Malware DNS SinkHole Server

Info: This server is part of a malware research network infrastructure.

Info: This server is NOT able to collect any type of PII or data payload.

FAQ:

Question: What a DNS SinkHole Server is ?

Answer: A dns sinkhole is create when a domain name registrar, in order to mitigate a malware infection, change the original route of a malicious domain name (like fo example www.malicious-domain.com) making it point to friendly server designed to receive bad traffic from malware and botnet networks. Sinkhole servers are normally maintained by security researchers, security vendors or national/private CERT/CSIRT to limit the damage and the spreading of malware infections.

Question: My PC or my network is experiencing unsolicited network connections to this server. What have I to do ?

Answer: If you are observing unsolicited network connections directed to this server, most probably you are infected with a malware whose the original domain name has already been placed in sinkhole, effectively neutralizing its communications to the outside world. After thanking the sinkhole author (CERT, CSIRT, researchers, for / no-profit security vendors etc. etc.) and the registrar support staff, you can perform a thorough scan of your environment looking for any malware infection in progress.

If you are a security researcher/vendor, a CERT/CSIRT/SeOC, a law enforcement agency and you want some infos (statistics,telemetry data etc.etc.) or you have simply questions, you can send an email to

"UTdomainTD@sinkhole.it"

(remove all capital letters)