Custom Search

Friday, January 30, 2015

Suspected Bot List [2015-01-29]

detection period: 2015-01-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 43

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID116.68.251.238Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID182.30.250.88Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.150.132.58Indonesia
ID203.190.116.11Indonesia
IN27.251.38.135India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
PL91.192.206.101Poland
RU193.107.17.59Russian Federation
TR88.247.164.136Turkey
TW180.176.90.186Taiwan
US69.197.135.216United States

List from greylisting:

Botnet Statistics [2015-01-29]

detection period: 2015-01-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1152
number of botnet IPs notified to network operators: 1109
number of spam blocked: 33751
recipient count of spam blocked: 1077326

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET636
2CHINANET-GD157
3UNICOM-GD92
4HICHINA6
5UNICOM-BJ4
6CRTC4
7CHINANET-ZJ4
8CHINANET-FJ4
9UNICOM-HA3
10UNICOM-FJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan638
2China340
3United States29
4Indonesia18
5Russian Federation9
6Iran9
7Viet Nam8
8Hong Kong8
9Germany8
10Brazil8

Thursday, January 29, 2015

Suspected Bot List [2015-01-28]

detection period: 2015-01-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 27

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD180.211.191.198Bangladesh
CA167.114.71.58Canada
GT190.4.19.250Guatemala
ID119.82.240.46Indonesia
ID180.250.46.10Indonesia
ID202.77.108.60Indonesia
ID202.138.249.215Indonesia
ID202.148.7.77Indonesia
IR94.183.247.79Iran
NG41.73.20.98Nigeria

List from greylisting: