Custom Search

Thursday, October 23, 2014

Suspected Bot List [2014-10-22]

detection period: 2014-10-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 154

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.59.134.43Argentina
AR200.63.169.61Argentina
BD203.76.147.70Bangladesh
CL200.111.103.69Chile
IR91.98.234.195Iran
IR194.33.124.42Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
MX201.116.227.163Mexico
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
SA94.77.199.148Saudi Arabia
SD196.202.153.146Sudan
TR88.247.164.136Turkey
US50.201.42.106United States
US69.197.128.170United States
US174.139.8.82United States

List from greylisting:

Botnet Statistics [2014-10-22]

detection period: 2014-10-22 00:00-23:59 UTC
total number of suspected botnet IPs: 2158
number of botnet IPs notified to network operators: 2004
number of spam blocked: 129210
recipient count of spam blocked: 3984083

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1094
2UNICOM-ZJ175
3CHINANET-GD49
4VNPT-VNNIC-VN48
5CHINANET-HB33
6UNICOM-FJ25
7UNICOM-GD22
8VIETEL-VNNIC-VN12
9UNICOM-SD12
10KORNET-KR10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1104
2China424
3Viet Nam76
4United States55
5India29
6Russian Federation28
7Brazil28
8Turkey27
9South Korea27
10Indonesia27

Wednesday, October 22, 2014

Suspected Bot List [2014-10-21]

detection period: 2014-10-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 69

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.59.134.43Argentina
BD203.76.147.70Bangladesh
CL200.111.103.69Chile
IR91.98.234.195Iran
IR194.33.124.42Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
MX201.116.227.163Mexico
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
SA94.77.199.148Saudi Arabia
SD196.202.153.146Sudan
TR88.247.164.136Turkey
TW180.218.34.210Taiwan
US50.201.42.106United States
US69.197.128.170United States
US174.139.8.82United States

List from greylisting: