On this page... (hide)
Introduction
These IP's represent the collective information gathered by the Conficker Working Group Sinkholes. Some of this data will be replicated in the Sinkhole HTTP Drone reports when the data source is our own Sinkhole servers. Not all members of the CWG are gathering full information on each connection so the information presented here is much more truncated than our normal full reports.
Note that the exact fields for these reports will be changing as additional information is made available. So please parse on the column names and not just on a specific order of the columns.
Fields
| Field | Description |
| timestamp | Timestamp in UTC+0 the IP accessed the sinkhole system |
| Drone | IP that accessed the sinkhole |
| ASN | ASN of the IP |
| Geo | Country location of the IP |
| HTTP Cmd | HTTP GET used |
| HTTP Agent | Connecting name for the HTTP GET |
| Type | Which Conficker Variant (A/B/C) connected |
| TOR | If the connection went through the TOR network (0 == no, 1 == yes) |
Sample
"Drone","ASN","Geo","HTTP Cmd","HTTP Agent","Type","TOR" "69.50.64.80",19246,"AG","GET http://205.188.161.4/search?q=1293 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)","B",0 "69.50.64.83",19246,"AG","GET /search?q=1605 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)","B",0 "69.50.64.133",19246,"AG","GET / HTTP/1.0","","C",0 "69.50.69.34",19246,"AG","GET /search?q=1135 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)","B",0 "69.50.69.97",19246,"AG","GET http://205.188.161.4/search?q=7 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)","B",0 "69.50.70.10",19246,"AG","GET http://205.188.161.4/search?q=0 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2)","B",0 "69.50.70.12",19246,"AG","GET /search?q=10 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.3; InfoPath.2)","B",0 "69.50.72.59",19246,"AG","GET http://205.188.161.4/search?q=1 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)","B",0 "69.50.73.7",19246,"AG","GET http://205.188.161.4/search?q=83 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.3; .NET CLR 2.0.50727; Hotbar 11.0.78.0)","B",0 "69.50.73.136",19246,"AG","GET http://205.188.161.4/search?q=1 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)","B",0 "69.50.74.251",19246,"AG","GET /search?q=60 HTTP/1.0","","B",0 "69.50.75.29",19246,"AG","GET http://205.188.161.4/search?q=161 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.3; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 1.1.4322)","B",0 "69.50.75.247",19246,"AG","GET /search?q=0 HTTP/1.0","","B",0 "69.57.250.252",11139,"AG","GET http://205.188.161.4/search?q=1246 HTTP/1.0","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)","B",0 "69.57.251.10",11139,"AG","GET / HTTP/1.0","","C",0
<< | Reports | >>
