Custom Search

Thursday, August 27, 2015

Suspected Bot List [2015-08-26]

detection period: 2015-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR181.166.170.189Argentina
AR181.167.77.162Argentina
AR186.108.65.14Argentina
AR190.193.168.43Argentina
AR190.246.107.101Argentina
AR190.246.175.125Argentina
BG77.70.114.134Bulgaria
CM197.159.0.70Cameroon
CO200.61.136.156Colombia
DZ41.200.34.177Algeria
DZ197.118.111.215Algeria
EG62.193.78.199Egypt
EG193.227.49.2Egypt
ES87.235.177.251Spain
IN117.216.65.161India
IN117.239.209.6India
IN117.241.205.146India
IN203.192.212.52India
IQ130.193.153.138Iraq
MX177.225.16.236Mexico
MX187.138.11.144Mexico
MX201.164.231.180Mexico
NG41.76.81.150Nigeria
PH49.149.134.222Philippines
PH122.52.127.250Philippines
PH125.212.120.48Philippines
RS89.216.137.247Serbia
TR188.3.195.6Turkey
US142.4.9.32United States
US174.139.218.181United States
US198.1.119.164United States

Botnet Statistics [2015-08-26]

detection period: 2015-08-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1646
number of botnet IPs notified to network operators: 1615
number of spam blocked: 275675
recipient count of spam blocked: 4946610

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1035
2UNICOM-ZJ106
3WASU75
4CHINANET-GD72
5WASU-BB51
6UNICOM-BJ27
7CHINANET-SH14
8VNPT-VNNIC-VN11
9CMNET10
10CHINANET-SC6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1035
2China425
3Viet Nam27
4Brazil22
5United States19
6Ukraine11
7Russian Federation8
8Hong Kong8
9South Korea7
10India6

Wednesday, August 26, 2015

Suspected Bot List [2015-08-25]

detection period: 2015-08-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 29

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR186.61.63.54Argentina
AR186.137.30.59Argentina
AR190.189.96.103Argentina
BI196.2.15.50Burundi
CN118.67.124.10China
CZ95.46.242.241Czech Republic
EG62.193.78.199Egypt
ES87.235.177.251Spain
IN59.176.38.227India
IN106.192.144.43India
IN106.216.154.85India
IN117.192.248.167India
IN117.199.210.229India
IN117.200.12.230India
IN117.200.182.101India
IN117.205.214.103India
IN117.208.195.96India
IN117.220.32.100India
IN117.244.164.108India
IN122.176.150.174India
IN122.179.87.253India
IN182.68.123.116India
IN202.88.143.249India
MX187.141.107.178Mexico
PK182.186.198.26Pakistan
US63.241.90.5United States
US108.179.196.25United States
US142.4.9.32United States
US192.254.168.98United States