Custom Search

Saturday, August 31, 2013

Suspected Bot List [2013-08-30]

detection period: 2013-08-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 376

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.218.129.170India
IN117.239.107.21India
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IQ86.111.144.194Iraq
IR82.99.246.10Iran
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
RO89.120.75.51Romania
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US64.181.43.79United States
US184.82.214.35United States
US209.239.112.104United States
UZ213.230.121.186Uzbekistan

List from greylisting:

Botnet Statistics [2013-08-30]

detection period: 2013-08-30 00:00-23:59 UTC
total number of suspected botnet IPs: 2874
number of botnet IPs notified to network operators: 2502
number of spam blocked: 63113
recipient count of spam blocked: 2117340

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS466
2HINET-NET400
3CHINANET-GD292
4UNICOM-GD95
5CTTNET41
6CHINANET-FJ35
7CHINASKYNET33
8UNICOM-LN24
9PE-TPSA-LACNIC22
10CMNET21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1274
2Taiwan410
3United States226
4India70
5Brazil70
6Peru54
7United Kingdom51
8Iran42
9Spain40
10Colombia37

Friday, August 30, 2013

Suspected Bot List [2013-08-29]

detection period: 2013-08-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 391

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
IN117.239.107.21India
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IQ86.111.144.194Iraq
IR82.99.246.10Iran
KZ109.229.189.175Kazakhstan
LB212.36.193.187Lebanon
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US64.181.43.79United States
US184.82.214.35United States
UZ213.230.121.186Uzbekistan

List from greylisting:

Botnet Statistics [2013-08-29]

detection period: 2013-08-29 00:00-23:59 UTC
total number of suspected botnet IPs: 3807
number of botnet IPs notified to network operators: 3423
number of spam blocked: 79167
recipient count of spam blocked: 2491203

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS990
2HINET-NET649
3CHINANET-GD262
4UNICOM-GD106
5CTTNET64
6CHINANET-FJ47
7CHINANET-HE45
8CMNET43
9KORNET-KR42
10CHINASKYNET27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1856
2Taiwan658
3United States286
4India95
5South Korea73
6Brazil70
7Russian Federation51
8Iran44
9Peru43
10Italy33

Thursday, August 29, 2013

Suspected Bot List [2013-08-28]

detection period: 2013-08-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 297

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
BG95.111.38.156Bulgaria
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR94.183.138.253Iran
KZ109.229.189.175Kazakhstan
LB212.36.193.187Lebanon
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SA94.77.203.22Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
UZ213.230.121.186Uzbekistan

List from greylisting:

Botnet Statistics [2013-08-28]

detection period: 2013-08-28 00:00-23:59 UTC
total number of suspected botnet IPs: 3641
number of botnet IPs notified to network operators: 3344
number of spam blocked: 85593
recipient count of spam blocked: 2951121

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS1086
2HINET-NET577
3CHINANET-GD389
4UNICOM-GD131
5CTTNET106
6CHINANET-FJ55
7CMNET31
8UNICOM-LN25
9ZTWL22
10PE-PETD2-LACNIC17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2089
2Taiwan589
3United States78
4Brazil58
5Peru54
6India51
7Italy50
8Colombia50
9Iran41
10Argentina37

Wednesday, August 28, 2013

Suspected Bot List [2013-08-27]

detection period: 2013-08-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 324

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
BG95.111.38.156Bulgaria
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR94.183.138.253Iran
LB212.36.193.187Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SA94.77.203.22Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
UZ213.230.121.186Uzbekistan

List from greylisting:

Botnet Statistics [2013-08-27]

detection period: 2013-08-27 00:00-23:59 UTC
total number of suspected botnet IPs: 3274
number of botnet IPs notified to network operators: 2951
number of spam blocked: 83599
recipient count of spam blocked: 2904320

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS757
2HINET-NET474
3CHINANET-GD328
4UNICOM-GD131
5CTTNET124
6ZTWL38
7CHINASKYNET36
8CHINANET-FJ28
9UNICOM-LN26
10CMNET20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1711
2Taiwan482
3United States220
4Brazil66
5Iran47
6Peru45
7Spain44
8India43
9Argentina38
10United Kingdom37

Tuesday, August 27, 2013

Suspected Bot List [2013-08-26]

detection period: 2013-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 330

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR94.183.138.253Iran
LB212.36.193.187Lebanon
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SA94.77.203.22Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States

List from greylisting:

Botnet Statistics [2013-08-26]

detection period: 2013-08-26 00:00-23:59 UTC
total number of suspected botnet IPs: 4122
number of botnet IPs notified to network operators: 3792
number of spam blocked: 88793
recipient count of spam blocked: 2899110

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET834
2CHINANET-JS545
3CHINANET-SH385
4CHINANET-GD294
5UNICOM-GD201
6CTTNET145
7CHINASKYNET84
8ZTWL47
9CHINANET-FJ43
10CBC-CM-438

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1992
2Taiwan843
3United States455
4Brazil59
5Peru47
6United Kingdom47
7India45
8Iran43
9Canada39
10Spain34

Monday, August 26, 2013

Suspected Bot List [2013-08-25]

detection period: 2013-08-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 318

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
BG46.55.178.17Bulgaria
CA174.142.186.121Canada
EG62.117.58.109Egypt
IN117.240.239.120India
IN122.183.99.146India
IN180.188.225.21India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR94.183.138.253Iran
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States
US208.67.17.197United States

List from greylisting:

Botnet Statistics [2013-08-25]

detection period: 2013-08-25 00:00-23:59 UTC
total number of suspected botnet IPs: 2776
number of botnet IPs notified to network operators: 2458
number of spam blocked: 61019
recipient count of spam blocked: 2177423

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-SH385
2CHINANET-JS277
3HINET-NET276
4CHINANET-GD209
5UNICOM-GD157
6CTTNET137
7CHINASKYNET84
8ZTWL34
9UNICOM-LN25
10CHINANET-FJ24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1568
2Taiwan292
3United States68
4Brazil55
5Iran54
6Argentina46
7India40
8Peru38
9Russian Federation36
10South Korea33

Sunday, August 25, 2013

Suspected Bot List [2013-08-24]

detection period: 2013-08-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 230

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
BG46.55.178.17Bulgaria
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN122.183.99.146India
IN180.188.225.21India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR94.183.138.253Iran
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States

List from greylisting:

Botnet Statistics [2013-08-24]

detection period: 2013-08-24 00:00-23:59 UTC
total number of suspected botnet IPs: 1961
number of botnet IPs notified to network operators: 1731
number of spam blocked: 48619
recipient count of spam blocked: 1802079

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-SH408
2CHINANET-GD175
3CTTNET145
4UNICOM-GD101
5CHINASKYNET51
6HINET-NET47
7UNICOM-LN25
8ZTWL23
9CHINANET-CN17
10UNICOM-SD15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1197
2United States62
3Taiwan57
4Brazil53
5India40
6Peru38
7Russian Federation29
8Iran28
9Spain28
10Argentina28

Saturday, August 24, 2013

Suspected Bot List [2013-08-23]

detection period: 2013-08-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 411

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
BG46.55.178.17Bulgaria
BG95.111.38.156Bulgaria
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN122.183.99.146India
IN180.188.225.21India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE190.232.218.104Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SA94.77.203.22Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States

List from greylisting:

Botnet Statistics [2013-08-23]

detection period: 2013-08-23 00:00-23:59 UTC
total number of suspected botnet IPs: 3358
number of botnet IPs notified to network operators: 2948
number of spam blocked: 85777
recipient count of spam blocked: 2884045

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS495
2HINET-NET482
3UNICOM-GD196
4CHINANET-SH154
5CHINASKYNET153
6CHINANET-GD148
7CTTNET125
8ZTWL64
9KORNET-KR30
10PE-TPSA-LACNIC25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1621
2Taiwan492
3United States154
4Peru76
5Brazil73
6India69
7Argentina58
8South Korea53
9Mexico48
10Iran41

Friday, August 23, 2013

Suspected Bot List [2013-08-22]

detection period: 2013-08-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 359

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG46.55.178.17Bulgaria
BG95.111.38.156Bulgaria
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.239.29.114India
IN117.240.239.120India
IN122.183.99.146India
IN180.188.225.21India
IN182.73.111.162India
IN202.63.105.226India
IR94.183.138.253Iran
LB212.36.193.187Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE190.232.218.104Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SA94.77.203.22Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States

List from greylisting:

Botnet Statistics [2013-08-22]

detection period: 2013-08-22 00:00-23:59 UTC
total number of suspected botnet IPs: 3774
number of botnet IPs notified to network operators: 3418
number of spam blocked: 80693
recipient count of spam blocked: 2667461

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS979
2HINET-NET588
3UNICOM-GD215
4CHINANET-GD190
5CHINASKYNET175
6CTTNET159
7ZTWL55
8CHINANET-FJ30
9UNICOM-LN29
10CMNET21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2072
2Taiwan601
3United States141
4Brazil70
5Peru55
6India53
7Argentina46
8Spain39
9Colombia39
10Mexico37

Thursday, August 22, 2013

Suspected Bot List [2013-08-21]

detection period: 2013-08-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 298

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG46.55.178.17Bulgaria
BG95.111.38.156Bulgaria
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.218.129.170India
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR94.183.138.253Iran
IT95.248.90.62Italy
LB212.36.193.187Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SA94.77.203.22Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States

List from greylisting:

Botnet Statistics [2013-08-21]

detection period: 2013-08-21 00:00-23:59 UTC
total number of suspected botnet IPs: 3876
number of botnet IPs notified to network operators: 3581
number of spam blocked: 104043
recipient count of spam blocked: 3351042

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET975
2CHINANET-JS886
3CHINANET-GD190
4UNICOM-GD185
5CHINASKYNET155
6CTTNET152
7ZTWL42
8CHINANET-FJ37
9UNICOM-LN25
10PE-TPSA-LACNIC18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1886
2Taiwan992
3United States169
4Brazil55
5Peru48
6Argentina45
7India40
8United Kingdom38
9Italy37
10Spain33

Wednesday, August 21, 2013

Suspected Bot List [2013-08-20]

detection period: 2013-08-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 275

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG46.55.178.17Bulgaria
BG95.111.38.156Bulgaria
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR85.133.185.49Iran
IR91.98.36.84Iran
IT95.248.90.62Italy
LB194.126.140.246Lebanon
LB212.36.193.187Lebanon
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States
ZW41.220.19.50Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-20]

detection period: 2013-08-20 00:00-23:59 UTC
total number of suspected botnet IPs: 3812
number of botnet IPs notified to network operators: 3539
number of spam blocked: 93694
recipient count of spam blocked: 2937693

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET995
2CHINANET-JS776
3UNICOM-GD234
4CHINANET-GD204
5CTTNET154
6CHINASKYNET141
7ZTWL51
8CHINANET-FJ44
9UNICOM-LN26
10AR-CASA10-LACNIC16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1809
2Taiwan1009
3United States172
4United Kingdom61
5Brazil60
6Italy40
7Russian Federation38
8Peru36
9Argentina36
10Mexico34

Tuesday, August 20, 2013

Suspected Bot List [2013-08-19]

detection period: 2013-08-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 196

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG46.55.178.17Bulgaria
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR85.133.185.49Iran
IR91.98.36.84Iran
IT95.248.90.62Italy
LB194.126.140.246Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
TR82.222.189.43Turkey
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-19]

detection period: 2013-08-19 00:00-23:59 UTC
total number of suspected botnet IPs: 3032
number of botnet IPs notified to network operators: 2840
number of spam blocked: 57403
recipient count of spam blocked: 1901102

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS854
2HINET-NET247
3UNICOM-GD217
4CHINANET-GD217
5CTTNET169
6CHINASKYNET105
7ZTWL59
8CHINANET-FJ56
9CRTC28
10UNICOM-LN25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1908
2Taiwan261
3United States156
4Brazil66
5Russian Federation45
6Argentina31
7Italy30
8Peru29
9Iran28
10Spain28

Monday, August 19, 2013

Suspected Bot List [2013-08-18]

detection period: 2013-08-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 164

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG46.55.178.17Bulgaria
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
IL94.188.146.81Israel
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR94.183.138.253Iran
IT95.248.90.62Italy
LB194.126.140.246Lebanon
LB212.36.193.187Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
TR82.222.189.43Turkey
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-18]

detection period: 2013-08-18 00:00-23:59 UTC
total number of suspected botnet IPs: 2410
number of botnet IPs notified to network operators: 2248
number of spam blocked: 51080
recipient count of spam blocked: 1758124

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS380
2CHINANET-GD240
3CTTNET229
4UNICOM-GD216
5CRTC163
6CHINASKYNET87
7ZTWL60
8HINET-NET32
9UNICOM-LN25
10NTMTV17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1635
2United States112
3Brazil52
4Russian Federation51
5Taiwan42
6Argentina37
7Iran25
8Spain24
9Germany24
10India22

Sunday, August 18, 2013

Suspected Bot List [2013-08-17]

detection period: 2013-08-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 190

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.239.29.114India
IN117.240.239.120India
IN122.180.96.110India
IN182.73.111.162India
IN202.63.105.226India
IR94.183.138.253Iran
LB212.36.193.187Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
TR82.222.189.43Turkey
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-17]

detection period: 2013-08-17 00:00-23:59 UTC
total number of suspected botnet IPs: 2005
number of botnet IPs notified to network operators: 1816
number of spam blocked: 51097
recipient count of spam blocked: 1581498

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD242
2CTTNET218
3UNICOM-GD217
4CRTC184
5CHINASKYNET99
6ZTWL43
7UNICOM-LN28
8HINET-NET21
9UNICOM-SD19
10AR-CASA10-LACNIC16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1274
2United States78
3Brazil49
4Russian Federation43
5Argentina42
6India32
7Colombia31
8Taiwan27
9Peru24
10Italy24

Saturday, August 17, 2013

Suspected Bot List [2013-08-16]

detection period: 2013-08-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 340

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AL80.78.75.158Albania
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.218.129.170India
IN117.240.239.120India
IN122.180.96.110India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR94.183.138.253Iran
LB212.36.193.187Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
TR82.222.189.43Turkey
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-16]

detection period: 2013-08-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2795
number of botnet IPs notified to network operators: 2458
number of spam blocked: 62024
recipient count of spam blocked: 2154488

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET391
2CHINANET-JS328
3CHINANET-GD291
4UNICOM-GD173
5CTTNET130
6UNICOM-LN26
7AR-CASA10-LACNIC21
8CHINASKYNET17
9UNICOM-SD16
10CRTC15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1232
2Taiwan404
3United States213
4Brazil85
5Argentina61
6Russian Federation52
7India45
8United Kingdom41
9Peru34
10Spain34

Friday, August 16, 2013

Suspected Bot List [2013-08-15]

detection period: 2013-08-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 263

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
AL80.78.75.158Albania
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.240.239.120India
IN122.180.96.110India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR94.183.138.253Iran
LB212.36.193.187Lebanon
MX187.174.173.18Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
PK124.109.47.66Pakistan
SA94.77.199.148Saudi Arabia
TR82.222.189.43Turkey
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-15]

detection period: 2013-08-15 00:00-23:59 UTC
total number of suspected botnet IPs: 3351
number of botnet IPs notified to network operators: 3093
number of spam blocked: 83577
recipient count of spam blocked: 2537693

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS619
2HINET-NET440
3CHINANET-GD317
4CTTNET272
5CRTC254
6UNICOM-GD179
7CHINANET-FJ30
8UNICOM-LN26
9PE-TPSA-LACNIC21
10CMNET18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1929
2Taiwan450
3United States169
4Brazil61
5Peru46
6Russian Federation40
7India39
8Spain39
9Argentina35
10Colombia34

Thursday, August 15, 2013

Suspected Bot List [2013-08-14]

detection period: 2013-08-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 183

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
AL80.78.75.158Albania
AO196.223.13.230Angola
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN122.180.96.110India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
LB212.36.193.187Lebanon
LB213.175.188.158Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
RS178.149.63.175Serbia
SA94.77.199.148Saudi Arabia
TN41.226.11.117Tunisia
TR82.222.189.43Turkey
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe
ZW41.220.28.138Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-14]

detection period: 2013-08-14 00:00-23:59 UTC
total number of suspected botnet IPs: 2534
number of botnet IPs notified to network operators: 2352
number of spam blocked: 120431
recipient count of spam blocked: 2396831

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS592
2HINET-NET334
3CHINANET-GD183
4CTTNET151
5CRTC134
6UNICOM-GD68
7CHINANET-FJ52
8UNICOM-LN24
9CMNET24
10ZTWL19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1471
2Taiwan342
3United States125
4Brazil53
5Russian Federation36
6Argentina30
7Spain28
8Peru27
9Colombia25
10Iran22

Wednesday, August 14, 2013

Suspected Bot List [2013-08-13]

detection period: 2013-08-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 210

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
AO196.223.13.230Angola
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.240.239.120India
IN122.180.96.110India
IN122.183.99.146India
IN182.73.111.162India
IN202.63.105.226India
IQ86.111.144.194Iraq
LB194.126.140.247Lebanon
LB212.36.193.187Lebanon
LB213.175.188.158Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PH122.54.171.253Philippines
RS178.149.63.175Serbia
SA94.77.199.148Saudi Arabia
TN41.226.11.117Tunisia
TR82.222.189.43Turkey
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe
ZW41.220.28.138Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-13]

detection period: 2013-08-13 00:00-23:59 UTC
total number of suspected botnet IPs: 3272
number of botnet IPs notified to network operators: 3065
number of spam blocked: 126656
recipient count of spam blocked: 3344008

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS1018
2HINET-NET929
3CHINANET-GD166
4CTTNET78
5CHINANET-FJ54
6UNICOM-GD31
7UNICOM-LN29
8KORNET-KR27
9BSNLNET19
10CMNET18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1613
2Taiwan938
3United States124
4India57
5Brazil52
6South Korea50
7Russian Federation39
8Viet Nam26
9Peru23
10United Kingdom23

Tuesday, August 13, 2013

Suspected Bot List [2013-08-12]

detection period: 2013-08-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 255

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
AO196.223.13.230Angola
CA174.142.186.121Canada
EG62.117.58.109Egypt
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.240.239.120India
IN122.180.96.110India
IN122.183.99.146India
IN182.73.111.162India
IQ86.111.144.194Iraq
IR94.183.138.253Iran
LB194.126.140.247Lebanon
LB212.36.193.187Lebanon
MX177.228.74.25Mexico
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PH122.54.171.253Philippines
SA94.77.199.148Saudi Arabia
TN41.226.11.117Tunisia
TR82.222.189.43Turkey
US24.182.136.146United States
US50.159.67.200United States
US206.81.103.58United States
ZW41.220.19.50Zimbabwe
ZW41.220.28.138Zimbabwe

List from greylisting:

Botnet Statistics [2013-08-12]

detection period: 2013-08-12 00:00-23:59 UTC
total number of suspected botnet IPs: 2772
number of botnet IPs notified to network operators: 2517
number of spam blocked: 98880
recipient count of spam blocked: 2650882

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET636
2CHINANET-JS515
3CHINANET-GD179
4CHINANET-FJ56
5CMNET44
6CTTNET35
7UNICOM-LN34
8UNICOM-GD29
9UNICOM-SD26
10CRTC26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1202
2Taiwan652
3United States172
4Brazil61
5Argentina46
6Italy36
7India36
8Russian Federation32
9Peru31
10Spain30

Monday, August 12, 2013

Suspected Bots' IP List for August 2013

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below) 10 days after its respective botnet statistics gets published.

You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2013-08-01]
Suspected Bots IP [2013-08-02]
Suspected Bots IP [2013-08-03]
Suspected Bots IP [2013-08-04]
Suspected Bots IP [2013-08-05]
Suspected Bots IP [2013-08-06]
Suspected Bots IP [2013-08-07]
Suspected Bots IP [2013-08-08]
Suspected Bots IP [2013-08-09]
Suspected Bots IP [2013-08-10]
Suspected Bots IP [2013-08-11]
Suspected Bots IP [2013-08-12]
Suspected Bots IP [2013-08-13]
Suspected Bots IP [2013-08-14]
Suspected Bots IP [2013-08-15]
Suspected Bots IP [2013-08-16]
Suspected Bots IP [2013-08-17]
Suspected Bots IP [2013-08-18]
Suspected Bots IP [2013-08-19]
Suspected Bots IP [2013-08-20]
Suspected Bots IP [2013-08-21]
Suspected Bots IP [2013-08-22]
Suspected Bots IP [2013-08-23]
Suspected Bots IP [2013-08-24]
Suspected Bots IP [2013-08-25]
Suspected Bots IP [2013-08-26]
Suspected Bots IP [2013-08-27]
Suspected Bots IP [2013-08-28]
Suspected Bots IP [2013-08-29]
Suspected Bots IP [2013-08-30]
Suspected Bots IP [2013-08-31]

Suspected Bot List [2013-08-11】

detection period: 2013-08-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 174

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
AO196.223.13.230Angola
CN150.255.1.177China
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.240.239.120India
IN122.180.96.110India
IN122.183.99.146India
IN182.73.111.162India
IR94.183.138.253Iran
LB194.126.140.247Lebanon
MX187.174.173.18Mexico
MX200.92.57.205Mexico
PE190.40.63.221Peru
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PH122.54.171.253Philippines
SA94.77.199.148Saudi Arabia
US50.159.67.200United States
US206.81.103.58United States

List from greylisting:

Botnet Statistics [2013-08-11]

detection period: 2013-08-11 00:00-23:59 UTC
total number of suspected botnet IPs: 2557
number of botnet IPs notified to network operators: 2383
number of spam blocked: 84754
recipient count of spam blocked: 2649495

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1103
2CHINANET-GD194
3CTTNET148
4CMNET83
5CHINANET-JS53
6CRTC48
7CHINANET-FJ42
8UNICOM-GD36
9UNICOM-HA31
10UNICOM-LN26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1118
2China922
3Argentina47
4United States46
5Brazil34
6Spain29
7Russian Federation24
8Mexico20
9India20
10Germany19

Sunday, August 11, 2013

Suspected Bot List [2013-08-10]

detection period: 2013-08-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 145

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CN150.255.32.240China
MO122.100.228.244Macau

List from greylisting:

Botnet Statistics [2013-08-10]

detection period: 2013-08-10 00:00-23:59 UTC
total number of suspected botnet IPs: 2226
number of botnet IPs notified to network operators: 2080
number of spam blocked: 54266
recipient count of spam blocked: 1602805

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET800
2CTTNET252
3CHINANET-GD173
4CRTC112
5CMNET59
6CHINANET-FJ50
7UNICOM-GD28
8CHINANET-JS26
9UNICOM-SD21
10UNICOM-HA21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1009
2Taiwan819
3United States41
4Argentina39
5Spain32
6Italy23
7Colombia23
8Peru17
9India14
10Germany13

Saturday, August 10, 2013

Suspected Bot List [2013-08-09]

detection period: 2013-08-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 282

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
BR150.161.30.7Brazil
CN150.255.204.108China
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IR94.183.138.253Iran
LB212.36.193.187Lebanon
LB213.175.188.158Lebanon
MO60.246.228.3Macau
MX187.174.173.18Mexico
PE190.187.168.186Peru
PE190.232.218.146Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
TR82.222.189.43Turkey
US206.81.103.58United States

List from greylisting:

Botnet Statistics [2013-08-09]

detection period: 2013-08-09 00:00-23:59 UTC
total number of suspected botnet IPs: 2643
number of botnet IPs notified to network operators: 2362
number of spam blocked: 53177
recipient count of spam blocked: 1828162

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET441
2CTTNET194
3CHINANET-JS170
4CHINANET-GD158
5CRTC152
6CMNET75
7KORNET-KR46
8CHINANET-FJ42
9UNICOM-SD39
10UNICOM-LN38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1294
2Taiwan460
3United States152
4South Korea76
5Brazil57
6India46
7Argentina42
8Peru34
9Spain34
10Colombia34

Friday, August 9, 2013

Suspected Bot List [2013-08-08]

detection period: 2013-08-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 273

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.92.120Arab Emirates
BG93.183.155.80Bulgaria
BG95.111.38.156Bulgaria
BR150.161.30.7Brazil
CA174.142.186.121Canada
GB193.164.207.16United Kingdom
IN117.218.129.170India
IN117.240.239.120India
IN122.183.99.146India
IN182.73.111.162India
IR94.183.138.253Iran
LB212.36.193.187Lebanon
LB213.175.188.158Lebanon
MO122.100.224.211Macau
MX187.174.173.18Mexico
PE190.187.168.186Peru
PE190.232.218.146Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK111.68.104.132Pakistan
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK195.168.85.26Slovakia
TR82.222.189.43Turkey
TW119.77.206.88Taiwan
US206.81.103.58United States

List from greylisting: