[ Team Cymru Community Services ] [ Team Cymru Commercial Services ] [ Dragon Research Group ]
Team Cymru in the UK: TC-UK INTERNET SECURITY YouTube RSS Feed Twitter


We provide a number of services, both public and private, for the benefit of the Internet community. In this section is but a sample of our services and how they can help you keep your networks safe. We offer over a dozen high value services, so if you have seen something on our website that piques your interest, please contact us for more information.

If you are interested in our commercial services, check out our Commercial Services page on the team-cymru.com site.

Public Services

The Bogon Reference

A bogon prefix is a route that should never appear in the Internet routing table. This can be for one of several reasons - either the prefix is within a private or reserved IP address block, or a block that has not yet been allocated to a Regional Internet Registry (RIR). The Bogon Reference pages provide a number of resources for the filtering of bogon prefixes from your routers and hosts. Check out the bogon reference for more details!

The Internet Exchange Bogon Reference

Team Cymru is now offering a new supplement to the bogon and fullbogon filters that we're naming the IXP bogon list. Though not technically bogons by RIR allocation or by RFC definitions, this is a list of prefixes, submitted by participating Internet Exchanges, that are tagged by the IX's as not valid source or destinations to anything outside of the participating internet exchange. This feed is a separate from the existing bogon and fullbogon lists, but can be received in the same ways.

The Darknet Project

A darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are "dark" because there is, seemingly, nothing within these networks. In fact, the darknet does contain at least one server, which vacuums up packets and flows entering the "dark" space for real-time analysis or post-event network forensics. For more information on darknets, and how they can help keep your network safe, check out our darknet project.

The IP to ASN Mapping Project

Team Cymru provides a number of query interfaces that allow for the mapping of IP addresses to BGP prefixes and Autonomous System Numbers (ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4 hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP 53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data available, and how to query, check out our IP to ASN Mapping Project.

The Malware Hash Registry

The Malware Hash Registry provides the ability to perform lookups of MD5 and SHA-1 hashes of files to see if Team Cymru's malware analysis system has classified them as malware, along with information about when the sample was last seen and an approximate anti-virus detection percentage. For more information on the data returned and how to query this system, check out the Malware Hash Registry.

RSS Feed Screensaver

Our free RSS feed screensaver for Mac OS X displays information from our RSS news feed, our Twitter feed, and a graphical representation of compromised machine counts on a rotating globe, all automatically updated on an ongoing basis. At this time the screensaver is only available for Mac OS X, but we hope to have versions for other operating systems in the future. Check out the RSS feed screensaver page for full details including the download location!

Totalhash Malware Analysis

Totalhash is a community malware analysis service. This service provides users the ability to quickly find and view both static and dynamic analysis of malware samples. An API is available to those who require programmatic access to the service. Totalhash is the entry point to Team Cymru's comprehensive malware service offerings. Check it out at http://totalhash.com.

Restricted-Access Services

TC Console

A tool for network managers to visualize activity on their network while integrating Team Cymru's unique data regarding malicious activity. Includes historic analysis and collaborative tools, and is available as an online secure portal. For more details, check out the TC Console page.

Flow Sonar

A set of plug-ins based on an open source framework, designed to help network managers to visually identify and understand malicious activity down to the protocol level, in near real-time. The tool also provides alerts of DDoS attacks, compromised machines and C&Cs as well as trending information. For more information, check out the Flow Sonar page.

CSIRT Assistance Program

Team Cymru provides daily lists of compromised or abused devices for the ASNs and/or netblocks within a Regional and/or National CSIRT's jurisdiction. The intent is to provide information directly into the hands of people who can use that insight. For more details, check out the CAP page.


The Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) displays IRC and HTTP botnet data on an interactive world map in near real time. It is intended to provide enough information to enable law enforcement to identify botnets and attacks that are of interest to them. For more information and details of how Law Enforcement Officers can request access to to the portal, check out the BATTLE page.

BIN Feed

The BIN (Bank Identification Number) Feed provides vetted global financial institutions with access to a near-real-time list of potentially compromised bank and credit card accounts that appear to be their customers via a secure web portal. This service is provided to verified financial institutions at no cost to them. For more information, see the BIN Feed details page

Team Cymru Community Services