Custom Search

Saturday, July 26, 2014

Suspected Bot List [2014-07-25]

detection period: 2014-07-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 280

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AL217.24.253.251Albania
AR200.42.142.234Argentina
BD180.211.180.18Bangladesh
EG41.33.169.36Egypt
IN27.5.182.53India
IN117.245.95.252India
IN202.62.67.250India
IN203.90.114.228India
IR91.98.147.62Iran
IT31.199.192.20Italy
IT95.227.105.203Italy
IT95.253.67.148Italy
LB194.126.140.247Lebanon
MX201.132.203.42Mexico
PH58.69.100.234Philippines
RU109.167.201.26Russian Federation
SA94.77.199.148Saudi Arabia
SE80.78.31.131Sweden
SG116.251.209.131Singapore
US50.201.42.106United States
US69.64.32.128United States
US174.139.94.82United States

List from greylisting:

Botnet Statistics [2014-07-25]

detection period: 2014-07-25 00:00-23:59 UTC
total number of suspected botnet IPs: 2909
number of botnet IPs notified to network operators: 2629
number of spam blocked: 136492
recipient count of spam blocked: 3439076

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1202
2CHINANET-GD164
3VNPT-VNNIC-VN111
4CRTC68
5WASU52
6UNICOM-GD39
7KORNET-KR36
8WASU-BB35
9PE-TPSA-LACNIC29
10FPT-VN27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1228
2China519
3Viet Nam188
4South Korea97
5Russian Federation63
6Brazil57
7India56
8Argentina56
9United States52
10Peru51

Friday, July 25, 2014

Suspected Bot List [2014-07-24]

detection period: 2014-07-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 298

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AL217.24.253.251Albania
AR200.42.142.234Argentina
BD180.211.180.18Bangladesh
EG41.33.169.36Egypt
IN27.5.182.53India
IN117.245.95.252India
IN125.17.32.130India
IN202.62.67.250India
IN203.90.114.228India
IR91.98.147.62Iran
IT31.199.192.20Italy
IT95.227.105.203Italy
LB194.126.140.247Lebanon
MX201.132.203.42Mexico
PH58.69.100.234Philippines
RU109.167.201.26Russian Federation
SA94.77.199.148Saudi Arabia
SE80.78.31.131Sweden
SG116.251.209.131Singapore
US50.201.42.106United States
US69.64.32.128United States
US174.139.94.82United States

List from greylisting: