LEGACY: Sinkhole HTTP Referrer Report

LAST UPDATED:  2021-06-07

LEGACY REPORT

Report discontinued. Replaced by: Sinkhole HTTP Referer Events Report.

This report identifies referring websites that may be infected or compromised.

One of the methods that an IP might end up at the sinkhole system is via infected or compromised websites. These would automatically forward the IP to a controlled system where they would be able then to attempt different infections or even phishing attacks to the user behind the IP.

Please note this report will be replaced after 2021-06-01 by Sinkhole HTTP Referer Events Report.

Fields

  • timestamp
    Timestamp in UTC+0 when the referral was recorded on the sinkhole system
  • type
    Infection type
  • http_host
    The HTTP host visited
  • http_referrer
    The actual referral URL
  • inet
    IP of the referring site
  • asn
    ASN of the IP
  • geo
    Country where the IP is located

Sample

"2010-06-10 23:55:29","iframe exploit","ww.robint.us","http://www.maispaulista.com.br/visualizar.asp?idMenu=22&idSubMenu=115","200.234.220.51",27715,"BR"
"2010-06-10 23:55:29","iframe exploit","ww.robint.us","http://ozkorallah.net/subject.asp?hit=1&lang=ar&parent_id=0&sub_id=3069","8.8.247.141",3356,"US"
"2010-06-10 23:55:35","iframe exploit","ww.robint.us","http://www.economiaynegocios.cl/noticias/noticias.asp?id=72815","200.12.19.16",14259,"CL"
"2010-06-10 23:55:45","iframe exploit","ww.robint.us","http://www.ex-designz.net/englishlyrics/lyricsCat.asp?id=16","75.126.12.18",36351,"US"
"2010-06-10 23:55:47","iframe exploit","ww.robint.us","http://www.ozkorallah.net/subject.asp?hit=1&lang=ar&parent_id=67&sub_id=205","8.8.247.141",3356,"US"
"2010-06-10 23:56:03","iframe exploit","ww.robint.us","http://www.ex-designz.net/recipedisplay.asp?rid=956","75.126.12.18",36351,"US"
"2010-06-10 23:56:06","torpig","google.analytics.com.kfyalnkfqhl.info","http://google.analytics.com.kfyalnkfqhl.info/kavs/kav6.exe","87.106.24.200",8560,"DE"

Our 131 Report Types