New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran

A newly discovered global cyber threat is rapidly expanding, infecting tens of thousands of internet-connected devices to launch powerful cyberattacks. Nokia Deepfield’s Emergency Response Team (ERT) has identified a new botnet, tracked as Eleven11bot, which they estimated has compromised over 30,000 devices, primarily security cameras and network video recorders (NVRs). 

According to DeepField, Eleven11bot has been used in distributed denial of service (DDoS) attacks against telecom providers and gaming platforms, with some attacks lasting multiple days and causing widespread disruptions. Jérôme Meyer, a security researcher tracking the botnet, described it as “one of the largest known DDoS botnet campaigns observed since the invasion of Ukraine in February 2022.” 

‍

GreyNoise Observations on Eleven11bot

Following Deepfield’s findings, Censys provided GreyNoise with a list of 1,400 IPs that appear to be linked to Eleven11bot due to the configuration of the endpoint devices and the banners matching what Deepfield identified in their research. GreyNoise has observed 1,042 IPs actively hitting our sensors in the past 30 days. 

‍

‍

Key findings from our data:

• 96% of these IPs are non-spoofable, meaning they originate from genuine, accessible devices. 
• 61% of the 1,042 observed IPs (636) are traced to Iran. 
• 305 IPs are currently classified as malicious by GreyNoise.

While GreyNoise does not speculate on attribution, this increase in botnet activity comes just two days after the U.S. administration reasserted its “maximum pressure” campaign on Iran, imposing new economic sanctions. 

‍

How the Botnet is Expanding

GreyNoise data indicates that the botnet is involved in malicious activities. Observations from GreyNoise show that the botnet is engaging in actions presumably aimed at expanding its operations, including:

• Brute-force attacks against login systems.
• Exploitation of weak and default passwords on IoT devices.
• Targeting specific security camera brands, such as VStarcam, using hardcoded credentials. 
• Network scanning for exposed Telnet and SSH ports is often left unprotected on IoT hardware.

GreyNoise has identified 305 IP addresses actively carrying out malicious attacks linked to the botnet. 

‍

How to See the Botnet in Action

SOC teams, vulnerability management professionals, and threat hunters can track the botnet’s live activity using GreyNoise:

1. Navigate to the Analysis feature.
2. Paste the list of botnet IPs (source: Censys) into the search bar. 
3. Download the CSV of malicious IPs to take immediate blocking actions.

‍

Censys-Provided IP List

A list of IPs associated with this botnet is available below: 

189.146.95.172, 109.177.122.31, 89.138.147.184, 151.235.34.214, 5.236.26.32, 219.68.208.58, 188.136.145.85, 188.0.252.252, 85.185.86.123, 85.64.144.30, 37.209.250.184, 46.100.167.242, 187.222.16.246, 93.117.22.12, 201.103.21.250, 49.49.196.236, 85.204.92.18, 5.235.246.3, 188.208.56.221, 85.65.233.119, 92.246.144.41, 89.44.129.106, 121.121.120.83, 187.140.192.47, 2.177.119.45, 85.204.208.71, 212.33.220.19, 94.248.157.238, 118.100.14.226, 1.34.208.234, 185.143.205.205, 187.145.119.33, 94.236.212.196, 2.183.103.157, 184.82.165.29, 140.228.114.78, 151.235.209.217, 181.91.50.105, 5.232.132.134, 94.69.204.29, 151.235.218.159, 89.44.178.47, 5.239.203.128, 96.56.153.66, 5.236.31.85, 201.124.214.125, 223.197.242.106, 129.122.190.112, 5.237.218.185, 47.40.192.65, 31.46.51.89, 31.25.135.70, 92.16.149.88, 93.117.25.45, 2.181.122.131, 5.236.4.240, 188.136.145.211, 212.230.233.242, 79.129.204.249, 186.179.190.223, 2.177.94.45, 151.232.164.183, 2.180.168.37, 109.125.132.22, 37.255.231.24, 5.239.201.165, 178.238.205.215, 93.117.4.125, 5.237.211.203, 85.204.91.53, 185.161.39.100, 37.255.202.86, 91.215.63.71, 2.185.147.45, 80.44.4.218, 188.208.62.96, 103.16.202.12, 201.110.173.252, 46.167.130.169, 94.236.208.50, 89.144.164.205, 5.236.5.8, 5.239.201.208, 2.181.125.1, 151.235.251.145, 66.79.103.47, 111.70.42.18, 175.182.30.205, 195.181.92.230, 2.181.122.167, 2.187.30.159, 151.235.225.234, 185.179.170.128, 45.64.9.50, 2.183.92.21, 5.239.194.245, 5.235.255.11, 114.79.139.86, 103.213.2.195, 51.148.68.216, 2.183.85.111, 103.168.95.100, 37.148.26.127, 123.252.30.158, 189.111.108.196, 189.130.110.67, 195.181.89.153, 213.170.113.103, 85.105.224.110, 85.75.90.215, 121.123.48.140, 95.76.175.162, 91.92.238.206, 151.235.246.135, 178.238.205.7, 2.189.32.234, 5.232.208.113, 78.38.50.13, 151.235.165.4, 2.183.103.167, 94.183.34.57, 151.235.222.49, 89.34.176.50, 37.255.229.225, 75.176.59.51, 151.247.255.155, 5.237.245.216, 151.235.171.145, 185.99.213.108, 93.117.24.248, 2.183.84.97, 121.122.76.121, 85.204.81.30, 212.33.216.93, 119.63.252.244, 177.82.53.144, 5.235.229.227, 89.144.181.119, 151.235.190.139, 151.247.176.26, 2.180.66.200, 151.247.255.247, 187.131.55.220, 93.118.132.89, 93.117.21.63, 201.17.188.158, 185.155.15.213, 94.183.167.204, 201.138.15.112, 37.6.224.129, 188.136.147.176, 195.181.88.185, 85.204.209.154, 89.44.134.251, 94.183.49.104, 46.167.147.56, 5.235.245.163, 2.189.220.6, 2.181.117.54, 151.235.251.24, 212.33.214.217, 151.235.199.20, 80.178.101.235, 189.147.165.51, 220.134.49.77, 5.239.194.91, 195.181.95.232, 89.132.5.70, 92.26.231.102, 121.121.217.80, 121.121.138.216, 151.235.203.13, 89.144.185.223, 151.235.237.239, 106.1.144.120, 63.143.94.171, 159.192.253.252, 68.237.32.174, 151.235.215.52, 142.189.195.120, 151.247.177.116, 121.121.185.142, 217.24.158.182, 2.180.61.219, 89.44.134.113, 89.144.177.1, 5.235.241.26, 77.127.1.199, 2.182.205.80, 2.183.86.125, 93.117.9.179, 93.173.99.106, 201.138.108.135, 151.235.185.112, 82.137.225.93, 5.232.25.254, 5.239.211.129, 89.151.143.129, 94.183.71.123, 66.79.101.150, 2.180.200.177, 2.183.117.7, 41.75.110.81, 5.237.209.186, 31.215.79.124, 89.44.132.159, 178.238.205.171, 217.24.144.115, 45.80.100.91, 141.149.50.170, 2.180.153.175, 195.181.88.149, 185.145.9.81, 46.100.165.9, 85.204.82.198, 5.235.201.75, 109.125.137.19, 85.185.223.52, 118.67.38.71, 46.100.63.67, 151.235.195.235, 89.44.177.151, 220.132.212.32, 189.133.6.176, 5.239.214.253, 2.85.193.200, 2.183.99.153, 5.235.244.117, 47.18.219.178, 2.188.249.61, 85.204.212.250, 79.131.53.200, 46.100.71.145, 222.154.255.94, 93.117.19.101, 187.131.11.211, 2.187.21.254, 151.235.235.44, 85.204.216.11, 201.124.11.143, 85.204.212.173, 5.236.4.37, 5.236.26.159, 2.181.165.22, 86.122.111.157, 78.38.49.93, 80.210.22.1, 218.210.35.204, 151.235.183.146, 151.235.249.130, 37.156.8.153, 121.121.194.43, 5.235.254.98, 5.236.26.135, 188.0.248.66, 211.51.2.142, 49.205.214.42, 93.117.1.16, 151.235.248.13, 5.235.253.190, 94.183.66.171, 187.236.0.124, 2.181.174.246, 185.145.9.91, 2.183.89.62, 189.146.49.218, 212.33.215.219, 2.179.178.61, 45.227.182.70, 187.202.253.3, 212.33.221.178, 88.227.24.153, 93.173.82.201, 124.120.109.25, 5.232.215.149, 91.81.250.29, 91.140.9.194, 2.180.128.35, 185.153.19.82, 81.213.125.57, 85.204.216.82, 96.246.97.171, 207.68.254.110, 5.239.205.61, 217.172.112.173, 5.239.211.57, 2.84.151.60, 86.101.165.44, 110.78.152.13, 179.233.2.126, 223.205.106.141, 5.235.254.226, 94.183.223.246, 2.183.82.177, 151.235.224.111, 185.214.38.245, 177.32.50.202, 93.117.30.74, 91.138.231.182, 80.41.187.85, 195.181.92.73, 42.200.101.249, 94.183.39.190, 46.167.139.58, 151.235.215.166, 213.14.135.196, 2.180.227.174, 213.255.192.133, 62.38.192.91, 5.235.252.173, 5.26.198.252, 162.247.30.77, 78.186.137.34, 37.255.240.146, 85.204.222.227, 5.236.3.21, 93.117.18.132, 93.117.21.38, 195.181.88.44, 89.44.178.187, 49.158.178.14, 180.75.76.186, 188.136.146.183, 2.187.28.140, 5.236.27.49, 85.204.92.157, 201.111.57.181, 5.235.200.231, 188.136.145.156, 68.114.79.238, 190.70.203.65, 2.181.181.162, 89.44.177.52, 187.189.119.70, 14.192.239.183, 89.44.180.82, 93.117.5.58, 1.34.190.33, 46.167.142.60, 110.78.143.218, 119.203.80.160, 187.153.251.86, 151.235.237.248, 151.235.193.90, 123.205.137.2, 67.248.45.251, 195.181.84.56, 46.117.201.231, 109.122.236.65, 5.235.224.94, 95.9.243.32, 5.237.200.221, 94.52.221.36, 142.190.101.154, 5.237.218.129, 46.167.128.78, 5.235.247.46, 2.183.81.97, 2.180.115.134, 2.180.48.78, 189.226.255.168, 58.136.192.226, 189.144.217.55, 5.235.200.240, 93.69.92.102, 93.117.24.86, 120.151.233.95, 86.16.32.174, 217.219.132.8, 69.114.91.81, 5.235.205.108, 5.232.6.185, 217.24.149.149, 79.12.134.200, 155.93.138.70, 189.164.69.177, 73.155.56.206, 93.117.15.45, 186.22.8.134, 2.180.120.161, 85.130.151.235, 175.139.19.110, 151.235.250.51, 187.228.70.80, 201.137.43.131, 177.130.45.117, 89.44.135.156, 217.24.151.249, 151.235.191.176, 151.235.173.15, 175.136.64.28, 5.238.149.232, 5.235.224.121, 2.180.209.135, 122.118.49.210, 217.172.113.244, 85.185.21.106, 1.34.19.189, 85.204.221.45, 177.243.176.6, 151.235.196.18, 31.25.130.35, 188.136.145.134, 66.79.101.50, 217.24.154.7, 1.34.103.28, 201.103.44.104, 39.52.9.123, 5.235.192.12, 151.235.209.39, 103.21.223.123, 5.239.195.94, 85.130.174.180, 188.0.251.172, 31.120.75.59, 58.136.145.71, 5.239.199.51, 195.181.81.190, 175.145.228.109, 121.123.81.221, 2.183.104.53, 110.78.141.81, 24.47.40.46, 31.171.223.253, 2.177.57.197, 93.67.124.116, 189.190.82.24, 71.71.129.146, 121.121.184.196, 2.183.86.140, 85.130.237.70, 151.235.251.125, 5.237.224.16, 68.132.85.87, 2.183.102.202, 2.183.84.147, 76.30.30.53, 216.158.152.171, 2.180.167.109, 2.179.74.143, 189.130.182.115, 93.117.7.9, 37.255.200.202, 2.177.160.228, 217.24.149.39, 46.167.149.243, 187.170.118.148, 85.204.220.227, 2.187.8.244, 93.117.20.253, 151.239.92.236, 46.100.61.124, 66.79.98.48, 151.235.199.42, 85.204.92.166, 80.191.189.91, 72.80.79.252, 89.243.14.23, 109.122.228.133, 5.237.245.37, 184.178.59.222, 2.183.119.159, 85.204.83.117, 201.123.134.124, 187.234.229.230, 2.180.56.252, 131.100.136.93, 2.179.167.151, 151.235.182.64, 5.239.206.19, 5.237.243.159, 203.73.166.3, 189.223.218.108, 37.255.197.113, 2.183.103.77, 195.181.90.120, 95.5.11.129, 151.235.183.69, 95.80.169.14, 189.251.16.220, 187.235.152.211, 79.130.180.251, 78.188.109.187, 109.110.130.251, 177.94.244.81, 77.49.205.38, 5.237.225.225, 103.217.134.123, 2.189.17.59, 80.252.51.71, 2.177.58.228, 93.117.30.209, 151.235.187.184, 189.131.146.104, 84.42.41.2, 5.237.211.166, 79.129.48.124, 189.146.209.177, 151.235.240.75, 2.180.113.51, 5.235.220.196, 2.183.103.180, 114.33.109.103, 110.77.170.51, 85.204.214.71, 94.183.108.176, 94.183.152.218, 85.15.44.159, 189.164.38.239, 2.182.209.245, 67.242.148.242, 171.6.97.135, 195.181.39.41, 98.0.212.169, 94.66.106.97, 5.236.27.28, 188.208.57.217, 5.239.204.228, 2.187.8.64, 59.120.97.125, 23.243.134.140, 151.247.208.75, 93.117.24.75, 109.186.33.241, 93.118.97.114, 195.181.93.58, 195.181.83.209, 79.129.169.250, 86.105.196.226, 189.223.229.214, 187.147.245.234, 217.24.151.88, 2.187.9.162, 5.239.202.12, 84.241.0.19, 93.117.15.208, 219.92.33.224, 2.181.164.16, 93.119.95.2, 2.189.32.169, 95.38.24.35, 168.210.206.226, 93.117.11.255, 5.235.224.145, 189.222.221.227, 2.182.204.206, 203.106.189.215, 218.35.170.14, 51.194.49.200, 85.204.91.192, 5.235.239.145, 178.238.205.244, 109.122.231.77, 5.235.195.149, 189.238.78.99, 5.232.147.159, 5.236.27.100, 78.188.91.209, 94.183.165.81, 49.205.178.192, 2.178.108.180, 188.0.250.116, 5.235.251.230, 91.138.228.157, 188.211.204.134, 188.208.58.177, 5.232.123.11, 2.183.86.177, 87.203.214.185, 70.119.153.165, 217.24.158.32, 185.143.205.198, 151.235.206.231, 212.50.187.72, 219.95.75.69, 85.204.90.28, 181.164.73.16, 217.24.149.253, 189.234.249.162, 60.248.49.68, 5.235.246.82, 5.237.242.162, 187.104.138.93, 85.96.205.145, 89.44.135.176, 5.235.237.14, 37.255.210.207, 216.232.6.27, 93.117.18.15, 189.149.95.6, 89.44.129.32, 188.208.63.235, 1.10.255.254, 2.180.112.180, 94.183.187.127, 178.238.205.188, 219.95.76.180, 175.139.73.202, 76.171.86.84, 41.38.151.102, 121.121.114.108, 187.250.45.91, 151.235.183.211, 78.182.13.6, 5.235.112.248, 85.204.93.87, 46.117.134.28, 217.24.152.228, 2.182.204.88, 5.238.239.127, 5.236.93.20, 93.117.28.92, 123.252.63.8, 2.181.123.33, 31.130.186.229, 94.183.121.207, 177.128.21.82, 212.33.214.210, 5.232.149.229, 151.235.249.162, 5.232.148.106, 93.117.1.99, 37.26.33.239, 85.185.23.81, 14.43.138.61, 111.95.173.139, 46.100.60.41, 5.235.231.230, 89.144.181.125, 2.183.83.95, 151.235.38.33, 5.235.193.27, 37.255.228.49, 46.65.212.7, 183.82.114.10, 159.250.32.219, 94.21.67.157, 5.237.227.252, 178.238.204.238, 35.129.112.115, 188.0.255.34, 159.192.112.133, 2.180.112.125, 151.235.247.197, 212.56.152.72, 5.80.48.238, 2.180.130.55, 185.129.239.186, 5.29.135.63, 46.167.158.137, 74.141.247.68, 72.252.155.77, 151.235.199.189, 189.165.255.1, 151.235.201.10, 93.117.29.181, 79.130.195.166, 151.235.32.249, 188.208.60.42, 189.129.154.117, 195.181.84.72, 5.239.9.236, 159.20.101.73, 85.204.223.66, 2.183.116.135, 195.181.80.60, 122.117.232.247, 5.235.188.153, 88.214.8.82, 93.69.95.145, 93.117.18.204, 5.237.245.34, 93.117.17.94, 93.117.23.199, 2.184.54.148, 189.133.90.196, 2.183.84.226, 2.187.9.19, 217.119.134.247, 5.237.198.211, 2.183.108.192, 94.183.22.231, 195.181.85.175, 72.89.228.221, 76.91.240.41, 115.133.40.94, 2.182.204.203, 151.235.184.46, 2.187.26.4, 94.183.34.86, 151.235.222.195, 2.189.16.32, 89.139.22.16, 187.194.13.216, 89.44.177.203, 72.226.55.118, 182.53.50.7, 109.122.228.83, 5.237.196.153, 2.181.171.176, 2.182.210.187, 2.180.233.57, 5.160.164.157, 85.204.94.54, 93.117.27.212, 189.136.228.166, 89.139.50.53, 93.117.6.114, 181.188.89.136, 39.61.142.37, 195.181.91.79, 188.152.71.244, 151.235.205.206, 73.166.225.156, 88.247.58.129, 5.239.195.231, 5.239.204.48, 188.208.61.152, 2.180.182.232, 2.183.83.58, 182.18.254.74, 188.136.134.40, 93.117.28.135, 189.144.150.208, 2.181.180.194, 5.235.188.131, 217.24.148.254, 85.204.89.202, 151.235.205.254, 2.183.88.135, 187.154.193.97, 93.117.9.189, 2.183.101.128, 85.185.222.126, 151.235.182.175, 188.125.133.68, 105.184.84.151, 93.117.11.231, 85.204.211.4, 217.24.144.179, 85.204.87.184, 2.183.103.205, 177.11.198.142, 5.235.213.64, 151.235.251.107, 5.202.130.176, 2.187.11.222, 61.221.204.130, 87.70.72.26, 66.79.102.2, 141.237.201.205, 2.183.92.19, 114.34.70.104, 151.235.170.230, 5.235.236.126, 5.239.201.116, 195.181.82.66, 85.204.211.240, 2.187.23.176, 5.235.255.99, 91.92.239.53, 74.62.19.2, 5.237.221.66, 151.235.242.250, 151.235.193.214, 217.24.152.220, 187.250.51.93, 89.144.181.147, 71.87.234.14, 189.60.254.220, 121.122.103.7, 2.179.166.242, 68.193.40.235, 94.183.137.181, 195.181.85.67, 151.235.4.177, 120.158.143.49, 2.179.65.208, 2.180.125.74, 82.81.33.192, 151.247.253.126, 2.183.82.51, 95.212.144.172, 189.151.199.249, 59.126.81.229, 24.189.118.45, 99.217.21.63, 217.24.152.64, 89.41.42.145, 88.247.3.244, 94.192.45.51, 2.191.22.175, 78.38.124.97, 2.189.158.98, 2.179.65.167, 80.191.13.230, 217.180.231.219, 151.235.247.155, 212.33.219.110, 5.175.151.103, 85.204.213.152, 73.19.30.201, 187.226.51.72, 171.4.1.158, 5.237.196.108, 94.183.169.64, 92.249.235.62, 2.189.16.98, 58.136.221.25, 5.235.190.102, 103.239.251.223, 2.180.198.137, 85.204.216.61, 5.235.197.52, 85.204.88.42, 84.241.11.121, 60.49.64.12, 184.82.211.44, 95.38.144.106, 93.118.104.232, 5.236.29.201, 151.235.190.49, 175.145.96.123, 149.106.153.111, 93.117.19.218, 187.199.123.56, 178.164.145.153, 183.89.196.233, 24.193.72.244, 210.186.19.215, 188.0.253.216, 5.232.208.195, 5.160.160.237, 121.122.89.29, 118.163.126.240, 2.176.110.80, 2.187.9.147, 39.38.140.158, 93.117.26.79, 93.117.2.114, 95.6.66.197, 46.100.170.220, 165.255.49.16, 149.100.174.16, 185.170.236.138, 2.183.120.150, 172.114.252.162, 5.235.218.39, 2.180.90.95, 2.183.105.236, 95.77.150.198, 189.131.172.161, 201.103.87.55, 185.143.205.169, 5.160.164.190, 5.202.243.183, 5.239.205.155, 217.24.159.181, 5.198.232.224, 188.208.60.80, 180.75.9.47, 5.235.241.96, 201.106.100.165, 5.239.214.5, 67.81.227.18, 5.239.195.191, 5.235.247.184, 5.237.198.49, 93.117.21.125, 89.44.182.23, 177.193.59.18, 188.0.255.13, 151.235.180.152, 151.235.245.195, 88.248.19.4, 150.129.144.141, 91.92.238.223, 188.0.249.188, 59.126.116.185, 85.75.64.133, 185.11.69.162, 178.252.142.190, 85.185.23.45, 85.204.222.76, 187.195.64.11, 93.118.96.117, 2.183.85.115, 212.33.217.6, 188.0.252.15, 151.205.164.197, 2.180.132.190, 2.180.93.85, 212.33.222.199, 2.181.175.157, 5.235.245.125, 151.235.240.13, 85.204.223.125, 182.235.184.57, 151.235.231.223, 89.144.177.4, 182.53.238.86, 185.147.40.132, 151.235.32.60, 85.204.219.152, 2.189.17.148, 200.74.91.155, 2.183.105.184, 5.232.129.134, 221.166.171.189, 176.12.64.65, 195.181.90.168, 2.183.87.222, 93.117.21.139, 2.181.247.128, 5.236.13.168, 2.181.120.208, 5.190.253.247, 85.204.90.242, 2.187.8.145, 2.180.106.81, 2.183.82.141, 5.239.192.50, 187.250.70.157, 2.183.118.51, 85.204.87.208, 187.211.77.132, 2.180.252.8, 217.24.158.130, 89.138.140.44, 212.33.221.97, 5.239.177.164, 78.187.37.146, 188.0.252.49, 151.235.240.41, 46.6.15.156, 119.42.71.249, 5.160.164.177, 171.5.117.144, 2.176.12.95, 151.235.181.0, 178.248.203.165, 121.121.122.140, 94.183.151.242, 5.239.192.112, 2.183.110.56, 2.183.119.252, 220.133.105.205, 2.183.121.254, 14.192.239.250, 35.141.220.32, 151.235.215.103, 5.232.8.156, 5.232.140.10, 2.183.95.77, 189.102.4.119, 2.180.180.49, 151.235.161.213, 2.183.89.173, 187.235.101.174, 93.117.11.116, 94.183.235.37, 150.129.144.144, 110.77.170.232, 5.236.26.193, 96.246.230.97, 185.82.167.140, 93.117.30.230, 5.237.227.23, 217.24.155.60, 188.208.60.114, 2.180.91.177, 217.24.156.21, 187.195.104.61, 189.226.172.99, 93.117.8.229, 2.183.103.48, 93.117.26.123, 5.237.238.167, 14.137.65.139, 176.66.117.117, 2.187.29.119, 189.225.58.80, 37.156.24.141, 189.222.54.234, 217.24.154.169, 212.33.217.203, 2.180.233.54, 175.142.46.139, 201.137.105.24, 187.195.66.122, 2.183.95.126, 151.235.197.243, 2.191.20.163, 5.235.192.85, 88.228.151.17, 94.183.37.23, 212.33.220.113, 2.180.205.91, 89.144.171.3, 188.136.146.28, 84.241.43.45, 2.180.17.65, 85.204.212.174, 111.248.15.189, 213.191.186.66, 58.136.106.47, 5.235.249.92, 2.187.29.157, 201.123.230.175, 37.148.74.5, 31.14.209.135, 151.235.171.255, 217.24.144.246, 208.80.139.41, 2.187.29.105, 201.124.125.87, 2.177.147.234, 5.235.226.137, 2.176.138.214, 60.48.51.21, 5.232.26.41, 88.250.67.183, 2.179.189.80, 2.183.111.129, 5.237.208.231, 68.192.201.223, 2.185.209.42, 109.186.73.105, 187.145.163.235, 178.238.204.98, 89.144.178.54, 189.241.206.39, 85.204.222.133, 201.110.155.87, 2.185.150.143, 2.181.78.175, 187.145.174.214, 2.181.34.17, 189.146.101.63, 94.183.223.172, 2.183.112.141, 114.34.229.150, 121.123.189.11, 72.12.173.190, 2.177.91.98, 5.160.164.169, 151.235.202.107, 175.144.158.57, 115.135.43.140, 210.186.17.196, 185.75.204.0, 2.186.115.59, 91.92.121.171, 108.185.72.100, 94.183.158.220, 195.181.81.154, 5.235.230.127, 151.235.241.21, 31.204.239.127, 94.183.195.49, 181.91.50.241, 195.228.99.217, 121.122.90.43, 118.170.40.214, 85.64.142.148, 93.117.17.102, 2.182.206.251, 151.235.230.111, 5.239.213.73, 170.0.18.244, 71.93.3.7, 217.24.152.236, 2.178.103.79, 46.167.145.103, 151.235.235.134, 83.235.179.174, 2.183.108.227, 66.79.100.26, 89.44.130.122, 85.185.237.214, 114.35.64.31, 93.117.5.40, 195.181.86.117, 2.183.83.85, 85.204.81.0, 217.24.147.195, 188.0.250.133, 187.73.28.29, 2.187.20.145, 85.204.93.20, 151.235.212.180, 5.237.210.87, 2.181.180.156, 187.194.201.193, 200.150.163.194, 186.179.223.20, 201.121.6.112, 2.182.212.9, 151.235.205.88, 2.180.72.49, 213.57.249.148, 88.232.160.120, 195.181.86.95, 5.235.218.172, 108.5.110.97, 189.235.70.129, 217.172.113.32, 103.69.29.170, 213.165.184.131, 5.202.243.65, 94.183.33.217, 61.2.105.70, 123.195.179.167, 189.132.111.39, 2.187.20.77, 2.180.153.163, 178.36.96.217, 89.44.130.45, 151.235.188.92, 5.236.31.104, 5.232.213.61, 105.246.14.119, 94.65.248.215, 94.183.223.153, 67.84.124.42, 78.189.28.7, 2.187.22.106, 78.187.87.138, 195.181.83.210, 210.186.107.47, 174.166.16.176, 5.235.252.8, 27.72.113.179, 89.44.134.104, 95.81.97.59, 184.82.116.10, 93.117.23.12, 61.223.78.139, 2.179.177.19, 118.232.89.51, 43.240.7.122, 85.204.89.254, 217.24.159.111, 93.172.163.102, 94.183.115.88, 79.10.140.140, 5.237.227.161, 207.254.166.51, 36.233.54.118, 94.64.157.103, 184.82.186.156, 5.232.159.199, 5.235.193.73, 109.120.219.165, 5.235.112.60, 189.146.195.2, 217.24.145.208, 78.189.224.232, 175.139.56.231, 45.226.133.169, 94.53.135.14, 2.181.165.217, 80.191.189.159, 5.235.205.222, 185.143.205.76, 5.237.242.155, 151.235.212.152, 46.167.151.49, 85.105.113.212, 5.235.240.129, 2.183.86.113, 92.25.135.138, 185.218.200.27, 200.18.125.134, 159.20.106.121, 1.161.150.91, 185.166.229.157, 2.183.91.152, 94.183.217.152, 188.0.249.156, 121.122.118.70, 5.239.211.111, 49.48.130.16, 37.148.62.216, 173.49.75.75, 108.35.94.159, 96.74.21.214, 80.11.129.246, 212.120.199.220, 151.247.210.28, 217.24.159.197, 103.16.46.227, 189.236.14.228, 2.177.173.184, 2.181.112.215, 151.239.94.216, 189.133.36.154, 1.34.203.141, 171.4.83.120, 2.183.108.128, 89.132.6.94, 151.235.232.7, 24.171.213.14, 37.255.244.105, 89.240.115.67, 5.239.202.126, 185.124.159.76, 184.82.144.171, 36.227.89.44, 106.1.5.195, 104.173.137.198, 110.78.152.154, 85.74.6.79, 2.183.80.10, 37.6.217.0, 134.236.115.108, 151.235.221.135, 5.235.188.57, 89.231.35.33, 2.183.118.226, 2.190.132.169, 151.235.253.83, 122.116.133.57, 24.169.5.172, 50.113.46.209, 2.183.101.176, 60.53.224.111, 5.232.10.201, 188.208.59.162, 201.121.169.133, 2.183.123.130, 195.181.84.247, 5.29.140.145, 180.75.5.202, 5.235.189.44, 196.50.194.85, 2.180.13.47, 5.235.239.230, 5.237.242.173, 185.153.208.104, 85.204.91.215, 108.184.9.187, 85.105.116.37, 89.139.36.0, 2.177.229.120, 2.177.202.114, 67.81.205.204, 179.62.127.73, 59.15.150.137, 100.2.171.189, 5.236.24.103, 46.167.147.144, 46.100.71.220, 151.235.175.122, 93.117.12.64, 5.232.24.211, 2.189.220.98, 151.233.48.234, 2.181.120.193, 37.148.16.232, 60.50.2.228, 86.124.75.141, 47.181.47.106, 5.235.234.174, 151.235.208.114, 2.183.87.75, 93.117.14.163, 72.43.148.85, 151.235.236.156, 2.180.126.254, 5.237.244.13, 151.235.223.61, 187.168.133.119, 2.189.220.254, 93.117.0.21, 151.233.53.26, 184.22.130.239, 137.119.111.130, 186.218.123.202, 178.131.8.104, 121.141.164.171, 159.20.96.195, 93.117.8.92, 5.237.213.108, 2.183.111.160, 89.44.176.167, 94.183.116.28, 5.235.246.35, 2.180.235.99, 37.148.29.41, 49.204.124.148, 5.235.193.254, 86.181.168.97, 95.45.93.241, 85.185.223.121, 151.235.186.114, 5.204.37.113, 46.100.69.183, 2.180.74.223, 220.132.162.224, 195.181.81.52, 223.206.121.91, 115.132.5.52, 37.148.14.254, 173.3.133.68, 91.92.183.238, 187.234.68.66, 39.52.36.253, 66.79.98.39, 2.180.122.103, 211.250.18.251, 45.59.58.192, 219.89.205.132, 93.173.111.134, 85.204.93.48, 5.237.213.70, 93.117.14.194, 89.144.189.185, 5.235.250.211, 2.187.33.36, 5.235.242.118, 66.79.102.171, 80.210.31.150, 85.204.88.118, 2.183.87.46, 111.243.142.54, 185.75.204.181, 93.172.26.242, 5.239.207.190, 217.24.148.61, 151.235.205.52, 2.183.106.212, 2.180.103.67, 5.235.251.64, 2.180.84.176, 5.58.31.53, 80.210.57.45, 201.138.164.225, 187.155.29.83, 5.235.243.106, 213.149.184.35, 189.136.41.104, 84.241.63.126, 85.185.21.156, 46.176.58.132, 85.204.222.105, 217.119.134.178, 5.236.7.208, 201.121.133.204, 2.183.105.2, 5.232.21.31, 151.235.243.112, 185.82.166.192, 188.116.226.138, 217.24.159.236, 5.232.212.143, 2.180.249.69, 2.180.224.168, 195.181.89.241, 76.175.230.13, 180.176.42.219, 103.225.138.3, 88.248.253.99, 2.189.18.57, 89.44.135.126, 79.129.161.175, 175.137.10.255, 46.100.165.75, 46.100.60.154, 221.156.100.230, 5.235.202.13, 104.33.88.36, 151.235.221.167, 2.183.107.153, 188.208.62.67, 189.251.6.24, 2.238.193.71, 5.235.195.173, 5.237.239.111, 151.235.211.29, 5.236.25.129, 151.235.165.137, 2.183.99.231, 189.235.184.238, 5.239.202.33, 189.238.38.8, 93.117.25.34, 89.144.179.31, 217.218.249.223, 93.117.24.204, 5.235.253.209, 2.180.103.138, 101.108.154.28, 14.192.239.152, 5.239.176.110, 85.204.85.232, 85.204.92.109, 46.100.71.4, 93.117.18.0, 121.122.114.229, 159.192.253.205, 98.148.153.127, 2.233.120.114, 5.235.197.156, 151.235.229.11, 223.205.103.58, 189.157.233.22, 78.188.231.62, 195.181.88.14, 187.233.187.246, 93.117.1.41, 2.181.112.50, 217.24.148.23, 5.237.206.192, 217.24.150.38, 2.187.21.52, 212.33.219.157, 85.204.95.4, 93.117.14.3, 105.242.109.188, 5.160.164.26, 195.74.245.44, 85.204.91.140, 119.42.115.88, 151.235.167.7, 197.87.218.4, 2.183.120.111, 185.176.33.41, 2.178.97.29, 91.138.234.26, 184.82.115.240, 79.127.2.188, 112.169.68.208, 78.38.41.244, 151.235.192.159, 5.202.84.19, 209.131.253.45, 2.181.127.121, 108.170.68.134, 5.239.211.210, 93.117.13.29,

‍

How Organizations Can Defend Themselves 

GreyNoise recommends the following steps to protect against the botnet and similar cyber threats: 

• Block traffic from known malicious IPs. GreyNoise provides real-time data for defenders to block threats proactively. 
• Monitor network logs for unusual login attempts. Attackers are brute-forcing weak Telnet and SSH credentials. 
• Secure IoT devices immediately. Change default passwords, update firmware, and disable remote access where unnecessary. 
• Enable DDoS protection and rate-limiting. The botnet is designed for high-intensity attacks, so organizations should harden their network defenses.

‍

GreyNoise is Actively Monitoring Eleven11bot-Linked Activity

GreyNoise continues to track real-time scanning and attack activity from the botnet. We will provide further updates if new information arises. 

Track the botnet in real time — see if your network is a target. Navigate to the GreyNoise Analysis feature, paste the IPs above into the search bar, and download the CSV of malicious IPs for immediate blocking actions. 

‍

— — — 

‍^{Stone is Head of Content at GreyNoise Intelligence, where he leads strategic content initiatives that illuminate the complexities of internet noise and threat intelligence. In past roles, he led partnered research initiatives with Google and the U.S. Department of Homeland Security. With a background in finance, technology, and engagement with the United Nations on global topics, Stone brings a multidimensional perspective to cybersecurity. He is also affiliated with the Council on Foreign Relations.}