Sinkhole Events Report

LAST UPDATED: 2022-06-27

This report contains events (connections) to non-http sinkholes. Sinkholing is a technique whereby a resource used by malicious actors to control malware is taken over and redirected to a benign listener that can (to a varying degree) understand connections coming from infected devices.

Only infected systems or security researchers should be seen in this list.

For an example list of threats that are sinkholed, please see the list of malware tags reported on in Sinkhole HTTP Events Report.

You can learn more on the report in our Sinkhole Events Report tutorial.

You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.

File names: event4_sinkhole

Fields

timestamp

Timestamp when the IP was seen in UTC+0
protocol

Packet type of the connection traffic (UDP/TCP)
src_ip

The IP of the device in question
src_port

Source port of the IP connection
src_asn

ASN of the source IP
src_geo

Country of the source IP
src_region

Region of the source IP
src_city

City of the source IP
src_hostname

Reverse DNS of the source IP
src_naics

North American Industry Classification System Code
src_sector

Sector to which the IP in question belongs; e.g. Communications, Commercial
device_vendor

Source device vendor
device_type

Source device type
device_model

Source device model
dst_ip

Destination IP
dst_port

Destination port of the IP connection
dst_asn

ASN of the destination IP
dst_geo

Country of the destination IP
dst_region

Region of the destination IP
dst_city

City of the destination IP
dst_hostname

Reverse DNS of the destination IP
dst_naics

North American Industry Classification System Code
dst_sector

Sector to which the IP in question belongs; e.g. Communications, Commercial
public_source

Source of the event data
infection

Description of the malware/infection
family

Malware family or campaign associated with the event
tag

Event attributes
application

Application name associated with the event
version

Software version associated with the event
event_id

Unique identifier assigned to the source IP or event

Sample

"timestamp","protocol","src_ip","src_port","src_asn","src_geo","src_region","src_city","src_hostname","src_naics","src_sector","device_vendor","device_type","device_model","dst_ip","dst_port","dst_asn","dst_geo","dst_region","dst_city","dst_hostname","dst_naics","dst_sector","public_source","infection","family","tag","application","version","event_id"
"2021-03-04 00:00:00","tcp","190.113.x.x",17409,12252,"PE","METROPOLITANA DE LIMA","LIMA",,,,,,,"178.162.x.x",4455,28753,"DE","HESSEN","FRANKFURT AM MAIN",,518210,"Communications, Service Provider, and Hosting Service","eset","victorygate.b",,,,,
"2021-03-04 00:00:00","tcp","217.173.x.x",28940,8220,"IE","DUBLIN","DUBLIN",,541611,"Communications, Service Provider, and Hosting Service",,,,"137.116.x.x",16464,8075,"SG","CENTRAL","SINGAPORE",,334111,"Information","MSDCU",,,"b68-zeroaccess-2-32bit",,,
"2021-03-04 00:00:00","tcp","37.212.x.x",36735,6697,"BY","VITEBSKAJA OBLAST'","VITEBSK",,,,,,,"168.63.x.x",16464,8075,"HK","HONG KONG","HONG KONG",,334111,"Information","MSDCU",,,"b68-zeroaccess-2-32bit",,,
"2021-03-04 00:00:00","tcp","86.130.x.x",50395,2856,"UK","MID ULSTER","DUNGANNON",,517311,"Communications, Service Provider, and Hosting Service",,,,"40.71.228.10",16471,8075,"US","VIRGINIA","ASHBURN",,334111,"Information","MSDCU",,,"b68-zeroaccess-1-32bit",,,
"2021-03-04 00:00:00","tcp","35.205.x.x",44696,15169,"BE","BRUXELLES-CAPITALE","BRUSSELS","x.x.205.35.bc.googleusercontent.com",519130,"Communications, Service Provider, and Hosting Service",,,,"148.81.x.x",80,1887,"PL","MAZOWIECKIE","WARSAW",,,,,"virut",,,,,
"2021-03-04 00:00:00","tcp","35.197.x.x",36968,15169,"US","OREGON","THE DALLES","x.x.197.35.bc.googleusercontent.com",519130,"Communications, Service Provider, and Hosting Service",,,,"148.81.111.x.x",80,1887,"PL","MAZOWIECKIE","WARSAW",,,,,"virut",,,,,

Our 134 Report Types

« Back to Network Reporting