You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.įile names: event4_sinkhole_http and event6_sinkhole_http.Īs of 30th March 2021, the following infections are being observed across all the sinkholes (this includes non-HTTP sinkholes) and shared out: android_spams You can learn more on the report in our Sinkhole HTTP Events Report tutorial. This report can come in 2 versions, one for IPv4 only connections, the other for IPv6 only connections. However, the sinkholes may also pick up web crawlers requesting malicious domains. Since a sinkhole server is only accessed through previously malicious domain names, only infected systems or security researchers should be seen in this list. This report identifies the IP addresses from all the devices that joined a sinkhole server that did not arrive through an HTTP referrer. Sinkholing is a technique whereby a resource used by malicious actors to control malware is taken over and redirected to a benign listener that can (to a varying degree) understand connections coming from infected devices. This report contains events (connections) to HTTP Sinkholes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |