Sinkhole HTTP Referrer Report

This report identifies referring websites that may be infected or compromised.

One of the methods that an IP might end up at the sinkhole system is via infected or compromised websites. These would automatically forward the IP to a controlled system where they would be able then to attempt different infections or even phishing attacks to the user behind the IP.

Fields

  • timestamp
    Timestamp in UTC+0 when the referral was recorded on the sinkhole system
  • type
    Infection type
  • http_host
    The HTTP host visited
  • http_referrer
    The actual referral URL
  • inet
    IP of the referring site
  • asn
    ASN of the IP
  • geo
    Country where the IP is located

Sample

"2010-06-10 23:55:29","iframe exploit","ww.robint.us","http://www.maispaulista.com.br/visualizar.asp?idMenu=22&idSubMenu=115","200.234.220.51",27715,"BR"
"2010-06-10 23:55:29","iframe exploit","ww.robint.us","http://ozkorallah.net/subject.asp?hit=1&lang=ar&parent_id=0&sub_id=3069","8.8.247.141",3356,"US"
"2010-06-10 23:55:35","iframe exploit","ww.robint.us","http://www.economiaynegocios.cl/noticias/noticias.asp?id=72815","200.12.19.16",14259,"CL"
"2010-06-10 23:55:45","iframe exploit","ww.robint.us","http://www.ex-designz.net/englishlyrics/lyricsCat.asp?id=16","75.126.12.18",36351,"US"
"2010-06-10 23:55:47","iframe exploit","ww.robint.us","http://www.ozkorallah.net/subject.asp?hit=1&lang=ar&parent_id=67&sub_id=205","8.8.247.141",3356,"US"
"2010-06-10 23:56:03","iframe exploit","ww.robint.us","http://www.ex-designz.net/recipedisplay.asp?rid=956","75.126.12.18",36351,"US"
"2010-06-10 23:56:06","torpig","google.analytics.com.kfyalnkfqhl.info","http://google.analytics.com.kfyalnkfqhl.info/kavs/kav6.exe","87.106.24.200",8560,"DE"

Our 76 Report Types