Threat Profiles

BGP hijacking occurs when an autonomous system (AS) maliciously or erroneously announces IP prefixes it …

A Distributed Denial of Service (DDoS) source is a host — typically part of a …

SQL injection (SQLi) is an attack where malicious SQL statements are inserted into input fields …

A brute force attack systematically tries every possible password, PIN, or key combination against an …

Credential stuffing uses large lists of username/password pairs leaked in prior data breaches to attempt …

A DDoS amplification reflector is a misconfigured server — typically running DNS, NTP, memcached, or …

A DNS amplification source sends spoofed DNS queries with the victim's IP as the source …

NTP amplification is a reflective distributed denial-of-service (DDoS) technique in which an attacker sends small, …

Cross-Site Scripting (XSS) attacks inject malicious JavaScript into web pages that are then executed in …

A botnet Command & Control (C2) server orchestrates a network of compromised machines (bots), issuing …

A malware distribution host is a server used to store and serve malicious files — …

A spam relay is a compromised or misconfigured mail server used to forward unsolicited bulk …

An open proxy is a proxy server that accepts connection requests from any internet host, …

A Tor exit node is the final relay in the Tor anonymity network through which …

A VPN endpoint is an IP address associated with a commercial or self-hosted VPN service …

A data exfiltration source is a compromised or malicious host observed transferring sensitive organizational data …

Domain hijacking involves the unauthorized transfer of a domain name's registration to a different registrar …

A phishing host is a server used to serve fraudulent websites that impersonate legitimate organizations …

An API abuser exploits public or authenticated API endpoints beyond their intended usage terms — …

Residential proxies route internet traffic through IP addresses assigned to genuine residential ISP customers — …

Typosquatting involves registering domain names that are common typographical variations of legitimate, high-traffic domains (e.g., …

An unauthorized cryptominer is a host that has been compromised and is running cryptocurrency mining …

A port scanner probes a target host or network to discover which TCP/UDP ports are …

A vulnerability scanner systematically probes hosts and services for known security weaknesses — outdated software …

An aggressive web scraper sends high-frequency HTTP requests to enumerate and download site content at …