Custom Search

Thursday, August 25, 2016

Suspected Bot List [2016-08-24]

detection period: 2016-08-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 73

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE89.197.4.210Germany
PL185.125.4.236Poland

List from greylisting:

Botnet Statistics [2016-08-24]

detection period: 2016-08-24 00:00-23:59 UTC
total number of suspected botnet IPs: 2300
number of botnet IPs notified to network operators: 2227
number of spam blocked: 28643
recipient count of spam blocked: 735045

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET761
2WASU512
3CHINANET-JS147
4CHINANET-AH119
5UNICOM-ZJ103
6CHINANET-HB78
7CHINANET-HN57
8WASU-BB37
9UNICOM-JS29
10CHINANET-ZJ-QZ25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1267
2Taiwan761
3India61
4Viet Nam20
5Mexico18
6Iran14
7Turkey11
8Brazil11
9Peru9
10Colombia9

Wednesday, August 24, 2016

Suspected Bot List [2016-08-23]

detection period: 2016-08-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 65

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.138Argentina
GB163.172.14.71United Kingdom
PL185.125.4.236Poland

List from greylisting: