Malware DNS SinkHole Server

Info: This server is part of a malware research network infrastructure.

Info: This server is NOT able to collect any type of PII or data payload.


Question: What a DNS SinkHole Server is ?

Answer: A dns sinkhole is create when a domain name registrar, in order to mitigate a malware infection, change the original route of a malicious domain name (like fo example making it point to friendly server designed to receive bad traffic from malware and botnet networks. Sinkhole servers are normally maintained by security researchers, security vendors or national/private CERT/CSIRT to limit the damage and the spreading of malware infections.

Question: My PC or my network is experiencing unsolicited network connections to this server. What have I to do ?

Answer: If you are observing unsolicited network connections directed to this server, most probably you are infected with a malware whose the original domain name has already been placed in sinkhole, effectively neutralizing its communications to the outside world. After thanking the sinkhole author (CERT, CSIRT, researchers, for / no-profit security vendors etc. etc.) and the registrar support staff, you can perform a thorough scan of your environment looking for any malware infection in progress.

If you are a security researcher/vendor, a CERT/CSIRT/SeOC, a law enforcement agency and you want some infos (statistics,telemetry data etc.etc.) or you have simply questions, you can send an email to


(remove all capital letters)