Skip to content
🐛 Malware Sinkhole List in various formats
Python
Branch: master
Clone or download
wesinator and brakmic Add CNCERT/CC sinkhole IP (#12)
* Add CNCERT/CC sinkhole IP

* Revert "Add CNCERT/CC sinkhole IP"

This reverts commit c87970b.

* Add CNCERT/CC sinkhole IP
Latest commit f7485fa Jul 25, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore adds swap file ignore and python virtualenvironment ignore Sep 20, 2018
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md Jun 15, 2017
CONTRIBUTING.md Rename CONTRIBUTING.MD to CONTRIBUTING.md Jul 13, 2019
LICENSE
README.md added info on python scripts Sep 24, 2018
Sinkholes_List.csv
Sinkholes_List.json
Sinkholes_List.ods
Sinkholes_List.xls Add CNCERT/CC sinkhole IP (#12) Jul 25, 2019
Sinkholes_List.xlsx
add_rows.py fixes up a few comments / doc strings Sep 23, 2018
addition.py clean out some debugging code Sep 23, 2018
requirements.txt now uses pyexcel and plugins for writing out xlsx, xls, and ods formats Sep 23, 2018
sinkhole.jpg Add files via upload Sep 20, 2018

README.md

Malware Sinkhole List in different formats (xls, xlsx, csv, ods, json)

sinkhole_image

Based on data from Lesley Carhart's article Consolidated Malware Sinkhole List.

It's her work not mine!

I've only transferred the data to different formats.

The table below was created with this nice online conversion tool.


Pythons scripts for adding new rows to the list

Thanks to @masq for the nice python scripts! Check the source header on how to run them.


Organization IP Ranges Whois Notes
Anubis 195.22.26.192/26 anubisnetworks.com https://www.proofpoint.com/us/daily-ruleset-update-summary-2015-08-14
Arbor Networks ASERT 23.253.126.58 168.181.184.35 arbor-sinkhole.net http://www.malwareurl.com/ns_listing.php?ns=ns1.arbor-sinkhole.net
Blacklab.io 67.215.255.139 sinkhole.blacklab.io
blacklistthisdomain 106.187.96.49 81.166.122.234 sinkhole.blacklistthisdomain.com
Botnet Hunter 52.5.245.208 ec2-52-5-245-208.compute-1.amazonaws.com
CERT Polska 148.81.111.111 148.81.111.91 148.81.111.114 sinkhole.cert.pl
Conficker Working Group 136.161.101.53 conficker-sinkhole.com
Dr. Web 91.233.244.106 http://doc.emergingthreats.net/bin/view/Main/2016997
Endgame 166.78.144.80 s01.snkhole.mal-ware.susp-nded.domain http://www.kleissner.org
Farsight 104.244.12.0/22 sinkhole-iad1-2.cwg.fsi.io
FBI 142.0.36.234 VolumeDrive
Fitsec 193.166.255.171 Funet CERT
Georgia Tech 143.215.130.0/24 Georgia Institute of Technology
Georgia Tech 198.61.227.6 Rackspace www.kleissner.org
Georgia Tech 50.57.148.87 Slicehost www.kleissner.org
Gladtech 74.200.48.169 sinkhole.gladtech.net
Helse CSIRT 91.186.66.36 NORWEGIAN-HEALTH-NETWORK
Hyas 192.169.69.25 sinkhole.hyas.com
Kaspersky 93.159.228.22 95.211.172.143 sinkhole.kaspersky.com
MalwareDomains 139.146.167.25 Computer Problem Solving (CPS)
Microsoft 131.253.18.11-12 Microsoft http://doc.emergingthreats.net/bin/view/Main/2016101
Microsoft 199.2.137.0/24 Microsoft https://lists.emergingthreats.net/pipermail/emerging-sigs/2013-June/022148.html
Microsoft 204.95.99.59 Microsoft https://lists.emergingthreats.net/pipermail/emerging-sigs/2013-June/022148.html
Microsoft 207.46.90.0/24 Microsoft https://lists.emergingthreats.net/pipermail/emerging-sigs/2013-June/022148.html
PublicDomainRegistry 109.74.196.143 50.116.56.144 50.116.32.177 178.79.190.156 Linode www.kleissner.org
Shadowserver 87.106.24.200 sinkhole-00.shadowserver.org
Shadowserver 87.106.26.9 sinkhole-01.shadowserver.org http://marc.info/?l=emerging-sigs&m=135764068231008&w=2
Shadowserver 74.208.64.145 sinkhole-02.shadowserver.org
Shadowserver 74.208.64.191 sinkhole-03.shadowserver.org
Shadowserver 74.208.164.166 sinkhole-04.shadowserver.org
Shadowserver 212.227.55.84 sinkhole.shadowserver.org
Shadowserver 74.208.15.160 sinkhole.shadowserver.org
Shadowserver 74.208.15.97 sinkhole.shadowserver.org
Shadowserver 87.106.250.34 sinkhole.shadowserver.org http://marc.info/?l=emerging-sigs&m=135764068231008&w=2
Shadowserver 87.106.86.28 sinkhole.shadowserver.org http://marc.info/?l=emerging-sigs&m=135764068231008&w=2
SIDN Labs 176.58.104.168 sinkhole.sidnlabs.nl
sinkhole.DK 212.227.20.19 sinkhole.dk
sinkhole.in 86.124.164.25 sinkhole.in
sinkhole.tech 79.137.66.14 http3.sinkhole.tech
sinkhole.tech 95.211.174.92 sinkhole.tech
sinkhole.tech 144.217.254.3 http4.sinkhole.tech
sinkhole.tech 217.182.172.139 http1.sinkhole.tech
sinkhole.tech 144.217.74.156 http2.sinkhole.tech
SISRA / Abuse.ch 104.155.11.149 this-domain-is-sinkholed-by.abuse.ch
Spamhaus 208.43.245.213 173.192.192.10 199.231.211.108 198.98.120.157 192.42.116.41 87.255.51.229 sl-reverse.com
Team Cymru 38.102.150.29 38.229.70.125 conficker-sinkhole.net
Torpig-Sinkhole 212.227.55.84 87.106.240.162 87.106.140.254 87.106.141.15 torpig-sinkhole.org
Wapack Labs 23.253.46.64 https://wapacklabs.blogspot.com/2016/07/wapack-labs-sinkhole-results-18.html
Zinkhole.org 176.31.62.76 178.32.140.251 94.23.175.2 suspended-domain.org

Contributing

Contributing

Code of Conduct

Code of Conduct

License

MIT

You can’t perform that action at this time.