OPTIONAL: Sandbox URL Report

LAST UPDATED:  2022-08-08

OPTIONAL REPORT

This is an optional report, you need to explicitly request it.

This report includes the sets of URLs that we collect while running binaries through the different sandbox systems that we have.

As we run binaries through our sandbox systems, we are able to collect different sets of URLs from the execution of malicious binaries. There is no specific timestamp for each data set, but all results are generated from the last 24 hours of binaries run in the sandbox system.

Filename: sandbox_url

Fields

  • timestamp
    Timestamp the URL was observed in UTC+0
  • ip
    IP of the URL location
  • asn
    ASN of the URL location
  • geo
    Country of the URL location
  • md5
    MD5 of the binary that did the access
  • url
    URL that the binary accessed
  • user_agent
    User Agent that the binary utilized to access the URL
  • host
    The content of the HTTP "Host" header
  • method
    Which HTTP method was utilized to access the URL

Sample

"timestamp","ip","asn","geo","md5","url","user_agent","host","method"
"2014-06-07 00:06:47","103.8.127.189",18229,"IN","cff1e4c492ae781a91d7d64b112b9113","http://highclassdelhiescorts.in/images/css/al0302.enc","Updates downloader","highclassdelhiescorts.in","GET"
"2014-06-07 06:51:25","173.192.21.195",36351,"US","72ca3cabe3d847659698076637d78c4a","http://airconexpress.com.au/images/deac/pdf.enc","Updates downloader","airconexpress.com.au","GET"
"2014-06-07 15:21:10","103.28.148.51",58477,"ID","0aecb730b8c1a06534cf393f5c0f01fd","http://103.28.148.51:8080/a0892770/c281df6/","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)","103.28.148.51","POST"
"2014-06-07 18:34:52","103.28.148.51",58477,"ID","1bb9db20d591bbdf599060f2b5a9e193","http://103.28.148.51:8080/b0f86916/c281df6/","Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)","103.28.148.51","POST"
"2014-06-07 20:45:35","78.46.35.41",24940,"DE","88289eb1b23206650c7979f7356918de","http://korbi.va-techniker.de:8080/ponyz/gate.php","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)","korbi.va-techniker.de","POST"

Our 119 Report Types

« Back to Network Reporting