Custom Search

Thursday, January 19, 2017

Suspected Bot List [2017-01-18]

detection period: 2017-01-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-18]

detection period: 2017-01-18 00:00-23:59 UTC
total number of suspected botnet IPs: 62
number of botnet IPs notified to network operators: 55
number of spam blocked: 305
recipient count of spam blocked: 305

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD8
2UNIFIEDLAYER-NETWORK-102
3RingLink2
4RO-JUMP-200511292
5DIRECT-HOSTING-KR2
6CHINANET-ZJ2
7002.558.157/0001-622
8tonghnetwork1
9UNICOM-GD1
10TencentCloud1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China25
2Brazil6
3United States4
4Netherlands3
5Taiwan2
6Saudi Arabia2
7South Korea2
8Italy2
9Germany2
10South Africa1

Wednesday, January 18, 2017

Suspected Bot List [2017-01-17]

detection period: 2017-01-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting: