This report identifies the IP addresses of all the devices that were reported to Shadowserver from Microsoft after communicating with Microsoft Sinkhole servers.
The format is the same as the Sinkhole HTTP Drone report.
The format is the same as the Sinkhole HTTP Drone report.
"timestamp","ip","asn","geo","url","type","http_agent","tor","src_port","p0f_genre","p0f_detail","hostname","dst_port","http_host","http_referer","http_referer_asn","http_referer_geo","dst_ip","dst_asn","dst_geo" "2014-09-12 00:00:00","77.12.73.138",6805,"DE",,"b68-zeroaccess-1-64bit",,,64742,,,,16470,,,,,,"168.63.184.224",8075,"SG" "2014-09-12 00:00:00","109.64.133.187",8551,"IL",,"b68-zeroaccess-1-64bit",,,62473,,,,16470,,,,,,"168.63.202.23",8075,"HK" "2014-09-12 00:00:00","187.24.22.90",22085,"BR",,"b68-zeroaccess-1-32bit",,,1030,,,,16471,,,,,,"82.192.70.219",16265,"NL" "2014-09-12 00:00:00","118.158.226.105",2516,"JP",,"b68-zeroaccess-1-64bit",,,49152,,,,16470,,,,,,"168.63.184.224",8075,"SG" "2014-09-12 00:00:00","173.196.9.222",20001,"US",,"b68-zeroaccess-2-32bit",,,55253,,,,16464,,,,,,"207.46.138.117",8075,"HK" "2014-09-12 00:00:00","42.112.141.154",18403,"VN",,"b68-zeroaccess-2-32bit",,,29554,,,,16464,,,,,,"168.63.240.164",8075,"SG" "2014-09-12 00:00:00","12.179.112.155",7018,"US","/index.php","caphaw","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.8077)",,57067,,,,443,"204.95.99.205",0,,,,"204.95.99.205",8075,"US" "2014-09-12 00:00:00","70.60.43.102",10796,"US","/ping.html","caphaw","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.7357)",,2266,,,,443,"xf5wau9lcpf5.oonucoog.cc",0,,,,"204.95.99.204",8075,"US" "2014-09-12 00:00:00","189.108.25.26",10429,"BR","/index.php","caphaw","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.9121)",,50634,,,,443,"3k3kwrnj.rgk.cc",0,,,,"204.95.99.204",8075,"US" "2014-09-12 00:00:01","66.245.69.124",6983,"US","/wild/live/file.php","citadel-b54","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; BRI/1)",,3130,,,,80,"ultimaresource.com",0,,,,"199.2.137.201",3598,"US" "2014-09-12 00:00:01","50.52.19.180",5650,"US","/file-b29d40.php","citadel-b54","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; .NET CLR 3.5.21022)",,52176,,,,80,"199.2.137.202",0,,,,"199.2.137.202",3598,"US" "2014-09-12 00:00:01","99.243.32.48",812,"CA","/367601b6737825deb58a244576e4f098/file.php","citadel-b54","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; AskTB5.6)",,49725,,,,80,"prohomemain.com",0,,,,"199.2.137.201",3598,"US" "2014-09-12 00:00:01","106.156.210.197",2516,"JP","/view/file.php","citadel-b54","Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; AskTbFWV5/5.11.3.15590)",,55400,,,,80,"ronapri.com",0,,,,"199.2.137.202",3598,"US" "2014-09-12 00:00:01","138.217.89.25",1221,"AU","/message.php","bamital-b58","Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET4.0C)",,62254,,,,80,"9A5BB34EEDE4B85B9E81F40D530B68FF.co.cc",0,,,,"199.2.137.201",3598,"US"