Custom Search

Monday, March 30, 2015

Suspected Bot List [2015-03-29]

detection period: 2015-03-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD180.211.193.190Bangladesh
BD203.76.147.62Bangladesh
CI213.136.105.210Ivory Coast
CI213.136.105.212Ivory Coast
EC201.219.60.86Ecuador
EC201.219.60.118Ecuador
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID203.201.172.162Indonesia
MN203.91.119.146Mongolia
MX200.94.141.149Mexico
PE200.1.183.82Peru
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US69.197.156.227United States
US209.220.168.177United States

List from greylisting:

Botnet Statistics [2015-03-29]

detection period: 2015-03-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1637
number of botnet IPs notified to network operators: 1603
number of spam blocked: 206601
recipient count of spam blocked: 6976356

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET984
2UNICOM-GD97
3CHINANET-GD69
4CHINANET-JS20
5CHINANET-HN14
6CHINANET-YN12
7CHINANET-SN12
8UNICOM-BJ9
9CRTC9
10CMNET8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan991
2China407
3United States43
4Russian Federation25
5Brazil13
6Indonesia12
7Viet Nam11
8South Korea11
9Hong Kong11
10Iran6

Sunday, March 29, 2015

Suspected Bot List [2015-03-28]

detection period: 2015-03-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 60

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.62Bangladesh
CI213.136.105.210Ivory Coast
CI213.136.105.212Ivory Coast
EC201.219.60.86Ecuador
EC201.219.60.118Ecuador
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID203.201.172.162Indonesia
IN117.218.2.168India
MN203.91.119.146Mongolia
MX200.94.141.149Mexico
PE200.1.183.82Peru
TW180.218.34.245Taiwan
US69.197.156.227United States
US209.220.168.177United States

List from greylisting: