Custom Search

Thursday, October 30, 2014

Suspected Bot List [2014-10-29]

detection period: 2014-10-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 109

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
GB176.35.77.154United Kingdom
IR194.33.124.42Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
MX201.116.227.163Mexico
PE200.110.35.150Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
PK202.154.226.90Pakistan
SA94.77.199.148Saudi Arabia
SD196.202.153.146Sudan
TR88.247.164.136Turkey
US50.201.42.106United States
US69.197.128.170United States
US174.139.8.82United States
US192.161.180.146United States
UZ89.236.219.106Uzbekistan
VE201.248.227.12Venezuela

List from greylisting:

Botnet Statistics [2014-10-29]

detection period: 2014-10-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1725
number of botnet IPs notified to network operators: 1616
number of spam blocked: 136646
recipient count of spam blocked: 4352167

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET931
2CHINANET-GD40
3CHINANET-HB26
4KORNET-KR18
5BORANET-KR18
6ALIBABA-US-CDN15
7UNICOM-BJ14
8HICHINA10
9VNPT-VNNIC-VN7
10UNICOM-GD7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan938
2China200
3United States86
4Russian Federation61
5South Korea44
6India37
7Indonesia27
8Viet Nam20
9Hong Kong20
10United Arab Emirates20

Wednesday, October 29, 2014

Suspected Bot List [2014-10-28]

detection period: 2014-10-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 87

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
GB176.35.77.154United Kingdom
IR194.33.124.42Iran
MX201.116.227.163Mexico
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
PK202.154.226.90Pakistan
SA94.77.199.148Saudi Arabia
SD196.202.153.146Sudan
TR88.247.164.136Turkey
US50.201.42.106United States
US69.197.128.170United States
US174.139.8.82United States
US192.161.180.146United States

List from greylisting: