On this page... (hide)
Introduction
As we forward process binaries through the different sandbox systems that we have we are able to collect different sets of URL's from the execution of malicious binaries. There are no specific timestamps for each of the data sets, but the results are from the last 24-hours of binaries run in the sandbox system.
More details
There are two places you can get more data. For MD5 listed below (00771384bbd7a2fdc5c9990106bc284b), you could look it up on VirusTotal like so:
http://www.virustotal.com/analisis/2a06fda2eb0309e7a26120e119e4ea289ef968bd680957841b30a6c629efa7a4-1225559556
Or if you subscribe to our service here you would be able to do something like this:
[freed0@paladin ~]$ wget -q -O - --no-check-certificate https://innocuous.shadowserver.org/api/?avresult=00771384bbd7a2fdc5c9990106bc284b "name","classification","engine_version","signature_version","timestamp" AntiVir,TR/Crypt.XPACK.Gen,2.1.12-75,7.1.0.26,2008-11-02 00:00:0 Kaspersky,Trojan-Downloader.Win32.Tibs.kvi,5.7.13,02-11-2008,2008-11-02 00:00:0 NOD32,Win32/Kryptik.AT,"2.70.5,",3575,2008-11-02 00:00:0
Fields
| Field | Description |
| md5 | MD5 of the binary that did the access |
| url | URL the binary accessed |
| asn | ASN of the URL location |
| geo | Country of the URL location |
| user_agent | User Agent the binary utilized to access the URL |
| host | Reverse DNS of the URL IP |
| method | Which HTTP method was utilized to access the URL |
Sample
"md5hash","url","asn","geo","user_agent","host","method" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/cc/srtytrewqertytrew.php?affid=46&code1=PV00&code2=9900",41947,"RU","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","v2statscount.net","get" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/newpic/tibs.jpg",41947,"RU","","v2statscount.net","get" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/cc/uudo.php?affid=46&code1=PV00&code2=9900&code3=76D216E14F134!VR",41947,"RU","","v2statscount.net","get" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/newpic/tool.jpg",41947,"RU","","v2statscount.net","get" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/newpic/proxy.jpg",41947,"RU","","v2statscount.net","get" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/newpic/winlogon.jpg",41947,"RU","","v2statscount.net","get" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/cc/ccdo.php?affid=46",41947,"RU","","v2statscount.net","get" "00771384bbd7a2fdc5c9990106bc284b","http://77.91.229.55/newpic/search.jpg",41947,"RU","","v2statscount.net","get" "007f04106d5c2a1eba35dcb702b12d2c","http://93.188.166.3/s.php",36445,"UA","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","93.188.166.3","post"
<< | Reports | >>
