Custom Search

Sunday, December 28, 2014

Suspected Bot List [2014-12-27]

detection period: 2014-12-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 248

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2014-12-27]

detection period: 2014-12-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1948
number of botnet IPs notified to network operators: 1700
number of spam blocked: 48239
recipient count of spam blocked: 1425474

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET851
2CHINANET-GD164
3AR-CASA10-LACNIC19
4UNICOM-GD18
5JAZZTEL-TRIPLEPLAY16
6AR-PRSA-LACNIC16
7076.535.764/0326-9013
8MX-GDUN-LACNIC11
9CL-TCSA41-LACNIC10
10MX-USCV4-LACNIC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan856
2China232
3United States93
4Spain72
5Germany69
6Argentina65
7Italy59
8Bulgaria42
9Mexico40
10Iran30

Saturday, December 27, 2014

Suspected Bot List [2014-12-26]

detection period: 2014-12-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting: