Custom Search

Thursday, January 18, 2018

Botnet Statistics [2018-01-17]

detection period: 2018-01-17 00:00-23:59 UTC
total number of suspected botnet IPs: 28
number of botnet IPs notified to network operators: 23
number of spam blocked: 34772
recipient count of spam blocked: 783378

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2SC-FLOKINET-LTD-201608262
3HO-22
4CHINANET-ZJ2
5hostio1
6UNICOM-CN1
7SMARTWEB-NET1
8RO-ARTELECOM-200708151
9OPRIA1
10NO-UPC-200507071

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Romania2
4Netherlands2
5Iceland2
6Germany2
7Canada2
8Ukraine1
9Norway1
10Mexico1

Suspected Bot List [2018-01-17]

detection period: 2018-01-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Wednesday, January 17, 2018

Botnet Statistics [2018-01-16]

detection period: 2018-01-16 00:00-23:59 UTC
total number of suspected botnet IPs: 32
number of botnet IPs notified to network operators: 26
number of spam blocked: 28950
recipient count of spam blocked: 826305

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2CR-RACO-LACNIC3
3SC-FLOKINET-LTD-201608262
4HO-22
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8SMARTWEB-NET1
9SAA1
10RO-ARTELECOM-200708151

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Romania3
4Costa Rica3
5Netherlands2
6Iceland2
7Germany2
8Canada2
9South Africa1
10Ukraine1