LAST UPDATED: 2021-06-07
LEGACY REPORT
Report discontinued. Replaced by: Sinkhole HTTP Events Report.
This report identifies the IP addresses from all the devices that joined our Sinkhole server that did not arrive through an HTTP referrer.
Since the Sinkhole server is only accessed through previously malicious domain names, only infected systems or security researchers should be seen in this list.
IPv6 Sinkhole data is shared in Sinkhole6 HTTP Drone Report.
Please note this report will be replaced after 2021-06-01 by Sinkhole HTTP Events Report.
As of January 13th, 2021 we have the following tags:
| andromeda-b66 |
| avalanche-andromeda |
| avalanche-bolek |
| avalanche-citadel |
| avalanche-corebot |
| avalanche-dofoil |
| avalanche-generic |
| avalanche-gozi2 |
| avalanche-goznym |
| avalanche-kins |
| avalanche-marcher |
| avalanche-matsnu |
| avalanche-nymaim |
| avalanche-pandabanker |
| avalanche-ranbyus |
| avalanche-rovnix |
| avalanche-smartapp |
| avalanche-teslacrypt |
| avalanche-tinba |
| avalanche-trusteer |
| avalanche-unknown |
| avalanche-urlzone |
| avalanche-vawtrak |
| avalanche-xswkit |
| b54-base |
| b54-code |
| b54-config |
| b54-old |
| b68-zeroaccess-1-32bit |
| b68-zeroaccess-2-32bit |
| b68-zeroaccess-2-64bit |
| beebone |
| boaxxe |
| bookworm |
| caphaw |
| comment |
| conficker.ab |
| conficker.abc |
| cve-2009-4324 |
| downadup |
| dyndns-blatmailers-apt |
| dyndns-choiceguard-apt |
| dyndns-mirage-apt |
| dyndns-sogu-apt |
| enfal-apt |
| familyphotos-apt |
| ghost-push |
| iframe exploit |
| infy-apt |
| ircbot-b58 |
| jdk-update-apt |
| kovter |
| machbot |
| machete-apt |
| mirage-apt |
| necurs |
| null |
| qsnatch |
| ramdo |
| sality |
| sality_old |
| sality2 |
| silon |
| skunkx |
| spyeye |
| spyeye-b58 |
| sunburst |
| sykipot-apt |
| tinba |
| torpig |
| trickbot-c2 |
| trickbot-c2u |
| trickbot-iot-c2 |
| tsifiri |
| unknown-apt |
| vinself |
| vpnfilter |
| vpnfilter_stage3 |
| x-agent |
| xcodeghost |
| yash rat |
| yzf |
| zeus |
Note that we also share information in partnership with other organizations under the Drone/Botnet-Drone Report which comes from a wider variety of types of sources which may include sinkhole data. Additionally, sinkhole data from Microsoft is shared via the Microsoft Sinkhole Report.