APIBAN Summer 2024 Stats

Posted . ~2min read.

I figured it was time to check in on APIBAN before Labor Day…

Over the summer APIBAN SIP honeypots received traffic from (on average) 130-150 unique IP addresses a day. APIBAN HTTP honeypots saw traffic from (on average) 200-230 unique IP addresses a day.

The most active (current) bad SIP IP blocks

  1. 198.235.24.0/24 - 64 active - Palo Alto Networks, Inc
  2. 205.210.31.0/24 - 63 active - Palo Alto Networks, Inc
  3. 206.168.32.0/22 - 48 active - Censys, Inc.
  4. 167.94.138.0/24 - 44 active - Censys, Inc.
  5. 147.185.128.0/20 - 43 active - The Timken Company

The most active (current) bad HTTP IP blocks

  1. 64.62.128.0/17 - 127 active - BigBiz Internet Services
  2. 172.128.0.0/9 - 46 active - Microsoft
  3. 65.49.0.0/17 - 41 active - Hurricane Electric LLC
  4. 35.192.0.0/12 - 36 active - Google LLC
  5. 162.216.148.0/22 - 35 active - Google LLC

The wall of shame…

SIP

  1. 128.90.0.0/16 - 16857 ips - Powerhouse Management
  2. 192.241.128.0/17 - 3208 ips - DigitalOcean, LLC
  3. 8.208.0.0/12 - 1501 ips - Alibaba
  4. 20.0.0.0/8 - 958 ips - Microsoft
  5. 69.167.0.0/18 - 827 ips - Powerhouse Management

HTTP

  1. 35.192.0.0/12 - 593 ips - Google LLC
  2. 162.216.148.0/22 - 494 ips - Google LLC
  3. 192.241.148.0/17 - 358 ips - DigitalOcean, LLC
  4. 64.62.128.0/17 - 352 ips - Hurricane Electric LLC
  5. 45.83.64.0/22 - 334 ips - Alpha Strike Labs GmbH

APIBAN is free

Remember, APIBAN is free; thanks to the generosity of our sponsors (LOD, netsapiens, jambonz, clearlyip), Ivan Nyarko, and our sponsors on github.

By the way… Ivan has a really neat SIP open relay tester available…

Also, Jambonz is hiring a lead open source developer if anyone is looking for a job.

Have a great end of summer!

Next...
...and even more...