Custom Search

Thursday, April 28, 2016

Suspected Bot List [2016-04-27]

detection period: 2016-04-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 125

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IL213.57.90.10Israel

List from greylisting:

country codeIP addressCountry
AE83.110.73.41Arab Emirates
AE217.165.84.200Arab Emirates
AL77.247.93.250Albania
AL178.175.62.23Albania
AR181.16.112.83Argentina
AR181.166.200.195Argentina
AR186.139.225.181Argentina
AR190.190.30.118Argentina
AR190.210.90.237Argentina
AR190.220.23.161Argentina
AR209.13.156.2Argentina
BD113.11.102.41Bangladesh
BD150.242.104.2Bangladesh
BD150.242.104.226Bangladesh
BG46.55.167.129Bulgaria
BG78.90.46.250Bulgaria
BO179.60.113.247Bolivia
BO181.115.128.243Bolivia
BO181.115.130.222Bolivia
BO200.87.186.180Bolivia
BO200.87.218.90Bolivia
CM41.78.205.43Cameroon
CM41.202.219.66Cameroon
CM41.204.71.53Cameroon
CO190.5.198.27Colombia
DE217.119.54.136Germany
EC190.63.140.36Ecuador
EG45.243.65.249Egypt
ES88.19.15.232Spain
GH41.218.255.32Ghana
HK45.122.55.191Hong Kong
HN181.210.23.163Honduras
HN190.53.58.191Honduras
ID112.215.44.217Indonesia
ID112.215.66.72Indonesia
ID112.215.124.129Indonesia
IL213.57.90.10Israel
IN27.6.33.177India
IN27.6.211.249India
IN49.156.148.161India
IN60.243.160.101India
IN106.207.93.236India
IN112.133.249.4India
IN112.133.249.32India
IN112.133.249.33India
IN115.98.54.195India
IN115.98.147.253India
IN115.99.238.118India
IN116.72.10.163India
IN122.164.150.168India
IN122.164.163.153India
IN122.252.229.236India
IN150.242.149.3India
IN183.82.1.231India
IN202.153.38.62India
IN203.194.105.97India
IN223.185.6.244India
IN223.225.10.190India
IR85.133.176.63Iran
IR89.165.35.138Iran
KE41.223.115.119Kenya
KE195.202.82.177Kenya
KE197.156.133.203Kenya
KE197.237.233.210Kenya
KH202.58.99.234Cambodia
LR41.86.10.2Liberia
MA41.137.63.202Morocco
ML217.64.110.245Mali
MN180.235.176.123Mongolia
MN203.91.118.254Mongolia
MX187.163.139.123Mexico
MX187.178.135.235Mexico
MX189.207.143.27Mexico
MX189.208.145.35Mexico
MX189.210.149.169Mexico
MX189.212.168.217Mexico
MX200.33.30.18Mexico
MX201.151.46.170Mexico
MX201.163.236.43Mexico
MX201.163.243.90Mexico
MZ197.249.129.251Mozambique
NG41.86.152.34Nigeria
NG41.184.173.26Nigeria
NO193.150.121.66Norway
PH49.145.254.144Philippines
PH122.3.171.50Philippines
PH124.106.123.23Philippines
PK39.33.114.66Pakistan
PK39.35.100.92Pakistan
PK39.36.164.52Pakistan
PK39.37.188.214Pakistan
PK39.41.201.26Pakistan
PK39.47.67.139Pakistan
PK39.55.185.143Pakistan
PK119.152.67.151Pakistan
PK119.153.160.72Pakistan
PK119.153.176.229Pakistan
PK175.107.8.228Pakistan
PK182.176.103.125Pakistan
PK182.178.83.204Pakistan
PK182.178.125.9Pakistan
PK182.181.247.78Pakistan
PK182.186.251.44Pakistan
PK182.190.207.217Pakistan
PK203.135.50.159Pakistan
RO109.98.165.58Romania
RO109.101.206.70Romania
RO109.102.96.142Romania
RO109.103.218.165Romania
RS82.117.214.66Serbia
RS87.116.191.56Serbia
RS89.216.19.97Serbia
RS94.189.170.192Serbia
RS178.149.167.182Serbia
SN41.208.146.219Senegal
SV186.32.121.219El Salvador
TN196.224.23.105Tunisia
TR5.47.202.217Turkey
TR46.1.172.226Turkey
TR95.65.190.199Turkey
TZ155.12.12.42Tanzania
UY167.57.7.209Uruguay
UY167.62.8.110Uruguay
ZW197.221.225.16Zimbabwe

Botnet Statistics [2016-04-27]

detection period: 2016-04-27 00:00-23:59 UTC
total number of suspected botnet IPs: 2890
number of botnet IPs notified to network operators: 2766
number of spam blocked: 12048
recipient count of spam blocked: 81627

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CNCITYNET705
2WASU517
3UNICOM-ZJ115
4HINET-NET112
5SONET-NET97
6UNICOM-JS79
7VNPT-VNNIC-VN62
8MX-USCV4-LACNIC49
9CHINANET-JS49
10CMNET45

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1808
2Taiwan218
3India131
4Viet Nam128
5Mexico106
6Brazil43
7Iran41
8Indonesia28
9Turkey25
10Pakistan22

Wednesday, April 27, 2016

Suspected Bot List [2016-04-26]

detection period: 2016-04-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 24

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IL213.57.90.10Israel
MX189.212.81.206Mexico

List from greylisting:

country codeIP addressCountry
CN221.136.15.11China
CN221.136.15.179China
CN221.136.15.181China
CN221.136.15.182China
HN181.210.23.163Honduras
ID112.215.16.203Indonesia
IN116.72.248.211India
IN116.75.86.27India
IN183.83.119.200India
IN203.88.145.95India
IN203.217.145.165India
MX187.177.172.13Mexico
MX200.94.17.244Mexico
RO109.98.160.182Romania
SV201.247.241.221El Salvador
TR78.186.181.15Turkey
TR88.250.69.146Turkey
US65.55.169.248United States
US157.56.110.245United States
US157.56.110.247United States
US198.57.192.199United States
ZA129.232.196.60South Africa