Sinkholes

Malware Sinkhole List in different formats (xls, xlsx, csv, ods, json)

Based on data from Lesley Carhart's article Consolidated Malware Sinkhole List.

It's her work not mine!

I've only transferred the data to different formats.

The table below was created with this nice online conversion tool.

Pythons scripts for adding new rows to the list

Thanks to @masq for the nice python scripts! Check the source header on how to run them.

| Organization | IP Ranges | Whois | Notes | | | | | | | |-------------------------|------------------|------------------------------------------------------|---------------------------------------------------------------------------------|--------------------------------------------------------------------|---------------------|-------------------|----------------|--|--| | Anubis | 195.22.26.192/26 | anubisnetworks.com | https://www.proofpoint.com/us/daily-ruleset-update-summary-2015-08-14 | | | | | | | | Arbor Networks ASERT | 23.253.126.58 168.181.184.35 | arbor-sinkhole.net | http://www.malwareurl.com/ns_listing.php?ns=ns1.arbor-sinkhole.net | | | | | | | Blacklab.io | 67.215.255.139 | sinkhole.blacklab.io | | | | | | | | | blacklistthisdomain | 106.187.96.49 81.166.122.234 | sinkhole.blacklistthisdomain.com | | | | | | | | Botnet Hunter | 52.5.245.208 | ec2-52-5-245-208.compute-1.amazonaws.com | | | | | | | | | CERT Polska | 148.81.111.111 148.81.111.91 148.81.111.114 | sinkhole.cert.pl | | | | | | | Conficker Working Group | 136.161.101.53 | conficker-sinkhole.com | | | | | | | | | Dr. Web | 91.233.244.106 | http://doc.emergingthreats.net/bin/view/Main/2016997 | | | | | | | | | Endgame | 166.78.144.80 | s01.snkhole.mal-ware.susp-nded.domain | http://www.kleissner.org | | | | | | | | Farsight | 104.244.12.0/22 | sinkhole-iad1-2.cwg.fsi.io | | | | | | | | | FBI | 142.0.36.234 | VolumeDrive | | | | | | | | | Fitsec | 193.166.255.171 | Funet CERT | | | | | | | | | Georgia Tech | 143.215.130.0/24 | Georgia Institute of Technology | | | | | | | | | Georgia Tech | 198.61.227.6 | Rackspace | www.kleissner.org | | | | | | | | Georgia Tech | 50.57.148.87 | Slicehost | www.kleissner.org | | | | | | | | Gladtech | 74.200.48.169 | sinkhole.gladtech.net | | | | | | | | | Helse CSIRT | 91.186.66.36 | NORWEGIAN-HEALTH-NETWORK | | | | | | | | | Hyas | 192.169.69.25 | sinkhole.hyas.com | | | | | | | | | Kaspersky | 93.159.228.22 95.211.172.143 | sinkhole.kaspersky.com | | | | | | | | MalwareDomains | 139.146.167.25 | Computer Problem Solving (CPS) | | | | | | | | | Microsoft | 131.253.18.11-12 | Microsoft | http://doc.emergingthreats.net/bin/view/Main/2016101 | | | | | | | | Microsoft | 199.2.137.0/24 | Microsoft | https://lists.emergingthreats.net/pipermail/emerging-sigs/2013-June/022148.html | | | | | | | | Microsoft | 204.95.99.59 | Microsoft | https://lists.emergingthreats.net/pipermail/emerging-sigs/2013-June/022148.html | | | | | | | | Microsoft | 207.46.90.0/24 | Microsoft | https://lists.emergingthreats.net/pipermail/emerging-sigs/2013-June/022148.html | | | | | | | | PublicDomainRegistry | 109.74.196.143 50.116.56.144 50.116.32.177 178.79.190.156 | Linode | www.kleissner.org | | | | | Shadowserver | 87.106.24.200 | sinkhole-00.shadowserver.org | | | | | | | | | Shadowserver | 87.106.26.9 | sinkhole-01.shadowserver.org | http://marc.info/?l=emerging-sigs&m=135764068231008&w=2 | | | | | | | | Shadowserver | 74.208.64.145 | sinkhole-02.shadowserver.org | |