LAST UPDATED: 2021-04-01
OPTIONAL REPORT
This is an optional report, you need to explicitly request it.
This report is a summary of all the connections that the sandbox system saw.
OPTIONAL: Sandbox Connection Report
Fields
-
md5hashMD5 of the binary making the connections
-
inetIP accessed by the binary
-
hostnameReverse DNS of the IP accessed
-
portPort accessed on the remote IP
-
protocolWhich protocol was used to contact the remote IP
-
asnASN of the IP
-
geoCountry of the IP
Sample
"md5hash","inet","hostname","port","protocol","asn","geo" "000191f8f3e8304e88219f9b78ec435f","239.255.255.250","",1900,"udp",6140,"-" "000221956662249f9ce01eeff956b0a4","239.255.255.250","",1900,"udp",6140,"-" "0005cfe8336a2d2157b9cdfb810c20ab","239.255.255.250","",1900,"udp",6140,"-" "000744bac2fcf8b10cd227cf6a66927e","239.255.255.250","",1900,"udp",6140,"-" "000a06e2f66235d80553d764318e86d7","239.255.255.250","",1900,"udp",6140,"-" "000b4ab050878e4a38258617471196e5","66.220.17.200","",80,"tcp",6939,"US" "000b4ab050878e4a38258617471196e5","239.255.255.250","",1900,"udp",6140,"-" "000c5fc087fddc6d5205fca9e27b5f7f","239.255.255.250","",1900,"udp",6140,"-" "001178d0b2e8433d964d43debc5069b4","239.255.255.250","",1900,"udp",6140,"-" "00125ebcf6b00bd2b46681e20740027d","239.255.255.250","",1900,"udp",6140,"-" "00137cd3454e92ca225d9dd834f55e0d","239.255.255.250","",1900,"udp",6140,"-" "0015fca3e21fa53060bf75a154d6ed5d","239.255.255.250","",1900,"udp",6140,"-" "001a218bb1dd40f23c710d03564f99a7","239.255.255.250","",1900,"udp",6140,"-"
Our 137 Report Types
- API: ASN and Network Queries
- API: Documentation
- API: Malware Query
- API: Reports Query
- API: Research
- API: Scan/SSL
- API: Trusted Programs Query
- Accessible ADB Report
- Accessible AFP Report
- Accessible AMQP Report
- Accessible Apple Remote Desktop (ARD) Report
- Accessible Cisco Smart Install Report
- Accessible CoAP Report
- Accessible CouchDB Report
- Accessible Docker Service Report
- Accessible Erlang Port Mapper Daemon Report
- Accessible FTP Report
- Accessible HTTP Proxy Report
- Accessible HTTP Report
- Accessible Hadoop Report
- Accessible ICS Report
- Accessible Kubernetes API Server Report
- Accessible MS-RDPEUDP
- Accessible MSMQ Service Report
- Accessible MySQL Server Report
- Accessible PostgreSQL Server Report
- Accessible QUIC Report
- Accessible RDP Report
- Accessible Radmin Report
- Accessible Rsync Report
- Accessible SIP Report
- Accessible SLP Service Report
- Accessible SMB Report
- Accessible SMTP Report
- Accessible SOCKS 4/5 Proxy Report
- Accessible SSH Report
- Accessible SSL Report
- Accessible STUN Service Report
- Accessible Telnet Report
- Accessible VNC Report
- Accessible WS-Discovery Service Report
- Accessible XDMCP Service Report
- Amplification DDoS Victim Report
- Block List Report
- Compromised Website Report
- DDoS Participant Report
- DNS Open Resolvers Report
- Darknet Events Report
- Device Identification Report
- Exposed F5 iControl REST API Special Report
- HAFNIUM Exchange Victim Special Report
- Honeypot DDoS Target Events Report
- Honeypot Amplification DDoS Events Report
- Honeypot Brute Force Events Report
- Honeypot DDoS Events Report
- Honeypot HTTP Scanner Events Report
- Honeypot ICS Scanner Events Report
- IP Spoofer Events Report
- LEGACY: Botnet URL Report
- LEGACY: Command and Control Report
- LEGACY: IRC Port Summary Report
- LEGACY: Sinkhole DNS report
- LEGACY: Accessible Modbus Report
- LEGACY: Botnet Drone Hadoop Report
- LEGACY: Brute Force Attack Report
- LEGACY: CAIDA IP Spoofer report
- LEGACY: Click-Fraud Report
- LEGACY: Compromised Host Report
- LEGACY: DDoS Report
- LEGACY: Darknet Report
- LEGACY: Drone/Botnet-Drone Report
- LEGACY: HTTP Scanners Report
- LEGACY: Honeypot URL Report
- LEGACY: ICS Scanners Report
- LEGACY: Microsoft Sinkhole Report
- LEGACY: Open Proxy Report
- LEGACY: Outdated DNSSEC Key IPv6 Report
- LEGACY: Outdated DNSSEC Key Report
- LEGACY: Proxy Report
- LEGACY: Scan Report
- LEGACY: Sinkhole HTTP Drone Report
- LEGACY: Sinkhole HTTP Referrer Report
- LEGACY: Sinkhole6 HTTP Drone Report
- Malware URL Report
- Microsoft Sinkhole Events Report
- Microsoft Sinkhole HTTP Events Report
- NTP Monitor Report
- NTP Version Report
- Netcore/Netis Router Vulnerability Scan Report
- OPTIONAL: Sandbox Connection Report
- OPTIONAL: Sandbox IRC Report
- OPTIONAL: Sandbox SMTP Report
- OPTIONAL: Sandbox URL Report
- Open CWMP Report
- Open CharGen Report
- Open DB2 Discovery Service
- Open DVR DHCPDiscover Report
- Open Elasticsearch Report
- Open HTTP Proxy Report
- Open IPMI Report
- Open IPP Report
- Open LDAP Report
- Open LDAP TCP Report
- Open MQTT Report
- Open MS-SQL Server Resolution Service Report
- Open Memcached Report
- Open MongoDB Report
- Open NAT-PMP Report
- Open NetBIOS Report
- Open Portmapper Report
- Open QOTD Report
- Open Redis Report
- Open SNMP Report
- Open SSDP Report
- Open Ubiquiti Report
- Open mDNS Report
- Open/Accessible TFTP
- SSL FREAK Report
- SSL POODLE Report
- Sinkhole DNS Events Report
- Sinkhole Events Report
- Sinkhole HTTP Events Report
- Sinkhole HTTP Referer Events Report
- Spam URL Report
- Synful Scan Report
- Vulnerable DDoS Middlebox Report
- Vulnerable Exchange Server Report
- Vulnerable Exchange Servers Special Report #1
- Vulnerable Exchange Servers Special Report #2
- Vulnerable Exchange Servers Special Report #3
- Vulnerable Exchange Servers Special Report #4
- Vulnerable Exchange Servers Special Report #5
- Vulnerable Fortinet Special Report
- Vulnerable HTTP Report
- Vulnerable ISAKMP Report
- Vulnerable Log4j Servers Special Report
- Vulnerable SMTP Report