blog.shadowserver.org
The Shadowserver Foundation
Avalanche year two, this time with Andromeda. December 4, 2017. Comments Off on Avalanche year two, this time with Andromeda. On December 1st last year, the successful takedown. Of the long-running criminal Avalanche. Double fast flux platform was announced. To national CERTs and network owners. So one year later, public and private international partners once again came together at Europol’s European Cybercrime Center (EC3) in a joint effort to extend their action against their existing targets an...
bin-test.shadowserver.org
Shadowserver Bin Check Service
This server provides a lookup mechanism to test an executable file against a list of known software applications. The GET interface can be used to obtain details on a single MD5, SHA1, SHA256, or SHA512 hash:. Http:/ bin-test.shadowserver.org/api? Http:/ bin-test.shadowserver.org/api? If the hash provided matches an entry in our database, the details will be displayed after the provided hash on a single line:. The details are serialized in JavaScript Object Notation ( JSON. Will follow the provided hash:.
synfulscan.shadowserver.org
The Shadowserver Foundation: SYNful Knock Scanning Project
SYNful Knock Scanning Project. On 15 September 2015, FireEye published information about potentially compromised Cisco routers under the name SYNful Knock. As soon as Shadowserver became aware of these potential compromises, Shadowserver and Cisco worked together and cooperated to scan the internet to detect these affected routers to allow a more accurate notification of the affected end-users. We are pleased to partner with Cisco. Get reports on your network: https:/ www.shadowserver.org/wiki/pm...Curre...
dnsscan.shadowserver.org
The Shadowserver Foundation: DNS Scanning Project
Open Resolver Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or querying your DNS server(s). These servers have the potential to be used in DNS amplification attacks and if at all possible, we would like to see these services made un-available to miscreants that would misuse these resources. Servers that are configured this way have been incorporated into our reports. We are querying all computers with routable ...
chargenscan.shadowserver.org
The Shadowserver Foundation: Chargen Service Scanning Project
Open Chargen Service Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at the Chargen (Character Generator) service. These devices have the potential to be used in UDP amplification attacks and if at all possible, we would like to see these services made un-available to miscreants that would misuse these resources. Servers that are configured this way have been incorporated into our reports. If you would ...
db2scan.shadowserver.org
The Shadowserver Foundation: DB2 Discovery Service Scanning Project
Open DB2 Discovery Service Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at the DB2 Discovery Service on port 523/udp. In addition to possibly making sensitive information available, these devices have the potential to be used in UDP amplification attacks and if at all possible, we would like to see these services made un-available to miscreants that would misuse these resources. If you would like to ...
ipmiscan.shadowserver.org
The Shadowserver Foundation: IPMI Scanning Project
Open IPMI Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at IPMI. Devices with IPMI exposed have the potential to be completely compromised at Baseboard Management Controller (BMC) level by miscreants and we would like to remove the ability of miscreants that would misuse and abuse these devices. Servers that are configured this way have been incorporated into our reports. If you would like to test you...
netbiosscan.shadowserver.org
The Shadowserver Foundation: NetBIOS Scanning Project
Open NetBIOS Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at NetBIOS. The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have NetBIOS running and answering Name Resolution queries. The goal of this project is to identify openly accessible NetBIOS services and report them back to the network owners for remediation. Reswodahs [ta] nac bar.
netisscan.shadowserver.org
The Shadowserver Foundation: Vulnerable Netis Router Scanning Project
Vulnerable Netis Router Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at port 53413/udp. As was recently reported by Trend Micro. A backdoor on port 53413/udp is present on many routers produced by Netcore under the Netis brand name. Information on these vulnerable devices has been incorporated into our reports. And are being reported on a daily basis. We are querying all computers with routable IPv4 ...
snmpscan.shadowserver.org
The Shadowserver Foundation: SNMP Scanning Project
Open SNMP Scanning Project. If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at SNMP. The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have SNMP running. The goal of this project is to identify openly accessible SNMP services and report them back to the network owners for remediation. Servers that are configured this way will be incorporated into our reports.
SOCIAL ENGAGEMENT