Custom Search

Sunday, August 28, 2016

Suspected Bot List [2016-08-27]

detection period: 2016-08-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 89

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.138Argentina
UY167.57.27.24Uruguay
UY167.57.111.108Uruguay

List from greylisting:

Botnet Statistics [2016-08-27]

detection period: 2016-08-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1273
number of botnet IPs notified to network operators: 1184
number of spam blocked: 27879
recipient count of spam blocked: 741292

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET696
2CHINANET-HN53
3VNPT-VNNIC-VN34
4MX-USCV4-LACNIC25
5CHINANET-GD18
6CHINANET-JS14
7CMNET11
8BSNLNET11
9ALISOFT10
10VIETEL-VNNIC-VN9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Taiwan696
2China156
3Viet Nam64
4India63
5Mexico46
6Iran25
7Peru21
8Brazil20
9Turkey11
10Tunisia11

Saturday, August 27, 2016

Suspected Bot List [2016-08-26]

detection period: 2016-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 110

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
PL185.125.4.236Poland

List from greylisting: