LAST UPDATED: 2021-04-01
This report lists DNS queries seen from recursive DNS servers for sinkholed domains. Please note that the IP listed are not the same as the actual source IP of the client that is making the query and hence are likely not infected hosts. This report therefore is to be used primarily to support investigations into a threat, and not as a source of direct identification of infected hosts.
The Sinkhole DNS report is not a default report, you need to request it explicitly.
Please note, as of 2021-06-01 this report will be replaced by Sinkhole DNS Events Report.