Summary Report
Global Fastflux
- Download:
- Droplist
- Domain List
-
Newest Domains
Domain Created drivepan.com 2008-07-23 19:50:52 EDT rockrespect.com 2008-07-23 19:45:27 EDT ritlduka.cn 2008-07-23 19:40:53 EDT healthfwx.cn 2008-07-23 19:23:11 EDT reflectionput.com 2008-07-23 19:22:28 EDT digitaldata1.net 2008-07-23 19:18:23 EDT redlionclub.com 2008-07-23 19:16:17 EDT reciprocityworld.com 2008-07-23 19:07:02 EDT receivechord.com 2008-07-23 19:05:55 EDT raildetermine.com 2008-07-23 18:51:02 EDT -
Longest Lived Domains
Domain Started Ended Duration casinoredsun.net 2008-05-07 N/A 11 weeks rightchoisegame.net 2008-05-08 N/A 10 weeks 6 days moneytopgaming.net 2008-05-08 N/A 10 weeks 6 days worldhotcasino.net 2008-05-08 N/A 10 weeks 6 days stylehotgambling.com 2008-05-09 N/A 10 weeks 5 days stylehotgambling.net 2008-05-09 N/A 10 weeks 5 days webprimagambling.net 2008-05-10 N/A 10 weeks 4 days magicvipgame.net 2008-05-10 N/A 10 weeks 4 days vipgamblingportal.com 2008-05-10 N/A 10 weeks 4 days magicvipgame.com 2008-05-10 N/A 10 weeks 4 days -
Distinct Networks (past 24 hours)
Number of hosts Domains 279 greatperiod.com, stretchverb.com 267 iforgett.cn, ioutpatients.cn 265 ianymore.cn, ianyplace.cn, iheartbroken.cn, ileafloet.cn, ioutnumbers.cn 264 ineckties.cn, ionlining.cn 263 idoormats.cn, ihookworms.cn 263 ibirthdays.cn, igrandstgand.cn 262 idoorbells.cn, ihighways.cn 262 ibasketballs.cn, ibooklets.cn, igroundonut.cn 261 icutlets.cn, ieyeballs.cn 257 RXPILLSBIZ.COM, rxpillsbiz.com -
Servers (past 24 hours)
By Country
Country 
Number of hosts Percentage 
US (United States)1340 34.0%
RU (Russian Federation)491 12.5%
RO (Romania)233 5.9%
DE (Germany)187 4.7%
IL (Israel)136 3.5%
PL (Poland)131 3.3%
KR (South Korea)98 2.5%
ES (Spain)89 2.3%
HK (Hong Kong)85 2.2%
GB (Great Britain)84 2.1%Other 1063 27.0%By ASN
ASN Number of hosts Percentage AS7132 (SBIS-AS) 252 6.5%AS8402 (CORBINA-AS) 117 3.0%AS8997 (ASN-SPBNIT) 88 2.3%AS8708 (RDSNET) 87 2.2%AS9121 (TTNET) 67 1.7%AS13184 (HANSENET) 66 1.7%AS5617 (TPNET) 64 1.6%AS3356 (LEVEL3) 60 1.5%AS8551 (BEZEQ-INTERNATIONAL-AS) 59 1.5%AS4766 (KIXS-AS-KR) 50 1.3%Other 2978 76.6%By Host
Host Number of domains Percentage of active fastflux domains 89.173.46.52 (chello089173046052.chello.sk) 1591 73.6%76.113.137.166 (c-76-113-137-166.hsd1.mn.comcast.net) 1590 73.5%203.80.202.154 1583 73.2%61.224.206.98 (61-224-206-98.dynamic.hinet.net) 1582 73.1%69.201.135.42 1582 73.1%59.17.208.96 1582 73.1%88.80.231.140 1581 73.1%212.143.150.146 1581 73.1%85.207.198.226 1574 72.8%213.79.75.20 1570 72.6%Other 2137 98.8%
Background
Fastflux hosting is a technique where the nodes in a botnet are used as the endpoints in a website hosting scheme. The DNS records change frequently, often every few minutes, to point to new bots. The actual nodes themselves simply proxy the request back to the central hosting location. This gives the botnet a robust hosting infrastructure. Many different kinds of botnets use fastflux DNS techniques, for malware hosting, for illegal content hosting, for phishing site hosting, and other such activities. These hosts are likely to be infected with some form of malware.
Many times a single botnet will host several different fastflux domains at once. We try to find these distinct bot networks by looking for domains whose IPs match those of other domains. This relationship is presented in the Distinct Networks section.
Currently monitoring 2163 fastflux domains
-
430 Bedford Street Lexington, MA 02420
T 781.684.0900 | 866.212.7267 F 781.768.3299
Copyright © 2006-2008 Arbor Networks, Inc., All rights reserved.
About ATLAS | Terms of Use | Legal Notice | Privacy Policy