Custom Search

Thursday, April 24, 2014

Suspected Bot List [2014-04-23]

detection period: 2014-04-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 97

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AL80.78.75.134Albania
AR186.182.114.204Argentina
CO190.60.39.186Colombia
CU200.55.159.65Cuba
CZ80.188.121.251Czech Republic
EG41.33.169.36Egypt
GB217.199.167.205United Kingdom
HN200.107.120.82Honduras
HN200.107.121.197Honduras
IN111.93.9.67India
IN117.239.241.147India
IN122.160.239.46India
IN202.62.67.250India
IN203.90.114.228India
IN210.212.97.139India
IN223.226.28.86India
IR91.98.36.84Iran
IT95.234.249.153Italy
NL93.174.95.82Netherlands
PH58.69.100.234Philippines
PK121.52.159.236Pakistan
PL95.160.217.65Poland
RU95.188.96.167Russian Federation
SA94.77.199.148Saudi Arabia
SA213.230.19.136Saudi Arabia
SG116.251.217.213Singapore
TR193.255.143.62Turkey
TR193.255.143.63Turkey
TR195.226.221.155Turkey
TR195.244.39.195Turkey
US50.201.42.106United States
US66.240.236.121United States
US96.44.172.108United States
US204.44.100.185United States
US209.58.205.18United States
VE186.24.34.179Venezuela
VE190.111.122.3Venezuela
VE190.202.116.101Venezuela
ZA165.233.62.202South Africa
ZW41.220.28.138Zimbabwe

List from greylisting:

Botnet Statistics [2014-04-23]

detection period: 2014-04-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1132
number of botnet IPs notified to network operators: 1039
number of spam blocked: 49704
recipient count of spam blocked: 1622770

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD164
2CRTC158
3CHINANET-FJ53
4CHINANET-JS36
5UNICOM-GD22
6HINET-NET20
7CMNET16
8HICHINA9
9CHINANET-SH8
10UNICOM-SD7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China601
2United States57
3Russian Federation47
4Brazil32
5Taiwan31
6Indonesia24
7India22
8Ukraine20
9Turkey15
10Poland14

Wednesday, April 23, 2014

Suspected Bot List [2014-04-22]

detection period: 2014-04-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 62

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CO190.60.39.186Colombia
CZ80.188.121.251Czech Republic
EG41.33.169.36Egypt
GB217.199.167.205United Kingdom
HN190.107.140.77Honduras
HN200.107.120.82Honduras
HN200.107.121.197Honduras
IN111.93.9.67India
IN117.239.241.147India
IN122.160.239.46India
IN202.62.67.250India
IN203.90.114.228India
IN210.212.97.139India
IN223.226.28.86India
IR91.98.36.84Iran
IT95.234.249.153Italy
MW105.234.255.2Malawi
NL93.174.95.82Netherlands
PH58.69.100.234Philippines
PK121.52.159.236Pakistan
PL95.160.217.65Poland
RU95.188.96.167Russian Federation
SA94.77.199.148Saudi Arabia
SA213.230.19.136Saudi Arabia
SG116.251.217.213Singapore
TR193.255.143.62Turkey
TR193.255.143.63Turkey
TR195.226.221.155Turkey
TR195.244.39.195Turkey
US50.201.42.106United States
US66.240.236.121United States
US96.44.172.108United States
US204.44.100.185United States
VE186.24.34.179Venezuela
VE190.111.122.3Venezuela
VE190.202.116.101Venezuela
ZA165.233.62.202South Africa
ZW41.220.28.138Zimbabwe

List from greylisting: