Custom Search

Wednesday, August 20, 2014

Suspected Bot List [2014-08-19]

detection period: 2014-08-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 151

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
HN190.107.140.77Honduras
IN117.245.95.252India
IN202.62.67.250India
IN203.90.114.228India
IR91.98.147.62Iran
IR194.33.124.77Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
IT95.227.105.203Italy
LB194.126.140.247Lebanon
MX201.132.203.42Mexico
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
PK221.120.222.69Pakistan
SA94.77.199.148Saudi Arabia
TR88.247.164.136Turkey
US50.201.42.106United States
US67.229.128.124United States
US68.189.162.167United States
US174.139.94.82United States
US174.139.94.83United States

List from greylisting:

Botnet Statistics [2014-08-19]

detection period: 2014-08-19 00:00-23:59 UTC
total number of suspected botnet IPs: 2493
number of botnet IPs notified to network operators: 2342
number of spam blocked: 118528
recipient count of spam blocked: 3352280

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1211
2CRTC136
3Wotone110
4CHINANET-HB48
5CHINANET-GD45
6WASU35
7WASU-BB21
8UNICOM-ZJ20
9BSNLNET18
10KORNET-KR17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1218
2China565
3United States107
4Russian Federation65
5India57
6Indonesia32
7South Korea26
8Viet Nam25
9Brazil22
10Argentina22

Tuesday, August 19, 2014

Suspected Bot List [2014-08-18]

detection period: 2014-08-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 156

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
EG62.117.58.109Egypt
HN190.107.140.77Honduras
IN27.5.182.53India
IN202.62.67.250India
IR91.98.147.62Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
IT95.227.105.203Italy
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
PK221.120.222.69Pakistan
RU95.188.112.11Russian Federation
RU109.167.201.26Russian Federation
SA94.77.199.148Saudi Arabia
SG116.251.209.131Singapore
TR88.247.164.136Turkey
US50.201.42.106United States
US67.229.128.124United States
US174.139.94.82United States

List from greylisting: