Violations range statistics


We collect violations for each IP address: abuses, attacks, malwares, spam, public proxies and more. As well as addresses with low reputation and bots.

Abuse - all kinds of abuses in the Web and networks (abusive bots and scripts, web spam, forum spam...)
Attack - all kinds of attacks on PC and networks. Attacks on any service (web, ssh, mail...), brute force, scanning for vulnerabilities, dos...
Malware - distribution of malware, botnet.
Spam - bulk e-mail spam.
Reputation - suspicious IP addresses with a bad reputation.
Proxy - public proxies seen in suspicious activity. We do not collect private proxies and vpn addresses.
Legit Bot - legit search crawlers, spiders, monitoring bots and so on.
Bot/scraper - heavy web harvesters, parsers, collectors complained about by resource owners.

We are offering the summary on different types of violations for each IPv4 range. Each value is a percentage of total IP count in a range. This information shows ranges with the most negative or harmful activity.

Sample 1:

	ip_long_start;ip_long_end;total;asnumber;Abuse;Attacks;Malware;Spam;Reputation;Proxy
	...	
	1358322432;1358322687;256;12389;0;0;0;0;0,39;1,17
	1358322688;1358323199;512;12389;0;0;0;0,2;0;0,2
	1358323200;1358323455;256;12389;3,52;2,34;0;11,72;2,73;0,39
	1358323456;1358323711;256;21378;0,39;0;0;0;0;0
	1358323712;1358327807;4096;201973;0,02;0;0;0;0;0	
	...
	

In this example we can see range 1358323200 - 1358323455 in AS12389 PJSC Rostelecom. It is a mixed type ISP, one of the largest in Russia. This residential dynamic range belongs to home users in big city. In spite of this, quite a high level of violations, except proxies.

Sample 2:

	ip_long_start;ip_long_end;total;asnumber;Abuse;Attacks;Malware;Spam;Reputation;Proxy
	...
	3164737536;3164741631;4096;31133;0;0;0;0;0;0
	3164741632;3164749823;8192;31133;0,95;3,65;0;0,52;0,18;0,06
	3164749824;3164750335;512;31213;49,02;3,91;0;8,59;2,73;0
	3164750336;3164750847;512;31133;0;0;0;0;0;0
	3164750848;3164751871;1024;31133;0;0;0;0;0;0
	...
	

Range 3164749824 - 3164750335 in AS31213 PJSC MegaFon. It is a mixed type ISP, one of the largest in Russia. This dynamic range belongs to home users in big city. In spite of this, a high level of violations, especially Abuses (49%) and Spam (8%).

Sample 3:

	ip_long_start;ip_long_end;total;asnumber;Abuse;Attacks;Malware;Spam;Reputation;Proxy
	...
	1539418112;1539419135;1024;42827;0;0;0;0;0;0
	1539419136;1539420159;1024;13188;1,27;0,49;0;0,68;0,78;0,1
	1539420160;1539421183;1024;16345;71,48;3,32;0;4,59;0;0
	1539421184;1539422207;1024;12722;0,49;0;0;0;0;0,2
	1539422208;1539422719;512;31242;0;0;0;0;0;0
	...
	

Range 1539420160 - 1539421183 in AS16345 PJSC Vimpel-Communications. One more example of home users (residential) range in mixed type ISP, one of the largest in a country, with a very high level of Abuses (71%).

Sample 4:

	ip_long_start;ip_long_end;total;asnumber;Abuse;Attacks;Malware;Spam;Reputation;Proxy
	...
	1845230592;1845231103;512;31148;0,39;0,39;0;0,39;0;0,59
	1845231360;1845231615;256;31148;0;0;0;0;0;0
	1845231616;1845297151;65536;25513;1,28;0,38;0;0,38;0,05;0,03
	1845297152;1845362687;65536;1680;0,04;0,01;0;0,07;0;0
	1845362688;1845428223;65536;20590;0,16;0,09;0;0,06;0,04;0,1
	...
	

Range 1845231616 - 1845297151 in AS25513 PJSC Moscow City Telephone Network. Reverse example when the large residential subnet (65536 IP) in mixed type ISP has a low percentage of violations.

Using this statistic, you can make many interesting observations of Internet networks, for example:
IP 154.6.20.42 belongs to a vpn service in AS32181 (AS in a Data Center list), range has violation levels 20,9; 4,1; 0; 0; 0,2; 2,15.
IP 193.9.60.213 belongs to a vpn service in AS42632 (AS in a Data Center list), range has violation levels 0,59; 0,29; 0; 0,39; 0,1; 0. Not residential indices 5,08(hosting) 7,13(data center). The range is still used minimally and this vpn service or hosting provider keep the addresses clean.
IP 37.187.196.70 is the TOR exit node, range in AS16276 OVH SAS has violation levels 0,31; 0,91; 0,01; 0,09; 0,11; 0,26.
IP 185.220.101.58 is also the TOR exit node, range in AS208294 Markus Koch has violation levels 85,16; 100; 9,77; 15,62;3 6,33; 43,75. This is one of the dirtiest address ranges.

Data is collected from several reputable public sources. Additional sources can be connected upon request.
In the future it is planned to provide a dedicated service for checking any IP.

Data is updated monthly.

PRICE: 2500 USD per year (monthly updates included).