Custom Search

Friday, October 24, 2014

Suspected Bot List [2014-10-23]

detection period: 2014-10-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 59

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.59.134.43Argentina
BD203.76.147.70Bangladesh
CL200.111.103.69Chile
IN117.218.50.134India
IR91.98.234.195Iran
IR194.33.124.42Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
MX201.116.227.163Mexico
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
SA94.77.199.148Saudi Arabia
SD196.202.153.146Sudan
TR88.247.164.136Turkey
US50.201.42.106United States
US69.197.128.170United States
US174.139.8.82United States

List from greylisting:

Botnet Statistics [2014-10-23]

detection period: 2014-10-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1724
number of botnet IPs notified to network operators: 1665
number of spam blocked: 140054
recipient count of spam blocked: 4472654

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET981
2UNICOM-ZJ144
3CHINANET-GD49
4CHINANET-HB31
5ALIBABA-US-CDN24
6UNICOM-GD21
7UNICOM-BJ15
8SINGNET-SG11
9UNICOM-SD10
10KORNET-KR9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan985
2China366
3United States92
4Indonesia23
5Brazil21
6South Korea16
7Viet Nam14
8Hong Kong14
9Singapore13
10Iran13

Thursday, October 23, 2014

Suspected Bot List [2014-10-22]

detection period: 2014-10-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 154

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.59.134.43Argentina
AR200.63.169.61Argentina
BD203.76.147.70Bangladesh
CL200.111.103.69Chile
IR91.98.234.195Iran
IR194.33.124.42Iran
IT31.199.192.17Italy
IT31.199.192.20Italy
MX201.116.227.163Mexico
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
SA94.77.199.148Saudi Arabia
SD196.202.153.146Sudan
TR88.247.164.136Turkey
US50.201.42.106United States
US69.197.128.170United States
US174.139.8.82United States

List from greylisting: