Blog
Tag: Scanning
ELLIO expands with 10 new recon and scanner IP feeds
ELLIO Threat Intelligence & Blocklist Automation has been updated with 10 new scanner and recon IP address feeds. This improves detection and control of scanning activity at the network perimeter, enabling more accurate allow and block rules without manual IP range management.
[watchdog]: Inside a Mirai variant with six-layer persistence
An open directory is serving a Mirai variant across 14 CPU architectures - all updated yesterday. It kills competitors by SHA256 hash, persists through six layers, and hides as a kernel thread. Here's what's inside.
What Gets Deployed via Exposed Docker APIs
Over 1,000 unique IPs scan for exposed Docker APIs every day. A fraction go further. We captured every container creation payload and classified them by monetization strategy.
Analyze everything or move straight to network-level blocking?
One IP. Four days. Nearly 900 user agents. Over 3,000 probes. Sometimes a single IP address tells you everything you need to know about how industrialized internet scanning has become.
