Blog

Google Safe Browsing algorithm labels Bad Packets Report as “unsafe site”

Irony levels reached maximum levels today when Google Safe Browsing labeled Bad Packets Report, our website, as an “unsafe site” per the notification received in the Google Search Console. Unfortunately, no explanation was provided on the Google Transparency Report website noting that: The site badpackets.net contains harmful content, including pages that: Contain suspicious or unknown software This is an incredible claim, given that no software is hosted on Bad Packet Reports, nor any URLs that link to “suspicious or unknown software”. Google did not respond to a request for comment on the matter. Other Google users are reporting similar issues on the Webmaster …

Read MoreGoogle Safe Browsing algorithm labels Bad Packets Report as “unsafe site”

63.251.252.12 – Malware remnants from yesteryear or harmless prodding by The Nielsen Company?

Our runner up title for most dropped packets is bestowed upon 63.251.252.12. So what nefarious activity have we seen? On the surface, the attacks appear fairly benign. However, the deeper we go down the rabbit hole, the more we discover! So what ports are being attacked and how often? Port 35935 was the lowest and 65428 the highest. TCP was the only protocol used and no single port was attacked more than 18 times in the total 2,462 attacks (still in progress). The quest gets more interesting when we look into the backstory of 63.251.252.12. A WHOIS query returns: OrgName: Internap Network Services Corporation OrgId: …

Read More63.251.252.12 – Malware remnants from yesteryear or harmless prodding by The Nielsen Company?

The Master Needler – 80.82.65.66

I’ve been watching the dropped packets for 80.82.65.66 awhile now and feel it’s safe to bestow the title of “The Master Needler” upon them. So which ports are they poking the most?  Interestingly, the ports attacked were evenly distributed and appear mostly random. The lowest port number attacked was 1000 and the highest was 65506. No single port was attacked more than 26 times. The only protocol used in the attacked was TCP. The full list of ports attacked by 80.82.65.66 is located here: https://pastebin.com/w0uca8q6 As of this writing, I have seen 20,489 unique attacks from 80.82.65.66. No other single IP address found in …

Read MoreThe Master Needler – 80.82.65.66