Custom Search

Tuesday, September 16, 2014

Suspected Bot List [2014-09-15]

detection period: 2014-09-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 70

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
BO190.129.58.252Bolivia
IN117.247.241.27India
IN202.56.203.62India
IR91.98.234.195Iran
IR194.33.124.77Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
LK220.247.216.242Sri Lanka
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
SA94.77.199.148Saudi Arabia
TR85.105.50.233Turkey
TR88.247.164.136Turkey
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2014-09-15]

detection period: 2014-09-15 00:00-23:59 UTC
total number of suspected botnet IPs: 2066
number of botnet IPs notified to network operators: 1996
number of spam blocked: 276458
recipient count of spam blocked: 4329997

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1190
2CRTC124
3CHINANET-GD118
4UNICOM-ZJ84
5UNICOM-HA19
6CHINANET-HB18
7UNICOM-SD9
8UNICOM-BJ9
9CHINANET-JS9
10CHINANET-AH8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1196
2China480
3Russian Federation63
4United States37
5Indonesia21
6Brazil20
7India17
8Viet Nam14
9Iran12
10Spain12

Monday, September 15, 2014

Suspected Bot List [2014-09-14]

detection period: 2014-09-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 43

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
IN202.56.203.62India
IR91.98.234.195Iran
IR194.33.124.77Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
RU109.167.201.26Russian Federation
SA94.77.199.148Saudi Arabia
TR85.105.50.233Turkey
TR88.247.164.136Turkey
US50.201.42.106United States

List from greylisting: