Custom Search

Monday, January 23, 2017

Suspected Bot List [2017-01-22]

detection period: 2017-01-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-22]

detection period: 2017-01-22 00:00-23:59 UTC
total number of suspected botnet IPs: 75
number of botnet IPs notified to network operators: 65
number of spam blocked: 310
recipient count of spam blocked: 310

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GX5
2CHINANET-GD5
3UNICOM-BJ3
4RO-JUMP-200511293
5ALISOFT3
6RingLink2
7KORNET-KR2
8CHINANET-SH2
9AR-CASA10-LACNIC2
10002.558.157/0001-622

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China28
2Brazil8
3Russian Federation5
4Romania4
5Colombia4
6Argentina4
7Italy3
8Czech Republic3
9Ukraine2
10South Korea2

Sunday, January 22, 2017

Suspected Bot List [2017-01-21]

detection period: 2017-01-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting: