Malicious Domains Purged from Widely-Used Analytics

Cloudflare, a leading internet infrastructure and security company, has taken action to remove domains associated with the Aisuru botnet from its publicly available list of top-ranked domains. The list, which ranks websites based on global traffic patterns observed across Cloudflare’s network, had inadvertently included domains controlled by the botnet due to the immense volume of automated traffic it generated. The removal ensures the data more accurately reflects legitimate user activity on the internet.

The Aisuru botnet is a network of compromised devices that are controlled by a central command-and-control (C2) server. These infected devices, or bots, were directed to make continuous connections and requests to the botnet’s domains, artificially inflating their traffic metrics to a global scale.

Identifying and Mitigating Coordinated Malicious Traffic

Cloudflare’s security teams identified the anomalous activity by analyzing traffic patterns that were inconsistent with human behavior. The domains linked to the Aisuru botnet were receiving a high volume of DNS queries and traffic from a distributed network of devices characteristic of botnet operations. This traffic was not generated by legitimate visitors browsing websites but by the automated functions of the malware running on infected computers and devices.

In response to this discovery, Cloudflare implemented filtering rules to scrub the malicious traffic generated by the Aisuru botnet from its analytics. This remediation prevents the botnet’s C2 domains from appearing on the top domains list and provides a clearer view of the internet’s most popular and legitimate destinations. The action underscores the significant scale of modern botnets, which can generate enough traffic to rival some of the world’s most visited websites.

Source: https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/