Custom Search

Friday, November 24, 2017

Botnet Statistics [2017-11-23]

detection period: 2017-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 168
number of botnet IPs notified to network operators: 152
number of spam blocked: 76356
recipient count of spam blocked: 1952278

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB23
2CHINANET-GD13
3Baidu12
4CHINANET-ZJ-TZ10
5CHINANET-JS10
6VNPT-VNNIC-VN4
7CHINANET-ZJ4
8CHINANET-AH4
9UNIFIEDLAYER-NETWORK-143
10UNICOM-GD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China93
2India10
3United States9
4Viet Nam5
5Romania5
6Netherlands3
7Italy3
8Indonesia3
9Germany3
10Belize3

Suspected Bot List [2017-11-23]

detection period: 2017-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
MO116.193.10.34Macau
RU95.68.240.209Russian Federation
US23.129.64.101United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, November 23, 2017

Botnet Statistics [2017-11-22]

detection period: 2017-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 116
number of botnet IPs notified to network operators: 97
number of spam blocked: 23213
recipient count of spam blocked: 159818

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS14
2Baidu13
3CHINANET-HB11
4UNIFIEDLAYER-NETWORK-149
5CHINANET-GD9
6CHINANET-AH5
7CHINANET-ZJ-TZ3
8CHINANET-ZJ3
9UNICOM-SX2
10UNICOM-HB2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China80
2United States15
3Thailand3
4Argentina2
5Viet Nam1
6Venezuela1
7Taiwan1
8Russian Federation1
9Netherlands1
10Laos1