Synful Scan Report

This report identifies hosts that are potentially compromised with the SYNful knock back door.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the SYNful response came on (always TCP)
  • port
    Port that the SYNful response came on (always 80/TCP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    This will always be synfulknock
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • sequence_number
    This will always be 0
  • ack_number
    This will always be 791102
  • window_size
    This will always be 8192
  • urgent_pointer
    This will always be 0
  • tcp_flags
    This will always be 4608
  • raw_packet
    The entire synack packet that was returned from our crafted probe
  • sector
    Industry sector as provided by a commercial 3rd party service

Our 73 Report Types