Sinkhole
A sinkhole is a controlled destination that security researchers or law enforcement redirect malicious traffic to — often for botnet takedowns. Sinkholed domains and IPs may still appear on threat feeds during transition periods; enrichment context helps avoid blocking legitimate sinkhole operators.
Frequently Asked Questions
What is Sinkhole?
A sinkhole is a controlled destination that security researchers or law enforcement redirect malicious traffic to — often for botnet takedowns. Sinkholed domains and IPs may still appear on threat feeds during transition periods; enrichment context helps avoid blocking legitimate sinkhole operators.
How is Sinkhole related to Botnet?
Sinkhole and Botnet are both key concepts in threat intelligence. A botnet is a network of compromised devices ("bots") controlled by an attacker via a C2 server. Botnets are used for DDoS attacks, spam campaigns, credential stuffing, and ransomware delivery. Individual bots are often unaware they are compromised.