A sinkhole is a computer used by anti-malware researchers to collect information about a botnet.

This computer masquerades as one of the C2 (command-and-control) servers in the botnet, so that DNS requests (from compromised computers in the botnet) for this server are re-directed to the sinkhole computer, where they can be analysed by researchers.