About FIRE

What is FIRE?

FIRE is a service to identify rogue networks and Internet Service Providers. On a daily basis, reports are generated on this site that expose the dark side of the Internet.

Motivation

For many years, online criminals have been able to conduct their illicit activities by masquerading behind disreputable Internet Service Providers (ISPs). For example, organizations such as the Russian Business Net- work (RBN), Atrivo (a.k.a., Intercage), McColo, and very recently, the Triple Fiber Network (3FN) operated with impunity, providing a safe haven for Internet criminals for their own financial gain. What primarily sets these ISPs apart from others is the significant longevity of the malicious activities on their networks and the apparent lack of action taken in response to abuse reports. Interestingly, even though the Internet provides a certain degree of anonymity, such ISPs fear public attention. Once exposed, rogue networks often cease their malicious activities quickly, or are de-peered (disconnected) by their upstream providers. As a result, the Internet criminals are forced to relocate their operations.

This website is the frontend of FIRE, a novel system to identify and expose organizations and ISPs that demonstrate persistent, malicious behavior. The goal is to isolate the networks that are consistently implicated in malicious activity from those that are victims of compromise. To this end, FIRE actively monitors botnet communication channels, spam traps, drive-by-download servers, and phishing web sites. This data is refined and correlated to quantify the degree of malicious activity for individual organizations and presented on this web page.

Methodology

Data Sources

There are several data sources that FIRE utilizes to identify malicious networks including:

Anubis

Wepawet

Terms of Use

Data obtained through FIRE may be freely used for non-commerical purposes.

Questions?

Contact us at