Malware DNS SinkHole Server
Info: This server is part of a malware research network infrastructure.
Info: This server is NOT able to collect any type of PII or data payload.
Question: What a DNS SinkHole Server is ?
Answer: A dns sinkhole is create when a domain name registrar, in order to mitigate a malware infection, change the original route of a malicious domain name (like fo example www.malicious-domain.com) making it point to friendly server designed to receive bad traffic from malware and botnet networks. Sinkhole servers are normally maintained by security researchers, security vendors or national/private CERT/CSIRT to limit the damage and the spreading of malware infections.
Question: My PC or my network is experiencing unsolicited network connections to this server. What have I to do ?
Answer: If you are observing unsolicited network connections directed to this server, most probably you are infected with a malware whose the original domain name has already been placed in sinkhole, effectively neutralizing its communications to the outside world. After thanking the sinkhole author (CERT, CSIRT, researchers, for / no-profit security vendors etc. etc.) and the registrar support staff, you can perform a thorough scan of your environment looking for any malware infection in progress.
If you are a security researcher/vendor, a CERT/CSIRT/SeOC, a law enforcement agency and you want some infos (statistics,telemetry data etc.etc.) or you have simply questions, you can send an email to
(remove all capital letters)