Our Favorite...And Soon to Be Yours
Nimbus is our Kibana based appliance that integrates our insight about
malicious activity ion your network, with near real time alerting, at no
cost to you. For more information, check out
the Nimbus page.
Other Community Services
Dragon News Bytes is a private and restricted mailing list that distributes
Information Security news articles. These articles may come from newspapers, magazines,
and various online resources. For more information,
check out the Dragon News Bytes information page.
Team Cymru's IP free-checkup allows users to see if their IP address has been misbehaving by searches against database of known infections. It might have been part of a botnet, detected as an improperly configured DNS recursive server, observed trying to bruteforce a site, seen as an abused proxy, or it might even have popped up while probing one of our Darknet experiments. Whatever the case may be, if your IP address appears here as infected, you have an issue that needs to be addressed. Not only does this new service identify if your IP address is infected, it also provides some helpful hints to help you clean your machines. As well, it displays a heatmap detailing where we think you are and how ‘hot’ your vicinity is in terms of other infections. We also rank the country you are in against other countries and show the trends over the past month. Check your IP now at https://ip.team-cymru.com.
The World Hackbook provides insight on malicious activity statistics by country and compares individual ranking with neighboring countries. The malicious activity ranking is based on IP addresses that have been part of a botnet, detected as trying to bruteforce a site, seen as an abused proxy, or might even have popped up as probing one of our darknet experiments. The numbers are based on what we see; other folks see a slightly different perspective of malicious activity on the Internet. However, the general trends and relative standings ought to be broadly similar. This service provides comparison of countries, as well as regions and organizations like NATO, G8, Europe, North America, ARIN and RIPE. Added to our new services are general numbers on IP addresses assigned and actually advertised. Explore now at https://hackbook.team-cymru.com.
A bogon prefix is a route that should never appear in the Internet
routing table. This can be for one of several reasons - either the prefix
is within a private or reserved IP address block, or a block that has not
yet been allocated to a Regional Internet Registry (RIR). The Bogon
Reference pages provide a number of resources for the filtering of bogon
prefixes from your routers and hosts. Check out the bogon reference for more details!
Team Cymru provides a number of query interfaces that allow for the
mapping of IP addresses to BGP prefixes and Autonomous System Numbers
(ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4
hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP
53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data
available, and how to query, check out our IP to ASN Mapping Project.
Totalhash is a community malware analysis service. This service provides
users the ability to quickly find and view both static and dynamic analysis
of malware samples. An API is available to those who require programmatic
access to the service. Totalhash is the entry point to Team Cymru's
comprehensive malware service offerings. Check it out at
The Malware Hash Registry (MHR) project is a look-up service similar to the
Team Cymru IP address to ASN mapping project. This project differs however,
in that you can query our service for a computed MD5 or SHA-1 hash of a file
and, if it is malware and we know about it, we return the last time we've
seen it along with an approximate anti-virus detection percentage. Learn more at the Malware Hash Registry project page.
UTRS is a system that helps mitigate large infrastructure attacks by leveraging an existing network of cooperating BGP speakers such as ISPs, hosting providers and educational institutions that automatically distributes verified BGP-based filter rules from victim to cooperating networks. Read more at the UTRS project page.
A tool for network managers to visualize activity on their network while
integrating Team Cymru's unique data regarding malicious activity. Includes
historic analysis and collaborative tools, and is available as an online
secure portal. For more details, check out
the TC Console page.
Team Cymru provides daily lists of compromised or abused devices for the
ASNs and/or netblocks within a Regional and/or National CSIRT's
jurisdiction. The intent is to provide information directly into the hands
of people who can use that insight. For more details, check out the CAP page.
The Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) displays
IRC and HTTP botnet data on an interactive world map in near real
time. It is intended to provide enough information to enable law enforcement
to identify botnets and attacks that are of interest to them. For more information
and details of how Law Enforcement Officers can request access to to the portal,
check out the BATTLE page.