-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathFLAGS.txt
More file actions
53 lines (52 loc) · 4.3 KB
/
FLAGS.txt
File metadata and controls
53 lines (52 loc) · 4.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
SniffCat:
1 - DNS Compromise: Altering DNS records resulting in improper redirection to malicious IPs.
2 - DNS Poisoning: Falsifying domain server cache (cache poisoning) with fake DNS responses.
3 - DDoS Attack: Participating in distributed denial-of-service attack causing service unavailability.
4 - Port Scan: Scanning TCP/UDP ports to discover open services or vulnerabilities.
5 - Mass Scanner: Automated scanning of multiple hosts or entire network subnets.
6 - Exploited Host: Host compromised and controlled by attacker, actively used for malicious activities.
7 - Malware Hosting: Server distributing malicious software, scripts, or infected files.
8 - C&C Beaconing: Communication with malware command-and-control (C2) infrastructure.
9 - Cryptojacking: Unauthorized use of victim's system resources for cryptocurrency mining.
10 - Phishing: Impersonating legitimate websites to steal credentials or personal data.
11 - Hacking: General hacking attempts to gain unauthorized access or escalate privileges.
12 - SQL Injection: Injecting malicious SQL queries through user input fields.
13 - Command Injection: Executing arbitrary system commands through vulnerable application backend.
14 - Spam Activity: Automated generation of spam (forms, comments, messages, emails).
15 - Bad Web Bot: Malicious bot ignoring robots.txt or impersonating legitimate user-agents.
16 - Path Traversal: Accessing system files outside application directory using ../ techniques.
17 - Brute-Force: Mass login attempts using automated credential guessing.
18 - SSH/SFTP: Unauthorized login attempts to SSH or SFTP services.
19 - FTP: Unauthorized login attempts to FTP server.
20 - Email (SMTP/IMAP/POP3): Unauthorized access attempts to email services.
21 - HTTP/HTTPS: Suspicious HTTP/S requests with malicious headers or payloads.
22 - RDP: Unauthorized login attempts to Remote Desktop Protocol.
23 - Telnet: Unauthorized access to Telnet service, commonly on IoT devices.
24 - SMB: Unauthorized login attempts to SMB/CIFS file shares.
25 - MongoDB: Unauthorized access attempts to MongoDB database instances.
26 - Redis: Unauthorized login attempts to open Redis instances.
27 - Other Abuse: Security-violating activity not covered by other categories.
AbuseIPDB:
1 - DNS Compromise: Altering DNS records resulting in improper redirection to malicious IPs.
2 - DNS Poisoning: Falsifying domain server cache (cache poisoning) with fake DNS responses.
3 - Fraud Orders: Fraudulent orders placed using stolen payment information or fake identities.
4 - DDoS Attack: Participating in distributed denial-of-service attack, usually as part of a botnet.
5 - FTP Brute-Force: Automated credential guessing attacks against FTP services.
6 - Ping of Death: Sending oversized or malformed ICMP packets to crash or destabilize systems.
7 - Phishing: Impersonating legitimate websites or sending deceptive emails to steal credentials.
8 - Fraud VoIP: Fraudulent activity involving Voice over IP services or toll fraud.
9 - Open Proxy: Operating as open proxy, open relay, or Tor exit node enabling anonymous abuse.
10 - Web Spam: Comment/forum spam, HTTP referer spam, or other CMS-based spam content.
11 - Email Spam: Spam email content, infected attachments, and phishing emails.
12 - Blog Spam: CMS blog comment spam targeting WordPress, Drupal, or similar platforms.
13 - VPN IP: Conjunctive category for traffic originating from VPN or anonymizing services.
14 - Port Scan: Scanning for open ports and vulnerable services across network ranges.
15 - Hacking: General hacking attempts to gain unauthorized access or escalate privileges.
16 - SQL Injection: Injecting malicious SQL queries through user input fields to access databases.
17 - Spoofing: Email sender spoofing or IP address spoofing to impersonate trusted sources.
18 - Brute-Force: Credential brute-force attacks on logins and services like SSH, FTP, SIP, SMTP, RDP.
19 - Bad Web Bot: Malicious bot ignoring robots.txt, scraping content, or spoofing user-agents.
20 - Exploited Host: Host compromised with malware, used for attacks or hosting malicious content.
21 - Web App Attack: Probing or exploiting web applications like WordPress, phpMyAdmin, or e-commerce.
22 - SSH: Unauthorized login attempts or abuse targeting Secure Shell (SSH) services.
23 - IoT Targeted: Abuse targeting Internet of Things devices like routers, cameras, or smart devices.