Team Cymru's IP free-checkup allows users to see if their IP address has been misbehaving by searches against database of known infections. It might have been part of a botnet, detected as an improperly configured DNS recursive server, observed trying to bruteforce a site, seen as an abused proxy, or it might even have popped up while probing one of our Darknet experiments. Whatever the case may be, if your IP address appears here as infected, you have an issue that needs to be addressed. Not only does this new service identify if your IP address is infected, it also provides some helpful hints to help you clean your machines. As well, it displays a heatmap detailing where we think you are and how ‘hot’ your vicinity is in terms of other infections. We also rank the country you are in against other countries and show the trends over the past month. Check your IP now at https://ip.team-cymru.com.
The World Hackbook provides insight on malicious activity statistics by country and compares individual ranking with neighboring countries. The malicious activity ranking is based on IP addresses that have been part of a botnet, detected as trying to bruteforce a site, seen as an abused proxy, or might even have popped up as probing one of our darknet experiments. The numbers are based on what we see; other folks see a slightly different perspective of malicious activity on the Internet. However, the general trends and relative standings ought to be broadly similar. This service provides comparison of countries, as well as regions and organizations like NATO, G8, Europe, North America, ARIN and RIPE. Added to our new services are general numbers on IP addresses assigned and actually advertised. Explore now at https://hackbook.team-cymru.com.
A bogon prefix is a route that should never appear in the Internet
routing table. This can be for one of several reasons - either the prefix
is within a private or reserved IP address block, or a block that has not
yet been allocated to a Regional Internet Registry (RIR). The Bogon
Reference pages provide a number of resources for the filtering of bogon
prefixes from your routers and hosts. Check out the bogon reference for more details!
A darknet is a portion of routed, allocated IP space in which no active
services or servers reside. These are "dark" because there is,
seemingly, nothing within these networks. In fact, the darknet does
contain at least one server, which vacuums up packets and flows entering the
"dark" space for real-time analysis or post-event network forensics. For
more information on darknets, and how they can help keep your network safe,
check out our darknet project.
Team Cymru provides a number of query interfaces that allow for the
mapping of IP addresses to BGP prefixes and Autonomous System Numbers
(ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4
hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP
53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data
available, and how to query, check out our IP to ASN Mapping Project.
Totalhash is a community malware analysis service. This service provides
users the ability to quickly find and view both static and dynamic analysis
of malware samples. An API is available to those who require programmatic
access to the service. Totalhash is the entry point to Team Cymru's
comprehensive malware service offerings. Check it out at
The Malware Hash Registry (MHR) project is a look-up service similar to the
Team Cymru IP address to ASN mapping project. This project differs however,
in that you can query our service for a computed MD5 or SHA-1 hash of a file
and, if it is malware and we know about it, we return the last time we've
seen it along with an approximate anti-virus detection percentage. Learn more at the Malware Hash Registry project page.
The IXP Service is a feed of IX address prefixes that should not be reachable from customers and connections not associated with the IX. This gives users a tool to deny service to these prefixes altogether, thus saving their networks from unnecessary risk. Discover more at the IXP project page.
UTRS is a system that helps mitigate large infrastructure attacks by leveraging an existing network of cooperating BGP speakers such as ISPs, hosting providers and educational institutions that automatically distributes verified BGP-based filter rules from victim to cooperating networks. Read more at the UTRS project page.