APIBAN Summer 2024 Stats
Posted . ~2min read.
I figured it was time to check in on APIBAN before Labor Day…
Over the summer APIBAN SIP honeypots received traffic from (on average) 130-150 unique IP addresses a day. APIBAN HTTP honeypots saw traffic from (on average) 200-230 unique IP addresses a day.
The most active (current) bad SIP IP blocks
- 198.235.24.0/24 - 64 active - Palo Alto Networks, Inc
- 205.210.31.0/24 - 63 active - Palo Alto Networks, Inc
- 206.168.32.0/22 - 48 active - Censys, Inc.
- 167.94.138.0/24 - 44 active - Censys, Inc.
- 147.185.128.0/20 - 43 active - The Timken Company
The most active (current) bad HTTP IP blocks
- 64.62.128.0/17 - 127 active - BigBiz Internet Services
- 172.128.0.0/9 - 46 active - Microsoft
- 65.49.0.0/17 - 41 active - Hurricane Electric LLC
- 35.192.0.0/12 - 36 active - Google LLC
- 162.216.148.0/22 - 35 active - Google LLC
The wall of shame…
SIP
- 128.90.0.0/16 - 16857 ips - Powerhouse Management
- 192.241.128.0/17 - 3208 ips - DigitalOcean, LLC
- 8.208.0.0/12 - 1501 ips - Alibaba
- 20.0.0.0/8 - 958 ips - Microsoft
- 69.167.0.0/18 - 827 ips - Powerhouse Management
HTTP
- 35.192.0.0/12 - 593 ips - Google LLC
- 162.216.148.0/22 - 494 ips - Google LLC
- 192.241.148.0/17 - 358 ips - DigitalOcean, LLC
- 64.62.128.0/17 - 352 ips - Hurricane Electric LLC
- 45.83.64.0/22 - 334 ips - Alpha Strike Labs GmbH
APIBAN is free
Remember, APIBAN is free; thanks to the generosity of our sponsors (LOD, netsapiens, jambonz, clearlyip), Ivan Nyarko, and our sponsors on github.
By the way… Ivan has a really neat SIP open relay tester available…
Also, Jambonz is hiring a lead open source developer if anyone is looking for a job.
Have a great end of summer!