network background popup

Top Ten Hosting/ISP’s with servers infected by Brobot

Jul 10th 2014

Since our run-in with Brobot a couple of weeks ago (See blog piece). We have had some requests to see if we had a list of what IPs are being used by Brobot. We do have a list of the offending IPs and its in the thousands, no surprise given its total power and to operate within TCP port 80 parameters, whereby it opens a TCP session transmits 1 character, then closes the session repeating this millions of times a second. You have to keep in mind these are not infected laptops and home PC’s these are servers that are bots and part of Brobot.

We took the large list of infected servers and grabbed the top 5,000 servers that were the most powerful or caused the most problems. We then ordered them by
Hosting provider. In other words which hosting/ISP’s had the most infected servers on their network’s out of the top 5,000 participating in Brobot.

Here they are:

ASN Country Registry AS Name Total Mbps PPS
21788 US ARIN NOC-NetworkOperationsCenterInc.,US 73 436.8974 160472
36352 US ARIN AS-COLOCROSSING-ColoCrossing,US 56 509.4822 188632
43350 GB RIPENCC NFORCENFOrceEntertainmentBV,NL 25 172.4337 63200
33182 US ARIN,Inc.,US 24 186.2226 68656
18978 US ARIN ENZUINC-US-EnzuInc,US 24 93.1144 34648
24940 DE RIPENCC HETZNER-ASHetznerOnlineAG,DE 19 146.1152 53896
40676 US ARIN AS40676-PsychzNetworks,US 19 41.9256 18664
36351 US ARIN SOFTLAYER-SoftLayerTechnologiesInc.,US 17 228.3533 85032
7643 VN APNIC VNPT-AS-VNVietnamPostsandTelecommunications(VNPT),VN 14 28.3722 11832
Top 10 aggregate bandwidth 1.84 Gb/sec
Top 10 aggregate Packets per second 685K
  • Should you work with one of the named organizations above, contact us and we will send you the list of infected IPs on your network.

Mark Teolis

General Manager for DOSarrest Internet Security

Added By : Mark Teolis

DDoS Article Categories