Custom Search

Wednesday, July 30, 2014

Suspected Bot List [2014-07-29]

detection period: 2014-07-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 244

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AL217.24.253.251Albania
AR200.42.142.234Argentina
BD180.211.180.18Bangladesh
EG41.33.169.36Egypt
IN27.5.182.53India
IN59.90.91.95India
IN117.245.95.252India
IN202.62.67.250India
IN203.90.114.228India
IR91.98.147.62Iran
IT31.199.192.20Italy
IT37.186.201.149Italy
IT95.227.105.203Italy
IT95.253.67.148Italy
LB194.126.140.247Lebanon
MX201.132.203.42Mexico
PH58.69.100.234Philippines
RU109.167.201.26Russian Federation
SA94.77.199.148Saudi Arabia
SE80.78.31.131Sweden
SG116.251.209.131Singapore
US50.201.42.106United States
US69.64.32.128United States

List from greylisting:

Botnet Statistics [2014-07-29]

detection period: 2014-07-29 00:00-23:59 UTC
total number of suspected botnet IPs: 2701
number of botnet IPs notified to network operators: 2457
number of spam blocked: 190661
recipient count of spam blocked: 3228227

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1206
2CRTC121
3CHINANET-GD65
4WASU61
5UNICOM-HN56
6CHINANET-HB51
7VNPT-VNNIC-VN41
8WASU-BB36
9PE-TPSA-LACNIC30
10UNICOM-GD24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1225
2China569
3India92
4Viet Nam73
5South Korea51
6Peru48
7United States45
8Brazil44
9Russian Federation40
10Argentina33

Tuesday, July 29, 2014

Suspected Bot List [2014-07-28]

detection period: 2014-07-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 341

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AL217.24.253.251Albania
AR200.42.142.234Argentina
BD180.211.180.18Bangladesh
EG41.33.169.36Egypt
IN27.5.182.53India
IN117.245.95.252India
IN202.62.67.250India
IN203.90.114.228India
IR91.98.147.62Iran
IT31.199.192.20Italy
IT95.227.105.203Italy
IT95.253.67.148Italy
LB194.126.140.247Lebanon
MX201.132.203.42Mexico
PH58.69.100.234Philippines
RU109.167.201.26Russian Federation
SA94.77.199.148Saudi Arabia
SE80.78.31.131Sweden
SG116.251.209.131Singapore
US50.201.42.106United States
US69.64.32.128United States
US174.139.94.82United States

List from greylisting: