October 27, 2021


Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

CyberBunker 2.0 — A Domain and Traffic Perspective on a Bulletproof Hoster. (arXiv:2109.06858v1 [cs.CR])

In September 2019, 600 armed German cops seized the physical premise of a
Bulletproof Hoster (BPH) referred to as CyberBunker 2.0. The hoster resided in
a decommissioned NATO bunker and advertised to host everything but child porn
and anything related to terrorism while keeping servers online no matter what.
While the anatomy, economics and interconnection-level characteristics of BPHs
are studied, their traffic characteristics are unknown. In this poster, we
present the first analysis of domains, web pages, and traffic captured at a
major tier-1 ISP and a large IXP at the time when the CyberBunker was in
operation. Our study sheds light on traffic characteristics of a BPH in
operation. We show that a traditional BGP-based BPH identification approach
cannot detect the CyberBunker, but find characteristics from a domain and
traffic perspective that can add to future identification approaches.