Malware is active on your client’s system, but the controller IP has been seized or diverted in order to disable the botnet. The infected client still tries to connect to it and, therefore, a breach and an infection occurred in the past. Sinkholed servers are former and disarmed Botnet Controllers that are disabled by security companies or law enforcement.
A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or BlackholeDNS is a DNS server that gives out false information, to prevent the use of a domain name.
A DNS sinkhole can be used to control the C&C traffic and other malicious traffic across the enterprise level. The sinkhole can be used to change the flow to malicious URLs by entering the fake entry in the DNS. These malicious URLs can be gathered from already known C&C servers, through the malware analysis process, open source sites that are providing malicious IP details, etc.
Create Access-rule in the firewall to prevent connecting to the Sinkhole address.