Custom Search

Saturday, February 28, 2015

Suspected Bot List [2015-02-27]

detection period: 2015-02-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 55

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.118Ecuador
ID103.11.23.2Indonesia
ID114.6.45.106Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID202.77.96.120Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.138.249.215Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.218.50.134India
IN117.239.146.215India
IN121.247.68.156India
IN202.63.113.12India
IN219.65.189.63India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US69.197.135.216United States
US96.35.58.176United States
US208.69.30.211United States
US208.69.31.250United States
US208.73.202.157United States
US209.220.168.177United States

List from greylisting:

Botnet Statistics [2015-02-27]

detection period: 2015-02-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1350
number of botnet IPs notified to network operators: 1295
number of spam blocked: 115083
recipient count of spam blocked: 4121553

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET905
2CHINANET-GD68
3UNICOM-FJ27
4KORNET-KR6
5CHINANET-JS6
6VNPT-VNNIC-VN5
7UNICOM-SD4
8CHINANET-ZJ4
9CHINANET-SH4
10002.558.134/0001-584

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan911
2China190
3United States38
4Russian Federation25
5Indonesia19
6South Korea15
7Viet Nam14
8Brazil13
9Hong Kong12
10India10

Friday, February 27, 2015

Suspected Bot List [2015-02-26]

detection period: 2015-02-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 175

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.11.23.2Indonesia
ID114.6.45.106Indonesia
ID118.97.141.178Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.218.50.134India
IN121.247.68.156India
IN219.65.189.63India
IR82.99.220.219Iran
IR212.33.217.69Iran
LV85.9.201.199Latvia
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PE200.110.35.150Peru
PK103.4.92.88Pakistan
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TW180.218.34.245Taiwan
US69.197.135.216United States
US96.35.58.176United States
US192.232.241.137United States
US198.20.229.61United States
US208.69.30.211United States
US208.69.31.250United States
US208.73.202.157United States

List from greylisting:

Botnet Statistics [2015-02-26]

detection period: 2015-02-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1658
number of botnet IPs notified to network operators: 1483
number of spam blocked: 114457
recipient count of spam blocked: 4155817

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET859
2CHINANET-GD88
3VNPT-VNNIC-VN53
4KORNET-KR12
5BHARTI-IN12
6UNICOM-FJ11
7VIETEL-VNNIC-VN10
8UNICOM-GD8
9TurkTelekom7
10TR-TELEKOM-200510277

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan873
2China206
3Viet Nam77
4India45
5United States44
6Indonesia32
7Turkey30
8Italy23
9Spain23
10Brazil22

Thursday, February 26, 2015

Suspected Bot List [2015-02-25]

detection period: 2015-02-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 190

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.11.23.2Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.141.178Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID119.252.166.100Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
IN115.111.107.110India
IN117.218.50.134India
IN117.240.116.226India
IR82.99.220.219Iran
IR212.33.217.69Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PE200.110.35.150Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US96.35.58.176United States
US198.20.229.61United States
US208.69.30.211United States
US208.69.31.250United States
US208.73.202.157United States
US209.220.168.177United States

List from greylisting:

Botnet Statistics [2015-02-25]

detection period: 2015-02-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1690
number of botnet IPs notified to network operators: 1500
number of spam blocked: 115804
recipient count of spam blocked: 4145862

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET878
2CHINANET-GD85
3VNPT-VNNIC-VN50
4KORNET-KR14
5TR-TELEKOM-2005102711
6RIMA8
7CHINANET-JS8
8BHARTI-IN8
9MX-MSCV17-LACNIC7
10AR-CASA10-LACNIC7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan885
2China195
3Viet Nam62
4United States43
5Brazil36
6India34
7Indonesia34
8Turkey28
9South Korea25
10Spain25

Wednesday, February 25, 2015

Suspected Bot List [2015-02-24]

detection period: 2015-02-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 190

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.119Ecuador
ID103.11.23.2Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.141.178Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID119.252.166.100Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
ID203.201.172.162Indonesia
IN117.211.27.2India
IN117.218.50.134India
IN117.240.116.226India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PE200.110.35.150Peru
PH58.69.100.234Philippines
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.176.90.186Taiwan
US96.35.58.176United States
US192.232.241.137United States
US198.20.229.61United States
US208.69.30.211United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-24]

detection period: 2015-02-24 00:00-23:59 UTC
total number of suspected botnet IPs: 1716
number of botnet IPs notified to network operators: 1526
number of spam blocked: 111883
recipient count of spam blocked: 4044600

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET830
2CHINANET-GD73
3VNPT-VNNIC-VN51
4BHARTI-IN16
5KORNET-KR15
6VIETEL-VNNIC-VN11
7BM-ID9
8TR-TELEKOM-200510278
9CO-EPME1-LACNIC8
10TurkTelekom7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan846
2China159
3Viet Nam75
4United States69
5India45
6Indonesia43
7Spain34
8Russian Federation30
9Brazil30
10Turkey26

Tuesday, February 24, 2015

Suspected Bot List [2015-02-23]

detection period: 2015-02-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 160

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.119Ecuador
ID103.10.105.60Indonesia
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID119.252.166.100Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.211.27.2India
IN121.247.68.156India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PE200.110.35.150Peru
PH58.69.100.234Philippines
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.176.90.186Taiwan
US96.35.58.176United States
US192.232.241.137United States
US198.20.229.61United States
US208.69.30.211United States
US208.69.31.250United States
US209.220.168.177United States

List from greylisting:

Botnet Statistics [2015-02-23]

detection period: 2015-02-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1662
number of botnet IPs notified to network operators: 1502
number of spam blocked: 111172
recipient count of spam blocked: 4087908

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET817
2CHINANET-GD64
3VNPT-VNNIC-VN34
4RIMA13
5BHARTI-IN11
6KORNET-KR10
7AR-CASA10-LACNIC9
8VIETEL-VNNIC-VN7
9TR-TELEKOM-200510277
10CHINANET-JS6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan833
2China152
3United States55
4Viet Nam52
5Russian Federation48
6India42
7Brazil35
8Italy32
9Spain30
10Indonesia24

Monday, February 23, 2015

Suspected Bot List [2015-02-22]

detection period: 2015-02-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 46

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.119Ecuador
ID103.10.105.60Indonesia
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.141.178Indonesia
ID118.97.142.90Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID119.252.166.100Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.211.27.2India
IN117.239.146.215India
IN117.240.116.226India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.176.90.186Taiwan
TW180.218.34.245Taiwan
US96.35.58.176United States
US198.20.229.61United States
US208.69.31.250United States
US209.220.168.177United States

List from greylisting:

Botnet Statistics [2015-02-22]

detection period: 2015-02-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1250
number of botnet IPs notified to network operators: 1204
number of spam blocked: 120015
recipient count of spam blocked: 4257877

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET895
2CHINANET-GD62
3KORNET-KR9
4CHINANET-JS5
5HICHINA4
6BSNLNET4
7VOCUS-AS-AP3
8UNICOM-SD3
9UNICOM-HA3
10UNICOM-GD3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan902
2China145
3United States28
4Indonesia20
5Russian Federation16
6South Korea14
7Iran11
8Brazil10
9Ukraine9
10Hong Kong8

Sunday, February 22, 2015

Suspected Bot List [2015-02-21]

detection period: 2015-02-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 49

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
ID103.10.105.60Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.141.178Indonesia
ID118.97.142.90Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.211.27.2India
IN117.218.2.168India
IN117.240.116.226India
IN202.153.44.72India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US98.126.1.18United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-21]

detection period: 2015-02-21 00:00-23:59 UTC
total number of suspected botnet IPs: 1289
number of botnet IPs notified to network operators: 1240
number of spam blocked: 118428
recipient count of spam blocked: 4201728

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET870
2CHINANET-GD126
3KORNET-KR6
4CHINANET-JS6
5VNPT-VNNIC-VN5
6HICHINA5
7IR-DCC-200411254
8CMNET4
9002.558.134/0001-584
10VOCUS-AS-AP3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan878
2China208
3United States32
4Indonesia16
5South Korea12
6Russian Federation11
7Iran11
8Viet Nam9
9Brazil9
10Ukraine8

Saturday, February 21, 2015

Suspected Bot List [2015-02-20]

detection period: 2015-02-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 107

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AZ213.172.86.5Azerbaijan
BD203.76.147.70Bangladesh
ID103.10.105.60Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.141.178Indonesia
ID118.97.142.90Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.211.27.2India
IN117.218.2.168India
IN202.153.44.72India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
PL91.192.206.101Poland
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US98.126.1.18United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-20]

detection period: 2015-02-20 00:00-23:59 UTC
total number of suspected botnet IPs: 1333
number of botnet IPs notified to network operators: 1226
number of spam blocked: 112308
recipient count of spam blocked: 4153281

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET786
2CHINANET-GD67
3KORNET-KR10
4BSNLNET7
5CHINANET-JS6
6BHARTI-IN6
7VNPT-VNNIC-VN5
8TR-TELEKOM-200510275
9TurkTelekom4
10MINDSPRING-DEDA-C3004

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan793
2China133
3Russian Federation70
4United States36
5India36
6Turkey23
7Indonesia20
8South Korea17
9Ukraine13
10Chile13

Friday, February 20, 2015

Suspected Bot List [2015-02-19]

detection period: 2015-02-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 76

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AZ213.172.86.5Azerbaijan
BD203.76.147.70Bangladesh
ID103.10.105.60Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.141.178Indonesia
ID118.97.142.90Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.211.27.2India
IN117.218.2.168India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TR212.175.86.45Turkey
TW180.218.34.245Taiwan
US98.126.1.18United States
US198.20.229.61United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-19]

detection period: 2015-02-19 00:00-23:59 UTC
total number of suspected botnet IPs: 1363
number of botnet IPs notified to network operators: 1231
number of spam blocked: 115434
recipient count of spam blocked: 4238027

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET817
2CHINANET-GD97
3KORNET-KR11
4VNPT-VNNIC-VN9
5NWT-NET8
6UNICOM-GD6
7TR-TELEKOM-200510276
8CHINANET-JS6
9HICHINA5
10UNICOM-SD4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan827
2China197
3United States38
4Russian Federation34
5Indonesia22
6South Korea19
7Viet Nam17
8Hong Kong16
9India14
10Turkey12

Thursday, February 19, 2015

Suspected Bot List [2015-02-18]

detection period: 2015-02-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 68

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.10.105.60Indonesia
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.141.178Indonesia
ID118.97.142.90Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID180.248.109.68Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID202.182.185.194Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN117.211.27.2India
IN117.218.2.168India
IN117.240.116.226India
IR82.99.220.219Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
SG203.175.170.81Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TR212.175.86.45Turkey
TW180.218.34.245Taiwan
US96.35.58.176United States
US98.126.1.18United States
US198.20.229.61United States

List from greylisting:

Botnet Statistics [2015-02-18]

detection period: 2015-02-18 00:00-23:59 UTC
total number of suspected botnet IPs: 1291
number of botnet IPs notified to network operators: 1223
number of spam blocked: 113862
recipient count of spam blocked: 4150790

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET816
2CHINANET-GD84
3VNPT-VNNIC-VN12
4KORNET-KR11
5NWT-NET9
6HICHINA6
7CHINANET-JX5
8CHINANET-JS5
9UNICOM-HA4
10UNICOM-AH4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan827
2China171
3United States36
4Indonesia21
5South Korea20
6Viet Nam17
7India17
8Hong Kong16
9Turkey12
10Russian Federation12

Wednesday, February 18, 2015

Suspected Bot List [2015-02-17]

detection period: 2015-02-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 94

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.10.105.60Indonesia
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID202.43.93.190Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
IN117.218.50.134India
IR82.99.220.219Iran
IR212.33.199.155Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
RU193.107.17.59Russian Federation
TR88.247.164.136Turkey
TR88.250.69.146Turkey
US96.35.58.176United States
US174.139.8.82United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-17]

detection period: 2015-02-17 00:00-23:59 UTC
total number of suspected botnet IPs: 1372
number of botnet IPs notified to network operators: 1278
number of spam blocked: 122658
recipient count of spam blocked: 4401740

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET843
2CHINANET-GD33
3NWT-NET8
4KORNET-KR8
5AR-TEAR7-LACNIC6
6TurkTelekom5
7HICHINA5
8BORANET-KR5
9VNPT-VNNIC-VN4
10UNICOM-GD4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan854
2China105
3Russian Federation73
4United States33
5Indonesia25
6Ukraine24
7South Korea20
8Turkey17
9Hong Kong13
10India12

Tuesday, February 17, 2015

Suspected Bot List [2015-02-16]

detection period: 2015-02-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 123

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.10.105.60Indonesia
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID116.68.251.238Indonesia
ID118.97.141.178Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID182.30.250.125Indonesia
ID202.43.93.190Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
IN117.218.50.134India
IR82.99.220.219Iran
IR212.33.199.155Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
PK103.4.92.88Pakistan
RU193.107.17.59Russian Federation
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US69.197.135.216United States
US96.35.58.176United States
US174.139.8.82United States

List from greylisting:

Botnet Statistics [2015-02-16]

detection period: 2015-02-16 00:00-23:59 UTC
total number of suspected botnet IPs: 1591
number of botnet IPs notified to network operators: 1468
number of spam blocked: 129147
recipient count of spam blocked: 4563423

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET908
2CHINANET-GD33
3BORANET-KR12
4KORNET-KR11
5NWT-NET8
6MX-USCV4-LACNIC8
7MX-ASCV9-LACNIC7
8CMNET7
9VNPT-VNNIC-VN6
10YITAIFENG4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan917
2China122
3Russian Federation62
4United States51
5South Korea32
6Mexico31
7Indonesia23
8India20
9Hong Kong20
10Ukraine18

Monday, February 16, 2015

Suspected Bot List [2015-02-15]

detection period: 2015-02-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 67

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.119Ecuador
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID115.69.221.90Indonesia
ID116.68.251.238Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID182.30.250.125Indonesia
ID202.77.108.60Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
IN115.111.107.110India
IN121.247.68.156India
IR212.33.199.155Iran
MN203.91.119.146Mongolia
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan

List from greylisting:

Botnet Statistics [2015-02-15]

detection period: 2015-02-15 00:00-23:59 UTC
total number of suspected botnet IPs: 1445
number of botnet IPs notified to network operators: 1378
number of spam blocked: 130433
recipient count of spam blocked: 4624035

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET888
2CHINANET-GD210
3NWT-NET5
4UNICOM-SD4
5KORNET-KR4
6YITAIFENG3
7VOCUS-AS-AP3
8IR-DCC-200411253
9GZGH3
10CHINANET-SN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan892
2China278
3United States31
4Russian Federation30
5Indonesia18
6Iran14
7Hong Kong14
8Brazil10
9Argentina10
10Viet Nam8

Sunday, February 15, 2015

Suspected Bot List [2015-02-14]

detection period: 2015-02-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 57

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.119Ecuador
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID115.69.221.90Indonesia
ID116.68.251.238Indonesia
ID118.97.141.178Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID182.30.250.125Indonesia
ID202.77.108.60Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
IR212.33.199.155Iran
MN203.91.119.146Mongolia
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US69.197.135.216United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-14]

detection period: 2015-02-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1470
number of botnet IPs notified to network operators: 1413
number of spam blocked: 119759
recipient count of spam blocked: 4414252

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET833
2CHINANET-GD286
3VNPT-VNNIC-VN6
4NWT-NET5
5UNICOM-SD4
6MF-MGSM4
7YITAIFENG3
8WEBSTREAM3
9VOCUS-AS-AP3
10UNICOM-GD3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan837
2China353
3Russian Federation47
4United States29
5Indonesia19
6Ukraine14
7Hong Kong13
8Viet Nam12
9Iran11
10Brazil11

Saturday, February 14, 2015

Suspected Bot List [2015-02-13]

detection period: 2015-02-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 82

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.119Ecuador
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID115.69.221.90Indonesia
ID116.68.251.238Indonesia
ID118.97.141.178Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID182.30.250.125Indonesia
ID202.77.108.60Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.208Indonesia
ID202.138.249.215Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
IN115.111.107.110India
IN121.247.68.156India
MN203.91.119.146Mongolia
PL91.192.206.101Poland
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US69.197.135.216United States
US174.139.8.82United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-13]

detection period: 2015-02-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1578
number of botnet IPs notified to network operators: 1496
number of spam blocked: 118944
recipient count of spam blocked: 4370738

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET852
2CHINANET-GD207
3KORNET-KR20
4BORANET-KR19
5UNICOM-GD13
6TECH-HK7
7VNPT-VNNIC-VN6
8broadNnet-KR5
9NWT-NET5
10UNICOM-SD4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan861
2China304
3Russian Federation53
4South Korea50
5United States40
6Indonesia24
7India20
8UNKNOWN19
9Hong Kong19
10Viet Nam18

Friday, February 13, 2015

Suspected Bots' IP List for February 2015

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below) 10 days after its respective botnet statistics gets published.

New data will be added here daily. You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2015-02-28]
Suspected Bots IP [2015-02-27]
Suspected Bots IP [2015-02-26]
Suspected Bots IP [2015-02-25]
Suspected Bots IP [2015-02-24]
Suspected Bots IP [2015-02-23]
Suspected Bots IP [2015-02-22]
Suspected Bots IP [2015-02-21]
Suspected Bots IP [2015-02-20]
Suspected Bots IP [2015-02-19]
Suspected Bots IP [2015-02-18]
Suspected Bots IP [2015-02-17]
Suspected Bots IP [2015-02-16]
Suspected Bots IP [2015-02-15]
Suspected Bots IP [2015-02-14]
Suspected Bots IP [2015-02-13]
Suspected Bots IP [2015-02-12]
Suspected Bots IP [2015-02-11]
Suspected Bots IP [2015-02-10]
Suspected Bots IP [2015-02-09]
Suspected Bots IP [2015-02-08]
Suspected Bots IP [2015-02-07]
Suspected Bots IP [2015-02-06]
Suspected Bots IP [2015-02-05]
Suspected Bots IP [2015-02-04]
Suspected Bots IP [2015-02-03]
Suspected Bots IP [2015-02-02]

Suspected Bot List [2015-02-12]

detection period: 2015-02-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 97

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
EC201.219.60.119Ecuador
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID115.69.221.90Indonesia
ID116.68.251.238Indonesia
ID118.97.141.178Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID182.30.250.253Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.215Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN121.247.68.156India
IR82.99.220.219Iran
IR194.33.124.42Iran
IR212.33.199.155Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US67.198.166.27United States
US96.35.58.176United States
US174.139.8.82United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-12]

detection period: 2015-02-12 00:00-23:59 UTC
total number of suspected botnet IPs: 1762
number of botnet IPs notified to network operators: 1665
number of spam blocked: 112601
recipient count of spam blocked: 4188217

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET861
2CHINANET-GD373
3KORNET-KR15
4BORANET-KR12
5HICHINA9
6TECH-HK8
7VNPT-VNNIC-VN7
8UNICOM-GD7
9NWT-NET7
10BSNLNET7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan866
2China475
3Russian Federation40
4United States35
5South Korea35
6Indonesia25
7UNKNOWN20
8Viet Nam17
9Hong Kong17
10India14

Thursday, February 12, 2015

Suspected Bot List [2015-02-11]

detection period: 2015-02-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 56

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID36.82.235.189Indonesia
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID118.97.141.178Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.138.249.215Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.150.157.34Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN125.21.245.146India
IR82.99.220.219Iran
IR194.33.124.42Iran
IR212.33.199.155Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.218.34.245Taiwan
US67.198.166.27United States
US96.35.58.176United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-11]

detection period: 2015-02-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1569
number of botnet IPs notified to network operators: 1513
number of spam blocked: 115805
recipient count of spam blocked: 4157686

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET897
2CHINANET-GD280
3HICHINA12
4TECH-HK8
5KORNET-KR7
6UNICOM-GD6
7NWT-NET5
8MINDSPRING-DEDA-C3005
9CHINANET-JS5
10broadNnet-KR4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan906
2China387
3United States46
4Russian Federation29
5UNKNOWN20
6Indonesia18
7South Korea17
8Hong Kong14
9Iran11
10Viet Nam9

Wednesday, February 11, 2015

Suspected Bot List [2015-02-10]

detection period: 2015-02-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 81

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID119.82.240.46Indonesia
ID202.77.108.60Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN115.111.107.110India
IN125.21.245.146India
IR82.99.220.219Iran
IR212.33.199.155Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
US67.198.166.27United States
US174.139.8.82United States
US208.69.31.250United States

List from greylisting:

Botnet Statistics [2015-02-10]

detection period: 2015-02-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1910
number of botnet IPs notified to network operators: 1829
number of spam blocked: 125646
recipient count of spam blocked: 4406261

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1034
2CHINANET-GD343
3KORNET-KR13
4HICHINA8
5TECH-HK7
6CL-TEEM-LACNIC6
7CHINANET-JS6
8BORANET-KR6
9VNPT-VNNIC-VN5
10AE-EMIRNET-200401205

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1046
2China433
3Russian Federation56
4United States40
5South Korea32
6Ukraine28
7Chile17
8UNKNOWN16
9India15
10Mexico13

Tuesday, February 10, 2015

Suspected Bot List [2015-02-09]

detection period: 2015-02-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 150

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD203.76.147.70Bangladesh
EC201.219.60.85Ecuador
ID103.11.23.2Indonesia
ID103.16.115.14Indonesia
ID114.6.45.106Indonesia
ID118.97.175.114Indonesia
ID119.82.240.46Indonesia
ID180.250.133.50Indonesia
ID202.77.108.60Indonesia
ID202.95.148.206Indonesia
ID202.137.230.127Indonesia
ID202.137.230.134Indonesia
ID202.148.7.77Indonesia
ID202.150.139.134Indonesia
ID202.162.213.162Indonesia
ID203.201.172.162Indonesia
IN117.218.50.134India
IN125.21.245.146India
IR82.99.220.219Iran
IR194.33.124.42Iran
IR212.33.199.155Iran
MN203.91.119.146Mongolia
PE200.1.183.82Peru
PH58.69.100.234Philippines
PL91.192.206.101Poland
PL178.217.34.134Poland
PS85.114.97.66Occupied Palestinian Territory
RU95.188.112.11Russian Federation
RU193.107.17.59Russian Federation
SG27.34.180.25Singapore
TR88.247.164.136Turkey
TR88.250.69.146Turkey
TW180.176.90.186Taiwan
US67.198.166.27United States
US174.139.8.82United States

List from greylisting:

Botnet Statistics [2015-02-09]

detection period: 2015-02-09 00:00-23:59 UTC
total number of suspected botnet IPs: 1989
number of botnet IPs notified to network operators: 1839
number of spam blocked: 123322
recipient count of spam blocked: 4350490

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET983
2CHINANET-GD215
3UNICOM-FJ39
4KORNET-KR15
5HICHINA8
6VNPT-VNNIC-VN7
7TECH-HK7
8BORANET-KR7
9BHARTI-IN7
10TR-TELEKOM-200510276

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan994
2China374
3Russian Federation67
4United States57
5South Korea38
6India30
7Turkey23
8Iran23
9Indonesia23
10Ukraine22