We provide a number of services, both public and private, for the benefit of the Internet community. In this section is but a sample of our services and how they can help you keep your networks safe. We offer over a dozen high value services, so if you have seen something on our website that piques your interest, please contact us for more information.
If you are interested in our commercial services, check out our Commercial Services page on the team-cymru.com site.
A bogon prefix is a route that should never appear in the Internet routing table. This can be for one of several reasons - either the prefix is within a private or reserved IP address block, or a block that has not yet been allocated to a Regional Internet Registry (RIR). The Bogon Reference pages provide a number of resources for the filtering of bogon prefixes from your routers and hosts. Check out the bogon reference for more details!
A darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are "dark" because there is, seemingly, nothing within these networks. In fact, the darknet does contain at least one server, which vacuums up packets and flows entering the "dark" space for real-time analysis or post-event network forensics. For more information on darknets, and how they can help keep your network safe, check out our darknet project.
Team Cymru provides a number of query interfaces that allow for the mapping of IP addresses to BGP prefixes and Autonomous System Numbers (ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4 hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP 53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data available, and how to query, check out our IP to ASN Mapping Project.
The Malware Hash Registry provides the ability to perform lookups of MD5 and SHA-1 hashes of files to see if Team Cymru's malware analysis system has classified them as malware, along with information about when the sample was last seen and an approximate anti-virus detection percentage. For more information on the data returned and how to query this system, check out the Malware Hash Registry.
Our free RSS feed screensaver for Mac OS X displays information from our RSS news feed, our Twitter feed, and a graphical representation of compromised machine counts on a rotating globe, all automatically updated on an ongoing basis. At this time the screensaver is only available for Mac OS X, but we hope to have versions for other operating systems in the future. Check out the RSS feed screensaver page for full details including the download location!
Totalhash is a community malware analysis service. This service provides users the ability to quickly find and view both static and dynamic analysis of malware samples. An API is available to those who require programmatic access to the service. Totalhash is the entry point to Team Cymru's comprehensive malware service offerings. Check it out at http://totalhash.com.
A tool for network managers to visualize activity on their network while integrating Team Cymru's unique data regarding malicious activity. Includes historic analysis and collaborative tools, and is available as an online secure portal. For more details, check out the TC Console page.
A set of plug-ins based on an open source framework, designed to help network managers to visually identify and understand malicious activity down to the protocol level, in near real-time. The tool also provides alerts of DDoS attacks, compromised machines and C&Cs as well as trending information. For more information, check out the Flow Sonar page.
Team Cymru provides daily lists of compromised or abused devices for the ASNs and/or netblocks within a Regional and/or National CSIRT's jurisdiction. The intent is to provide information directly into the hands of people who can use that insight. For more details, check out the CAP page.
The Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) displays IRC and HTTP botnet data on an interactive world map in near real time. It is intended to provide enough information to enable law enforcement to identify botnets and attacks that are of interest to them. For more information and details of how Law Enforcement Officers can request access to to the portal, check out the BATTLE page.
The BIN (Bank Identification Number) Feed provides vetted global financial institutions with access to a near-real-time list of potentially compromised bank and credit card accounts that appear to be their customers via a secure web portal. This service is provided to verified financial institutions at no cost to them. For more information, see the BIN Feed details page