Custom Search

Saturday, February 28, 2015

Suspected Bot List [2015-02-27]

detection period: 2015-02-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 55

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.118Ecuador
ID103.11.23.2Indonesia
ID114.6.45.106Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID202.77.96.120Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.138.249.215Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.218.50.134India
IN117.239.146.215India
IN121.247.68.156India
IN202.63.113.12India
IN219.65.189.63India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US69.197.135.216United States
US96.35.58.176United States
US208.69.30.211United States
US208.69.31.250United States
US208.73.202.157United States
US209.220.168.177United States

List from greylisting:

Botnet Statistics [2015-02-27]

detection period: 2015-02-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1350
number of botnet IPs notified to network operators: 1295
number of spam blocked: 115083
recipient count of spam blocked: 4121553

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET905
2CHINANET-GD68
3UNICOM-FJ27
4KORNET-KR6
5CHINANET-JS6
6VNPT-VNNIC-VN5
7UNICOM-SD4
8CHINANET-ZJ4
9CHINANET-SH4
10002.558.134/0001-584

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan911
2China190
3United States38
4Russian Federation25
5Indonesia19
6South Korea15
7Viet Nam14
8Brazil13
9Hong Kong12
10India10

Friday, February 27, 2015

Suspected Bot List [2015-02-26]

detection period: 2015-02-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 175

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.11.23.2Indonesia
ID114.6.45.106Indonesia
ID118.97.141.178Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.218.50.134India
IN121.247.68.156India
IN219.65.189.63India
IR82.99.220.219Iran
IR212.33.217.69Iran
LV85.9.201.199Latvia
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PE200.110.35.150Peru
PK103.4.92.88Pakistan
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TW180.218.34.245Taiwan
US69.197.135.216United States
US96.35.58.176United States
US192.232.241.137United States
US198.20.229.61United States
US208.69.30.211United States
US208.69.31.250United States
US208.73.202.157United States

List from greylisting: