On this page... (hide)
Introduction
One of the methods that an IP might end up at the sinkhole system is via infected or compromised web sites. These would automatically forward the IP to a controlled system where they would be able to then attempt different infections or even phishing attempts to the user behind the IP.
Fields
| Field | Description |
| timestamp | Timestamp in UTC+0 when the referral was recorded on the sinkhole system |
| type | Infection type |
| http_host | The http host visited |
| http_referrer | The actual referral URL |
| inet | IP of the referring site |
| asn | ASN of the IP |
| geo | Country where the IP is located |
Sample
"2010-06-10 23:55:29","iframe exploit","ww.robint.us","http://www.maispaulista.com.br/visualizar.asp?idMenu=22&idSubMenu=115","200.234.220.51",27715,"BR" "2010-06-10 23:55:29","iframe exploit","ww.robint.us","http://ozkorallah.net/subject.asp?hit=1&lang=ar&parent_id=0&sub_id=3069","8.8.247.141",3356,"US" "2010-06-10 23:55:35","iframe exploit","ww.robint.us","http://www.economiaynegocios.cl/noticias/noticias.asp?id=72815","200.12.19.16",14259,"CL" "2010-06-10 23:55:45","iframe exploit","ww.robint.us","http://www.ex-designz.net/englishlyrics/lyricsCat.asp?id=16","75.126.12.18",36351,"US" "2010-06-10 23:55:47","iframe exploit","ww.robint.us","http://www.ozkorallah.net/subject.asp?hit=1&lang=ar&parent_id=67&sub_id=205","8.8.247.141",3356,"US" "2010-06-10 23:56:03","iframe exploit","ww.robint.us","http://www.ex-designz.net/recipedisplay.asp?rid=956","75.126.12.18",36351,"US" "2010-06-10 23:56:06","torpig","google.analytics.com.kfyalnkfqhl.info","http://google.analytics.com.kfyalnkfqhl.info/kavs/kav6.exe","87.106.24.200",8560,"DE"
<< | Reports | >>
