Malware DNS SinkHole Server

Info: This server is officially registered as a Malware DNS SinkHole server over the SinkDB database.

Info: This server is listed for security researchers, security vendors and law enforcement agencies.

Info: This server is part of a malware research network infrastructure.

Info: This server is NOT able to collect any type of PII or data payload. It's used to collect telemetry and statistics related to malware infections.

FAQ:

Question: What a DNS SinkHole Server is ?

Answer: A dns sinkhole is create when a domain name registrar, in order to mitigate a malware infection, change the original route of a malicious domain name (like fo example www.malicious-domain.com) making it point to friendly server designed to receive bad traffic from malware and botnet networks. Sinkhole servers are normally maintained by security researchers, security vendors or national/private CERT/CSIRT to limit the damage and the spreading of malware infections.

Question: My PC or my network is experiencing unsolicited network connections to this server. What have I to do ?

Answer: If you are observing unsolicited network connections directed to this server, most probably you are infected with a malware whose the original domain name has already been placed in sinkhole, effectively neutralizing, in whole or in part, its communications to the outside world. After thanking the sinkhole author (CERTs, CSIRTs, Security Researchers, for or no-profit Security Vendors etc. etc.), you can perform a deep scan of your environment looking for any malware infection in progress.

We promote a strong collaboration between entities involved in information security!

If you are a Security Researcher or vendor, a CERT/CSIRT/SeOC/SOC, a law enforcement agency and you want some information (statistics,telemetry data, trends etc.etc.) or you have simply questions to ask, you can send an email to

"UTdomainTD@sinkhole.it"

(remove all capital letters)