Custom Search

Monday, April 20, 2015

Suspected Bot List [2015-04-19]

detection period: 2015-04-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 28

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD180.211.193.190Bangladesh
BD203.76.147.62Bangladesh
CI213.136.105.210Ivory Coast
CI213.136.105.212Ivory Coast
EC201.219.60.86Ecuador
EC201.219.60.118Ecuador
ID114.141.49.251Indonesia
ID202.137.230.220Indonesia
ID203.201.172.162Indonesia
IN59.90.140.150India
IN125.23.200.38India
PE200.1.183.82Peru
PH58.69.100.238Philippines
PK202.142.171.70Pakistan
US69.197.156.227United States
US174.45.152.26United States

List from greylisting:

Botnet Statistics [2015-04-19]

detection period: 2015-04-19 00:00-23:59 UTC
total number of suspected botnet IPs: 1515
number of botnet IPs notified to network operators: 1487
number of spam blocked: 150658
recipient count of spam blocked: 4817230

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1122
2CHINANET-GD73
3UNICOM-GD12
4UNICOM-CN11
5WASU9
6ALISOFT8
7VNPT-VNNIC-VN7
8CHINANET-JS6
9CHINANET-HN6
10CMNET5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1129
2China207
3United States33
4Viet Nam13
5Indonesia11
6Russian Federation10
7Brazil10
8Iran9
9South Korea8
10Hong Kong6

Sunday, April 19, 2015

Suspected Bot List [2015-04-18]

detection period: 2015-04-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD180.211.193.190Bangladesh
BD203.76.147.62Bangladesh
CI213.136.105.210Ivory Coast
CI213.136.105.212Ivory Coast
EC201.219.60.86Ecuador
EC201.219.60.118Ecuador
ID202.137.230.220Indonesia
ID203.201.172.162Indonesia
IN117.240.116.226India
IN125.23.200.38India
PE200.1.183.82Peru
PH58.69.100.238Philippines
TW180.218.34.245Taiwan
US69.197.156.227United States
US174.45.152.26United States

List from greylisting: