXEL solutions cater to service providers, businesses, and home users seeking connectivity infrastructure. | Reference: https://www.ZyXEL.com/
satellite The Satellite tag signifies IP addresses linked to satellite connectivity. These IP addresses represent Very Small Aperture Terminals (VSAT) and Satellite ISP IP addresses used by their customers.
Sub-Tags (8)
Name Description
gilat Gilat Satellite Ltd Satellite Networks is a public company that develops and sells satellite ground station equipment and related networking services. | Reference: https://www.Gilat Satellite Ltd.com/
hughes-network Hughes Network Systems is a provider of broadband satellite services and technology, operating the well-known HughesNet internet service. | Reference: https://www.hughes.com/
intelsat Intelsat operates one of the world's largest satellite services businesses, providing the communications infrastructure for video and broadband connectivity. | Reference: https://www.Intelsat.com/
ses SES is a global satellite owner and operator that provides video and data connectivity to broadcasters, content and internet service providers, and mobile and fixed network operators. | Reference: https://www.SES.com/
starlink Starlink is a satellite internet constellation operated by SpaceX, designed to provide high-speed, low-latency broadband internet across the globe. | Reference: https://www.Starlink.com/
turksat Turksat is the sole satellite operator in Turkey, managing satellite capacity and providing broadcasting and internet services. | Reference: https://www.Turksat.com.tr/en
viasat ViaSat is a global communications company that provides high-speed satellite broadband services and secure networking systems for military and commercial markets. | Reference: https://www.ViaSat.com/
vsat A VSAT (Very Small Aperture Terminal) is a two-way satellite ground station with a dish antenna that is smaller than 3.8 meters, used for data transmission. | Reference: https://en.wikipedia.org/wiki/Very-small-aperture_terminal
scanner IP addresses tagged as a SCANNER have been observed scanning the Internet. This scanning activity could potentially signify the presence of compromised machines, potentially harnessed by malicious actors to identify and exploit vulnerabilities in other systems connected to the network. Some of the IP addresses tagged as a SCANNER may have additional child tags that provide more insight into the activity. For example, SHODAN or CENSYS child tags may be used to tag IP addresses from known vendors that scan the Internet, or child tags such as SSH-SCANNER are used to identify scanning activity observed scanning port 22 (SSH).
Sub-Tags (52)
Name Description
adb-scanner An Android Debug Bridge (ADB) Scanner is a network utility designed to identify devices with the Android Debug Bridge interface exposed, typically listening on TCP port 5555. | Reference: https://isc.sans.edu/diary/Android+Debug+Bridge+%28ADB%29+Scanners/23281
alphastrike-labs Alphastrike Labs is a cybersecurity research group that performs continuous internet-wide scanning to identify risks and map global attack surfaces. | Reference: https://www.alphastrike.io/
ant-lab The ANT Lab (Analysis of Network Traffic) at the University of Southern California (USC) ISI conducts internet measurement research and mapping, often generating traffic associated with census scanning. | Reference: https://ant.isi.edu/
arbor-networks Arbor Networks (now part of NetScout) provides network security and DDoS mitigation solutions, often utilizing scanners to monitor global threat activity and traffic patterns. | Reference: https://www.netscout.com/arbor
binary-edge BinaryEdge is a threat intelligence platform that scans the internet to acquire data on exposed devices, services, and ports for security analysis. | Reference: https://www.binaryedge.io/
censys Censys is a public search engine and data platform that continuously scans the internet to help researchers and defenders analyze device exposure and digital certificates. | Reference: https://Censys.io/
colorado-state-university Colorado State University hosts computer science researchers who conduct internet measurement studies and network scanning to analyze topology and security protocols like BGP. | Reference: https://www.cs.colostate.edu/
crawler A Crawler is an automated program or bot that systematically browses the internet to index web content or map network structures for search engines or data analysis. | Reference: https://en.wikipedia.org/wiki/Web_crawler
cups-scanner A Common UNIX Printing System (CUPS) Scanner targets port 631 to identify systems running the Common Unix Printing System (CUPS), often checking for device information or printer availability. | Reference: https://www.cups.org/
cyber-resilience Cyber resilience is a research project that performs Internet scanning. | Reference: https://cyberresilience.io/cyberresilience
cybergreen The CyberGreen Institute is a non-profit organization that conducts internet scanning to measure the health of the global cyber ecosystem and identify risk factors. | Reference: https://www.CyberGreen.net/
dataplane Dataplane is a community-driven project that tracks internet background noise and scanning activity to provide threat intelligence feeds regarding unwanted traffic. | Reference: https://Dataplane.org/
dhs The Department of Homeland Security (Department of Homeland Security), specifically through CISA, conducts vulnerability scanning services to help organizations identify and remediate security weaknesses. | Reference: https://www.cisa.gov/cyber-hygiene-services
driftnet Driftnet is an organization specialized in Internet scanning. | Reference: https://driftnet.io/
fh-munster-university FH Munster University is an academic institution in Germany recognized for conducting legitimate internet-wide research scanning projects to gather network statistics. | Reference: https://www.fh-muenster.de/
fofa FOFA is a cyberspace search engine developed to help users find internet assets, assess potential attack surfaces, and perform vulnerability scanning. | Reference: https://FOFA.info/
ftp-scanner An FTP Scanner is a network utility programmed to discover hosts with the File Transfer Protocol (port 21) active and often checks for anonymous login capabilities. | Reference: https://nmap.org/nsedoc/scripts/ftp-anon.html
georgia-tech Georgia Tech is a leading research university that conducts internet security studies and network mapping through groups like the Georgia Tech Information Security Center. | Reference: https://w.isec.gatech.edu/
internet-census The Internet Census Group is a Internet Scanning project focused on gathering security trends. | Reference: https://www.internet-census.org/
internet-measurement The internet-measurement tag refers to legitimate research scanning activities and projects intended to map, analyze, or monitor the topology and security state of the global internet. | Reference: https://www.caida.org/projects/
internet-research-project-linode The Internet Research Project (Linode) tag identifies network scanning traffic or infrastructure hosted on the Linode cloud platform that is designated for academic or security research purposes. | Reference: https://www.linode.com/
intrinsec Intrinsec refers to network scanning activity conducted by Intrinsec, a cybersecurity firm specializing in penetration testing and managed security services to assess client infrastructure. | Reference: https://www.Intrinsec.com/
ipip The IPIP tag identifies traffic associated with IPIP.net, a professional IP address geolocation and network architecture data provider that scans to verify network information. | Reference: https://en.IPIP.net/
leakix LeakIX is a platform and search engine that scans the public internet to index open services and identify security misconfigurations or data leaks. | Reference: https://LeakIX.net/
neo4j-scanner A Neo4j Scanner is a specialized tool or script designed to detect open or misconfigured Neo4j graph database instances exposed on a network. | Reference: https://neo4j.com/
netsec-scan The Net SecScan tag designates network scanning activity often associated with internet-wide security research groups or automated network assessment projects. | Reference: https://netsec.is/
onyphe ONYPHE is a cyber defense search engine that collects and indexes open-source intelligence and cyber threat intelligence data by scanning the internet for connected devices. | Reference: https://www.ONYPHE.io/
open-port-stats Open Port Stats is an organization performing Internet scanning activity. | Reference: https://isc.sans.edu/diary/26912
palo-alto Palo Alto Networks is a leading global cybersecurity provider known for its next-generation firewalls and cloud-centric security solutions. | Reference: https://www.paloaltonetworks.com/
Sub-Tags (1)
Name Description
cortex-xpanse Cortex Xpanse is an automated attack surface management platform by Palo Alto Networks that scans the internet to discover and monitor an organization's assets. | Reference: https://www.paloaltonetworks.com/cortex/Cortex Xpanse
pnap The Pnap tag refers to scanning traffic or infrastructure originating from PhoenixNAP, a global IT services and hosting provider often used for legitimate security research scanning. | Reference: https://phoenixnap.com/
quadmetrics QuadMetrics refers to internet scanning activity historically associated with QuadMetrics (acquired by FICO) used to assess network security posture and calculate cyber risk scores. | Reference: https://www.fico.com/
qualys Qualys identifies traffic from the Qualys Cloud Platform, a widely used solution for enterprise vulnerability management, compliance monitoring, and web application security scanning. | Reference: https://www.Qualys.com/
rapid7 The Rapid7 tag designates scanning activity from Rapid7, a cybersecurity company known for its vulnerability management solutions and internet-wide research initiatives like Project Sonar. | Reference: https://www.Rapid7.com/
Sub-Tags (1)
Name Description
project-sonar Project Sonar is a security research initiative by Rapid7 that conducts internet-wide surveys to gather data on global exposure and common vulnerabilities. | Reference: https://www.rapid7.com/research/Project Sonar/
rdp-scanner Remote Desktop Protocol (RDP) Scanners are IPs identified as performing scanning operations against Remote Desktop Protocol (RDP) services listening on port 3389. | Reference: https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/understanding-remote-desktop-protocol
recyber Recyber refers to internet scanning traffic associated with Recyber, a project or entity involved in analyzing web security and network exposures. | Reference: https://Recyber.net/
redis-scanner A Redis Scanner is a network utility designed to identify open or unsecured Redis key-value store instances accessible over the network. | Reference: https://redis.io/
ripe-atlas RIPE Atlas is a global network of probes and anchors managed by the RIPE NCC to measure internet connectivity, reachability, and performance for infrastructure research. | Reference: https://atlas.ripe.net/
router-scanner A Router Scanner is a generic classification for tools capable of identifying router web interfaces or checking for known vulnerabilities in network routing hardware. | Reference: https://cwe.mitre.org/data/definitions/200.html
shadow-server The Shadow Server tag identifies benign scanning and sinkholing activity conducted by The Shadowserver Foundation to improve internet security and report on botnets and vulnerabilities. | Reference: https://www.shadowserver.org/
shodan Shodan refers to the crawling infrastructure of Shodan, a search engine that lets users find specific types of computers, servers, and IoT devices connected to the internet. | Reference: https://www.Shodan.io/
sql-scanner An SQL Scanner is a program designed to locate database servers listening on a network and potentially identify the specific SQL version or configuration in use. | Reference: https://nmap.org/nsedoc/scripts/mysql-info.html
ssh-scanner An automated tool or process designed to systematically probe IP addresses for open Secure Shell (SSH) ports (typically port 22) and identify service versions or weak credentials. | Reference: https://nmap.org/book/man-brief.html
telnet-scanner A network scanning activity that targets the Telnet protocol to identify devices exposing unencrypted remote management interfaces, often to find legacy systems or unsecured IoT devices. | Reference: https://www.cisa.gov/news-events/alerts/2016/10/14/heightened-ddos-threat-posed-mirai-and-other-botnets
threat-sinkhole A security mechanism used by researchers and law enforcement to redirect traffic from malicious botnets or command-and-control servers to a monitored server for analysis and mitigation. | Reference: https://www.sans.org/blog/what-is-a-dns-sinkhole/
united-parcel-service United Parcel Service (UPS) is a global shipping and supply chain management company that provides package delivery and logistics services. | Reference: https://www.ups.com/
university-of-colorado The University of Colorado is a system of public research universities serving Colorado, known for its academic programs and scientific research initiatives. | Reference: https://www.cu.edu/
university-of-michigan The University of Michigan is a top-ranked public research university located in Ann Arbor, Michigan, renowned for its research capabilities and academic scope. | Reference: https://umich.edu/
university-of-munich Ludwig Maximilian University of Munich (LMU Munich) is a leading public research university located in Munich, Germany, and one of the oldest universities in the country. | Reference: https://www.lmu.de/en/
university-of-sydney The University of Sydney is a public research university in Sydney, Australia, consistently ranked as one of the world's leading universities, which runs their own network of scanners. | Reference: https://www.sydney.edu.au/
vnc-scanner A scanning activity that sweeps networks to detect active Virtual Network Computing (VNC) services, identifying accessible remote desktop interfaces. | Reference: https://nmap.org/nsedoc/scripts/vnc-info.html
vpn-scanner An automated probe that searches for Virtual Private Network (VPN) gateways and endpoints to determine vendor types, versions, or configuration states. | Reference: https://github.com/porthole-ascend-cinnamon/VPN Scanner
winshare-scanner A network scanning tool designed to identify exposed Windows file sharing services (SMB/CIFS) and accessible network folders. | Reference: https://nmap.org/nsedoc/scripts/smb-enum-shares.html
shared-host Shared host based on number of PDNS domains associated with IP
sinkhole The sinkhole tag refers to the IP addresses engaged in DNS sinkholing of malicious domains, directing them to a controlled IP address. The child tag "sinkhole-ns" specifically identifies the name servers participating in the sinkholing process. IP addresses lacking this sub-tag represent the actual sinkhole IPs responsible for receiving the redirected traffic.
Sub-Tags (1)
Name Description
sinkhole-ns The IP has DNS indicating the IP address itself is the nameserver for Sinkholing services.
tarpit The TARPIT tag identified IP addresses with a device that purposely delays incoming scanning connections. IP addresses tied to these devices often have a large number of open ports. This technique can be used as a defense mechanism to slow down scanning activity by exhausting the attackers resources.
top-site Top sites identifies IP addresses that received the highest recurring web (http-s) traffic in the last 7 days and are associated with domains that have the highest amount of passive DNS records. Top sites are currently limited to the top 40,000 IP addresses and will be expanded in future updates.
tor Tor Consensus IPs
vpn The 'VPN' label is utilized to identify IP addresses associated with Virtual Private Networks (VPNs). This umbrella term encompasses an array of commercial VPN service providers, such as NordVPN, ExpressVPN, among several others, that offer consumer-facing services designed to enhance online privacy and security. In addition to commercial VPN services, the 'VPN' tag also includes IP addresses known to be operating as VPN endpoints. These endpoints often facilitate remote access to a particular network, which can be a critical function for businesses with remote employees, ensuring secure, encrypted access to company resources from potentially unsecured locations. Child tags are available for specific vendor and products if identified.
Sub-Tags (552)
Name Description
1-vpn 1VPN is a Virtual Private Network tool, often found as a browser extension, that enables users to browse the internet anonymously by routing traffic through proxy servers. | Reference: https://1VPN.com/
12vpx-vpn 12VPX is a Virtual Private Network service designed to provide personal privacy protection and assist users in bypassing internet censorship. | Reference: https://12vpn.com/
1click-vpn 1clickVPN is a browser extension and application that provides a free, simplified Virtual Private Network service for masking IP addresses. | Reference: https://chrome.google.com/webstore/detail/1clickvpn-free-vpn-for-ch/fcfhplploccackoneaefokcmbjfbkenj
24vc-vpn 24VC offers dedicated IP addresses and Virtual Private Network services optimized for secure browsing and streaming content without geo-restrictions. | Reference: https://www.24vc.com/
4nx-vpn 4NX-VPN is a mobile Virtual Private Network application designed to encrypt internet traffic and protect user identity on public networks. | Reference: https://apkpure.com/4NX-VPN/com.fournx.vpn
4vpn 4VPN is a Virtual Private Network service provider that focuses on delivering secure and private internet connectivity to its users. | Reference: https://4VPN.net/
7vpn 7VPN is a Virtual Private Network solution that allows users to encrypt their data connection and access the internet freely. | Reference: https://7VPN.com/
abc-vpn ABC-VPN is a mobile Virtual Private Network application that provides proxy services to secure device connections and unblock websites. | Reference: https://play.google.com/store/apps/details?id=com.abc.vpn
abvpn AB-VPN is a network utility app that functions as a Virtual Private Network to enhance online privacy and data security. | Reference: https://apps.apple.com/us/app/ab-vpn-safe-internet-proxy/id1552638848
ace-vpn Ace-VPN provides Smart DNS and Virtual Private Network services aimed at bypassing firewall restrictions and securing internet traffic. | Reference: https://www.acevpn.com/
activpn ActiVPN is a Virtual Private Network provider based in France that offers encrypted connections to protect user data and anonymity. | Reference: https://ActiVPN.com/en/
actmobile-vpn ActMobile refers to the Virtual Private Network technology developed by Act Mobile, often integrated into apps like Dash VPN to optimize data usage and security. | Reference: http://actmobile.com/
adguard-vpn AdGuard-VPN is a privacy tool that combines a Virtual Private Network with the company's signature ad-blocking technology to secure and clean web traffic. | Reference: https://AdGuard-VPN.com/
adtranquility-vpn AdtranQuility is a component of the AdTranquility spam protection suite, utilizing a Virtual Private Network to enhance user privacy and block unwanted notifications. | Reference: https://www.adtranquility.com/
air-vpn AirVPN is a security-centric Virtual Private Network service operated by activists that emphasizes high-standard encryption and strict no-logging policies. | Reference: https://airvpn.org/
airvpn AirVPN is a VPN service provider founded by activists that emphasizes net neutrality and privacy through the use of open-source software and high-encryption standards. | Reference: https://airvpn.org/
akunssh-vpn AkunSSH is a service that allows users to create Secure Shell (SSH) and Virtual Private Network accounts to facilitate secure tunneling and internet access. | Reference: https://www.akunssh.net/
all-safe-vpn AllSafeVPN serves as a mobile virtual private network application designed to encrypt internet traffic and mask user IP addresses for privacy. | Reference: https://apkcombo.com/AllSafeVPN-fast-proxy/com.allsafe.vpn/
all-vpn Allvpn acts as a network utility application that allows users to connect to various proxy servers to secure their internet connection. | Reference: https://apkpure.com/Allvpn/com.allvpn.bestvpn
aloha-browser-vpn Aloha Browser is an integrated feature within the Aloha web browser that offers users private browsing capabilities and encrypted traffic without requiring a separate application. | Reference: https://alohabrowser.com/
alt-vpn ALTVPN is a commercial service provider offering private proxy and virtual private network connections to ensure anonymity and bypass geo-restrictions. | Reference: https://altvpn.com/
anonine Anonine is a commercial virtual private network provider focused on user privacy, offering encrypted tunnels and anonymous internet access. | Reference: https://Anonine.com/
anonine-vpn The anonine-vpn service is a privacy-focused provider based in Seychelles that offers encrypted internet connections. | Reference: https://anonine.com/
anonymousvpn Anonymous-VPN is a service designed to protect online identity by routing internet traffic through secure servers to hide the user's physical location. | Reference: https://Anonymous-VPN.org/
anonymox-vpn anonymoX is primarily known as a browser extension that allows users to change their IP address and browse the web anonymously. | Reference: https://www.anonymox.net/
anti-filter-vpn Anti Filter-VPN refers to a tag of circumvention tools and applications designed specifically to bypass internet censorship and access blocked content. | Reference: https://play.google.com/store/apps/details?id=com.antifilter.vpn
any-vpn AnyVPN is a mobile application that provides virtual private network services to secure Wi-Fi connections and protect user privacy. | Reference: https://apkpure.com/anyvpn-fast-stable-secure/com.anyvpn.app
appntox-vpnpro-vpn Appntox VPNPro is a mobile network tool developed by Appntox that offers professional-grade virtual private network features for Android devices. | Reference: https://play.google.com/store/apps/developer?id=Appntox
aprovpn APROVPN serves as a virtual private network application designed to provide fast and secure internet connectivity for mobile users. | Reference: https://play.google.com/store/apps/details?id=com.APROVPN.secure
aptinfo-vpn Aptinfo-VPN functions as a network tunneling service or configuration often utilized for creating secure connections and bypassing network restrictions. | Reference: https://www.facebook.com/Aptinfo/
armor-vpn ArmorVPN is a security application that encrypts internet traffic to protect users from surveillance and cyber threats while browsing. | Reference: https://armorvpn.com/
astar-vpn Astar-VPN is a free virtual private network tool for Android devices intended to unblock sites and secure connection hotspots. | Reference: https://play.google.com/store/apps/details?id=com.astarvpn.free
astrill-vpn Astrill-VPN is a widely used commercial virtual private network service known for its robust ability to bypass strict internet censorship firewalls. | Reference: https://www.astrill.com/
atlas-vpn Atlas-VPN is a commercial virtual private network service that provides encryption and identity protection for personal devices. | Reference: https://atlasvpn.com/
atspeed-vpn AtSpeed-VPN is a mobile application focused on delivering high-speed virtual private network connections for streaming and browsing. | Reference: https://apkcombo.com/AtSpeed-VPN/com.atspeed.vpn/
aura-vpn Aura is the privacy and encryption component of the comprehensive digital safety suite provided by the security company Aura. | Reference: https://www.aura.com/vpn
avast Avast is a well-known cybersecurity vendor that provides various security solutions, including the Avast SecureLine VPN for encrypting internet traffic. | Reference: https://www.Avast.com/
avast-secure-browser-vpn The Avast Secure Browser is an integrated feature within the Avast Secure Browser designed to provide built-in privacy and encryption for web users. | Reference: https://www.avast.com/secure-browser
avira Avira is a software company known for its antivirus products and the Avira Phantom VPN, which anonymizes and secures user internet connections. | Reference: https://www.Avira.com/
azino-vpn Azino-VPN refers to VPN services or keywords associated with bypassing blocks to access online entertainment and gambling platforms like Azino777. | Reference: https://play.google.com/store/apps
azire Azire refers to AzireVPN, a Swedish VPN provider that emphasizes user privacy by owning its hardware and supporting high-performance protocols like WireGuard. | Reference: https://www.azirevpn.com/
azirevpn AzireVPN is a privacy-focused provider that operates dedicated hardware without disk drives and supports modern protocols like WireGuard to secure user data. | Reference: https://www.azirevpn.com/
batman-ru-vpn Batman RU-VPN identifies the Batman VPN mobile application, a tool used by consumers to proxy traffic and access geo-restricted content. | Reference: https://play.google.com/store/apps/details?id=com.batman.vpn
bb-vpn BBVPN is a mobile virtual private network application designed to offer unlimited proxy bandwidth and secure browsing for mobile devices. | Reference: https://play.google.com/store/apps/details?id=com.bbvpn.unlimited_proxy
bekhar-vpn VPNBekhar refers to online queries or services for purchasing VPN connections ("Bekhar" means "buy" in Persian) to bypass regional internet censorship. | Reference: https://freedomhouse.org/country/iran/freedom-net/2021
belka-vpn belkaVPN is a commercial VPN service provider that offers secure tunneling and features such as dedicated IP addresses for its users. | Reference: https://belkavpn.com/
beranga-super-vpn Beranga Super-VPN appears to be a specific variant or release of the Super VPN mobile application used to secure personal internet connections. | Reference: https://play.google.com/store/apps
bigmama-vpn BigMama-VPN is a virtual private network service designed to help users bypass internet restrictions and maintain anonymity while browsing. | Reference: https://bigmamavpn.com/
bite-vpn BiteVPN is a mobile VPN application that provides users with a secure connection to unblock websites and protect data on public networks. | Reference: https://play.google.com/store/apps/details?id=com.bite.vpn
blackberry-vpn BlackBerry-VPN refers to the secure connectivity and remote access solutions provided by BlackBerry, such as their UEM infrastructure for enterprise environments. | Reference: https://www.blackberry.com/
blackbox-vpn Blackbox is a software application that provides encrypted tunneling services to protect user identity and data online. | Reference: https://apps.apple.com/us/app/Blackbox/id1533668612
blackvpn BlackVPN is a privacy-focused VPN provider based in Hong Kong that offers distinct service packages for privacy and streaming needs. | Reference: https://www.BlackVPN.com/
borderless-vpn Borderless-VPN refers to services or applications designed to eliminate geographical internet restrictions, often allowing users to access content across borders. | Reference: https://www.borderless.com/
bot-vpn Bot-VPN refers to VPN services that are managed or distributed via messaging platform bots (like Telegram) or specific apps named Bot VPN. | Reference: https://telegram.org/
boxpn-vpn BoxPN is a global VPN provider offering a network of servers to secure internet traffic and hide user IP addresses. | Reference: https://boxpn.com/
breakwall-vpn Breakwall generally describes tools or services specifically configured to bypass strict national firewalls and censorship filters. | Reference: https://github.com/topics/gfw
bright-vpn Bright-VPN is a free VPN service owned by Bright Data that provides anonymity to users in exchange for utilizing their idle network resources. | Reference: https://brightvpn.com/
bro-vpn BroVPN is a mobile virtual private network application designed to provide users with internet privacy and the ability to bypass geo-restrictions. | Reference: https://play.google.com/store/apps/details?id=com.bro.vpn
browsec-vpn Browsec-VPN is a popular browser extension and mobile application that encrypts traffic and masks the user's IP address for secure browsing. | Reference: https://browsec.com/
browser-xxx-vpn Browser Xxx-VPN generally refers to a tag of mobile browser applications integrated with VPN functionality, often marketed for accessing age-restricted or blocked content. | Reference: https://apkpure.com/search?q=browser+vpn
btguard-vpn BTGuard is a privacy service specifically tailored to anonymize BitTorrent traffic through proxy and VPN solutions. | Reference: https://btguard.com/
bull-vpn BullVPN is a VPN provider that offers services to unblock websites and secure internet connections for users in restrictive network environments. | Reference: https://www.bullvpn.com/
bullet-vpn BulletVPN is a premium VPN service provider that emphasizes high-speed connections and secure data encryption for streaming and browsing. | Reference: https://www.bulletvpn.com/
bvpn bVPN is a virtual private network service that utilizes protocols like OpenVPN and Smoke Tunnel to bypass Deep Packet Inspection (DPI) and firewalls. | Reference: https://www.bVPN.com/
cactus-vpn CactusVPN is a VPN provider that combines standard end-to-end encryption services with Smart DNS technology to facilitate secure streaming and browsing. | Reference: https://www.cactusvpn.com/
cactusvpn CactusVPN is a VPN and Smart DNS service provider focused on internet anonymity and unblocking geo-restricted media content. | Reference: https://www.CactusVPN.com/
ccrypto-vpn Ccrypto-VPN refers to a VPN service or application, often found on mobile platforms, designed to secure network communications through encryption. | Reference: https://play.google.com/store/apps
celo-vpn Celo-VPN is a VPN service that provides users with online privacy tools and the ability to access blocked websites globally. | Reference: https://celovpn.com/
cheap-vpn CheapVPN refers to a budget-oriented mobile VPN application designed to offer basic IP masking and connectivity services. | Reference: https://play.google.com/store/search?q=cheap%20vpn
cheapnews-vpn CheapNews is the add-on VPN service provided by the Usenet provider Cheapnews to ensure secure and private newsgroup access. | Reference: https://www.cheapnews.eu/
checkpoint Checkpoint Software Technologies provides cybersecurity solutions, including Quantum network security gateways and routing appliances used to secure enterprise network traffic. | Reference: https://www.Checkpoint.com/
cheetah-vpn Cheetah VPN is a mobile VPN application designed to provide fast and secure proxy services for unblocking sites and apps. | Reference: https://play.google.com/store/apps/details?id=com.cm.vpn
citizen-vpn CitizenVPN is a virtual private network service dedicated to protecting digital rights and ensuring internet freedom for its users. | Reference: https://citizenvpn.net/
citrix-gateway Citrix-Gateway is an enterprise-grade solution that provides secure, remote access to applications and desktops across various networks. | Reference: https://www.citrix.com/products/Citrix-Gateway/
confirmed-vpn Confirmed-VPN is a privacy-focused VPN service that operates with an open-audit model to verify its no-logging claims and security standards. | Reference: https://confirmedvpn.com/
core4-vpn Core4-VPN refers to a VPN configuration or service, associated with specific network providers or niche privacy tools. | Reference: https://apkcombo.com/search/core-vpn
corea-vpn Corea-VPN is a VPN service application designed to provide users with Korean IP addresses or optimize connectivity within that region. | Reference: https://play.google.com/store/apps/details?id=kr.co.corea.vpn
courvix-vpn Courvix is a service associated with the Courvix network, providing encrypted tunnels for secure communication and privacy. | Reference: https://www.courvix.com/
coverme-vpn CoverMeVPN is a feature within the CoverMe mobile application, which combines secure messaging and private storage with VPN capabilities. | Reference: https://www.coverme.ws/
covernet-vpn CoverNet-VPN is a virtual private network service designed to provide online anonymity and secure internet connections for its users. The service typically offers traffic encryption to protect data from unauthorized monitoring. | Reference: https://www.covernet.net/
cryptostorm-vpn Cryptostorm is a privacy-focused VPN provider that emphasizes token-based authentication and deep network anonymity to protect user identity. It utilizes a decentralized network structure to prevent data logging and enhance security. | Reference: https://cryptostorm.is/
ct-vpn CT-VPN is a mobile VPN application available on platforms like Android, offering users the ability to mask their IP addresses and access geo-restricted content. It serves as a tool for encrypting mobile data traffic over public networks. | Reference: https://play.google.com/store/apps/details?id=com.ctvpn
cyber-ghost-vpn cyber-ghost-vpn is a commercial VPN service provider offering anonymity and internet security through a large network of servers. | Reference: https://www.cyberghostvpn.com/
cyberghost CyberGhost is a widely recognized commercial VPN service that provides extensive server locations and strong encryption protocols for personal privacy. It offers user-friendly software for various operating systems to secure internet browsing. | Reference: https://www.cyberghostvpn.com/
daily-vpn Daily-VPN is a mobile virtual private network application designed to offer free or ad-supported proxy services for smartphone users. It facilitates secure browsing and access to blocked websites through a simple mobile interface. | Reference: https://play.google.com/store/apps/details?id=com.dailyvpn.free.proxy
deeper-network Deeper Network represents a decentralized VPN (DPN) solution that combines hardware devices with blockchain technology to create a peer-to-peer sharing network. This approach allows users to bypass censorship and maintain privacy without relying on centralized servers. | Reference: https://www.deeper.network/
deeper-network-vpn Deeper Network VPN is a decentralized private network solution that combines network security, blockchain technology, and VPN capabilities into hardware devices. | Reference: https://www.deeper.network/
deepweb-vpn Deepweb-VPN is a VPN service provider that markets its capabilities for accessing the internet securely and maintaining anonymity while browsing. It typically offers standard tunneling protocols to hide the user's origin IP address. | Reference: https://deepwebvpn.net/
defence-vpn DefenceVPN is a network security application designed to protect user data and provide secure tunneling capabilities on mobile devices. The application focuses on shielding devices from potential threats on public Wi-Fi networks. | Reference: https://play.google.com/store/apps/details?id=com.defence.vpn
digi Digi International provides Internet of Things (IoT) connectivity products, such as cellular routers and serial-to-Ethernet servers, used to connect industrial equipment to networks. | Reference: https://www.Digi.com/
digitalssh-vpn DigitalSSH is a service platform that provides SSH and VPN account creation for secure tunneling and internet freedom. It is often used to configure custom network connections to bypass firewalls or restrictions. | Reference: https://digitalssh.net/
disconnect-vpn Disconnect-VPN is a privacy tool that blocks invisible trackers and encrypts traffic to protect user data from third-party monitoring. It operates as both a tracker blocker and a virtual private network to enhance digital safety. | Reference: https://disconnect.me/
dot-vpn DotVPN is a VPN service often available as a browser extension and mobile app, allowing users to quickly secure their connection and access region-locked content. It focuses on ease of use for securing browser-based traffic. | Reference: https://dotvpn.com/
drock-vpn DrocK-VPN is a mobile VPN application that provides proxy services to encrypt internet connections and change the user's virtual location. It is typically found on mobile app marketplaces for Android devices. | Reference: https://play.google.com/store/apps/details?id=com.drock.vpn
drsoft DrSoft is an application developer known for creating various utility apps, including VPN tools like "VPN Master" for mobile platforms. The tag identifies network traffic or software associated with this specific developer's VPN products. | Reference: https://play.google.com/store/apps/developer?id=Dr.Soft
drsoft-vpn drsoft-vpn refers to the VPN utilities developed by DrSoft, a mobile app developer creating tools for network security and proxy services. | Reference: https://play.google.com/store/apps/developer?id=DrSoft
dudeji-vpn Dudeji-VPN is a specific virtual private network application that offers proxy services for secure internet access. It allows users to route their traffic through remote servers to maintain anonymity. | Reference: https://play.google.com/store/apps/details?id=com.dudejivpn.app
earth-vpn EarthVPN is a commercial VPN provider that offers secure tunneling services with a focus on high speed and global server availability. It provides standard encryption features to protect user privacy online. | Reference: http://www.earthvpn.com/
easy-hide-ip-vpn Easy-Hide-IP is a software solution designed to mask a user's real IP address by routing traffic through secure servers. It is primarily used to protect identity and access restricted content on Windows and other platforms. | Reference: https://easy-hide-ip.com/
easy-vpn Easy-VPN is a popular mobile application that facilitates simple connection to VPN servers, often functioning as a plugin for OpenVPN clients. It aggregates various free VPN servers to help users establish secure connections quickly. | Reference: https://play.google.com/store/apps/details?id=com.easyvpn.free.vpn
ectunnel-vpn EC Tunnel is a tunneling application designed for mobile devices that supports various protocols like SSH, SSL, and HTTP to secure connections. It is often used for bypassing network restrictions and customizing connection headers. | Reference: https://play.google.com/store/apps/details?id=com.entclass.ectunnel
emptyun-vpn Empty UN appears to be a niche or specific mobile VPN application used for encrypting internet traffic. It functions by routing data through a proxy server to hide the client's original IP address. | Reference: https://play.google.com/store/apps/
encrypt-secure-servers-vpn The Encrypt Secure Servers tag refers to a mobile Virtual Private Network application designed to encrypt internet traffic and route it through secure servers to protect user privacy. | Reference: https://play.google.com/store/apps/details?id=com.encrypt.vpn
encryptme-vpn Encrypt.me is a security service formerly known as Cloak, designed to keep users safe on public Wi-Fi by automatically securing the connection. It focuses on ease of use for families and teams to prevent data interception. | Reference: https://encrypt.me/
enikma-vpn eniKma identifies the VPN service associated with the Enikma ecosystem, which utilizes blockchain technology to manage decentralized privacy and network security. | Reference: https://www.enikma.com/
epic-browser-vpn The Epic Browser tag designates the encrypted proxy and VPN functionality integrated directly into the Epic Privacy Browser to mask IP addresses during web surfing. | Reference: https://www.epicbrowser.com/
epro-android-vpn Epro Android-VPN refers to a VPN application specifically developed for the Android operating system, enabling users to secure their mobile data connections and bypass geographic restrictions. | Reference: https://apkpure.com/epro-vpn-secure-proxy/com.epro.vpn
esvpnapp-vpn The ESVPNApp tag identifies a specific mobile VPN utility, associated with the ES File Explorer ecosystem or ES VPN, used to anonymize device traffic. | Reference: https://apkpure.com/es-vpn-lite/com.estrongs.android.pop.vpn
everaccountable-vpn The Ever Accountable tag refers to the local VPN interface used by the Ever Accountable accountability app to monitor internet usage and filter content rather than strictly for anonymity. | Reference: https://everaccountable.com/
express-vpn Express VPN is a consumer-focused virtual private network service offering high-speed encryption and privacy features for various operating systems. | Reference: https://www.expressvpn.com/
expressvpn ExpressVPN is a widely recognized commercial VPN service provider that offers encrypted tunneling and a large network of global servers for privacy and security. | Reference: https://www.ExpressVPN.com/
ezshield-vpn The EZShield tag designates the mobile security and VPN protection component provided by EZShield (now part of Sontiq) to secure user data on public networks. | Reference: https://www.sontiq.com/
f-vpn FVPN is an identifier for a VPN service, referring to a specific mobile application named "F VPN" or an abbreviation for a fast/free VPN tool. | Reference: https://play.google.com/store/apps
fairy-vpn FairyVPN is a mobile proxy application and VPN tool designed to assist users in unblocking restricted websites and securing their network traffic. | Reference: https://play.google.com/store/apps/details?id=net.m_net.fairy
fanqiang-vpn The Fanqiang tag refers to various VPN tools and proxies specifically described by the term "fanqiang" (scaling the wall), primarily used to bypass internet censorship systems like the Great Firewall. | Reference: https://github.com/topics/fanqiang
fastestvpn FastestVPN identifies the commercial VPN service known as FastestVPN, which provides features such as ad blocking, malware protection, and secure tunneling protocols. | Reference: https://FastestVPN.com/
fastssh-vpn The FastSSH tag links to the FastSSH service, which provides SSH and VPN account creation for users to create secure tunnels and manage their own connection privacy. | Reference: https://www.fastssh.com/
fastvpnim-vpn FASTVPNIM-VPN refers to the VPN service hosted at the domain FastVPN.im, providing tools for users to anonymize their online activities. | Reference: https://fastvpn.im/
filbaz-vpn The Filbaz-VPN tag identifies a proxy or VPN tool, often used in regions with heavy internet censorship to access blocked social media and web content. | Reference: https://apkcombo.com/Filbaz-VPN/com.filbaz.vpn/
fine-vpn FineVPN is a non-commercial community project that provides free VPN services and configuration files for standard protocols like OpenVPN and L2TP/IPsec. | Reference: https://en.finevpn.org/
firefly-vpn The FireFlyVPN tag refers to a network proxy utility and VPN app designed to help users protect their digital privacy and access internet resources securely. | Reference: https://play.google.com/store/apps/details?id=com.firefly.vpn
firenet-vpn FireNet-VPN designates a tunneling application often used for secure browsing and modifying connection settings to bypass specific network restrictions. | Reference: https://play.google.com/store/apps/details?id=com.firenet.vpn
first-vpn FirstVPN is a mobile Virtual Private Network application that allows users to encrypt their data connection and mask their IP address. | Reference: https://play.google.com/store/apps/details?id=com.firstvpn.app
flow-vpn The Flow-VPN tag identifies a global VPN provider offering secure internet access, dedicated servers, and eSIM technology for consumer privacy. | Reference: https://www.flowvpn.com/
fly-vpn Fly VPN is a virtual private network service that provides static and dynamic IP addresses to help users bypass geo-restrictions and secure their data. | Reference: https://www.flyvpn.com/
flynet-vpn FlyNet refers to a mobile proxy and VPN tool designed to accelerate network speeds and provide secure, anonymous access to the internet. | Reference: https://apkcombo.com/FlyNet/com.flynet.vpn/
flyvpn FlyVPN is a commercial VPN service that provides users with the ability to change their IP address and encrypt their internet traffic to bypass geo-restrictions. | Reference: https://www.FlyVPN.com/
fornex-vpn Fornex refers to the VPN services offered by Fornex, a European hosting provider known for offering dedicated servers, VPS, and web hosting solutions. | Reference: https://fornex.com/
foxyproxy FoxyProxy is a proxy management tool and browser extension that automates the process of switching between different proxy servers and VPNs based on URL patterns. | Reference: https://getfoxyproxy.org/
frbs-vpn FRBS-VPN is a VPN service identifier, referring to a specific niche VPN provider or mobile application used for network tunneling and privacy. | Reference: https://en.wikipedia.org/wiki/Virtual_private_network
free-zone-vpn FreeZone refers to a VPN service or application, such as FreeZone, which often combines public Wi-Fi hotspot access with VPN security features. | Reference: https://freezone.io/
freedome F-Secure is a privacy-centric VPN application developed by F-Secure designed to block tracking attempts and secure user connections on mobile and desktop devices. | Reference: https://www.f-secure.com/en/vpn
freedome-vpn F-Secure Freedome VPN is a privacy and security application designed to encrypt internet traffic, block tracking attempts, and mask the user's online location. | Reference: https://www.f-secure.com/en/total/vpn
freenet-cafe-vpn Freenet.Cafe refers to a VPN or proxy service associated with the Freenet platform, often used to provide internet access or bypass restrictions in internet cafe environments. | Reference: https://www.freenet.ph/
freenet-robot-vpn Freenet Robot-VPN appears to be a VPN tool or automated proxy service, a mobile application designed to facilitate free or unrestricted internet access. | Reference: https://play.google.com/store/apps
freeopenvpn Free OpenVPN is a service that provides free access to OpenVPN servers, allowing users to utilize the OpenVPN protocol for secure tunneling without a paid subscription. | Reference: http://www.Free OpenVPN.org/
freessl-vpn FreeSSLVPN refers to a VPN service that utilizes SSL/TLS protocols for establishing encrypted connections, or a specific provider operating under this name. | Reference: https://www.ssl-vpn.xyz/
freesstpvpn FreeSSTPVPN is a VPN provider offering free access to servers that utilize the Secure Socket Tunneling Protocol (SSTP), which is natively supported on Windows platforms. | Reference: https://www.vpnjantit.com/free-sstp-vpn
freetech-turbo-vpn FreeTech Turbo-VPN refers to the popular "Turbo VPN" mobile application developed by FreeTech (or similar entities), offering free and fast VPN proxy services. | Reference: https://turbovpn.com/
freevpn4you-vpn FreeVPN4you is a VPN service provider that offers free tunneling capabilities to help users bypass firewalls and mask their online identity. | Reference: http://freevpn4you.net/
freevpnapp-vpn FreeVPNApp refers to the generic tag of "Free VPN" mobile applications found on app stores, or a specific app branded as such for casual privacy use. | Reference: https://play.google.com/store/search?q=free+vpn
froot Froot refers to FrootVPN, a VPN provider known for its high-speed encrypted connections and historical association with privacy-focused communities. | Reference: https://www.frootvpn.com/
froot-vpn FrootVPN is a VPN service provider based in Sweden, originally associated with The Pirate Bay, which offers high-speed encrypted connections and a no-logs policy. | Reference: https://frootvpn.com/
frost-vpn FrostVPN is a VPN service provider offering tools for secure browsing and IP masking to protect user privacy online. | Reference: https://frostvpn.com/
fuji-vpn FujiVPN refers to a VPN application that is designed to provide secure proxy services and bypass geo-restrictions. | Reference: https://play.google.com/store/apps/details?id=com.fujivpn
gecko-vpn GeckoVPN is a free and unlimited VPN service primarily designed for Android devices to unblock websites and encrypt user traffic. | Reference: https://geckovpn.com/
geoedge-vpn GeoEdge refers to the residential proxy and VPN network provided by GeoEdge, typically used by businesses for ad verification and viewing geo-targeted content. | Reference: https://www.geoedge.com/
geosurf GeoSurf is a premium residential proxy service provider that allows users to access geo-targeted content and browse the web via gateways in various global locations. | Reference: https://www.GeoSurf.com/
getbehindme-vpn The Getbehind.me tag identifies traffic associated with GetBehindMe, a service that provides VPN and proxy capabilities to bypass network restrictions. | Reference: https://getbehind.me/
getflix-vpn Getflix refers to the VPN and Smart DNS services provided by Getflix, which is primarily designed to unblock geo-restricted streaming content. | Reference: https://www.getflix.com.au/
gfk-marketing-vpn This tag characterizes the GFK Marketing-VPN, a specific network tunnel used by GfK (Growth from Knowledge) for market research, digital metering, and consumer behavior tracking. | Reference: https://www.gfk.com/
gm-vpn GM-VPN identifies traffic related to mobile VPN applications, often abbreviated as such in app stores, or corporate connectivity solutions associated with General Motors (Global Connect). | Reference: https://apkcombo.com/GM-VPN-secure-vpn-proxy/com.gm.vpn/
go2https-vpn The Go2https-VPN tag is associated with Go2HTTPS, a web-based proxy and VPN service designed to facilitate secure, encrypted web browsing. | Reference: https://m.apkpure.com/go2https-free-vpn/com.go2https
goat-vpn Goat-VPN refers to the Goat VPN mobile application, a popular service offering free and secure proxy clients for Android devices. | Reference: https://play.google.com/store/apps/details?id=com.secure.fastvpn.proxy.master
google-one-vpn This tag identifies the Google One-VPN, a privacy network service previously bundled with Google One subscriptions to encrypt user online activity. | Reference: https://one.google.com/vpn
google-vpn Google-VPN is a broad tag used to categorize VPN traffic originating from various Google services, including Google Fi or the built-in VPN features on Pixel devices. | Reference: https://fi.google.com/about/vpn/
goon-vpn The GO ON-VPN tag refers to a dedicated VPN service marketed towards gamers to lower ping and reduce lag while playing online games. | Reference: https://www.goonvpn.com/
goose-vpn GOOSE VPN is a Netherlands-based VPN service provider that offers encrypted internet connections and emphasizes ease of use for consumer privacy. | Reference: https://goosevpn.com/
goosevpn Goose-VPN identifies traffic from GOOSE VPN, a Dutch subscription-based service focused on user privacy and encrypted internet access. | Reference: https://Goose-VPN.com/
gozar-online-vpn GOZAR ONLINE refers to a tunneling service, often utilized in regions with strict internet censorship to access the open web. | Reference: https://apkcombo.com/gozar-vpn-high-speed-strong/com.gozar.vpn/
green-vpn GreenVPN refers to a mobile VPN application, or the legacy service of the same name, used to secure mobile data connections. | Reference: https://play.google.com/store/apps/details?id=com.fast.free.unblock.secure.vpn
greenssh-vpn The GreenSSH tag identifies connections to GreenSSH, a provider offering SSH tunneling and VPN accounts for secure shell access and browsing. | Reference: https://greenssh.com/
gringo-vpn This tag characterizes Gringo-VPN, a mobile application service providing virtual private network capabilities for user anonymity. | Reference: https://apkcombo.com/Gringo-VPN-pro/com.gringo.vpn/
guardian-vpn Guardian-VPN identifies the Guardian Firewall + VPN service, which combines a standard VPN with a firewall designed to block trackers and spyware on iOS devices. | Reference: https://guardianapp.com/
gvpn The GVPN tag generally refers to mobile applications using this acronym, such as Global VPN or specific GVPN branded proxy tools. | Reference: https://github.com/bede1997/GVPN
halo-vpn HaloVPN is associated with HaloVPN, a fast and free proxy tool designed to unblock websites and applications on mobile devices. | Reference: https://www.halovpn.com/
hangro-vpn This tag identifies Hangro VPN, a specific VPN application available on Android platforms for securing internet connections. | Reference: https://apkcombo.com/Hangro VPN/com.hangro.vpn/
haoduobq-vpn Haoduobq-VPN refers to a specific regional or niche mobile VPN application, associated with the developer Haoduobq. | Reference: https://apkcombo.com/developer/Haoduobq/
hardened-vpn The Hardened-VPN tag identifies VPN services or configurations that claim enhanced security hardening measures beyond standard implementations. | Reference: https://github.com/StreisandEffect/streisand
hatunnel-plus-vpn Hatunnel Plus (HA Tunnel Plus) is an Android application that utilizes standard protocols like SSH2.0 to tunnel connection traffic and bypass network restrictions. | Reference: https://play.google.com/store/apps/details?id=com.hatunnel.plus
hellfire-vpn HellFire-VPN is a mobile virtual private network application designed to provide users with unlimited proxy access and secure internet browsing. | Reference: https://apkcombo.com/HellFire-VPN/com.vpn.hellfire/
hide-my-ass-vpn hide-my-ass-vpn, often abbreviated as HMA, is a long-standing consumer VPN service that allows users to browse the internet anonymously. | Reference: https://www.hidemyass.com/
hide-my-ip-vpn Hide My IP refers to the Hide My IP software developed by My Privacy Tools, which allows users to conceal their real IP address and surf anonymously. | Reference: https://www.hide-my-ip.com/
hide-my-name-vpn HideMy.Name (hidemy.name) is a privacy service that offers a VPN client and a proxy list database to help users maintain anonymity online. | Reference: https://hidemy.name/
hideip-vpn HideIPVPN (HideIPVPN) is a service provider offering VPN and Smart DNS solutions to encrypt internet traffic and unblock geo-restricted content. | Reference: https://www.hideipvpn.com/
hideme HideMe (hide.me) is a digital privacy service that provides free and premium VPN connections with a focus on zero-logging and security. | Reference: https://hide.me/
hideme-vpn Hide.me VPN is a Malaysian-based VPN provider known for its strict no-logs policy and support for various security protocols to ensure user anonymity. | Reference: https://hide.me/
hidessh-vpn HideSSH (HideSSH) is a web platform that provides free SSH, SSL, WireGuard, and OpenVPN accounts for secure tunneling and internet access. | Reference: https://hidessh.com/
hitun-vpn Hitun-VPN (HiTun) is a mobile VPN application intended to provide fast and secure proxy services to bypass firewalls and protect data. | Reference: https://play.google.com/store/apps/details?id=com.hitun.vpn
hma Hide My Ass (HideMyAss) is a prominent commercial VPN service owned by Avast that offers a vast network of servers to encrypt user connections and cloak their location. | Reference: https://www.hidemyass.com/
hola-vpn Hola-VPN is a peer-to-peer VPN network that routes traffic through other users' devices to provide access to blocked websites and content. | Reference: https://hola.org/
holytech-vpn HOLYTECH is a tunneling tool and VPN application for Android designed to secure internet browsing and bypass network censorship. | Reference: https://apkcombo.com/HOLYTECH/com.holytech.vpn/
hotspot-vpn HotspotVPN generally refers to mobile applications designed to secure public Wi-Fi hotspot connections through encryption and proxy tunneling. | Reference: https://play.google.com/store/apps/details?id=com.hotspot.vpn.free.master
hotspotshield HotspotShield is a widely used VPN service developed by Pango that utilizes the proprietary Hydra protocol to ensure fast and secure data transmission. | Reference: https://www.HotspotShield.com/
hotvpn HotVPN is a virtual private network application for mobile devices that provides proxy services to unblock websites and protect user privacy. | Reference: https://apps.apple.com/us/app/HotVPN-pro-best-vpn-proxy/id1448963574
hoxx-vpn Hoxx-VPN is a proxy service available as a browser extension and mobile app designed to unblock blocked resources and encrypt connections. | Reference: https://hoxx.com/
hyper-vpn Hyper-VPN is an Android VPN tool that provides a secure proxy to help users access geo-restricted apps and websites while maintaining privacy. | Reference: https://play.google.com/store/apps/details?id=com.hyper.vpn.master
identity-cloaker-vpn Identity Cloaker refers to Identity Cloaker, a security service that replaces a user's IP address and encrypts data via SSH tunneling and VPN. | Reference: https://identitycloaker.com/
impr0-vpn Impr0 VPN (Impro VPN) is a virtual private network application for Android devices used to secure internet connections and mask the user's location. | Reference: https://apkcombo.com/impro-vpn/com.impro.vpn/
in-berlin-vpn In Berlin-VPN refers to the VPN services provided by Individual Network Berlin e.V. (IN-Berlin) to its members for secure network access. | Reference: https://www.in-berlin.de/
infvpn Inf-VPN (Inf VPN) is a free VPN application for Android designed to provide stable and fast connections for streaming and private browsing. | Reference: https://play.google.com/store/apps/details?id=com.inf.vpn.panther
ininja-vpn iNinja VPN is a free proxy and VPN service often distributed as a browser extension to allow users to unblock content and browse anonymously. | Reference: https://ininja.org/
innovative-connecting Innovative Connecting is a mobile application developer known for creating widely used VPN apps such as Turbo VPN and VPN Proxy Master. | Reference: https://www.innovativeconnecting.com/
innovative-connecting-vpn innovative-connecting-vpn refers to the infrastructure and applications developed by Innovative Connecting, a company known for mobile VPN solutions like Turbo VPN. | Reference: https://innovativeconnecting.com/
ipburger-vpn IPBurger VPN is a commercial service that specializes in providing fresh, dedicated IP addresses for business users to manage e-commerce accounts. | Reference: https://www.ipburger.com/
ipchanger-vpn IPChanger VPN refers to mobile applications or utilities designed to modify a user's IP address to bypass geographic restrictions and enhance privacy. | Reference: https://play.google.com/store/apps/details?id=com.ipchanger.vpn
ipredator-vpn IPredator VPN was a privacy-focused virtual private network service founded by the creators of The Pirate Bay to provide secure, anonymous internet access. | Reference: https://en.wikipedia.org/wiki/IPredator
ipro-vpn iProVPN is a commercial VPN provider offering features such as unlimited bandwidth, military-grade encryption, and ad-blocking capabilities. | Reference: https://iprovpn.com/
ipsec IPsec (Internet Protocol Security) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure communication between devices across an IP network. | Reference: https://datatracker.ietf.org/doc/html/rfc4301
ipvanish IPVanish is a well-known US-based VPN service provider that offers secure connections and high-speed network access for online privacy. | Reference: https://www.IPVanish.com/
ipvanish-vpn ipvanish-vpn is a US-based commercial VPN service provider known for offering high-speed connections and configurable security settings. | Reference: https://www.ipvanish.com/
ironsocket-vpn IronSocket VPN is a Hong Kong-based service provider that offers VPN, proxy, and DNS services optimized for anonymity and streaming. | Reference: https://ironsocket.com/
itop-accelerator-vpn The iTop Accelerator VPN tag refers to the specialized gaming acceleration features provided within the iTop VPN software suite. | Reference: https://www.itopvpn.com/
itop-vpn iTop VPN is a versatile VPN application that provides IP masking, data encryption, and access to geo-restricted content for personal computers and mobile devices. | Reference: https://www.itopvpn.com/
ivacy-vpn Ivacy VPN is a Singapore-based commercial VPN service recognized for its split tunneling support and ability to unblock streaming platforms. | Reference: https://www.ivacy.com/
ivanti Ivanti provides enterprise security solutions, including the Ivanti Connect Secure VPN (formerly Pulse Secure), which is used for secure remote access management. | Reference: https://www.Ivanti.com/
Sub-Tags (1)
Name Description
connect-secure Ivanti Connect Secure is a secure virtual private network (VPN) solution that enables remote employees to safely access corporate resources and applications. | Reference: https://www.ivanti.com/products/Connect Secure-vpn
ivpn IVPN is a privacy-centric commercial VPN service based in Gibraltar that emphasizes transparency and a strict no-logs policy. | Reference: https://www.IVPN.net/
jagoan-vpn Jagoan VPN generally refers to tunneling services or SSH accounts provided by platforms like JagoanSSH, often used for bypassing network restrictions in specific regions. | Reference: https://www.jagoanssh.com/
jelly-vpn Jelly VPN is a mobile virtual private network application that offers free proxy services to help users secure their connections and browse anonymously. | Reference: https://play.google.com/store/apps/details?id=com.jelly.vpn
jumpsrv-vpn Jumpsrv VPN appears to be a network tunneling or proxy service provider, often associated with SSH tunneling or specific cloud jump server configurations. | Reference: https://jumpsrv.net/
jupitervpn JupiterVPN is a VPN service application designed to assist users in securing their internet traffic and bypassing content censorship. | Reference: https://play.google.com/store/apps/details?id=com.JupiterVPN.free
just-vpn JustVPN is a free mobile VPN and proxy tool that allows users to unblock websites and maintain anonymity while browsing. | Reference: https://play.google.com/store/apps/details?id=com.justvpn.app
k2-vpn K2 VPN is a mobile virtual private network application that provides secure proxy services to encrypt data and hide the user's IP address. | Reference: https://play.google.com/store/apps/details?id=com.k2.vpn
kakao-vpn Kakao VPN refers to a third-party mobile VPN application or a service optimized for accessing Kakao-related games and services in Korea. | Reference: https://play.google.com/store/search?q=kakao+vpn
kangarif-vpn Kangarif- VPN is a mobile virtual private network application designed to provide secure internet access and bypass geo-restrictions for user privacy. | Reference: https://apkcombo.com/Kangarif- VPN/com.kangarif.vpn/
keen-vpn keen-vpn is a mobile virtual private network application designed to provide secure browsing and bypass regional restrictions. | Reference: https://play.google.com/store/apps/details?id=com.superapps.keenvpn
keenvpn KeenVPN is a privacy-focused application that encrypts internet traffic to secure user data and enable anonymous browsing on mobile devices. | Reference: https://play.google.com/store/apps/details?id=com.keen.vpn&hl=en_US
king-vpn KinGvpn is a VPN service provider offering encrypted connections intended to mask IP addresses and allow access to restricted content. | Reference: https://play.google.com/store/apps/details?id=com.kingvpn.app&hl=en
kiwi-vpn Kiwi-VPN is a proxy and VPN tool that allows users to unblock websites, mask their IP addresses, and browse the internet with enhanced privacy. | Reference: https://play.google.com/store/apps/details?id=com.kiwivpn.kiwivpn&hl=en_US
kn-vpn KNVPN is a tunneling application often used to modify connection requests and bypass network restrictions through SSH or VPN protocols. | Reference: https://apkcombo.com/KNVPN/com.knvpn.app/
kob KOB (often associated with KOB Sniff) is a VPN and tunneling tool designed to secure connections and bypass network firewalls using custom headers. | Reference: https://www.facebook.com/kobsniffofficial/
kob-vpn kob-vpn is a mobile VPN application utilized for securing internet connections and accessing geo-blocked content. | Reference: https://apkpure.com/kob-vpn-fast-secure/com.kob.vpn
kobz-vpn Kobz-VPN is a mobile application that provides virtual private network services to encrypt data transmission and hide user identity online. | Reference: https://apkcombo.com/Kobz-VPN/com.kobzvpn.app/
kuaifan-vpn KuaiFan-VPN is a network accelerator designed primarily to allow users outside of China to access Chinese domestic websites and media services by reversing the typical firewall direction. | Reference: https://www.kuaifan.co/
l2tp Layer 2 Tunneling Protocol (L2TP) (Layer 2 Tunneling Protocol) is a standard computer networking protocol used by Internet service providers to enable the operation of virtual private networks. | Reference: https://www.rfc-editor.org/rfc/rfc2661
lancom LANCOM Systems is a German manufacturer that provides secure networking infrastructure, including routers, gateways, and LANCOM VPN solutions for enterprise connectivity. | Reference: https://www.lancom-systems.com/
lantern-vpn Lantern is an open-source peer-to-peer internet censorship circumvention tool that uses a network of trusted users to route traffic. | Reference: https://getlantern.org/
lava-vpn Lava-VPN is a mobile VPN utility that offers secure proxy servers to help users protect their online privacy and access blocked content. | Reference: https://play.google.com/store/apps/details?id=com.lavavpn.best.free.proxy&hl=en_US
lavabit-vpn Lavabit refers to the encrypted tunneling service provided by Lavabit, a company focused on high-security email and privacy solutions. | Reference: https://lavabit.com/
le-vpn LE-VPN is a commercial personal virtual private network provider that offers IP addresses in numerous countries to ensure online security and anonymity. | Reference: https://www.LE-VPN.com/
le-vpn le-vpn is a personal VPN provider established in France that allows users to change their IP address and secure their connection. | Reference: https://www.le-vpn.com/
lighthouse-vpn Lighthouse is a virtual private network application designed to shield user browsing activity and provide secure internet connectivity. | Reference: https://apkpure.com/Lighthouse/com.lighthouse.vpn
lime-vpn LimeVPN is a VPN service provider offering features like shared and dedicated IPs, aiming to provide affordable online anonymity and security. | Reference: https://www.limevpn.com/
liquid-vpn LiquidVPN is a VPN service that offers dynamic IP addresses and modulating IP features to enhance user anonymity and bypass censorship. | Reference: https://www.liquidvpn.com/
lnvpn LNVPN is a privacy-centric VPN service that allows users to pay anonymously using the Bitcoin Lightning Network without requiring account registration. | Reference: https://LNVPN.net/
luminati Luminati (now rebranded as Bright Data) is a data collection platform that provides a massive residential proxy network for web scraping and market research. | Reference: https://brightdata.com/
luna-vpn Luna-VPN is a mobile VPN application known for its ad-blocking capabilities and providing encrypted connections for mobile devices. | Reference: https://play.google.com/store/apps/details?id=com.luna.vpn&hl=en
mainssh-vpn MainSSH is a service provider that offers SSH and VPN accounts, allowing users to create secure tunnels and potentially bypass network restrictions. | Reference: https://mainssh.com/
masterio-vpn The Masterio-VPN tag identifies traffic or infrastructure associated with MasterIO, a VPN service provider offering network tunneling capabilities. It is typically used to secure internet connections and mask user IP addresses. | Reference: https://play.google.com/store/apps/details?id=com.masteriovpn.android
melon-vpn Melon-VPN refers to Melon VPN, a popular free virtual private network application available on mobile platforms like Android. It provides users with proxy servers to bypass regional restrictions and encrypt mobile data traffic. | Reference: https://play.google.com/store/apps/details?id=com.vpnmaster.melonvpn
mikrotik MikroTik is a Latvian manufacturer of computer networking equipment that produces routers and wireless ISP systems powered by its proprietary RouterOS software. | Reference: https://MikroTik.com
mobileiron MobileIron is a comprehensive unified endpoint management (UEM) platform used by enterprises to secure and manage mobile devices, which includes a per-app VPN component known as MobileIron Tunnel. This tag identifies traffic associated with the legitimate management and secure connectivity of corporate devices. | Reference: https://www.ivanti.com/products/MobileIron
monkey-vpn The Monkey-VPN tag is associated with Monkey VPN, a service providing encrypted internet access and IP masking. It is often used to improve connection speeds for gaming or to bypass network restrictions. | Reference: https://www.monkeyvpn.net/
monster-vpn MonsterVPN refers to Monster VPN, a virtual private network application designed to secure web browsing and protect user privacy. It offers various server locations to help users anonymize their online presence. | Reference: https://play.google.com/store/apps/details?id=com.monster.vpn
moon-vpn MoonVPN identifies the Moon VPN service, a tool used for unblocking websites and applications while encrypting network traffic. It is available as a mobile application for users seeking privacy and unrestricted internet access. | Reference: https://apps.apple.com/us/app/MoonVPN-unlimited-proxy/id1483030806
mullvad Mullvad is a commercial VPN service based in Sweden known for its strict no-logging policy and focus on user anonymity. This tag identifies infrastructure or traffic utilizing the Mullvad network to secure data and protect identity. | Reference: https://Mullvad.net/
mullvad-vpn mullvad-vpn is a Swedish VPN service that prioritizes anonymity by allowing accounts to be created without personal information. | Reference: https://mullvad.net/
multi-vpn The MultiVPN tag refers to Multi VPN, an application that provides users with access to multiple proxy servers for secure browsing. It allows for the encryption of data and the masking of real IP addresses. | Reference: https://play.google.com/store/apps/details?id=com.multivpn.pro
my-devil-vpn MyDevil-VPN identifies VPN services provided by MyDevil.net, a hosting provider that offers shell accounts and VPN access. It allows users to tunnel traffic through their servers for privacy and security. | Reference: https://www.mydevil.net/vpn.html
mybrit-vpn MyBritVPN corresponds to My Brit VPN, a service specifically designed to provide users with a United Kingdom IP address. It is often used by expatriates or users wishing to access UK-specific content securely. | Reference: https://mybritvpn.com/
mysterium Mysterium refers to the Mysterium Network, a decentralized, open-source VPN (dVPN) powered by blockchain technology. It allows users to rent unused bandwidth from a peer-to-peer network to route their traffic securely. | Reference: https://Mysterium.network/
mysterium-vpn Mysterium VPN is a decentralized, open-source VPN network built on blockchain technology that allows users to access the internet through a distributed network of residential nodes. | Reference: https://www.mysteriumvpn.com/
mytty-vpn The mytty tag identifies traffic associated with VPN or tunneling configurations related to MyTTY, which is often a terminal or SSH client tool. It refers to the specific network signature of tunneling sessions initiated via this utility. | Reference: https://apkpure.com/mytty/com.mytty
mytunneling-vpn MyTunneling refers to MyTunneling, a service provider that offers SSH, OpenVPN, and other tunneling accounts. It is frequently used for bypassing firewall restrictions and securing internet connections through various protocols. | Reference: https://mytunneling.com/
myvpnbg-vpn MyVPN.bg identifies MyVPN.bg, a VPN service provider based in Bulgaria offering secure internet access. It provides users with encrypted tunnels to protect their data and mask their location. | Reference: https://myvpn.bg/
n-vpn nVpn (often stylized as nVPN) is a privacy service provider known for offering dedicated IPs and shared IP options with a strict no-logging policy. | Reference: https://nvpn.net/
namecheap-vpn Namecheap-VPN refers to FastVPN, the virtual private network service offered by the domain registrar Namecheap. It is a legitimate tool used to secure public Wi-Fi connections and keep browsing activity private. | Reference: https://www.namecheap.com/vpn/
namu-vpn The NaMu-VPN tag identifies a VPN service or proxy often associated with users accessing Namu Wiki or similar Korean internet services. It provides routing capabilities to bypass regional filtering or restrictions. | Reference: https://play.google.com/store/apps/details?id=com.namu.vpn
near-vpn NearVPN refers to NearVPN, a service designed to provide secure and private internet connectivity. It allows users to connect to remote servers to encrypt their traffic and change their virtual location. | Reference: https://nearvpn.com/
netflixvpn NetflixVPN identifies a VPN service specifically marketed or optimized for accessing Netflix content from different regions. This tag covers infrastructure used to route streaming traffic to bypass geo-blocking. | Reference: https://www.NetflixVPN.com/
netfree-vpn NetFree-VPN refers to NetFree, an Israeli internet service provider that uses VPN technology to provide filtered internet access. It is designed to block inappropriate content while allowing secure connectivity for its users. | Reference: https://netfree.link/
netscaler NetScaler (now Citrix ADC) is an enterprise-grade application delivery controller that includes an SSL VPN gateway feature for secure remote access. This tag identifies the legitimate infrastructure used by organizations to provide employees with secure access to internal resources. | Reference: https://www.citrix.com/products/citrix-adc/
netshade-vpn NetShade-VPN is a dedicated proxy and VPN application designed specifically for macOS users to anonymize their internet connection and secure their data. | Reference: https://raynersw.com/netshade/
newvpn New-VPN refers to a tag of mobile application-based virtual private network services typically found on app stores designed to secure mobile data connections. | Reference: https://apps.apple.com/us/app/new-vpn/id1528224972
nginx Nginx is a high-performance open-source web server, reverse proxy, and load balancer used to handle high traffic loads and manage network requests efficiently. | Reference: https://nginx.org/en/
nielsen-app-vpn The Nielsen App-VPN is a local VPN profile installed by the Nielsen Mobile App to collect usage data for market research purposes rather than for standard user privacy. | Reference: https://computermobile.nielsen.com/
njalla-vpn Njalla is a privacy-focused virtual private network service offered by the anonymous domain registrar Njalla, emphasizing user anonymity. | Reference: https://njal.la/vpn/
nordvpn NordVPN is a major commercial virtual private network service provider that offers features like double encryption and Onion over VPN to enhance user privacy. | Reference: https://NordVPN.com/
norton-vpn Norton-VPN is a security feature often included with Norton 360 or sold separately that encrypts internet traffic to protect personal information on public Wi-Fi. | Reference: https://us.norton.com/products/norton-secure-vpn
nova-vpn NovaVPN acts as a mobile-focused virtual private network application allowing users to bypass geo-restrictions and secure their internet connection via mobile devices. | Reference: https://play.google.com/store/apps/details?id=com.novavpn.android
nurichina-vpn Nurichina is a service specifically designed to help users bypass internet restrictions and maintain connectivity, particularly for users within the Chinese network environment. | Reference: http://www.nurichina.com/
octane-vpn Octane-VPN is a commercial VPN provider that offers high-speed encrypted gateways and supports multiple protocols for secure browsing. | Reference: https://octanevpn.com/
octo-vpn OctoVPN is a specialized hosting and VPN provider that focuses on DDoS protection and low-latency connections, primarily marketing itself to gamers. | Reference: https://octovpn.com/
okay-vpn OkayVPN is a virtual private network application found on mobile platforms designed to unblock websites and secure Wi-Fi hotspots. | Reference: https://play.google.com/store/apps/details?id=com.okayvpn
oko-vpn Oko-VPN is a free VPN service application that provides users with encrypted internet access and the ability to change their virtual location. | Reference: https://apps.apple.com/us/app/Oko-VPN-pro-secure-fast/id1540660662
one-host-vpn One Host-VPN refers to VPN services associated with OneHost Cloud or similar hosting providers that allow users to tunnel traffic through a hosted endpoint. | Reference: https://onehostcloud.hosting/
openvpn OpenVPN is a widely used open-source commercial software and protocol that implements virtual private network techniques to create secure point-to-point or site-to-site connections. | Reference: https://openvpn.net/
openvpn OpenVPN is an open-source VPN protocol and software solution used to create secure point-to-point or site-to-site connections in routed or bridged configurations. | Reference: https://OpenVPN.net/
opera Opera is a multi-platform web browser that features a built-in, free browser-based proxy service often referred to as a VPN. | Reference: https://www.Opera.com/
opera-vpn Opera-VPN is the specific built-in browser proxy feature provided by the Opera web browser to mask the user's IP address while surfing the web. | Reference: https://www.opera.com/features/free-vpn
osmozis-vpn Osmozis-VPN refers to the network infrastructure and secure connection services provided by Osmozis specifically for the holiday industry and connected campsites. | Reference: https://www.osmozis.com/
ostrich-vpn Ostrich-VPN is a mobile virtual private network application that offers fast and secure proxy services to protect user privacy. | Reference: https://play.google.com/store/apps/details?id=com.ostrichvpn.app
ovpn OVPN is a Swedish VPN provider that emphasizes physical security by operating without hard drives on their servers to ensure no logs are stored. | Reference: https://www.OVPN.com/
oxylabs-proxy Oxylabs refers to the large-scale residential and datacenter proxy networks provided by Oxylabs for public web data gathering. | Reference: https://oxylabs.io/
oyster-vpn OysterVPN is a virtual private network service that offers global server connectivity and encryption to ensure online privacy and unrestricted internet access for its users. | Reference: https://www.oystervpn.com/
panda-vpn PandaVPN is a security and privacy tool that allows users to mask their IP addresses and encrypt their internet traffic across various devices. | Reference: https://pandavpnpro.com/
pandapro-vpn PandaVPN Pro is a cross-platform VPN application designed to provide encrypted connections and proxy services for secure browsing and accessing geo-blocked content. | Reference: https://pandavpnpro.com/
paran-vpn Paran VPN is a mobile virtual private network application that facilitates secure and anonymous internet browsing by tunneling user traffic through remote servers. | Reference: https://play.google.com/store/apps/details?id=com.paran.vpn
pearl-vpn Pearl VPN is a network utility designed to protect user privacy by establishing secure, encrypted connections to the internet via proxy servers. | Reference: https://play.google.com/store/apps/details?id=com.pearl.vpn
pentaloop-vpn Pentaloop VPN refers to the suite of proxy and VPN tools developed by Pentaloop, such as "VPN - Super Unlimited Proxy," intended for secure and unrestricted web access. | Reference: https://pentaloop.com/
perfect-privacy Perfect Privacy is a premium VPN provider that emphasizes advanced anonymity features, such as multi-hop cascading connections and a strict no-logs policy. | Reference: https://www.Perfect Privacy.com/
perfect-privacy-vpn perfect-privacy-vpn is a premium VPN provider based in Switzerland that focuses on high security, multi-hop connections, and anonymity. | Reference: https://www.perfect-privacy.com/
perimeter81-vpn Perimeter 81 is a cloud-based Secure Access Service Edge (SASE) and VPN solution designed to provide businesses with secure remote network access and management. | Reference: https://www.perimeter81.com/
pevpn PeVPN is a virtual private network tool that encrypts internet traffic to protect user data and mask digital identities while browsing online. | Reference: https://play.google.com/store/apps/details?id=com.pe.vpn
phantom-avira-vpn Avira Phantom VPN is a security software developed by Avira that encrypts web communications and anonymizes user activity to prevent online tracking. | Reference: https://www.avira.com/en/free-vpn
pia Private Internet Access (Private Internet Access (PIA)) is a widely used commercial VPN service known for its open-source software and extensive network of servers for securing user privacy. | Reference: https://www.privateinternetaccess.com/
pia-vpn pia-vpn, also known as Private Internet Access, is a widely used commercial VPN service that emphasizes user privacy and open-source software transparency. | Reference: https://www.privateinternetaccess.com/
pigeon-vpn Pigeon VPN is a mobile proxy application that enables users to bypass network firewalls and browse the internet anonymously through secure tunnels. | Reference: https://play.google.com/store/apps/details?id=com.pigeon.vpn
pinoyground-vpn PinoyGround VPN is a tunneling application tailored for bypassing network restrictions and securing connections, popularly used within the Philippines region. | Reference: https://play.google.com/store/apps/details?id=com.pinoyground.vpn
plex-vpn PlexVPN is a network acceleration and privacy service that provides global server nodes to help users access content quickly and securely. | Reference: https://www.plexvpn.pro/
power-vpn Power VPN is a free VPN application that offers secure tunneling protocols and unlimited bandwidth to protect user data and unblock restricted websites. | Reference: https://www.powervpn.org/
pptp The Point-to-Point Tunneling Protocol (Point-to-Point Tunneling Protocol (PPTP)) is a legacy network protocol used to implement virtual private networks by encapsulating Point-to-Point Protocol (PPP) frames. | Reference: https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
premiumize-vpn Premiumize VPN is a privacy service included with the Premiumize.me cloud storage subscription, allowing users to secure their internet connections and download activities. | Reference: https://www.premiumize.me/
privacy-hero-vpn Privacy Hero is a specialized VPN router and service designed to protect all home devices and optimize connections for streaming content securely. | Reference: https://www.privacyhero.com/
privado-vpn PrivadoVPN is a Swiss-based VPN service that offers secure, encrypted internet access with a strong focus on privacy protection and zero-logging. | Reference: https://privadovpn.com/
privatetunnel-vpn Private Tunnel was a commercial VPN service developed by the creators of OpenVPN to provide secure, encrypted internet access for consumers. | Reference: https://www.privatetunnel.com/
privatevpn PrivateVPN is a Sweden-based commercial VPN service that provides encryption and anonymity to secure internet connections. | Reference: https://PrivateVPN.com/
privatewifi-vpn Private WiFi is a cloud-based VPN solution designed to encrypt data transmitted over unsecure public WiFi networks. | Reference: https://www.privatewifi.com/
prosto-vpn ProstoVPN is a virtual private network application, often marketed to Russian-speaking users, that enables access to blocked content and websites. | Reference: https://ProstoVPN.ru/
proton-vpn proton-vpn is a security-focused VPN service developed by the scientists behind ProtonMail, emphasizing strict no-logging policies. | Reference: https://protonvpn.com/
protonvpn ProtonVPN is a security-focused VPN service developed by the scientists at CERN behind ProtonMail, prioritizing privacy and transparency. | Reference: https://ProtonVPN.com/
provpn ProVPN is a VPN service application that allows users to browse the internet securely by masking their IP address. | Reference: https://play.google.com/store/apps/details?id=com.proficient.ProVPN
provpn-world-vpn Provpn World-VPN is a mobile VPN application that provides users with a variety of global server locations for secure browsing. | Reference: https://play.google.com/store/apps/details?id=com.provpn.world
proxynvpn ProxyNVPN is a service that combines proxy and VPN technologies to offer users secure and unrestricted internet access. | Reference: https://www.ProxyNVPN.com/
psiphon3-vpn Psiphon 3-VPN is a circumvention tool that utilizes VPN, SSH, and HTTP proxy technology to provide uncensored access to internet content. | Reference: https://psiphon.ca/
pure-vpn PureVPN is a commercial VPN service provider offering multi-platform support and features designed to enhance online privacy and bypass geographical content restrictions. | Reference: https://www.purevpn.com/
purevpn PureVPN is a long-standing commercial VPN provider offering a wide network of servers and features like split tunneling and dedicated IPs. | Reference: https://www.PureVPN.com/
quark-vpn QuarkVPN is a VPN service that provides free and unlimited bandwidth to users looking to secure their network traffic. | Reference: https://quarkvpn.com/
quickq-vpn QuickQ is a network accelerator and VPN tool designed to improve connection stability and speed for accessing international networks. | Reference: https://www.quickq.io/
qustodio-parental-vpn Qustodio Parental-VPN refers to the local VPN configuration used by the Qustodio parental control app to filter content and monitor activity on a device. | Reference: https://www.qustodio.com/
ra4w-vpn RA4W-VPN is a budget-oriented VPN service that offers high-speed servers and unmetered bandwidth for anonymous browsing. | Reference: https://ra4wvpn.com/
rabbit-vpn Rabbit-VPN is a mobile VPN proxy application designed to help users bypass geo-restrictions and secure their connection. | Reference: https://play.google.com/store/apps/details?id=com.rabbitvpn.fast
race-vpn Racevpn is a virtual private network tool that provides data encryption and IP masking services for privacy protection. | Reference: https://play.google.com/store/apps/details?id=com.racevpn.client
rapid-vpn RapidVPN is a provider that specializes in offering dedicated and static IP addresses alongside standard VPN encryption services. | Reference: https://www.rapidvpn.com/
rasya-computer-vpn Rasya Computer-VPN refers to specific VPN configurations or tunneling tools distributed by the Rasya Computer entity for internet access. | Reference: https://www.youtube.com/channel/UCyM7_u0DtiZQYKy7D63k_7g
refresh-vpn RefreshVPN is a VPN application that offers free proxy services to secure internet sessions and access blocked sites. | Reference: https://play.google.com/store/apps/details?id=com.refresh.vpn
resi-vpn ResiVPN refers to a Residential VPN service, which routes user traffic through residential IP addresses to simulate genuine home user activity. | Reference: https://resivpn.net/
rgntunnel-vpn RGNTunnel is a tunneling application that functions as a VPN to provide secure and private internet connectivity. | Reference: https://play.google.com/store/apps/details?id=com.rgntunnel.app
riseup-vpn RiseupVPN is a non-commercial, personal VPN service provided by the Riseup collective, designed to bypass censorship and anonymize the location of activists and social movements. It does not require user registration or log user data. | Reference: https://riseup.net/en/vpn
rocket-vpn Rocket VPN is a mobile application available on Android and iOS that provides encrypted internet access and allows users to unblock geographically restricted content. It features a built-in browser and proxy functionality for enhanced privacy. | Reference: https://play.google.com/store/apps/details?id=com.liquidum.rocket.vpn
rus-vpn RUS VPN was a commercial VPN service offering extensions for browsers and mobile applications to secure internet connections and change IP addresses. The service has since rebranded to Planet VPN. | Reference: https://freevpnplanet.com/
rvpn rVPN (often stylized as R VPN) is a virtual private network application designed for Android devices to provide secure proxy services and internet browsing. It focuses on simplicity and ease of access for mobile users. | Reference: https://play.google.com/store/apps/details?id=com.rVPN.main
ryn-vpn Ryn VPN is a free VPN proxy server application for mobile devices designed to unblock websites and protect user privacy on public Wi-Fi hotspots. It utilizes encryption to secure data traffic. | Reference: https://play.google.com/store/apps/details?id=com.wRynVPN_13774643
safer-vpn SaferVPN is a premium commercial VPN service known for its speed and ease of use, offering automatic Wi-Fi security and a global server network. It was acquired by NetProtect and is often integrated with other brands like StrongVPN. | Reference: https://www.safervpn.com/
safesurf-vpn Safesurf VPN is a mobile application that provides proxy services to help users bypass geo-restrictions and browse the internet anonymously. It aims to protect personal identity and data on unsecured networks. | Reference: https://play.google.com/store/apps/details?id=com.safesurf.vpn
salamander-vpn Salamander VPN is a network utility app designed to provide secure and private internet access through encrypted tunnels. It is typically distributed via mobile app stores for Android devices. | Reference: https://apkpure.com/Salamander/com.salamandervpn
samsung-vpn Samsung VPN refers to Samsung Max, a data savings and privacy management app that includes a VPN feature to encrypt data and mask DNS requests on Samsung Galaxy devices. It helps protect users on public Wi-Fi networks. | Reference: https://www.samsung.com/us/apps/samsung-max/
sanctuary-star-vpn Sanctuary Star VPN is a mobile VPN application that offers proxy services to secure internet connections and access blocked content. It is available on the Google Play Store for Android users. | Reference: https://play.google.com/store/apps/details?id=com.sanctuary.star.vpn
sasaki-vpn Sasaki VPN is a specific mobile VPN application designed to provide high-speed proxy connections for browsing and streaming. It emphasizes user privacy and the ability to bypass network restrictions. | Reference: https://play.google.com/store/apps/details?id=com.sasaki.vpn
saturn-vpn SaturnVPN is a commercial VPN provider that offers accounts compatible with multiple protocols, including Cisco AnyConnect, OpenVPN, and PPTP. It focuses on providing static IP services and accessing restricted websites. | Reference: https://saturnvpn.com/
secret-vpn Secret VPN is a mobile application that offers free and unlimited VPN proxy services to help users protect their online privacy and unblock websites. It markets itself on providing anonymity and secure browsing. | Reference: https://play.google.com/store/apps/details?id=com.secret.vpn.proxy
secure-android-vpn secure-android-vpn generally refers to mobile VPN applications, such as Secure VPN, designed specifically to encrypt data on the Android operating system. | Reference: https://play.google.com/store/search?q=secure+vpn
secvpn SecVPN is a VPN proxy tool that assists users in accessing blocked apps and sites while securing their device's connection. It is designed for ease of use on mobile platforms. | Reference: https://www.SecVPN.org/
seed4me-vpn Seed4.Me is a private VPN club and proxy service that supports multiple devices and operating systems. It focuses on unblocking internet content and protecting traffic from hackers and providers. | Reference: https://seed4.me/
sekai-vpn Sekai VPN is a Japanese VPN service provided by Interlink Co., Ltd., offering IP addresses from various countries to help users access geo-restricted content. It supports standard protocols like OpenVPN and IKEv2. | Reference: https://www.SekaiVPN.com/en/
senovpn Senovpn is a mobile VPN application that provides secure tunnel connections to protect user privacy and bypass internet censorship. It is typically found on Android app marketplaces. | Reference: https://play.google.com/store/apps/details?id=com.Senovpn.app
sentinel-vpn Sentinel is a decentralized VPN (dVPN) protocol built on blockchain technology that allows anyone to become a bandwidth provider or user. It aims to provide a resilient, open-source network for privacy that cannot be shut down by a central authority. | Reference: https://sentinel.co/
sharehub-vpn ShareHub VPN is a mobile application offering proxy services to facilitate secure browsing and access to restricted content. It functions as a standard consumer VPN tool for Android devices. | Reference: https://play.google.com/store/apps/details?id=com.sharehub.vpn
shellfire-vpn Shellfire VPN is a German-based service that provides encrypted internet connections and offers a dedicated hardware device known as the Shellfire Box for securing network traffic. | Reference: https://www.shellfire.net/
shvpn shvpn is a tunneling application, primarily for mobile devices, that utilizes SSH and VPN protocols to secure connections and bypass network restrictions. | Reference: https://play.google.com/store/apps/details?id=com.shvpn.ssh
siege-vpn Siege-VPN is a mobile virtual private network application designed to protect user privacy and unblock geo-restricted content through data encryption. | Reference: https://apkcombo.com/Siege-VPN/com.siege.vpn/
signalsecure-vpn SignalSecure VPN, often referred to as Robot VPN, is a mobile application that offers high-speed, encrypted proxy services to ensure user anonymity. | Reference: https://play.google.com/store/apps/details?id=com.hssb.supervpn.free
skyvpn SkyVPN is a popular free VPN proxy server application that allows users to unblock websites and apps while securing their data on public Wi-Fi hotspots. | Reference: https://www.SkyVPN.net/
slick-vpn SlickVPN is a commercial VPN provider that offers encrypted internet access and features the HYDRA multi-hop protocol for enhanced location masking. | Reference: https://www.slickvpn.com/
slowdns-vpn SlowDNS VPN is a tunneling tool designed to establish secure connections over the DNS protocol, allowing users to bypass firewalls that restrict other traffic types. | Reference: https://play.google.com/store/apps/details?id=com.tunnelguru.slowdns
smart-vpn Smart VPN is a generic identifier for various VPN applications and network features that automatically optimize routing and encrypt internet traffic for security. | Reference: https://play.google.com/store/search?q=smart%20vpn
smarty-dns-vpn SmartyDNS is a service that combines traditional VPN encryption with Smart DNS technology to facilitate access to geo-blocked streaming content. | Reference: https://www.smartydns.com/
smile-vpn Smile VPN is a mobile proxy application that provides free VPN services to help users hide their IP addresses and access blocked internet resources. | Reference: https://play.google.com/store/apps/details?id=com.smile.vpn
snap-vpn Snap VPN is a mobile application that provides free and unlimited VPN proxy services to secure devices and bypass regional content restrictions. | Reference: https://play.google.com/store/apps/details?id=free.vpn.unblock.proxy.snapvpn
snapmaster-vpn SnapMaster VPN is a widely used mobile VPN application that encrypts user traffic and masks IP addresses to ensure online privacy and security. | Reference: https://snapmastervpn.com/
snowd-vpn Snowd VPN is a privacy tool that offers encrypted internet access and IP masking to protect users from surveillance and data tracking. | Reference: https://snowd.com/
soax-proxy Soax is a residential and mobile proxy service platform that offers whitelisted IP addresses for legitimate data collection and ad verification purposes. | Reference: https://soax.com/
softether SoftEther VPN is an open-source, multi-protocol VPN software project developed at the University of Tsukuba that supports SSL-VPN, L2TP/IPsec, OpenVPN, and MS-SSTP. | Reference: https://www.SoftEther.org/
sonicwall SonicWall is a cybersecurity vendor that manufactures a range of network security appliances, including firewalls and VPN concentrators designed to protect network perimeters. | Reference: https://www.SonicWall.com/
Sub-Tags (1)
Name Description
ssl-vpn The SSL tag identifies SonicWall's Secure Sockets Layer Virtual Private Network solution, which facilitates secure remote access to enterprise networks. | Reference: https://www.sonicwall.com/products/remote-access/vpn-clients/
sousoukuai-vpn Sousoukuai VPN (often associated with "Sousou") appears to be a regional mobile VPN or network accelerator app designed to improve connection speeds and bypass restrictions. | Reference: https://apkpure.com/search?q=sousoukuai
speed-ssh-vpn Speed SSH VPN is a service provider that offers SSH and VPN accounts configured for tunneling, allowing users to secure their connections and bypass network filters. | Reference: https://speedssh.com/
speedify-vpn Speedify VPN is a channel bonding service that combines multiple internet sources, such as Wi-Fi and cellular data, to create a faster and more reliable secure connection. | Reference: https://speedify.com/
speedvpnapp-vpn SpeedVPN is a free VPN application for Android devices that focuses on providing a simple, one-click solution for secure and fast internet browsing. | Reference: https://play.google.com/store/apps/details?id=com.speedvpn.app
spod-vpn Spod VPN is a virtual private network service that emphasizes high-grade encryption and anonymity to protect user data from third-party tracking. | Reference: https://spodvpn.com/
ssh0-vpn SSH0 VPN refers to services offered by providers like ssh0.com, which supply free SSH and VPN accounts for users to create secure encrypted tunnels. | Reference: https://www.ssh0.com/
sshmax-vpn SSHMax refers to SSHMax, an online service that allows users to create free high-speed SSH and OpenVPN accounts for secure tunneling. | Reference: https://sshmax.net/
sshocean-vpn sshOcean denotes SSHOcean, a web-based provider offering free SSH, SSL/TLS, and OpenVPN accounts aimed at secure browsing and tunneling. | Reference: https://sshocean.com/
sshplus-vpn Sshplus refers to SSH Plus (often SSH Plus PRO), a VPN tunneling application for Android devices used to manage custom SSH connections. | Reference: https://play.google.com/store/apps/details?id=com.sshplus.pro
sshssl-vpn SSHSSL-VPN is associated with SSHSSL, a website service that provides users with free premium SSH and VPN accounts supporting SSL/TLS encapsulation. | Reference: https://www.sshssl.com/
sshstores-vpn SSH Stores refers to SSHStores, a platform that allows users to create premium and free SSH and OpenVPN accounts with servers located in various countries. | Reference: https://sshstores.net/
ssronline-vpn Ssronline-VPN refers to online services providing ShadowsocksR (SSR) accounts, which is a secure split-proxy protocol used for bypassing network restrictions. | Reference: https://github.com/shadowsocksrr/shadowsocksr
sstp Secure Socket Tunneling Protocol (SSTP) stands for the Secure Socket Tunneling Protocol, a VPN protocol developed by Microsoft that transports traffic through an SSL/TLS channel. | Reference: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-Secure Socket Tunneling Protocol (SSTP)/
sstpvpn SSTPVPN refers to a VPN service or implementation specifically utilizing the Secure Socket Tunneling Protocol (SSTP) for establishing encrypted connections. | Reference: https://www.SSTPVPN.com/
ssvpn-ru-vpn SSVPN RU-VPN appears to refer to ssvpn.ru, a Russian-language service offering VPN connections and anonymization tools. | Reference: https://ssvpn.ru/
star-app-vpn Star App-VPN refers to the mobile application "Star VPN," which provides free proxy and VPN services for iOS and Android devices. | Reference: https://www.starvpn.com/
star-vpn Star-VPN denotes the Star VPN service, a virtual private network provider offering unlimited bandwidth and server locations for privacy protection. | Reference: https://www.starvpn.com/
start-vpn Start-VPN is a mobile VPN application designed to provide users with secure and private internet access through encrypted proxy servers. | Reference: https://play.google.com/store/apps/details?id=com.startvpn.app
steganos-vpn Steganos refers to the VPN component of Steganos Online Shield, a security software suite developed by the German company Steganos. | Reference: https://www.steganos.com/en/products/Steganos-online-shield
streamvia-vpn StreamVia refers to StreamVia, a VPN provider that focuses on offering dedicated IP addresses and optimized routes for streaming content. | Reference: https://www.streamvia.com/
strong-hold-vpn StrongHold is a mobile VPN application, often found on Android platforms, designed to secure internet connections via proxy tunneling. | Reference: https://apkcombo.com/stronghold-vpn/com.stronghold.vpn/
strong-vpn StrongVPN refers to StrongVPN, a long-standing commercial VPN service provider known for its support of the WireGuard protocol and broad device compatibility. | Reference: https://strongvpn.com/
strongvpn StrongVPN serves as an alternate tag for StrongVPN, a global VPN service offering encryption and IP masking to protect user privacy. | Reference: https://StrongVPN.com/
stunnelvip-vpn S Tunnel VIP refers to StunnelVip, a service or application often used for creating SSH and SSL tunnels to secure mobile data connections. | Reference: https://stunnelvip.com/
summer-time-vpn Summer Time-VPN is a mobile VPN application available on the Google Play Store that offers free proxy services for internet browsing. | Reference: https://play.google.com/store/apps/details?id=com.summertime.vpn
sunrise-vpn Sunrise-VPN refers to a mobile VPN application designed to unblock websites and secure public Wi-Fi connections through proxy tunneling. | Reference: https://play.google.com/store/apps/details?id=com.sunrise.vpn
sunssh-vpn Sunssh-VPN is a service provided by SunSSH that offers SSH tunneling and VPN accounts, often utilized for bypassing network restrictions and securing internet connections. | Reference: https://sunssh.com/
supervpn SuperVPN is a popular free VPN application for mobile devices that allows users to encrypt their traffic and mask their IP address without requiring registration. | Reference: https://play.google.com/store/apps/details?id=com.jrzheng.supervpnfree
supervpn360-vpn SuperVPN360 is a virtual private network service application designed to provide secure browsing and access to geo-blocked content on mobile platforms. | Reference: https://apps.apple.com/us/app/super-vpn-360-proxy-master/id1462557672
surf-easy-vpn SurfEasy-VPN is a consumer VPN service, originally developed by SurfEasy Inc., that provides privacy protection and Wi-Fi security across multiple devices. | Reference: https://www.surfeasy.com/
surfshark Surfshark is a commercial VPN service provider known for offering unlimited simultaneous connections and features to enhance user privacy and block online tracking. | Reference: https://Surfshark.com/
surfshark-vpn Surfshark VPN is a cybersecurity tool that secures digital identities by encrypting internet traffic and masking IP addresses across unlimited devices. | Reference: https://surfshark.com/
swiss-vpn SwissVPN is a Switzerland-based VPN service that leverages the country's privacy laws to provide secure, encrypted internet access for its users. | Reference: https://www.swissvpn.net/
switch-vpn SwitchVPN is a commercial VPN provider that supports various protocols and focuses on providing high-speed connections for streaming and unblocking web content. | Reference: https://switchvpn.net/
tailscale-derp tailscale-DERP refers to the Designated Encrypted Relay for Packets (DERP) infrastructure used by Tailscale to relay traffic between nodes when a direct peer-to-peer connection cannot be established. | Reference: https://tailscale.com/blog/how-tailscale-works/
tala-vpn Tala-VPN is a mobile VPN application that provides users with proxy services to secure their internet connection and access restricted websites. | Reference: https://apkpure.com/Tala-VPN-secure-fast-proxy/com.talavpn.app
tango-privacy-vpn Tango Privacy-VPN is a virtual private network tool designed to protect user privacy and secure data transmission over public networks. | Reference: https://play.google.com/store/apps/details?id=com.tangovpn.android
tap-vpn TapVPN is a VPN utility app that offers a simple interface for users to connect to proxy servers for anonymous browsing and data encryption. | Reference: https://play.google.com/store/apps/details?id=com.tapvpn.free
taxi-vpn Taxi-VPN is a mobile VPN application intended to help users bypass regional restrictions and secure their network traffic through proxy servers. | Reference: https://apkpure.com/Taxi-VPN-secure-fast-proxy/com.taxivpn.app
tcpvpn TcpVPN is a service provider that offers free SSH and VPN accounts, allowing users to create secure tunnels for browsing and network bypass purposes. | Reference: https://www.TcpVPN.com/
techoragon-vpn Techoragon-VPN refers to VPN tools and configuration files provided by the Techoragon tech community, often used for SSH tunneling and free internet tricks. | Reference: https://techoragon.com/
tg-vpn TG-VPN is a VPN service, often available as a mobile app, designed to secure internet connections and facilitate access to messaging platforms or blocked content. | Reference: https://play.google.com/store/apps/details?id=com.tgvpn.proxy
thevpn-kr-vpn TheVPN KR-VPN is a VPN service, associated with The VPN Co., Ltd, that focuses on providing Korean IP addresses and secure access for users in or outside of South Korea. | Reference: https://play.google.com/store/apps/details?id=kr.co.thevpn
thunder-vpn Thunder-VPN is a widely used free VPN application for Android that provides unlimited proxy services to unblock sites and secure Wi-Fi connections. | Reference: https://play.google.com/store/apps/details?id=com.fast.free.unblock.thunder.vpn
thundernet ThunderNet is a network service brand offering VPN solutions to provide users with high-speed, secure internet tunneling capabilities. | Reference: https://play.google.com/store/apps/details?id=com.ThunderNet.vpn
tiger-vpn tigerVPN is a commercial VPN provider that offers a global network of servers to ensure online anonymity and access to geo-restricted content. | Reference: https://www.tigervpn.com/
tik-vpn TikVPN is a proxy and VPN service designed to secure personal data and provide access to global content through its server network. | Reference: https://www.tikvpn.com/
tikvpn TikVPN is a privacy-focused service that encrypts internet traffic to secure user data and enable unrestricted access to global content and streaming services. | Reference: https://www.TikVPN.com/
time-vpn TimeVPN is a mobile virtual private network application designed to provide users with secure, encrypted internet connectivity and proxy services. | Reference: https://play.google.com/store/apps/details?id=com.time.vpn
tls-vpn TLS-VPN generally refers to a VPN implementation using the Transport Layer Security protocol, or specific mobile applications like TLS Tunnel designed to bypass network restrictions. | Reference: https://play.google.com/store/apps/details?id=com.tlsvpn.tlsvpn
today-vpn Today-VPN is a proxy utility available on mobile platforms that allows users to mask their online identity and access geo-blocked websites through encrypted tunnels. | Reference: https://play.google.com/store/apps/details?id=com.today.vpn
tomato-vpn Tomato-VPN is a free virtual private network service for mobile devices that aims to unblock websites and protect user privacy on public Wi-Fi hotspots. | Reference: https://play.google.com/store/apps/details?id=com.ironmeta.security.turbo.proxy.vpntomato
tor-guard-vpn Tor Guard VPN is an anonymous virtual private network and proxy service designed to provide encryption and protect user identity online. | Reference: https://torguard.net/
torguard TorGuard is a commercial VPN service provider that offers anonymous IP addresses and encryption services designed to protect user privacy and bypass censorship. | Reference: https://TorGuard.net/
touch-vpn touch-vpn is a popular free VPN service available as a browser extension and mobile application for encrypting web traffic. | Reference: https://touchvpn.net/
touchvpn TouchVPN is a popular free VPN service available on multiple platforms that provides one-click encryption to secure internet connections and access blocked content. | Reference: https://TouchVPN.net/
transocks-vpn Transocks is a network proxy tool designed primarily for overseas users to access domestic Chinese content and accelerate media streaming by routing traffic back to China. | Reference: https://www.transocks.com/
trendmicro-vpn TrendMicro-VPN, often branded as VPN Proxy One, is a security solution by Trend Micro that provides encryption and web threat protection to ensure public Wi-Fi security. | Reference: https://www.trendmicro.com/en_us/forHome/products/vpn-proxy-one-pro.html
trust-zone-vpn Trust.Zone is a Seychelles-based virtual private network service that emphasizes anonymity and prevents ISP tracking through encrypted tunnels. | Reference: https://trust.zone/
tunnelbear TunnelBear is a user-friendly public VPN service owned by McAfee that provides secure, encrypted internet access with a focus on simplicity and approachable branding. | Reference: https://www.TunnelBear.com/
tunnelbear-vpn TunnelBear VPN is a user-friendly public virtual private network service known for its simplified interface, providing encrypted internet browsing for consumer devices. | Reference: https://www.tunnelbear.com/
tunnelsats-vpn TunnelSats is a service that allows users to purchase VPN access using Bitcoin via the Lightning Network, prioritizing payment privacy and anonymity. | Reference: https://tunnelsats.com/
turbo-vpn Turbo-VPN is a widely used mobile VPN application that offers free and unlimited proxy services to help users bypass firewalls and secure their network traffic. | Reference: https://turbovpn.com/
turbolite-vpn Turbolite is the lightweight version of the popular Turbo VPN application, designed to save storage space while providing secure proxy services for mobile devices. | Reference: https://play.google.com/store/apps/details?id=free.vpn.unblock.proxy.turbovpn.lite
twingate twingate is a modern zero-trust network access solution that replaces traditional VPNs by allowing secure remote access to private resources without exposing the network. | Reference: https://www.twingate.com/
u2play-vpn U2PLAY-VPN (commonly associated with U2VPN) is a mobile network tool designed to provide secure browsing and access to restricted websites through proxy servers. | Reference: https://play.google.com/store/apps/details?id=free.vpn.unblock.proxy.u2vpn
ufo-vpn UFO-VPN is a virtual private network service that offers fast connection speeds and multiple server locations to help users maintain online privacy and access streaming content. | Reference: https://ufovpn.io/
uktv-vpn UKTV-VPN refers to VPN services or specific apps tailored to allow users outside the United Kingdom to access UK-based streaming channels and television content. | Reference: https://play.google.com/store/apps/details?id=secure.uk.vpn
ultrasurf-vpn UltraSurf-VPN allows users to bypass internet censorship and firewalls to access blocked websites while encrypting their online traffic to protect user identity. | Reference: https://ultrasurf.us/
unblock-master-vpn Unblock Master is a mobile application that provides VPN proxy services to help users bypass geo-restrictions and browse the web anonymously. | Reference: https://play.google.com/store/apps/details?id=com.free.vpnmater.unblock.proxy
union-vpn Union VPN is a mobile virtual private network application that allows users to secure their internet connection and protect their privacy. | Reference: https://play.google.com/store/apps/details?id=com.unionvpn.android
unique-vpn Unique VPN is a proxy tool designed to encrypt network traffic and help users bypass geographic restrictions on online content. | Reference: https://play.google.com/store/apps/details?id=com.unique.vpn
unlimitedvpnpro-vpn UnlimitedVPNPro VPN is a digital service, typically found as a mobile app, that provides unlimited bandwidth for secure and private web browsing. | Reference: https://play.google.com/store/apps/details?id=com.free.vpn.unlimited.proxy
unlocator-vpn Unlocator VPN is a service that combines Smart DNS and VPN technologies to allow users to unblock geo-restricted streaming services and browse privately. | Reference: https://unlocator.com/
unseen-online-vpn Unseen Online VPN is a privacy-focused service that encrypts user traffic to mask their identity and location while navigating the internet. | Reference: https://unseen.online/
urban-vpn Urban VPN is a free, peer-to-peer virtual private network provider that routes traffic through a community network of user devices to bypass restrictions. | Reference: https://www.Urban-VPN.com/
usaip-vpn USAIP VPN is a service provider that offers IP addresses from the USA and other countries via protocols like PPTP, L2TP, and OpenVPN for anonymity. | Reference: https://www.usaip.eu/
useed-vpn Useed VPN is a feature provided by the Useed seedbox service, allowing users to establish a secure OpenVPN connection to their hosted infrastructure. | Reference: https://www.useed.fr/
uvpn uVPN is a commercial VPN provider offering applications for various platforms to secure data transmission and unblock global content. | Reference: https://uVPN.me/
v2net-vpn V2Net VPN is a network proxy application designed to accelerate internet speed and assist users in bypassing firewall restrictions. | Reference: https://play.google.com/store/apps/details?id=com.v2net.app
v2ss-vpn V2SS VPN refers to proxy services utilizing V2Ray or Shadowsocks protocols to provide secure and censorship-resistant internet access. | Reference: https://v2ss.com/
v6-vpn V6 VPN is a mobile virtual private network tool that offers fast and secure proxy services, often emphasizing modern protocol support. | Reference: https://play.google.com/store/apps/details?id=com.v6.vpn
vanished-vpn Vanished VPN is an Australian-based service specifically optimized for streaming content from overseas by masking the user's physical location. | Reference: https://www.vanishedvpn.com.au/
veee-plus-vpn Veee Plus VPN (Veee+) is a mobile application that provides encrypted proxy connections to help users protect their privacy and access blocked websites. | Reference: https://play.google.com/store/apps/details?id=com.veee.vpn
veepn VeePN is a security and privacy service offering a network of global servers and strong encryption to protect user data from third-party tracking. | Reference: https://VeePN.com/
veepn-vpn veepn-vpn is a privacy-focused VPN service based in Panama that offers protection against data sniffing and online tracking. | Reference: https://veepn.com/
vfulup-vpn Vfulup VPN is a mobile proxy application designed to provide users with a secure and fast connection for browsing the internet anonymously. | Reference: https://apkcombo.com/Vfulup-fast-proxy/com.vfulup.vpn/
viet-pn-vpn Viet PN VPN is a service tailored for users in Vietnam, optimizing network routes to reduce latency for gaming and bypass connectivity restrictions. | Reference: https://vietpn.com/
vietpn-vpn VietPN VPN serves as a gaming acceleration and privacy tool, providing dedicated servers to improve connection stability for users in Vietnam. | Reference: https://vietpn.com/
virtual-shield-vpn Virtual Shield VPN is a commercial VPN provider that focuses on simplicity and data privacy for both personal and business use cases. | Reference: https://virtualshield.com/
vowinc-vpn Vowinc VPN (often listed as VOW VPN) is a mobile application developed by VOW Inc. to offer secure proxy services and internet freedom. | Reference: https://play.google.com/store/apps/details?id=com.vow.vpn
vpn-ac VPN.AC is a security-centric VPN provider operated by IT professionals, known for its focus on strong encryption implementation and secure infrastructure. | Reference: https://vpn.ac
vpn-ac VPN.ac is a virtual private network service operated by a team of IT security professionals, offering encrypted connections and secure DNS services to protect user privacy. | Reference: https://vpn.ac/
vpn-connect VPN Connect refers to software applications or services that facilitate the establishment of a secure virtual private network tunnel. | Reference: https://www.microsoft.com/en-us/p/VPN Connect/9wzdncrfj31r
vpn-ht VPN HT refers to VPN.ht, a privacy-focused VPN service provider often noted for its historical association with Popcorn Time. | Reference: https://vpn.ht/
vpn-master-android VPN Master Android refers to the Android version of VPN Master, a widely used mobile application for proxying internet traffic. | Reference: https://play.google.com/store/apps/details?id=free.vpn.unblock.proxy.vpnmaster
vpn-monster VPN Monster refers to VPN Monster, a free unlimited VPN proxy application designed to unblock websites and protect user privacy. | Reference: https://play.google.com/store/apps/details?id=com.free.vpn.unblock.proxy.vpnmonster
vpn-pink VPN PINK identifies a mobile VPN application, such as Pink VPN, used for secure and anonymous web browsing. | Reference: https://play.google.com/store/apps/details?id=com.pink.vpn
vpn-shield VPN Shield refers to VPN Shield, a commercial application designed to provide automated encrypted connections for securing data on mobile and desktop devices. | Reference: https://www.vpnshieldapp.com/
vpn-ss VPNSS identifies VPN configurations utilizing the Shadowsocks protocol, a secure socks5 proxy designed to protect internet traffic. | Reference: https://shadowsocks.org/
vpn-super-free VPN SUPER FREE refers to VPN Super, a widely available free proxy application for mobile devices used to mask user identity and location. | Reference: https://apps.apple.com/us/app/vpn-super-unlimited-proxy/id1370293473
vpn-surf VPN.Surf identifies Surf VPN, a network tool that allows users to surf the web anonymously by routing traffic through proxy servers. | Reference: https://chrome.google.com/webstore/detail/surf-vpn/
vpn24 vpn24 is a virtual private network service provider designed to secure internet connections and mask user identity. | Reference: https://vpn24.org
vpn4games VPN4Games is a specialized VPN service provider based in Thailand that focuses on reducing latency and bypassing region blocks for online gaming. | Reference: https://www.VPN4Games.com
vpn6 VPN6 is a virtual private network service intended to provide online anonymity and secure data transmission for its users. | Reference: https://VPN6.net
vpn99 VPN99 is a budget-friendly VPN provider that offers essential encryption and IP masking services for a low monthly fee. | Reference: https://VPN99.net
vpnable Vpnable is a virtual private network service offering tools to secure internet traffic and protect user privacy online. | Reference: https://Vpnable.com
vpnalliance VPNAlliance is a provider of virtual private network solutions aimed at facilitating secure and private internet access. | Reference: https://VPNAlliance.com
vpnarea VPNArea is a privacy-focused VPN service based in Bulgaria that provides dedicated IP addresses and high-security hosting features. | Reference: https://VPNArea.com
vpnauction VPNAuction refers to a network entity or domain associated with virtual private network services or the resale of related digital assets. | Reference: https://www.virustotal.com/gui/domain/VPNAuction.com/relations
vpnbaron VPNBaron is a VPN service provider that emphasizes the ability to bypass deep packet inspection (DPI) and maintain user anonymity. | Reference: https://VPNBaron.com
vpnbook VPNBook is a free VPN service that provides OpenVPN and PPTP configuration bundles and passwords for immediate use without requiring account registration. | Reference: https://www.VPNBook.com
vpnbrand VPNBrand is a virtual private network entity offering services designed to encrypt internet traffic and mask geographic location. | Reference: https://VPNBrand.com
vpncenter-co VPNCenter Co is a web domain associated with VPN service listings or specific virtual private network connectivity tools. | Reference: https://vpncenter.co
vpncity VPNCity is a cross-platform VPN provider that offers high-speed connections and features specifically optimized for streaming and unblocking content. | Reference: https://www.VPNCity.com
vpner VPNer is a virtual private network service designed to provide users with tools for bypassing geo-restrictions and securing personal data. | Reference: https://VPNer.net
vpnfacile VPNFacile is a French-based VPN provider that focuses on simplicity and ease of use for securing internet connections. | Reference: https://VPNFacile.net
vpngate VPNGATE is an academic experiment and online service organized by the University of Tsukuba designed to provide free public VPN relay servers. | Reference: https://www.VPNGATE.net
vpnguard-online VPNGuard Online is a domain or service entity associated with providing security and privacy solutions through virtual private networks. | Reference: https://urlscan.io/domain/vpnguard.online
vpnhack VPNHack generally refers to modified configurations or software tools intended to bypass restrictions or payment requirements on standard VPN services. | Reference: https://github.com/topics/vpn-hack
vpnhispeed VPNHiSpeed identifies a VPN service, such as High Speed VPN, which offers virtual private network connections to users for internet privacy. | Reference: https://play.google.com/store/apps/details?id=com.VPNHiSpeed.android
vpnhost11 VPNHost11 serves as a network identifier or domain associated with infrastructure used for hosting virtual private network (VPN) services. | Reference: https://urlscan.io/domain/VPNHost11.com
vpnhostingcz VPNHostingCZ refers to VPN Hosting, a provider based in the Czech Republic that offers VPS and VPN services under the domain vpnhosting.cz. | Reference: https://www.vpnhosting.cz/
vpnify vpnify is a mobile application that provides free, unlimited VPN proxy services to secure internet connections and bypass geo-restrictions. | Reference: https://vpnifyapp.com/
vpnjantit VPN Jantit refers to VPN Jantit, a service that provides free SSH, OpenVPN, and WebSocket tunneling accounts often used for secure tunneling. | Reference: https://www.VPN Jantit.com/
vpnline VPNLine identifies a VPN service provider, such as VPNLine, offering secure and private internet access solutions. | Reference: https://VPNLine.com/
vpnme VPNme refers to a VPN service, associated with the domain vpn.me, offering personal privacy and encryption tools. | Reference: https://vpn.me/
vpnone VPN One identifies a VPN service, such as the VPN One application, which allows users to browse the internet securely. | Reference: https://apps.apple.com/us/app/vpn-one-super-unlimited-proxy/id1436254539
vpnonline VPNOnline acts as a generic identifier for online virtual private network services, such as those hosted at VPNOnline.com. | Reference: https://www.VPNOnline.com/
vpnow VPNow refers to a VPN service provider offering instant secure access, associated with domains like VPNow.com. | Reference: https://VPNow.com/
vpnpoint VPNPoint refers to VPNPoint, a service provider offering virtual private network solutions for various platforms. | Reference: https://VPNPoint.com/
vpnpro VPNPro identifies VPN Pro, a service or application offering professional-grade VPN connection features for data protection. | Reference: https://www.VPNPro.net/
vpnreactor VPNReactor refers to VPNReactor, a service provider and review platform that offers VPN accounts and industry information. | Reference: https://www.VPNReactor.com/
vpnresellers VPNResellers is a service platform that enables businesses to resell white-label VPN services to their own client base. | Reference: https://VPNResellers.com/
vpnrunfast VpnRunFast is a network identifier or domain associated with high-speed VPN infrastructure, often found in network telemetry. | Reference: https://www.virustotal.com/gui/domain/VpnRunFast.com/relations
vpnsecure VPNSecure refers to VPNSecure, a commercial VPN provider focused on internet freedom and privacy protection. | Reference: https://www.VPNSecure.me/
vpnstores- vpnstores- acts as an identifier or domain pattern often associated with repositories and marketplaces that distribute various VPN applications. | Reference: https://play.google.com/store/search?q=vpn
vpnsweb VPNSWEB is associated with web-based virtual private network services that allow users to tunnel traffic directly through a browser interface without standalone software. | Reference: https://www.VPNSWEB.com/
vpntt VPNTT refers to a specific VPN service provider or infrastructure identifier used to facilitate encrypted network tunneling for privacy. | Reference: https://vpn.tt/
vpntunnel VPNTunnel identifies VPNTunnel, a privacy service provider that offers encrypted internet connections and anonymous IP addresses to users. | Reference: https://VPNTunnel.com/
vpnuk VPNUK is a commercial VPN service provider based in the United Kingdom that offers dedicated IP addresses and secure private networking. | Reference: https://www.VPNUK.net/
vpnunlimited VPN Unlimited refers to KeepSolid VPN Unlimited, a software service providing personal virtual private network encryption and geographic spoofing capabilities. | Reference: https://www.keepsolid.com/VPN Unlimited/
vpnunlimitedapp VPNUnlimitedApp refers to the client software for VPN Unlimited, a service developed by KeepSolid that offers encrypted internet access and privacy features for various devices. | Reference: https://www.keepsolid.com/vpnunlimited/
vpnvault VPN VAULT refers to VPN Vault, an application developed by Appsverse that provides mobile and desktop users with encrypted internet access. | Reference: https://VPN VAULT.com/
vpnvip VPNVIP represents VPN VIP, a tier of service or specific application often found on mobile platforms providing high-speed proxy access. | Reference: https://play.google.com/store/apps/details?id=com.vpn.vip
vpnvision VPNVISION is a specialized VPN provider that focuses on allowing users to access French television and digital content from locations abroad. | Reference: https://www.VPNVISION.com/
vtrspeed-vpn VTRSpeed VPN refers to a specific mobile VPN application designed to optimize connection speeds while tunneling traffic through secure servers. | Reference: https://apkpure.com/VTRSpeed VPN/com.vtrspeed.vpn
vypr-vpn VyprVPN is a Swiss-based VPN service provider that owns its server infrastructure and offers the proprietary Chameleon protocol to defeat VPN blocking. | Reference: https://www.vyprvpn.com/
vyprvpn VyprVPN is a well-known commercial VPN service operated by Golden Frog which utilizes its proprietary Chameleon protocol to prevent data inspection. | Reference: https://www.VyprVPN.com/
wakoopa-vpn Wakoopa-VPN refers to the VPN profiles installed by Wakoopa market research software to route and meter traffic for user behavior analysis. | Reference: https://wakoopa.com/
wannaflix-vpn WannaFlix is a VPN and SmartDNS service specifically marketed for bypassing geo-restrictions to access streaming content platforms. | Reference: https://wannaflix.com/
warp-vpn warp-vpn is a service developed by Cloudflare designed to optimize and secure mobile and desktop internet connections using the WireGuard protocol. | Reference: https://1.1.1.1/
warpvpn WarVPN refers to a network utility or service provider that optimizes and encrypts internet traffic to enhance privacy and speed. | Reference: https://WarVPN.com/
watch-uk-tv-vpn Watch UK TV identifies a niche VPN service or configuration specifically designed to provide IP addresses capable of accessing United Kingdom broadcasting services. | Reference: https://www.watchuktvanywhere.net/
wcomes-vpn WCOMES is an identifier associated with backend infrastructure or domains used by mobile VPN applications, such as VPN Proxy Master, to manage connectivity. | Reference: https://wcomes.com/
we-vpn WeVPN was a consumer VPN service provider that offered privacy features, encryption, and IP masking to protect user data and bypass geo-restrictions. The service announced its closure in early 2024. | Reference: https://wevpn.com/
webzilla-vpn This tag identifies VPN traffic or infrastructure hosted by Webzilla, a web hosting and colocation provider known for its servers in the Netherlands and Luxembourg. It refers to the utilization of Webzilla's network resources for VPN endpoints. | Reference: https://webzilla.com/
wevpn This tag refers to WeVPN, a commercial VPN service designed to secure internet connections and provide online anonymity for personal use. It is an alternate formatting for the We-VPN service. | Reference: https://WeVPN.com/
whitelabel-vpn White Label VPN refers to a business model where a provider supplies the underlying VPN infrastructure and software, allowing other companies to brand and sell the service as their own. It enables businesses to launch VPN products without developing the technology from scratch. | Reference: https://wlvpn.com/
whoer-vpn Whoer VPN is a privacy service provided by Whoer.net, a platform also known for its IP address and browser fingerprint checking tools. It offers secure tunneling to protect user identity and encrypt internet traffic. | Reference: https://whoer.net/vpn
windscribe Windscribe is a popular commercial VPN service and desktop application that provides encrypted tunnels, ad blocking, and privacy protection. It is well-known for its generous free tier and R.O.B.E.R.T." domain blocking feature. | Reference: https://Windscribe.com/"
windscribe-vpn Windscribe VPN is a desktop application and browser extension suite that blocks ads and trackers while encrypting browsing activity. | Reference: https://windscribe.com/
winston-vpn Winston Privacy was a hardware-based privacy solution that acted as a filter between a home modem and router to anonymize traffic and block trackers. It functioned similarly to a distributed VPN or privacy mesh network. | Reference: https://winstonprivacy.com/
wireguard WireGuard is a modern, open-source VPN communication protocol known for its high speed, simplicity, and state-of-the-art cryptography. It is designed to be lighter and more performant than older protocols like IPsec and OpenVPN. | Reference: https://www.WireGuard.com/
witopia-vpn WiTopia, also known as personalVPN, is a long-standing VPN service provider offering encryption services for individuals and businesses. It provides gateways in multiple cities to secure data and mask user location. | Reference: https://www.witopia.com/
wizard-merlin-vpn This tag refers to the VPN configuration features (such as the VPN Director or Wizard) found within Asuswrt-Merlin, a custom firmware for Asus routers. It allows users to manage complex VPN routing policies directly on their network hardware. | Reference: https://www.asuswrt-merlin.net/
wlvpn WLVPN is a specific platform and service provider that specializes in white-label VPN solutions for resellers. It provides the API, network, and client software necessary for other brands to offer VPN services. | Reference: https://WLVPN.com/
worldvpn WorldVPN is a virtual private network provider offering secure internet access and tunneling services to protect user privacy. It supports various protocols to ensure encrypted connectivity. | Reference: https://WorldVPN.net/
xamjyssvpn This tag appears to identify a specific mobile VPN application or proxy tool (possibly Xamjyss" or a variation thereof). Such identifiers are often found in network traffic signatures for lesser-known privacy apps. | Reference: https://play.google.com/store/apps"
xbox-vpn Xbox VPN refers to the method or configuration of routing Xbox gaming console traffic through a VPN, often achieved via a router or PC bridge. This is used by gamers to reduce latency, bypass geo-blocks, or protect against DDoS attacks. | Reference: https://support.microsoft.com/en-us/xbox
xeovo-vpn Xeovo is a Finland-based VPN provider that emphasizes privacy and security, offering features like multi-hop connections. It allows users to pay with cryptocurrencies to maintain anonymity. | Reference: https://xeovo.com/
xgc-vpn This tag identifies a specific VPN application or client, potentially related to gaming communities or a specific network appliance software. It facilitates encrypted connections for its user base. | Reference: https://play.google.com/store/apps
xiaohouzi-vpn xiaohouzi-vpn is a virtual private network service primarily targeted at users seeking to bypass internet censorship and restrictions. | Reference: https://www.xiaohouzi.com/
xirvik-vpn Xirvik is a provider primarily known for high-speed seedboxes (dedicated servers for file sharing) that also offers OpenVPN and proxy services. These VPN features allow customers to browse securely through the Xirvik network. | Reference: https://xirvik.com/
xsoft-surf-vpn xsoft-surf-vpn refers to the VPN applications developed by XSoft (Free Connected Limited), providing services to secure mobile internet traffic. | Reference: https://xvpn.io/
xtunnel-vpn XTunnel is a VPN or proxy tool often used to bypass firewalls and censorship, commonly associated with the XX-Net project or standalone mobile applications. It facilitates encrypted tunneling for web traffic. | Reference: https://github.com/XX-net/XX-Net
xunyou-game-vpn Xunyou is a specialized network acceleration service and VPN designed primarily to reduce latency and improve connection stability for online gaming. | Reference: https://www.xunyou.com/
xy-vpn XY VPN is a mobile virtual private network application that provides unlimited proxy services to encrypt internet traffic and bypass geo-restrictions. | Reference: https://play.google.com/store/apps/details?id=com.xy.vpn&hl=en_US
yoyoip-vpn YoyoIP is a network service provider offering residential IP proxies and VPN solutions to facilitate anonymous web browsing and data management. | Reference: http://www.yoyoip.com/
yyyip-vpn YYYIP (3YIP) is a proxy and VPN service provider that specializes in offering static residential IP addresses for network anonymity and stability. | Reference: http://www.yyyip.com/
zebra-vpn Zebra VPN is a mobile network utility that offers proxy services to secure internet connections and unblock content on Android devices. | Reference: https://play.google.com/store/apps/details?id=com.zebra.vpn&hl=en
zen-vpn ZenVPN is a streamlined virtual private network service designed for simplicity, providing encrypted internet access without requiring complex configuration. | Reference: https://zenvpn.net/
zenmate ZenMate is a widely used commercial VPN service that offers encryption and IP masking through desktop clients, mobile apps, and browser extensions. | Reference: https://ZenMate.com/
zenmate-vpn zenmate-vpn is a VPN service based in Germany, offering easy-to-use browser extensions and desktop applications for online privacy. | Reference: https://zenmate.com/
zide-vpn Zide VPN is a mobile application that provides virtual private network services to encrypt user traffic and protect privacy while browsing the internet. | Reference: https://apkpure.com/ZideVPN-fast-secure-proxy/com.zidevpn.app
zoog-vpn ZoogVPN is a privacy-focused VPN service that provides unblocking capabilities and bank-grade encryption to secure internet traffic across multiple protocols. | Reference: https://zoogvpn.com/
zoogvpn zoogVPN is a commercial virtual private network provider offering privacy protection, unblocking capabilities, and varied encryption protocols for multiple platforms. | Reference: https://zoogVPN.com/
zpn-vpn ZPN is a VPN service provider focused on delivering encrypted internet connections and anonymity tools, particularly for securing data on public Wi-Fi networks. | Reference: https://zpn.im/
Scout API - General Information

Example Workflow

  1. Search for a specific IP or domain name. - GET https://scout.cymru.com/api/scout/search?query=jquery.com&days=30
    • An IP will redirect to the details view.
    • A domain name will list IP(s) in the search results associated with the domain.
  2. Get more details for IP - GET https://scout.cymru.com/api/scout/ip/{ip}/details?days=30
    • The details endpoint will offer the highest level of detail using a variety of enrichments.

Supported Date Time Formats

  • All users can submit the days parameter.
  • If your subscription allows custom date ranges, any days value up to your max searchable days is allowed. Otherwise you must send one of the fixed days available to you.
  • All Scout API date parameters are formatted YYYY-MM-DD and should be in UTC without a timestamp.
    • 1999-12-31
Return Code Description
200 Success - Normal return.
400 Bad Request - One or more issues was found with your search parameters or the request was malformed.
401 Authentication Error - There was an error with your username and/or password or authorization token.
403 Authorization Error - You are not authorized to view this resource.
429 One of:
  • Request Rate Exceeded - The maximum of 1 request(s) per second was exceeded.
  • Maximum concurrent requests have been exceeded.
  • You have exceeded the query limit.
500 Internal Error - There was an internal server error. Please contact support to investigate this.
GET /api/scout/usage

This endpoint returns a summary of usage and limits from the API.

Resource URL

https://scout.cymru.com/api/scout/usage

Resource Information

Response Formats JSON
Requires authentication Yes
HTTP Method GET 

curl --user username:password --request GET \
  --url 'https://scout.cymru.com/api/scout/usage'
                                

curl --request GET --url 'https://scout.cymru.com/api/scout/usage' \
  --header 'Authorization: Token valid_api_token'
                                

import requests

url = "https://scout.cymru.com/api/scout/usage"

payload = ""
headers = {
    #Basic Auth with username and password
    'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" #Basic base64.b64encode('username:password')
    # Or
    # API Auth with valid_api_key
    'Authorization': "Token valid_api_key" #Example 'Authorization': "Token e54d5128b1023bf52c9939a44ed0c3949eb5e56
    }

response = requests.request("GET", url, data=payload, headers=headers)
                                

{
    "used_queries": 6,
    "remaining_queries": 994,
    "query_limit": 1000,
    "foundation_api_usage": {
      "used_queries": 20,
      "remaining_queries": 980,
      "query_limit": 1000
    }    
}
GET /api/scout/ip/{ip}/details

Returns a detailed view of IP address relationships.

Resource URL

https://scout.cymru.com/api/scout/ip/{ip}/details

Parameters Values
ip
required 		The IP Address to request details for.
days Relative offset in days from current time in UTC. It cannot exceed the maximum range of days.
size The size of the response, in records, to return.
sections
A comma separated string, comprised of these identifiers:
  • summary
  • proto_by_ip
  • whois
Default Sections (Shown in Output JSON): 
summary,whois

Resource Information

Response Formats JSON
Requires authentication Yes
HTTP Method GET 

curl --user username:password --request GET \
  --url 'https://scout.cymru.com/api/scout/ip/104.18.213.12/details?days=30'
                                

curl --request GET --url 'https://scout.cymru.com/api/scout/ip/104.18.213.12/details?days=30' \
  --header 'Authorization: Token valid_api_token'
                                

import requests

url = "https://scout.cymru.com/api/scout/ip/104.18.213.12/details?days=30"

payload = ""
headers = {
    #Basic Auth with username and password
    'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" #Basic base64.b64encode('username:password')
    # API Auth with valid_api_key
    'Authorization': "Token valid_api_key" #Example 'Authorization': "Token e54d5128b1023bf52c9939a44ed0c3949eb5e56
    }

response = requests.request("GET", url, data=payload, headers=headers)
                                

{
  "request_id": "b9ea75c2-3665-5b74-94aa-4abd2bb35224",
  "ip": "104.18.213.12",
  "size": 1000,
  "start_date": "2025-12-02",
  "end_date": "2026-01-01",
  "sections": [
    "summary",    "proto_by_ip",    "whois"  ],
  "usage": {
    "used_queries": 6,
    "remaining_queries": 994,
    "query_limit": 1000,
    "foundation_api_usage": {
      "used_queries": 20,
      "remaining_queries": 980,
      "query_limit": 1000
    }  },
  "summary": {
    "total": 1,
    "ip": "104.18.213.12",
    "start_date": "2025-12-02",
    "end_date": "2026-01-01",
    "geo_ip_cc": "US",
    "tags": [
      {
        "id": 176,
        "name": "cdn",
        "children": [
          {
            "id": 210,
            "name": "cloudflare",
            "children": null
          }
        ]
      }
    ],
    "reverse_hostnames": null,
    "bgp_asn": 0,
    "bgp_asname": "",
    "whois": {
      "asn": 13335,
      "as_name": "CLOUDFLARENET",
      "net_name": "CLOUDFLARENET",
      "org_name": "Cloudflare, Inc."
    },
    "pdns": {
      "total": 174,
      "top_pdns": [
        {
          "event_count": 111,
          "domain": "jquery.com",
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01"
        },
        {
          "event_count": 25,
          "domain": "api.jquery.com",
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01"
        },
        {
          "event_count": 18,
          "domain": "learn.jquery.com",
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01"
        },
        {
          "event_count": 14,
          "domain": "blog.jquery.com",
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01"
        },
        {
          "event_count": 6,
          "domain": "plugins.jquery.com",
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01"
        }
      ]
    },
    "open_ports": {
      "total": 1,
      "top_open_ports": [
        {
          "event_count": 1,
          "port": 8880,
          "protocol": 6,
          "protocol_text": "TCP",
          "service": "cddbp-alt",
          "inferred_service_name": null,
          "first_seen": "2026-01-01",
          "last_seen": "2026-01-01"
        }
      ]
    },
    "certs": {
      "top_certs": [
        {
          "issuer": "CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US",
          "issuer_common_name": "DigiCert TLS RSA SHA256 2020 CA1",
          "common_name": "www.example.org",
          "subject": "CN=www.example.org, O=Internet Corporation for Assigned Names and Numbers, L=Los Angeles, ST=California, C=US",
          "port": 443,
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01",
          "self_signed": false,
          "not_before": "2025-12-02",
          "not_after": "2026-01-01",
          "md5": "749bbbeb4a6cb23c205c9850b35bed6a",
          "sha1": "f2aad73d32683b716d2a7d61b51c6d5764ab3899",
          "sha256": "5ef2f214260ab8f58e55eea42e4ac04b0f171807d8d1185fddd67470e9ab6096"
        }
      ]
    },
    "tag_timeline": {
      "data": [
        {
          "tag": {
            "id": 176,
            "name": "cdn",
            "description": "The CDN tag characterizes IP addresses associated with Content Delivery Networks (CDNs). A Content Delivery Network (CDN) is a system of distributed servers strategically positioned around the world. Its primary purpose is to deliver web content, such as images, videos, scripts, and other static files, to end users in a faster, and more efficient manner. CDNs are sometimes associated with serving content for multiple different customers and can be an indication of possible shared hosting environment. The CDN tag has child tags to represent specific CDN vendors, such as CDN77, AKAMAI, and more.",
            "parent_ids": null,
            "css_color": "#8A532C",
            "parents": null
          },
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01"
        },
        {
          "tag": {
            "id": 210,
            "name": "cloudflare",
            "description": "CDN Vendor",
            "parent_ids": [
              176
            ],
            "css_color": "#9D6034",
            "parents": [
              {
                "id": 176,
                "name": "cdn",
                "description": "The CDN tag characterizes IP addresses associated with Content Delivery Networks (CDNs). A Content Delivery Network (CDN) is a system of distributed servers strategically positioned around the world. Its primary purpose is to deliver web content, such as images, videos, scripts, and other static files, to end users in a faster, and more efficient manner. CDNs are sometimes associated with serving content for multiple different customers and can be an indication of possible shared hosting environment. The CDN tag has child tags to represent specific CDN vendors, such as CDN77, AKAMAI, and more.",
                "parent_ids": null,
                "css_color": "#8A532C",
                "parents": null
              }
            ]
          },
          "first_seen": "2025-12-02",
          "last_seen": "2026-01-01"
        }
      ]
    },
    "insights": {
      "overall_rating": "no_rating",
      "total": 6,
      "insights": [
        {
          "rating": "no_rating",
          "message": "104.18.213.12 has been identified as a cloudflare content delivery network (CDN) IP. CDNs are distributed network of servers strategically placed around the world to efficiently deliver content."
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'jquery.com' may have expired on: 2026-01-01"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'api.jquery.com' may have expired on: 2026-01-01"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'learn.jquery.com' may have expired on: 2026-01-01"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'blog.jquery.com' may have expired on: 2026-01-01"
        },
        {
          "rating": "no_rating",
          "message": "Domain: 'plugins.jquery.com' may have expired on: 2026-01-01"
        }
      ]
    },
    "fingerprints": {
      "top_fingerprints": null
    }
  },
  "proto_by_ip": {
    "request_id": "d68f9ec8-55a5-5001-8551-3c98509d70c2",
    "total": 156,
    "ip": "104.18.213.12",
    "size": 1000,
    "start_date": "2025-12-02",
    "end_date": "2026-01-01",
    "data": {
      "dates": [
        "2025-12-02",
        "2025-12-03",
        "2025-12-04",
        "2025-12-05",
        "2025-12-06",
        "2025-12-07",
        "2025-12-08",
        "2025-12-09",
        "2025-12-10",
        "2025-12-11",
        "2025-12-12",
        "2025-12-13",
        "2025-12-14",
        "2025-12-15",
        "2025-12-16",
        "2025-12-17",
        "2025-12-18",
        "2025-12-19",
        "2025-12-20",
        "2025-12-21",
        "2025-12-22",
        "2025-12-23",
        "2025-12-24",
        "2025-12-25",
        "2025-12-26",
        "2025-12-27",
        "2025-12-28",
        "2025-12-29",
        "2025-12-30",
        "2025-12-31"
      ],
      "protocols": [
        1,
        6,
        17
      ],
      "proto_by_date": [
        {
          "proto": 1,
          "keyword": "ICMP",
          "data": [
            {
              "count": 4,
              "date": "2025-12-02"
            },
            {
              "count": 23,
              "date": "2025-12-03"
            },
            {
              "count": 1,
              "date": "2025-12-04"
            },
            {
              "count": 25,
              "date": "2025-12-05"
            },
            {
              "count": 11,
              "date": "2025-12-06"
            },
            {
              "count": 4,
              "date": "2025-12-07"
            },
            {
              "count": 7,
              "date": "2025-12-08"
            },
            {
              "count": 5,
              "date": "2025-12-09"
            },
            {
              "count": 10,
              "date": "2025-12-10"
            },
            {
              "count": 1,
              "date": "2025-12-11"
            },
            {
              "count": 5,
              "date": "2025-12-12"
            },
            {
              "count": 20,
              "date": "2025-12-13"
            },
            {
              "count": 2,
              "date": "2025-12-14"
            },
            {
              "count": 13,
              "date": "2025-12-15"
            },
            {
              "count": 9,
              "date": "2025-12-16"
            },
            {
              "count": 6,
              "date": "2025-12-17"
            },
            {
              "count": 19,
              "date": "2025-12-18"
            },
            {
              "count": 20,
              "date": "2025-12-19"
            },
            {
              "count": 21,
              "date": "2025-12-20"
            },
            {
              "count": 10,
              "date": "2025-12-21"
            },
            {
              "count": 0,
              "date": "2025-12-22"
            },
            {
              "count": 8,
              "date": "2025-12-23"
            },
            {
              "count": 17,
              "date": "2025-12-24"
            },
            {
              "count": 9,
              "date": "2025-12-25"
            },
            {
              "count": 8,
              "date": "2025-12-26"
            },
            {
              "count": 22,
              "date": "2025-12-27"
            },
            {
              "count": 23,
              "date": "2025-12-28"
            },
            {
              "count": 9,
              "date": "2025-12-29"
            },
            {
              "count": 13,
              "date": "2025-12-30"
            },
            {
              "count": 21,
              "date": "2025-12-31"
            }
          ]
        },
        {
          "proto": 6,
          "keyword": "TCP",
          "data": [
            {
              "count": 17,
              "date": "2025-12-02"
            },
            {
              "count": 15,
              "date": "2025-12-03"
            },
            {
              "count": 0,
              "date": "2025-12-04"
            },
            {
              "count": 17,
              "date": "2025-12-05"
            },
            {
              "count": 3,
              "date": "2025-12-06"
            },
            {
              "count": 5,
              "date": "2025-12-07"
            },
            {
              "count": 25,
              "date": "2025-12-08"
            },
            {
              "count": 18,
              "date": "2025-12-09"
            },
            {
              "count": 22,
              "date": "2025-12-10"
            },
            {
              "count": 11,
              "date": "2025-12-11"
            },
            {
              "count": 16,
              "date": "2025-12-12"
            },
            {
              "count": 6,
              "date": "2025-12-13"
            },
            {
              "count": 5,
              "date": "2025-12-14"
            },
            {
              "count": 16,
              "date": "2025-12-15"
            },
            {
              "count": 3,
              "date": "2025-12-16"
            },
            {
              "count": 7,
              "date": "2025-12-17"
            },
            {
              "count": 12,
              "date": "2025-12-18"
            },
            {
              "count": 19,
              "date": "2025-12-19"
            },
            {
              "count": 2,
              "date": "2025-12-20"
            },
            {
              "count": 4,
              "date": "2025-12-21"
            },
            {
              "count": 11,
              "date": "2025-12-22"
            },
            {
              "count": 18,
              "date": "2025-12-23"
            },
            {
              "count": 13,
              "date": "2025-12-24"
            },
            {
              "count": 2,
              "date": "2025-12-25"
            },
            {
              "count": 14,
              "date": "2025-12-26"
            },
            {
              "count": 24,
              "date": "2025-12-27"
            },
            {
              "count": 14,
              "date": "2025-12-28"
            },
            {
              "count": 0,
              "date": "2025-12-29"
            },
            {
              "count": 12,
              "date": "2025-12-30"
            },
            {
              "count": 8,
              "date": "2025-12-31"
            }
          ]
        },
        {
          "proto": 17,
          "keyword": "UDP",
          "data": [
            {
              "count": 9,
              "date": "2025-12-02"
            },
            {
              "count": 19,
              "date": "2025-12-03"
            },
            {
              "count": 10,
              "date": "2025-12-04"
            },
            {
              "count": 9,
              "date": "2025-12-05"
            },
            {
              "count": 16,
              "date": "2025-12-06"
            },
            {
              "count": 22,
              "date": "2025-12-07"
            },
            {
              "count": 20,
              "date": "2025-12-08"
            },
            {
              "count": 21,
              "date": "2025-12-09"
            },
            {
              "count": 21,
              "date": "2025-12-10"
            },
            {
              "count": 17,
              "date": "2025-12-11"
            },
            {
              "count": 14,
              "date": "2025-12-12"
            },
            {
              "count": 21,
              "date": "2025-12-13"
            },
            {
              "count": 13,
              "date": "2025-12-14"
            },
            {
              "count": 2,
              "date": "2025-12-15"
            },
            {
              "count": 22,
              "date": "2025-12-16"
            },
            {
              "count": 14,
              "date": "2025-12-17"
            },
            {
              "count": 15,
              "date": "2025-12-18"
            },
            {
              "count": 15,
              "date": "2025-12-19"
            },
            {
              "count": 25,
              "date": "2025-12-20"
            },
            {
              "count": 24,
              "date": "2025-12-21"
            },
            {
              "count": 4,
              "date": "2025-12-22"
            },
            {
              "count": 11,
              "date": "2025-12-23"
            },
            {
              "count": 6,
              "date": "2025-12-24"
            },
            {
              "count": 22,
              "date": "2025-12-25"
            },
            {
              "count": 7,
              "date": "2025-12-26"
            },
            {
              "count": 6,
              "date": "2025-12-27"
            },
            {
              "count": 24,
              "date": "2025-12-28"
            },
            {
              "count": 0,
              "date": "2025-12-29"
            },
            {
              "count": 0,
              "date": "2025-12-30"
            },
            {
              "count": 13,
              "date": "2025-12-31"
            }
          ]
        }
      ]
    }
  },
  "whois": {
    "modified": "2021-05-26",
    "asn": 13335,
    "cidr": "104.16.0.0/12",
    "as_name": "CLOUDFLARENET",
    "bgp_asn": 0,
    "bgp_asn_name": "",
    "net_name": "CLOUDFLARENET",
    "net_handle": "NET-104-16-0-0-1",
    "description": "",
    "cc": "US",
    "city": "San Francisco",
    "address": "[\"101 Townsend Street\"]",
    "abuse_contact_id": "ABUSE2916-ARIN",
    "about_contact_role": "Abuse",
    "about_contact_person": "",
    "about_contact_email": "abuse@cloudflare.com",
    "about_contact_phone": "+1-650-319-8930",
    "about_contact_country": "US",
    "about_contact_city": "San Francisco",
    "about_contact_address": "[\"101 Townsend Street\"]",
    "admin_contact_id": "",
    "admin_contact_role": "",
    "admin_contact_person": "",
    "admin_contact_email": "",
    "admin_contact_phone": "",
    "admin_contact_country": "",
    "admin_contact_city": "",
    "admin_contact_address": "",
    "tech_contact_id": "ADMIN2521-ARIN",
    "tech_contact_role": "Admin",
    "tech_contact_person": "",
    "tech_contact_email": "rir@cloudflare.com",
    "tech_contact_phone": "+1-650-319-8930",
    "tech_contact_country": "US",
    "tech_contact_city": "San Francisco",
    "tech_contact_address": "[\"101 Townsend Street\"]",
    "org_id": "CLOUD14",
    "org_name": "Cloudflare, Inc.",
    "org_email": "abuse@cloudflare.com,noc@cloudflare.com,rir@cloudflare.com",
    "org_phone": "+1-650-319-8930",
    "org_country": "US",
    "org_city": "San Francisco",
    "org_address": "101 Townsend Street",
    "mnt_by_email": "",
    "mnt_lower_email": "",
    "mnt_router_email": ""
  }
}
GET /api/scout/ip/foundation

Returns critical information about an IP(s) that shows up in alerts or security incidents.

Resource URL

https://scout.cymru.com/api/scout/ip/foundation

Parameters Values
ips
required
1 max IP(s) 		The IP Address(es) to request details for. A comma separated string of 1 or more IP(s) e.g. 104.18.213.12,93.184.216.34.

Resource Information

Response Formats JSON
Requires authentication Yes
HTTP Method GET 

curl --user username:password --request GET \
  --url 'https://scout.cymru.com/api/scout/ip/foundation?ips=104.18.213.12,93.184.216.34'
                                

curl --request GET --url 'https://scout.cymru.com/api/scout/ip/foundation?ips=104.18.213.12,93.184.216.34' \
  --header 'Authorization: Token valid_api_token'
                                

import requests

url = "https://scout.cymru.com/api/scout/ip/foundation?ips=104.18.213.12,93.184.216.34"

payload = ""
headers = {
    #Basic Auth with username and password
    'Authorization': "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" #Basic base64.b64encode('username:password')
    # API Auth with valid_api_key
    'Authorization': "Token valid_api_key" #Example 'Authorization': "Token e54d5128b1023bf52c9939a44ed0c3949eb5e56
    }

response = requests.request("GET", url, data=payload, headers=headers)
                                

{
  "request_id": "8dc7e6d4-968a-5595-b99e-af0620260487",
  "ips": [
    "104.18.213.12",
    "93.184.216.34"
  ],
  "data": [
    {
      "ip": "104.18.213.12",
      "country_code": "US",
      "as_info": [
        {
          "asn": 13335,
          "as_name": "CLOUDFLARENET, US"
        }
      ],
      "insights": {
        "overall_rating": "no_rating",
        "insights": []
      },
      "tags": [
        {
          "id": 176,
          "name": "cdn",
          "children": [
            {
              "id": 210,
              "name": "cloudflare",
              "children": null
            }
          ]
        }
      ]
    },
    {
      "ip": "93.184.216.34",
      "country_code": "US",
      "as_info": [
        {
          "asn": 15133,
          "as_name": "EDGECAST, US"
        }
      ],
      "insights": {
        "overall_rating": "no_rating",
        "insights": []
      },
      "tags": [
        {
          "id": 176,
          "name": "cdn",
          "children": [
            {
              "id": 206,
              "name": "edgecast",
              "children": null
            }
          ]
        }
      ]
    }
  ],
  "usage": {
    "used_queries": 6,
    "remaining_queries": 994,
    "query_limit": 1000,
    "foundation_api_usage": {
      "used_queries": 20,
      "remaining_queries": 980,
      "query_limit": 1000
    }    
  }
}

Copyright © 2007-2026 All rights reserved. Information may not be disseminated without prior consent.