Summary Report - (Past 24 hours)

Global Fast Flux

Background

Fast flux hosting is a technique where the nodes in a botnet are used as the endpoints in a website hosting scheme. The DNS records change frequently, often every few minutes, to point to new bots. The actual nodes themselves simply proxy the request back to the central hosting location. This gives the botnet a robust hosting infrastructure. Many different kinds of botnets use fastflux DNS techniques, for malware hosting, for illegal content hosting, for phishing site hosting, and other such activities. These hosts are likely to be infected with some form of malware.

Many times a single botnet will host several different fastflux domains at once. We try to find these distinct bot networks by looking for domains whose IPs match those of other domains. This relationship is presented in the Distinct Networks section.

Currently monitoring 2 active fastflux domains. The average duration across the 86385 domains ever tracked is 1 week. The longest duration of any domain is 253 weeks.