Top 50 Bad Hosts - June 2012


Transnational Cooperation Defeating Cybercrime.

Recent successes against several gangs and major cybercriminals affirm the essentiality of transnational cooperation. A trend that is likely to continue, supporters of cross-border collaboration find reason for optimism with the prospect of further actions.

The news of three separate operations against users of the Carberp virus is a highlight of the quarter according to HostExploit’s Q2 2012 “Bad Hosts and Networks” report. For the central investigator, Group-IB and its various partners in each of the operations, this is a major coup as well as an important strike against some of the biggest cybercriminals.

The three gangs used the bank raider, Carberp Trojan, to carry out major attacks on online banking and financial systems worldwide. They are suspected of looting and stealing millions of dollars over the course of several years.

Apprehending notorious crooks like these makes obvious headline stories and serves to highlight some of the ‘behind the scene’ operations that otherwise may go unnoticed. It accentuates the various roles and efforts required to bring such operations to fruition. As well, it strengthens the momentum for transnational cooperation, which time and again proves its worth, through the pooling of valuable information and knowledge.

The HostExploit approach is to encourage an ethos of responsible hosting. By remaining vigilant about what, or who, uses their services, hosting providers can avoid gaining a bad reputation. In today’s competitive environment that is a valuable asset.

So what does the HE 2012 Q2 report reveal and how is it useful?

It is especially frustrating to see Russian registered hosts placed so highly this quarter while conversely the rankings for those registered in the United States have improved. For the United States, this is obviously a positive, and while too soon to commend the beginning of a new trend, the next quarter results may provide further testimony.

It is scenarios like these that prove the value of the HostExploit ‘Top 50 Bad Hosts and Networks’ tables and reports. Quarterly trends relative to the hosting industry can be easily followed while live daily reports on individual ASNs are available via our free online tool, SiteVet


So will the next few months see more successful takedowns and disruptions? Already there has been a notorious strike against the Grum botnet, a story that continues to unfold. There is every reason to believe that more will follow over the coming months.


PDF document
English 1.56M Download
PDF document
Russian 1.48M Download


Editor Jart Armin
Contributors Steve Burn
Greg Feezel
Andrew Fields
David Glosser
Niels Groeneveld
Matthias Simonis
Bogdan Vovchenko
Will Rogofsky
Philip Stranger
Bryn Thompson
Michel Eppink
DeepEnd Research
Reviewers Dr. Bob Bruen
Raoul Chiesa
Peter Kruse
Andre’ DiMino
Thorsten Kraft
Ilya Sachkov


We welcome any feedback relating to this paper or assistance in this area of research from the community.

Get in touch.