Custom Search

Thursday, November 27, 2014

Suspected Bot List [2014-11-26]

detection period: 2014-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 55

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
BI197.231.251.3Burundi
CL200.111.103.69Chile
CM195.24.217.58Cameroon
GB176.35.77.154United Kingdom
IN59.176.110.228India
IN210.212.119.74India
IR82.99.220.219Iran
IR91.99.8.141Iran
IR194.33.124.42Iran
IT95.227.105.203Italy
LB62.84.79.242Lebanon
PH58.69.100.234Philippines
TR88.247.164.136Turkey
US50.201.42.106United States
US69.197.128.170United States
US75.134.10.103United States
VE190.202.116.101Venezuela
VE200.84.152.112Venezuela
ZA197.245.7.103South Africa

List from greylisting:

Botnet Statistics [2014-11-26]

detection period: 2014-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1440
number of botnet IPs notified to network operators: 1385
number of spam blocked: 81089
recipient count of spam blocked: 2744579

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET769
2CHINANET-GD63
3BROADRIVER51
4CHINANET-JX24
5UNICOM-SD19
6UNICOM-HA18
7UNICOM-FJ17
8CHINANET-AH12
9UNICOM-HL10
10CHINANET-ZJ10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan779
2China289
3United States104
4Russian Federation23
5India20
6Brazil18
7Indonesia17
8Hong Kong13
9Iran12
10South Africa11

Wednesday, November 26, 2014

Suspected Bot List [2014-11-25]

detection period: 2014-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 62

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
IN59.176.110.228India
IR82.99.220.219Iran
IR91.99.8.141Iran
IR194.33.124.42Iran
IT95.227.105.203Italy
LB62.84.79.242Lebanon
PH58.69.100.234Philippines
RU193.107.19.105Russian Federation
TR88.247.164.136Turkey
US50.201.42.106United States
US69.197.128.170United States
US75.134.10.103United States
ZA197.245.7.103South Africa

List from greylisting: