Custom Search

Tuesday, September 2, 2014

Suspected Bot List [2014-09-01]

detection period: 2014-09-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 78

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
IN27.5.182.53India
IN202.62.67.254India
IN203.90.114.228India
IR91.98.147.62Iran
IR194.33.124.77Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
IT95.227.105.203Italy
PE200.110.35.150Peru
PH58.69.100.234Philippines
PH124.107.165.60Philippines
PK103.4.92.88Pakistan
PK221.120.222.69Pakistan
SA94.77.199.148Saudi Arabia
TR88.247.164.136Turkey
US50.201.42.106United States
UZ89.236.219.106Uzbekistan

List from greylisting:

Botnet Statistics [2014-09-01]

detection period: 2014-09-01 00:00-23:59 UTC
total number of suspected botnet IPs: 2142
number of botnet IPs notified to network operators: 2064
number of spam blocked: 132434
recipient count of spam blocked: 4138903

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1196
2CRTC127
3Wotone88
4CHINANET-GD59
5WASU42
6CHINANET-HB40
7UNICOM-BJ20
8CHINANET-JX19
9UNICOM-SD15
10WASU-BB14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1206
2China547
3Russian Federation47
4India47
5United States40
6Brazil21
7Indonesia19
8Iran16
9Viet Nam11
10Hong Kong11

Monday, September 1, 2014

Suspected Bot List [2014-08-31]

detection period: 2014-08-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 48

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN27.5.182.53India
IN202.62.67.254India
IN203.90.114.228India
IR194.33.124.77Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
PH58.69.100.234Philippines
PK221.120.222.69Pakistan
SA94.77.199.148Saudi Arabia
US50.201.42.106United States
UZ89.236.219.106Uzbekistan

List from greylisting: