Custom Search

Saturday, November 30, 2013

Suspected Bot List [2013-11-29]

detection period: 2013-11-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 87

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AO196.223.13.230Angola
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
ES83.34.21.83Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
GQ41.222.115.225Equatorial Guinea
HN190.107.140.76Honduras
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
IR91.98.117.30Iran
IT217.133.6.218Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-29]

detection period: 2013-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 906
number of botnet IPs notified to network operators: 819
number of spam blocked: 124684
recipient count of spam blocked: 4247405

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET108
2CHINANET-GD70
3UNICOM-GD69
4CRTC56
5CTTNET51
6UNICOM-LN24
7CHINANET-ZJ-NB22
8SHARKTECH18
9CHINANET-FJ15
10CHINANET-SH13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China437
2Taiwan115
3United States54
4Brazil26
5France20
6Russian Federation17
7India17
8Hong Kong14
9Italy11
10United Kingdom11

Friday, November 29, 2013

Suspected Bot List [2013-11-28]

detection period: 2013-11-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 116

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
ES83.34.21.83Spain
ES88.12.35.87Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.239.29.114India
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
IR91.98.117.30Iran
IT217.133.6.218Italy
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-28]

detection period: 2013-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 937
number of botnet IPs notified to network operators: 821
number of spam blocked: 125944
recipient count of spam blocked: 4272314

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CRTC84
2HINET-NET79
3CHINANET-GD74
4CTTNET27
5UNICOM-LN24
6UNICOM-GD19
7IP2000-ADSL-BAS18
8CHINANET-FJ14
9UNICOM-HE12
10VNPT-VNNIC-VN11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China358
2Taiwan91
3United States49
4France42
5India30
6Hong Kong29
7Brazil28
8Russian Federation21
9Philippines17
10Iran16

Thursday, November 28, 2013

Suspected Bot List [2013-11-27]

detection period: 2013-11-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 107

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
ES83.34.21.83Spain
ES88.12.35.87Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
GQ41.222.115.225Equatorial Guinea
IN117.239.29.114India
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
IR91.98.117.30Iran
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK93.184.71.66Slovakia
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-27]

detection period: 2013-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1040
number of botnet IPs notified to network operators: 933
number of spam blocked: 145617
recipient count of spam blocked: 4555695

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD183
2CHINANET-GD82
3HINET-NET70
4CRTC68
5CTTNET30
6ZTWL27
7UNICOM-LN24
8SHARKTECH18
9CHINANET-JS12
10CHINANET-FJ12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China540
2United States80
3Taiwan75
4Brazil26
5France24
6Russian Federation17
7Iran15
8India14
9Hong Kong13
10United Kingdom13

Wednesday, November 27, 2013

Suspected Bot List [2013-11-26]

detection period: 2013-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 202

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
CA70.38.64.167Canada
DO190.94.63.166Dominican Republic
ES83.34.21.83Spain
ES88.12.35.87Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
GQ41.222.115.225Equatorial Guinea
IN117.239.29.114India
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
IR91.98.117.30Iran
IT217.133.6.218Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK93.184.71.66Slovakia
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-26]

detection period: 2013-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1664
number of botnet IPs notified to network operators: 1462
number of spam blocked: 181096
recipient count of spam blocked: 5196395

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD131
2HINET-NET104
3CRTC82
4CHINANET-GD76
5CTTNET43
6IP2000-ADSL-BAS41
7SHARKTECH32
8UNICOM-LN28
9SINGNET-SG18
10NETVIGATOR17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China507
2United States187
3Taiwan118
4France113
5India52
6Hong Kong50
7Japan48
8Australia40
9Russian Federation34
10South Korea30

Tuesday, November 26, 2013

Suspected Bot List [2013-11-25]

detection period: 2013-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 128

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
CA70.38.64.167Canada
DO190.94.63.166Dominican Republic
ES83.34.21.83Spain
ES88.12.35.87Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.239.29.114India
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
IT195.45.129.94Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK93.184.71.66Slovakia
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-25]

detection period: 2013-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1262
number of botnet IPs notified to network operators: 1135
number of spam blocked: 153808
recipient count of spam blocked: 5075777

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD180
2CHINANET-ZJ-NB113
3HINET-NET72
4CHINANET-GD69
5CRTC49
6UNICOM-LN28
7CMNET22
8ZTWL21
9SHARKTECH18
10IP2000-ADSL-BAS17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China670
2United States81
3Taiwan78
4France39
5Japan27
6Brazil26
7United Kingdom22
8Australia18
9South Korea17
10India17

Monday, November 25, 2013

Suspected Bot List [2013-11-24]

detection period: 2013-11-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 178

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
ES83.34.21.83Spain
ES88.12.35.87Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.239.29.114India
IN117.240.239.120India
IN202.63.105.226India
IT195.45.129.94Italy
KZ109.229.189.175Kazakhstan
MO60.246.65.180Macau
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
TW61.64.4.180Taiwan
US50.201.42.106United States
US174.139.57.234United States

List from greylisting:

Botnet Statistics [2013-11-24]

detection period: 2013-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 1082
number of botnet IPs notified to network operators: 904
number of spam blocked: 143293
recipient count of spam blocked: 4829881

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ-NB103
2CHINANET-GD78
3HINET-NET72
4UNICOM-GD59
5CMNET37
6UNICOM-LN26
7CHINANET-JS19
8CTTNET17
9CRTC14
10ZTWL12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China523
2Taiwan79
3United States51
4Spain38
5Brazil30
6Argentina27
7Colombia26
8Peru20
9Iran20
10India19

Sunday, November 24, 2013

Suspected Bot List [2013-11-23]

detection period: 2013-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 161

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
ES83.34.21.83Spain
ES88.12.35.87Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.239.29.114India
IN117.240.239.120India
IN202.63.105.226India
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
TW119.77.164.120Taiwan
TW211.76.82.122Taiwan
US50.201.42.106United States
US174.139.57.234United States

List from greylisting:

Botnet Statistics [2013-11-23]

detection period: 2013-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1119
number of botnet IPs notified to network operators: 958
number of spam blocked: 198319
recipient count of spam blocked: 6744645

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD169
2CHINANET-ZJ-NB75
3CHINANET-GD73
4HINET-NET65
5UNICOM-LN29
6CMNET24
7CRTC22
8ZTWL17
9UNICOM-HE16
10UNICOM-SD13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China608
2Taiwan73
3United States47
4Brazil30
5Spain27
6Colombia22
7Peru20
8Argentina20
9United Kingdom18
10Russian Federation17

Saturday, November 23, 2013

Suspected Bot List [2013-11-22]

detection period: 2013-11-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 62

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
CN150.255.141.98China
DO190.94.63.166Dominican Republic
ES80.33.132.173Spain
ES83.34.21.83Spain
ES88.12.35.87Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.239.29.114India
IN117.240.239.120India
IN202.63.105.226India
IT195.45.129.94Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-22]

detection period: 2013-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1140
number of botnet IPs notified to network operators: 1078
number of spam blocked: 238147
recipient count of spam blocked: 8260122

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD172
2CHINANET-ZJ-NB95
3CHINANET-GD85
4HINET-NET70
5CRTC39
6CMNET29
7UNICOM-LN28
8CTTNET28
9CHINANET-ZJ17
10ZTWL16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China738
2Taiwan76
3United States73
4Brazil26
5Russian Federation17
6South Korea15
7India15
8United Kingdom11
9Indonesia9
10Germany9

Friday, November 22, 2013

Suspected Bot List [2013-11-21]

detection period: 2013-11-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 100

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AO196.223.13.230Angola
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
ES80.33.132.173Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN117.239.29.114India
IN117.240.239.120India
IN202.63.105.226India
IT95.253.67.148Italy
IT195.45.129.94Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-21]

detection period: 2013-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 1918
number of botnet IPs notified to network operators: 1819
number of spam blocked: 155020
recipient count of spam blocked: 5285723

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET678
2CHINANET-GD105
3UNICOM-GD104
4CHINANET-ZJ-NB79
5CRTC52
6CTTNET41
7CMNET35
8UNICOM-LN31
9CHINANET-JS26
10CHINANET-SH17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China690
2Taiwan687
3United States103
4Australia45
5South Korea32
6Hong Kong32
7Brazil27
8Japan21
9Russian Federation20
10United Kingdom18

Thursday, November 21, 2013

Suspected Bot List [2013-11-20]

detection period: 2013-11-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 64

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AO196.223.13.230Angola
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN202.63.105.226India
IT95.253.67.148Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-20]

detection period: 2013-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 2137
number of botnet IPs notified to network operators: 2074
number of spam blocked: 101410
recipient count of spam blocked: 3302999

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET918
2UNICOM-GD147
3CHINANET-ZJ-NB102
4CHINANET-GD76
5CMNET39
6CRTC26
7UNICOM-LN24
8CHINANET-JS24
9CHINANET-FJ18
10CTTNET17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan927
2China686
3United States106
4Australia35
5Brazil28
6United Kingdom27
7Hong Kong25
8South Korea24
9Russian Federation18
10Japan17

Wednesday, November 20, 2013

Suspected Bot List [2013-11-19]

detection period: 2013-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 167

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AO196.223.13.230Angola
AR190.3.14.59Argentina
AR190.15.201.202Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN112.133.201.70India
IN117.239.29.114India
IN117.240.239.120India
IN202.63.105.226India
IR91.98.117.30Iran
IT95.253.67.148Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-19]

detection period: 2013-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 2420
number of botnet IPs notified to network operators: 2253
number of spam blocked: 82999
recipient count of spam blocked: 2846685

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET737
2UNICOM-GD165
3CHINANET-GD83
4CMNET45
5SINGNET-SG34
6UNICOM-LN27
7CHINANET-ZJ-NB21
8CHINANET-FJ20
9ZTWL19
10CHINANET-SH18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan753
2China627
3United States221
4Australia89
5India51
6Hong Kong45
7Japan44
8United Kingdom44
9Singapore41
10South Korea38

Tuesday, November 19, 2013

Suspected Bot List [2013-11-18]

detection period: 2013-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 72

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
DO190.94.63.166Dominican Republic
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN112.133.201.70India
IN117.239.29.114India
IN117.240.239.120India
IN202.63.105.226India
IR91.98.117.30Iran
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
NL94.102.63.245Netherlands
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-18]

detection period: 2013-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 1871
number of botnet IPs notified to network operators: 1799
number of spam blocked: 82364
recipient count of spam blocked: 2751040

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET832
2UNICOM-GD189
3CHINANET-GD73
4CMNET31
5UNICOM-LN30
6CHINANET-ZJ-NB25
7ZTWL21
8UNICOM-HE19
9CHINANET-JS17
10CHINANET-GX15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan840
2China634
3United States83
4Brazil25
5United Kingdom18
6Russian Federation17
7India14
8Israel13
9Japan11
10Italy11

Monday, November 18, 2013

Suspected Bot List [2013-11-17]

detection period: 2013-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 33

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
CA70.38.64.167Canada
DO190.94.63.166Dominican Republic
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN112.133.201.70India
IN117.239.29.114India
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
NL94.102.63.245Netherlands
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-17]

detection period: 2013-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 1618
number of botnet IPs notified to network operators: 1585
number of spam blocked: 92491
recipient count of spam blocked: 3042856

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET831
2UNICOM-GD170
3CHINANET-GD78
4CMNET30
5UNICOM-LN26
6CHINANET-ZJ-NB22
7ZTWL20
8UNICOM-HE16
9CTTNET15
10CHINANET-JS15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan837
2China570
3United States36
4Brazil25
5Russian Federation15
6Iran9
7South Korea8
8United Kingdom8
9India7
10Israel7

Sunday, November 17, 2013

Suspected Bot List [2013-11-16]

detection period: 2013-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 134

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BO190.129.12.162Bolivia
CA70.38.64.167Canada
DO190.94.63.166Dominican Republic
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN112.133.201.70India
IN117.239.29.114India
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
NL94.102.63.245Netherlands
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK93.184.71.66Slovakia
TW119.77.200.235Taiwan
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-16]

detection period: 2013-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2216
number of botnet IPs notified to network operators: 2082
number of spam blocked: 97804
recipient count of spam blocked: 3075237

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET905
2UNICOM-GD180
3CHINANET-GD78
4CHINANET-ZJ-NB54
5CMNET29
6CTTNET27
7UNICOM-LN26
8ZTWL22
9CRTC19
10SHARKTECH16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan928
2China619
3United States104
4India57
5Kazakhstan35
6Russian Federation29
7Brazil26
8Turkey25
9United Kingdom21
10Poland20

Saturday, November 16, 2013

Suspected Bot List [2013-11-15]

detection period: 2013-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 103

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BG93.183.155.80Bulgaria
BO190.129.12.162Bolivia
CA70.38.64.167Canada
DO190.94.63.166Dominican Republic
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.240.239.120India
IN122.160.239.39India
IN202.63.105.226India
IR91.98.117.30Iran
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
NL94.102.63.245Netherlands
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
US50.201.42.106United States

List from greylisting:

Botnet Statistics [2013-11-15]

detection period: 2013-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 2161
number of botnet IPs notified to network operators: 2058
number of spam blocked: 92377
recipient count of spam blocked: 2913686

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET891
2UNICOM-GD134
3CHINANET-GD92
4CTTNET70
5CRTC55
6CHINANET-ZJ-NB53
7SHARKTECH37
8UNICOM-LN31
9CMNET23
10CHINANET-FJ20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan901
2China710
3United States155
4Brazil29
5Australia29
6United Kingdom28
7Russian Federation19
8South Korea18
9Hong Kong14
10Iran13

Friday, November 15, 2013

Suspected Bot List [2013-11-14]

detection period: 2013-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 168

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BG93.183.155.80Bulgaria
BO190.129.12.162Bolivia
CA70.38.64.167Canada
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.240.239.120India
IN202.63.105.226India
IR91.98.117.30Iran
KZ109.229.189.175Kazakhstan
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-14]

detection period: 2013-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 2454
number of botnet IPs notified to network operators: 2286
number of spam blocked: 107862
recipient count of spam blocked: 3390560

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET904
2UNICOM-GD183
3CHINANET-GD87
4CRTC81
5CMNET61
6CTTNET44
7ZTWL25
8UNICOM-LN24
9CHINANET-FJ21
10CHINANET-SH17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan919
2China746
3United States185
4Australia47
5Hong Kong32
6Japan31
7Brazil31
8United Kingdom30
9Mexico26
10Russian Federation24

Thursday, November 14, 2013

Suspected Bot List [2013-11-13]

detection period: 2013-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 152

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BG93.183.155.80Bulgaria
BO190.129.12.162Bolivia
CA70.38.64.167Canada
CN202.100.111.147China
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.76Honduras
IN117.240.239.120India
IN202.63.105.226India
IR91.98.117.30Iran
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
RU109.167.143.14Russian Federation
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-13]

detection period: 2013-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 2280
number of botnet IPs notified to network operators: 2128
number of spam blocked: 96493
recipient count of spam blocked: 3193851

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET774
2UNICOM-GD164
3CHINANET-GD78
4CMNET46
5UNICOM-LN30
6CTTNET25
7CHINANET-JS21
8UNICOM-HE18
9ZTWL16
10CHINANET-FJ16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan787
2China625
3United States286
4United Kingdom52
5Brazil35
6Canada28
7India25
8Australia25
9Russian Federation19
10Mexico19

Wednesday, November 13, 2013

Suspected Bot List [2013-11-12]

detection period: 2013-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 213

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BG93.183.155.80Bulgaria
CA70.38.64.167Canada
ES80.33.132.173Spain
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN202.63.105.226India
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
RU109.167.143.14Russian Federation
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-12]

detection period: 2013-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 2874
number of botnet IPs notified to network operators: 2661
number of spam blocked: 91671
recipient count of spam blocked: 3202114

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET852
2UNICOM-GD115
3CHINANET-GD105
4CTTNET72
5CRTC69
6CMNET59
7SINGNET-SG33
8UNICOM-LN30
9UNICOM-HE27
10CHINANET-JS23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan880
2China801
3United States282
4United Kingdom71
5India69
6Hong Kong57
7Singapore41
8Russian Federation37
9Japan35
10Italy32

Tuesday, November 12, 2013

Suspected Bots' IP List for November 2013

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below) 10 days after its respective botnet statistics gets published.

You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2013-11-01]
Suspected Bots IP [2013-11-02]
Suspected Bots IP [2013-11-03]
Suspected Bots IP [2013-11-04]
Suspected Bots IP [2013-11-05]
Suspected Bots IP [2013-11-06]
Suspected Bots IP [2013-11-07]
Suspected Bots IP [2013-11-08]
Suspected Bots IP [2013-11-09]
Suspected Bots IP [2013-11-10]
Suspected Bots IP [2013-11-11]
Suspected Bots IP [2013-11-12]
Suspected Bots IP [2013-11-13]
Suspected Bots IP [2013-11-14]
Suspected Bots IP [2013-11-15]
Suspected Bots IP [2013-11-16]
Suspected Bots IP [2013-11-17]
Suspected Bots IP [2013-11-18]
Suspected Bots IP [2013-11-19]
Suspected Bots IP [2013-11-20]
Suspected Bots IP [2013-11-21]
Suspected Bots IP [2013-11-22]
Suspected Bots IP [2013-11-23]
Suspected Bots IP [2013-11-24]
Suspected Bots IP [2013-11-25]
Suspected Bots IP [2013-11-26]
Suspected Bots IP [2013-11-27]
Suspected Bots IP [2013-11-28]
Suspected Bots IP [2013-11-29]
Suspected Bots IP [2013-11-30]

Suspected Bot List [2013-11-11]

detection period: 2013-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 543

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.3.14.59Argentina
AR190.15.201.202Argentina
AR190.185.200.12Argentina
BG93.183.155.80Bulgaria
CA70.38.64.167Canada
CN150.255.38.25China
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN202.63.105.226India
KZ109.229.189.175Kazakhstan
MO60.246.187.141Macau
MX187.174.173.18Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
RU109.167.143.14Russian Federation
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
TW119.77.148.68Taiwan
TW119.77.200.235Taiwan
US50.201.42.106United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-11]

detection period: 2013-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 4078
number of botnet IPs notified to network operators: 3535
number of spam blocked: 102095
recipient count of spam blocked: 3324956

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET858
2CMNET419
3CRTC317
4UNICOM-GD155
5CTTNET134
6CHINANET-GD95
7UNICOM-SD83
8RIMA73
9UNICOM-HE67
10UNICOM-LN60

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2144
2Taiwan878
3Spain196
4Brazil192
5Italy126
6United States83
7Argentina43
8India28
9Turkey26
10Russian Federation25

Monday, November 11, 2013

Suspected Bot List [2013-11-10]

detection period: 2013-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 123

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.15.201.202Argentina
AR200.55.57.214Argentina
CA70.38.64.167Canada
CN150.255.120.138China
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN202.63.105.226India
IR82.99.246.10Iran
IR91.98.117.30Iran
MO60.246.189.11Macau
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE190.236.89.34Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PE200.110.35.150Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US24.101.120.44United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-10]

detection period: 2013-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 3737
number of botnet IPs notified to network operators: 3614
number of spam blocked: 106721
recipient count of spam blocked: 3650512

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET895
2CMNET459
3CRTC221
4UNICOM-GD143
5CTTNET112
6CHINANET-GD98
7UNICOM-LN84
8UNICOM-HE84
9UNICOM-SD75
10UNICOM-HA53

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2153
2Taiwan915
3Ukraine68
4Russian Federation65
5United States55
6Belarus49
7Kazakhstan47
8Brazil34
9Iran27
10Peru24

Sunday, November 10, 2013

Suspected Bot List [2013-11-09]

detection period: 2013-11-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 656

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.15.201.202Argentina
AR190.185.200.12Argentina
AR190.221.48.188Argentina
AR200.55.57.214Argentina
CA70.38.64.167Canada
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
IN117.240.239.120India
IN202.63.105.226India
IR82.99.246.10Iran
IR91.98.117.30Iran
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PE200.110.35.150Peru
PH124.107.158.30Philippines
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US24.101.120.44United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-09]

detection period: 2013-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 2982
number of botnet IPs notified to network operators: 2326
number of spam blocked: 82984
recipient count of spam blocked: 2870553

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET797
2UNICOM-GD131
3CHINANET-GD115
4RIMA86
5BY-BELPAK-2009121048
6IT-TIWS-2009011531
7UNICOM-LN28
8003.420.926/0002-0527
9CHINANET-FJ26
10CTTNET25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan808
2China558
3Spain206
4Brazil158
5Ukraine145
6Italy136
7Russian Federation130
8Belarus90
9United States67
10Kazakhstan57

Saturday, November 9, 2013

Suspected Bot List [2013-11-08]

detection period: 2013-11-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 642

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.15.201.202Argentina
AR190.221.48.188Argentina
AR200.55.57.214Argentina
CA70.38.64.167Canada
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.239.29.114India
IN117.240.239.120India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR91.98.117.30Iran
IT88.41.204.171Italy
KZ109.229.189.175Kazakhstan
MO60.246.72.94Macau
MO60.246.179.209Macau
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US24.101.120.44United States
US74.222.3.249United States

List from greylisting:

Botnet Statistics [2013-11-08]

detection period: 2013-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 4452
number of botnet IPs notified to network operators: 3810
number of spam blocked: 92412
recipient count of spam blocked: 3111256

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET895
2CMNET423
3CRTC200
4UNICOM-GD145
5CTTNET137
6CHINANET-GD124
7RIMA81
8UNICOM-SD70
9UNICOM-LN59
10UNICOM-HE40

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1848
2Taiwan924
3Spain219
4United States218
5Italy125
6Brazil123
7United Kingdom85
8Argentina65
9India63
10Russian Federation42

Friday, November 8, 2013

Suspected Bot List [2013-11-07]

detection period: 2013-11-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 682

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.15.201.202Argentina
AR190.185.200.12Argentina
AR190.221.48.188Argentina
AR200.55.57.214Argentina
CA70.38.64.167Canada
CN150.255.26.103China
CN150.255.126.129China
GB77.246.20.2United Kingdom
GB193.164.207.16United Kingdom
HN190.107.140.77Honduras
IN117.240.239.120India
IN182.73.111.162India
IN202.63.105.226India
IR82.99.246.10Iran
IR91.98.117.30Iran
IR94.183.223.16Iran
IT88.41.204.171Italy
KZ109.229.189.175Kazakhstan
MX187.174.173.18Mexico
MX189.204.49.66Mexico
PE190.187.168.186Peru
PE200.31.105.172Peru
PE200.37.197.148Peru
PK115.186.59.70Pakistan
SA94.77.199.148Saudi Arabia
SK62.197.209.93Slovakia
SK93.184.71.66Slovakia
US24.101.120.44United States
US74.222.3.249United States

List from greylisting: