Custom Search

Sunday, February 19, 2017

Suspected Bots' IP List for January 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-01-01]
Suspected Bots IP [2017-01-02]
Suspected Bots IP [2017-01-03]
Suspected Bots IP [2017-01-04]
Suspected Bots IP [2017-01-05]
Suspected Bots IP [2017-01-06]
Suspected Bots IP [2017-01-07]
Suspected Bots IP [2017-01-08]
Suspected Bots IP [2017-01-09]
Suspected Bots IP [2017-01-10]
Suspected Bots IP [2017-01-11]
Suspected Bots IP [2017-01-12]
Suspected Bots IP [2017-01-13]
Suspected Bots IP [2017-01-14]
Suspected Bots IP [2017-01-15]
Suspected Bots IP [2017-01-16]
Suspected Bots IP [2017-01-17]
Suspected Bots IP [2017-01-18]
Suspected Bots IP [2017-01-19]
Suspected Bots IP [2017-01-20]
Suspected Bots IP [2017-01-21]
Suspected Bots IP [2017-01-22]
Suspected Bots IP [2017-01-23]
Suspected Bots IP [2017-01-24]
Suspected Bots IP [2017-01-25]
Suspected Bots IP [2017-01-26]
Suspected Bots IP [2017-01-27]
Suspected Bots IP [2017-01-28]
Suspected Bots IP [2017-01-29]
Suspected Bots IP [2017-01-30]
Suspected Bots IP [2017-01-31]

Suspected Bot List [2017-02-18]

detection period: 2017-02-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 132

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
CO190.60.234.186Colombia
IN125.16.12.146India
IN125.16.240.17India
IN203.192.212.52India
RU91.197.234.102Russian Federation
SA212.12.175.222Saudi Arabia
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2017-02-18]

detection period: 2017-02-18 00:00-23:59 UTC
total number of suspected botnet IPs: 1510
number of botnet IPs notified to network operators: 1378
number of spam blocked: 131169
recipient count of spam blocked: 3739338

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET587
2VNPT-VNNIC-VN51
3CHINANET-JS27
4UNICOM-SD22
5BSNLNET18
6FPT-VN16
7CHINANET-AH15
8UNICOM-GX14
9CMNET14
10CHINANET-GD14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Taiwan595
2China296
3India101
4Viet Nam100
5Mexico29
6Iran29
7Russian Federation25
8Brazil25
9Colombia22
10Peru20