Honeypot URL Report

One of the sources for gathering malicious binaries is the usage of honeypot technology. This report lists the daily binary captures and the sources.

Fields

  • md5
    MD5 hash of the downloaded binary
  • url
    URL where the binary was downloaded from
  • url_asn
    ASN location of the URL's IP
  • url_geo
    Country where the URL is located

Sample

"md5hash","url","url_asn","url_geo"
"02e26297111a9850cce01e5bd03cfa45","ftp://1:1@67.207.232.254:54267/wingate32.exe",8025,"US"
"14a09a48ad23fe0ea5a180bee8cb750a","ftp://1:1@88.165.70.3:43174/ssms.exe",12322,"FR"
"14a09a48ad23fe0ea5a180bee8cb750a","ftp://1:1@88.171.15.7:53091/ssms.exe",12322,"FR"
"14a09a48ad23fe0ea5a180bee8cb750a","tftp://85.179.111.223/ssms.exe",13184,"DE"
"14a09a48ad23fe0ea5a180bee8cb750a","tftp://85.179.111.223:69/ssms.exe",13184,"DE"
"14a09a48ad23fe0ea5a180bee8cb750a","tftp://85.244.0.251:69/ssms.exe",3243,"PT"
"14a09a48ad23fe0ea5a180bee8cb750a","tftp://91.123.212.10/ssms.exe",42935,"PL"
"14a09a48ad23fe0ea5a180bee8cb750a","tftp://91.43.200.61:69/ssms.exe",3320,"DE"
"1a06582a3959f2730fada856772b4761","tftp://89.253.157.50:69/ssms.exe",20891,"BG"
"1cc34fb692d9c0dd5612c354202c5b53","http://95.28.184.171:6725/x.exe",8402,"UK"
"1d419d615dbe5a238bbaa569b3829a23","ftp://88.220.157.161:1535/ssms.exe",20804,"PL"
"1d419d615dbe5a238bbaa569b3829a23","tftp://64.1.77.229/ssms.exe",14359,"US"

Our 76 Report Types