Custom Search

Thursday, December 31, 2015

Suspected Bot List [2015-12-30]

detection period: 2015-12-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 50

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.178.141.24Argentina
AR190.178.154.45Argentina
RU91.243.115.20Russian Federation
US198.144.189.140United States
US198.144.189.149United States
US204.44.73.136United States

List from greylisting:

country codeIP addressCountry
AR181.28.108.9Argentina
AR181.189.200.200Argentina
AR190.172.93.145Argentina
AR190.244.101.160Argentina
AR190.245.241.46Argentina
AR200.41.178.234Argentina
AZ91.135.253.230Azerbaijan
BD103.242.219.226Bangladesh
BO186.27.127.129Bolivia
CM197.159.0.70Cameroon
CR201.202.246.162Costa Rica
ES46.26.47.190Spain
ES83.51.175.110Spain
ES87.235.177.251Spain
ES213.140.59.128Spain
IN59.88.154.129India
IN59.97.54.27India
IN60.254.56.45India
IN110.227.77.76India
IN117.193.207.195India
IN117.196.44.131India
IN117.205.170.173India
IN117.239.43.85India
IN117.242.98.224India
IN117.248.220.31India
IN122.161.147.204India
IN122.163.10.27India
IN122.169.167.176India
IN122.170.182.151India
IN182.75.86.185India
IN202.62.78.202India
IN203.192.212.52India
IN203.194.109.142India
IQ130.193.208.49Iraq
MN150.129.143.76Mongolia
PK202.83.174.68Pakistan
RO188.212.193.18Romania
RU94.45.174.13Russian Federation
TR195.226.221.151Turkey
TR213.248.166.32Turkey
TW123.194.241.175Taiwan
US104.129.60.136United States
US104.223.2.202United States
US104.223.82.32United States

Botnet Statistics [2015-12-30]

detection period: 2015-12-30 00:00-23:59 UTC
total number of suspected botnet IPs: 2563
number of botnet IPs notified to network operators: 2513
number of spam blocked: 126536
recipient count of spam blocked: 370476

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH576
2CHINANET-ZJ-JH286
3CHINANET-ZJ230
4CHINANET-SC202
5UNICOM-AH195
6CHINANET-JS192
7CHINANET-HB186
8WASU119
9VNPT-VNNIC-VN58
10WASU-BB50

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2194
2Viet Nam115
3United States37
4India27
5Russian Federation23
6Brazil20
7Ukraine10
8Indonesia9
9Argentina9
10Taiwan8

Wednesday, December 30, 2015

Suspected Bot List [2015-12-29]

detection period: 2015-12-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 39

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US198.144.189.140United States
US198.144.189.149United States

List from greylisting:

country codeIP addressCountry
AR190.52.35.50Argentina
AR190.244.101.160Argentina
AR200.41.178.234Argentina
AR200.41.193.50Argentina
BO186.27.126.130Bolivia
BO186.27.127.129Bolivia
BW168.167.142.218Botswana
CM197.159.0.70Cameroon
CN122.49.30.56China
CR201.202.246.162Costa Rica
EG82.129.237.5Egypt
ID202.62.10.210Indonesia
ID202.162.214.116Indonesia
IN117.218.50.134India
IN117.239.29.114India
IN117.253.53.73India
IN122.169.165.230India
IN122.177.100.97India
IN180.92.171.30India
IN203.192.212.52India
IN203.194.109.142India
KZ77.245.110.111Kazakhstan
MX177.230.33.219Mexico
MX187.177.172.13Mexico
MX200.77.157.235Mexico
PH58.71.96.62Philippines
PH122.3.165.156Philippines
RS94.189.182.229Serbia
RS188.2.62.253Serbia
RU5.19.168.150Russian Federation
TR46.2.229.198Turkey
US69.163.35.211United States
US72.174.248.250United States
US104.129.60.136United States
US104.223.82.32United States
US192.163.236.251United States
US192.185.2.231United States

Botnet Statistics [2015-12-29]

detection period: 2015-12-29 00:00-23:59 UTC
total number of suspected botnet IPs: 2391
number of botnet IPs notified to network operators: 2352
number of spam blocked: 126273
recipient count of spam blocked: 376351

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH490
2CHINANET-ZJ-JH241
3CHINANET-ZJ231
4UNICOM-AH180
5CHINANET-SC177
6CHINANET-HB159
7CHINANET-JS157
8WASU131
9UNICOM-ZJ99
10WASU-BB83

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2073
2United States58
3Viet Nam36
4Brazil29
5Russian Federation24
6South Korea13
7India13
8Indonesia12
9Hong Kong10
10Germany9

Tuesday, December 29, 2015

Suspected Bot List [2015-12-28]

detection period: 2015-12-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US198.144.189.140United States
US198.144.189.149United States

List from greylisting:

country codeIP addressCountry
AM46.241.209.57Armenia
AR186.57.65.1Argentina
AR186.59.179.6Argentina
AR190.182.198.212Argentina
AR190.193.12.217Argentina
AR190.244.101.160Argentina
AR201.176.16.4Argentina
BG217.9.224.140Bulgaria
BO186.27.126.130Bolivia
BO186.27.127.129Bolivia
BR187.45.216.248Brazil
CR201.202.246.162Costa Rica
CZ85.71.191.194Czech Republic
DZ197.116.134.189Algeria
ES87.235.177.251Spain
IN117.218.1.148India
IN117.222.152.95India
IN122.162.165.243India
IN122.173.167.187India
IN122.173.227.207India
IN150.107.214.112India
IN203.192.212.52India
MX189.198.232.194Mexico
PL46.175.107.227Poland
RO92.84.44.198Romania
RO109.98.160.167Romania
RU5.19.168.150Russian Federation
US69.163.35.211United States
US104.129.60.136United States
US104.223.2.202United States
US162.144.34.20United States
US162.144.104.214United States
US192.185.4.117United States
US192.254.250.169United States

Botnet Statistics [2015-12-28]

detection period: 2015-12-28 00:00-23:59 UTC
total number of suspected botnet IPs: 2560
number of botnet IPs notified to network operators: 2524
number of spam blocked: 122842
recipient count of spam blocked: 251896

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH448
2CHINANET-JS295
3CHINANET-ZJ251
4CHINANET-ZJ-JH193
5CHINANET-SC193
6UNICOM-AH192
7CHINANET-HB158
8UNICOM-ZJ133
9WASU132
10WASU-BB73

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2200
2Viet Nam97
3United States40
4Brazil27
5Russian Federation23
6India11
7Germany10
8Turkey8
9Taiwan7
10Romania7
*

Monday, December 28, 2015

Suspected Bot List [2015-12-27]

detection period: 2015-12-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX189.149.16.44Mexico
US198.144.189.140United States
US198.144.189.149United States

List from greylisting:

country codeIP addressCountry
AO197.149.148.122Angola
AR186.38.47.137Argentina
AR190.7.8.246Argentina
AR190.244.101.160Argentina
AZ91.135.252.180Azerbaijan
BO186.27.126.130Bolivia
BO186.27.127.129Bolivia
EG193.227.49.83Egypt
ID202.62.10.210Indonesia
IN117.216.218.193India
IN117.221.229.13India
IN117.239.43.85India
IN117.245.17.149India
IN122.176.175.158India
IN203.192.212.52India
IN203.194.109.142India
KZ2.132.84.6Kazakhstan
KZ77.245.110.111Kazakhstan
MX189.169.181.21Mexico
PH58.71.96.62Philippines
UA193.107.130.153Ukraine
US50.61.143.141United States
US71.14.212.34United States
US104.223.2.202United States
US104.223.82.32United States
US162.144.104.214United States
UZ213.230.94.8Uzbekistan

Botnet Statistics [2015-12-27]

detection period: 2015-12-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1762
number of botnet IPs notified to network operators: 1731
number of spam blocked: 112869
recipient count of spam blocked: 250562

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH227
2CHINANET-ZJ-JH197
3CHINANET-ZJ173
4CHINANET-JS163
5CHINANET-SC160
6CHINANET-HB141
7UNICOM-AH119
8CHINANET-GD99
9UNICOM-ZJ83
10WASU68

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1522
2Viet Nam66
3United States25
4Russian Federation13
5India11
6Kazakhstan10
7Ukraine9
8Brazil9
9Indonesia6
10Taiwan5
*

Sunday, December 27, 2015

Suspected Bot List [2015-12-26]

detection period: 2015-12-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX189.149.36.9Mexico
MX189.149.57.207Mexico
MX189.150.160.40Mexico
US198.144.189.140United States
US198.144.189.149United States

List from greylisting:

country codeIP addressCountry
BO186.27.127.129Bolivia
IN59.94.168.142India
IN112.133.246.22India
IN117.207.144.79India
IN117.218.100.192India
IN122.163.51.81India
IN122.165.113.251India
IN182.70.14.4India
IN182.71.155.226India
IN203.194.109.142India
MX187.177.172.13Mexico
US104.223.2.202United States
US104.223.82.32United States
US104.223.95.162United States
US162.144.104.214United States
US198.154.231.36United States

Botnet Statistics [2015-12-26]

detection period: 2015-12-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1240
number of botnet IPs notified to network operators: 1218
number of spam blocked: 101285
recipient count of spam blocked: 310582

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH235
2CHINANET-ZJ-JH186
3CHINANET-ZJ138
4CHINANET-HB123
5CHINANET-SC90
6CHINANET-JS84
7UNICOM-AH76
8CHINANET-GD59
9VNPT-VNNIC-VN32
10CHINANET-ZJ-SX16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1031
2Viet Nam70
3United States24
4Ukraine13
5India13
6Taiwan8
7Russian Federation8
8Mexico7
9Germany5
10Brazil5
*

Saturday, December 26, 2015

Suspected Bot List [2015-12-25]

detection period: 2015-12-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX187.147.236.47Mexico
MX189.149.36.9Mexico
TR77.223.159.39Turkey
US198.144.189.140United States
US198.144.189.149United States

List from greylisting:

country codeIP addressCountry
AR186.137.171.30Argentina
AR186.158.224.227Argentina
AR190.244.101.160Argentina
AR200.122.104.248Argentina
BO186.27.126.130Bolivia
BO186.27.127.129Bolivia
CR201.202.246.162Costa Rica
ID202.62.10.210Indonesia
IN125.16.12.146India
IN203.192.212.52India
US71.30.221.85United States
US104.223.2.202United States
US104.223.82.32United States
US162.144.104.214United States

Botnet Statistics [2015-12-25]

detection period: 2015-12-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1580
number of botnet IPs notified to network operators: 1560
number of spam blocked: 98511
recipient count of spam blocked: 366234

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH242
2CHINANET-ZJ-JH188
3CHINANET-JS174
4CHINANET-ZJ145
5CHINANET-HB120
6CHINANET-SC115
7UNICOM-AH97
8WASU69
9UNICOM-ZJ55
10WASU-BB50

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1340
2United States47
3Taiwan41
4Viet Nam37
5Brazil15
6Russian Federation10
7South Korea9
8Hong Kong6
9Thailand5
10India5
*

Friday, December 25, 2015

Suspected Bot List [2015-12-24]

detection period: 2015-12-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX187.147.236.47Mexico
MX189.149.28.239Mexico
TR77.223.159.39Turkey
US198.144.189.140United States
US198.144.189.149United States

List from greylisting:

country codeIP addressCountry
AL213.207.33.19Albania
AR190.19.173.193Argentina
AR190.191.114.104Argentina
AR200.50.184.214Argentina
BO186.27.126.130Bolivia
BO186.27.127.129Bolivia
CR201.202.246.162Costa Rica
EG196.204.215.17Egypt
ES87.235.177.251Spain
GE92.51.116.144Republic Of Georgia
IN27.251.204.18India
IN122.167.153.148India
IN122.170.48.166India
IN122.178.171.158India
IN203.192.212.52India
MX187.177.50.130Mexico
MX189.242.148.128Mexico
PH58.71.96.62Philippines
TM217.174.232.8Turkmenistan
UA176.121.242.159Ukraine
US104.129.60.136United States
US104.223.2.202United States
US104.223.82.32United States
US108.167.189.39United States
US162.144.34.20United States
VN220.231.127.15Viet Nam

Botnet Statistics [2015-12-24]

detection period: 2015-12-24 00:00-23:59 UTC
total number of suspected botnet IPs: 2077
number of botnet IPs notified to network operators: 2045
number of spam blocked: 114685
recipient count of spam blocked: 365797

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH306
2CHINANET-ZJ-JH268
3CHINANET-JS266
4CHINANET-SC202
5CHINANET-ZJ146
6CHINANET-HB141
7UNICOM-AH140
8WASU85
9UNICOM-ZJ66
10WASU-BB62

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1779
2Viet Nam59
3United States38
4Taiwan37
5Russian Federation25
6Brazil15
7Turkey9
8South Korea9
9India9
10Ukraine7
*

Thursday, December 24, 2015

Suspected Bot List [2015-12-23]

detection period: 2015-12-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.251Argentina
MX187.141.103.121Mexico
MX187.147.232.75Mexico
MX189.149.28.239Mexico
MX189.150.157.136Mexico
MX189.150.164.54Mexico
US198.144.189.140United States
US198.144.189.149United States
US204.44.73.136United States

List from greylisting:

country codeIP addressCountry
AL213.207.33.19Albania
AR181.29.103.143Argentina
AR186.182.189.41Argentina
AR190.19.173.193Argentina
BO186.27.126.130Bolivia
BO186.27.127.129Bolivia
ES80.28.234.89Spain
IN59.89.149.209India
IN106.220.37.110India
IN117.223.196.230India
IN117.244.15.243India
IN122.174.227.80India
IN182.72.139.50India
IN203.194.109.142India
MA41.137.20.4Morocco
MX187.157.25.194Mexico
MX201.134.173.226Mexico
PH58.71.96.62Philippines
RO109.100.209.98Romania
RS94.189.210.111Serbia
US64.127.29.202United States
US104.129.60.136United States
US104.223.2.202United States
US104.223.82.32United States
US162.144.104.214United States

Botnet Statistics [2015-12-23]

detection period: 2015-12-23 00:00-23:59 UTC
total number of suspected botnet IPs: 2424
number of botnet IPs notified to network operators: 2390
number of spam blocked: 90076
recipient count of spam blocked: 369794

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ-JH369
2CHINANET-AH346
3CHINANET-SC248
4CHINANET-JS236
5CHINANET-HB189
6WASU165
7CHINANET-ZJ160
8UNICOM-AH149
9UNICOM-ZJ136
10WASU-BB79

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2204
2Viet Nam41
3United States39
4Taiwan17
5Russian Federation15
6Brazil15
7Mexico9
8India8
9South Korea7
10Turkey5

Wednesday, December 23, 2015

Suspected Bot List [2015-12-22]

detection period: 2015-12-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 28

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.251Argentina
MX187.141.103.121Mexico
MX189.150.157.136Mexico
US198.144.189.140United States
US198.144.189.149United States

List from greylisting:

country codeIP addressCountry
AE83.110.237.143Arab Emirates
AL213.207.33.19Albania
AR190.19.173.193Argentina
AR190.122.78.4Argentina
DZ41.200.26.118Algeria
IN106.216.153.136India
IN117.201.156.123India
IN122.172.70.72India
IN122.178.202.38India
IN122.183.241.170India
IN182.71.1.202India
IN202.142.103.35India
MO113.52.113.233Macau
MX187.157.25.194Mexico
MX187.175.218.80Mexico
MX201.134.173.226Mexico
PK39.33.122.208Pakistan
RO92.87.209.242Romania
US24.112.99.238United States
US104.223.2.202United States
US162.144.104.214United States
US162.212.131.145United States
US192.185.83.186United States

Botnet Statistics [2015-12-22]

detection period: 2015-12-22 00:00-23:59 UTC
total number of suspected botnet IPs: 2441
number of botnet IPs notified to network operators: 2413
number of spam blocked: 67131
recipient count of spam blocked: 298063

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH356
2CHINANET-JS334
3CHINANET-SC256
4CHINANET-HB199
5UNICOM-ZJ196
6CHINANET-ZJ-JH196
7CHINANET-ZJ183
8UNICOM-AH156
9WASU150
10WASU-BB107

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2245
2United States41
3Taiwan31
4Viet Nam26
5India12
6Russian Federation11
7Brazil8
8Mexico7
9Thailand6
10Ukraine5
*

Tuesday, December 22, 2015

Suspected Bot List [2015-12-21]

detection period: 2015-12-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.251Argentina
MX187.141.103.121Mexico
MX189.150.157.136Mexico

List from greylisting:

country codeIP addressCountry
AL213.207.33.19Albania
CD197.231.253.122Democratic Republic Of Congo
CZ217.198.113.97Czech Republic
ES87.235.177.251Spain
IN117.220.6.15India
IN122.163.54.59India
IN122.174.16.77India
MX187.163.169.153Mexico
MX187.237.63.162Mexico
MX201.134.173.226Mexico
RO109.96.244.164Romania
TR93.89.226.70Turkey
US104.223.2.202United States
US162.144.34.20United States
US192.163.227.233United States
US198.57.247.134United States
US198.154.231.36United States

Botnet Statistics [2015-12-21]

detection period: 2015-12-21 00:00-23:59 UTC
total number of suspected botnet IPs: 1978
number of botnet IPs notified to network operators: 1958
number of spam blocked: 23177
recipient count of spam blocked: 125879

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH386
2CHINANET-JS319
3CHINANET-SC199
4CHINANET-HB152
5CHINANET-ZJ147
6UNICOM-AH143
7WASU114
8UNICOM-ZJ114
9CHINANET-ZJ-JH103
10WASU-BB68

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1817
2Viet Nam38
3Taiwan28
4United States24
5Russian Federation6
6Indonesia6
7Brazil6
8Mexico5
9India5
10Hong Kong4
*

Monday, December 21, 2015

Suspected Bot List [2015-12-20]

detection period: 2015-12-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX189.150.157.136Mexico

List from greylisting:

country codeIP addressCountry
AR181.22.53.155Argentina
CM197.159.0.70Cameroon
CZ217.198.113.97Czech Republic
IN122.163.2.115India
IN122.170.64.90India
MA41.137.20.4Morocco
ME178.175.107.229Montenegro
MX187.237.63.162Mexico
MX201.134.173.226Mexico
UA193.107.130.254Ukraine
US104.223.2.202United States
US104.223.95.162United States
US162.144.63.185United States
US162.144.104.214United States
US192.185.143.234United States
US192.185.176.188United States
US198.154.245.70United States

Botnet Statistics [2015-12-20]

detection period: 2015-12-20 00:00-23:59 UTC
total number of suspected botnet IPs: 1668
number of botnet IPs notified to network operators: 1649
number of spam blocked: 33250
recipient count of spam blocked: 365604

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH304
2CHINANET-ZJ-JH247
3CHINANET-JS217
4CHINANET-SC136
5CHINANET-ZJ118
6CHINANET-HB118
7UNICOM-AH115
8UNICOM-ZJ80
9WASU58
10WASU-BB48

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1528
2Viet Nam37
3United States21
4Taiwan6
5Ukraine5
6India5
7Hong Kong5
8Brazil5
9Turkey4
10Thailand4
*

Sunday, December 20, 2015

Suspected Bot List [2015-12-19]

detection period: 2015-12-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX189.149.55.64Mexico

List from greylisting:

country codeIP addressCountry
AR181.168.104.82Argentina
AR200.68.64.189Argentina
BG87.252.184.233Bulgaria
IN59.99.4.195India
IN59.145.124.110India
IN61.1.94.67India
IN122.179.84.166India
IN182.64.204.78India
IN182.75.61.34India
KE195.202.72.107Kenya
MX201.134.173.226Mexico
PH203.82.45.167Philippines
PK39.36.165.14Pakistan
RS178.149.214.64Serbia
TW106.1.86.129Taiwan
US104.223.2.202United States

Botnet Statistics [2015-12-19]

detection period: 2015-12-19 00:00-23:59 UTC
total number of suspected botnet IPs: 1222
number of botnet IPs notified to network operators: 1204
number of spam blocked: 29643
recipient count of spam blocked: 320456

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH221
2CHINANET-ZJ-JH155
3CHINANET-JS151
4CHINANET-ZJ99
5UNICOM-AH97
6CHINANET-SC89
7CHINANET-GD86
8CHINANET-HB82
9VNPT-VNNIC-VN43
10VIETEL-VNNIC-VN14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1024
2Viet Nam80
3United States18
4Russian Federation11
5India11
6Iran6
7Turkey5
8Thailand5
9Brazil5
10Ukraine4
*

Saturday, December 19, 2015

Suspected Bot List [2015-12-18]

detection period: 2015-12-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX187.155.241.233Mexico
MX189.149.45.12Mexico
MX189.149.246.19Mexico

List from greylisting:

country codeIP addressCountry
BG217.9.224.141Bulgaria
CD197.231.253.122Democratic Republic Of Congo
ES87.235.177.251Spain
MX201.134.173.226Mexico
US104.223.2.202United States

Botnet Statistics [2015-12-18]

detection period: 2015-12-18 00:00-23:59 UTC
total number of suspected botnet IPs: 644
number of botnet IPs notified to network operators: 635
number of spam blocked: 106878
recipient count of spam blocked: 334860

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU125
2CHINANET-GD89
3CHINANET-JS66
4WASU-BB57
5CHINANET-AH38
6CHINANET-ZJ29
7CHINANET-HB23
8UNICOM-AH22
9CHINANET-SC22
10VNPT-VNNIC-VN19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China531
2Viet Nam38
3United States17
4Taiwan6
5Mexico5
6Brazil4
7Thailand3
8Russian Federation3
9Hong Kong3
10Colombia3
*

Friday, December 18, 2015

Suspected Bot List [2015-12-17]

detection period: 2015-12-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AZ91.135.246.17Azerbaijan
BD180.211.162.210Bangladesh
BG217.9.224.140Bulgaria
CZ217.198.113.97Czech Republic
ES87.235.177.251Spain
IN59.177.233.137India
IN112.133.246.19India
IN117.223.33.219India
IN120.60.8.95India
IN122.172.113.6India
IN122.175.34.148India
IN122.252.249.67India
MX201.134.173.226Mexico
MZ41.220.35.21Mozambique
PK119.152.255.66Pakistan
US104.223.2.202United States
US192.163.248.87United States

Botnet Statistics [2015-12-17]

detection period: 2015-12-17 00:00-23:59 UTC
total number of suspected botnet IPs: 1460
number of botnet IPs notified to network operators: 1443
number of spam blocked: 171976
recipient count of spam blocked: 292080

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS216
2CHINANET-AH193
3UNICOM-AH125
4CHINANET-HB123
5CHINANET-GD122
6WASU119
7CHINANET-ZJ106
8CHINANET-SC100
9WASU-BB86
10UNICOM-ZJ42

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1320
2Viet Nam37
3United States15
4India9
5Turkey7
6Russian Federation6
7Brazil6
8Taiwan5
9Poland5
10Hong Kong5
*

Thursday, December 17, 2015

Suspected Bot List [2015-12-16]

detection period: 2015-12-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX189.149.123.6Mexico

List from greylisting:

country codeIP addressCountry
AR181.1.211.19Argentina
AR190.48.36.159Argentina
AZ91.135.247.81Azerbaijan
CM197.159.0.70Cameroon
CN202.108.255.227China
ES46.24.29.12Spain
ES87.235.177.251Spain
IN1.39.19.197India
IN59.92.96.208India
IN115.118.252.4India
IN117.253.181.45India
IN122.168.185.51India
RO109.99.232.86Romania
TR46.2.202.18Turkey
US47.61.194.145United States
US50.116.123.183United States
US192.185.82.156United States

Botnet Statistics [2015-12-16]

detection period: 2015-12-16 00:00-23:59 UTC
total number of suspected botnet IPs: 1861
number of botnet IPs notified to network operators: 1842
number of spam blocked: 112113
recipient count of spam blocked: 308527

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS287
2CHINANET-AH238
3CHINANET-GD197
4CHINANET-ZJ-JH160
5CHINANET-SC147
6CHINANET-ZJ134
7CHINANET-HB133
8UNICOM-AH117
9UNICOM-ZJ103
10WASU73

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1722
2Viet Nam38
3United States12
4Turkey9
5India8
6Brazil6
7Poland5
8Ukraine4
9Kazakhstan4
10Taiwan3
*

Wednesday, December 16, 2015

Suspected Bot List [2015-12-15]

detection period: 2015-12-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX187.141.103.121Mexico
MX189.149.123.6Mexico

List from greylisting:

country codeIP addressCountry
AR186.62.17.158Argentina
AR190.19.180.112Argentina
AR191.82.171.135Argentina
AR200.122.104.248Argentina
ES87.235.177.251Spain
ES88.1.75.62Spain
HK150.129.40.237Hong Kong
IN120.63.136.46India
IN122.172.26.15India
IN122.176.26.64India
IN150.129.204.176India
IN203.145.168.207India
PL188.146.5.4Poland
US162.144.34.20United States
US162.144.104.214United States
US192.163.247.190United States
US192.185.82.156United States
VN220.231.127.8Viet Nam

Botnet Statistics [2015-12-15]

detection period: 2015-12-15 00:00-23:59 UTC
total number of suspected botnet IPs: 2215
number of botnet IPs notified to network operators: 2195
number of spam blocked: 115118
recipient count of spam blocked: 342322

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS332
2CHINANET-AH291
3CHINANET-SC194
4CHINANET-ZJ-JH181
5UNICOM-ZJ160
6CHINANET-GD156
7CHINANET-HB148
8CHINANET-ZJ146
9UNICOM-AH132
10WASU127

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2021
2Viet Nam70
3Russian Federation16
4United States14
5Taiwan10
6Brazil10
7Poland7
8India6
9Turkey5
10Indonesia5
*

Tuesday, December 15, 2015

Suspected Bot List [2015-12-14]

detection period: 2015-12-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 26

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US68.168.184.6United States

List from greylisting:

country codeIP addressCountry
AR181.164.2.75Argentina
AR181.231.247.34Argentina
AR190.103.225.98Argentina
AR190.191.110.78Argentina
BR177.184.87.33Brazil
BR191.37.206.44Brazil
EC181.199.79.177Ecuador
HK103.254.148.111Hong Kong
IN45.112.15.153India
IN112.133.232.67India
IN117.212.220.86India
IN120.61.176.214India
IN122.174.214.77India
IN210.212.215.35India
MN122.201.18.147Mongolia
PK39.34.34.41Pakistan
RO109.99.104.52Romania
RS178.149.3.214Serbia
US50.116.123.183United States
US162.144.104.214United States
US162.213.39.238United States
US192.163.247.190United States
US192.185.82.156United States
ZA129.232.130.48South Africa
ZA169.1.79.112South Africa

Botnet Statistics [2015-12-14]

detection period: 2015-12-14 00:00-23:59 UTC
total number of suspected botnet IPs: 2120
number of botnet IPs notified to network operators: 2094
number of spam blocked: 109170
recipient count of spam blocked: 200148

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS374
2CHINANET-AH293
3CHINANET-GD227
4CHINANET-HB157
5CHINANET-ZJ-JH156
6UNICOM-ZJ139
7UNICOM-AH131
8CHINANET-SC131
9WASU102
10CHINANET-ZJ100

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1990
2Viet Nam47
3United States12
4Taiwan12
5India7
6Brazil6
7Argentina4
8Turkey3
9Russian Federation3
10Bulgaria3
*

Monday, December 14, 2015

Suspected Bot List [2015-12-13]

detection period: 2015-12-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR186.158.253.220Argentina
IN116.72.216.10India
IN117.204.169.115India
IN122.163.149.147India
MN122.201.18.147Mongolia
MX189.195.227.214Mexico
MX189.244.140.158Mexico
PL77.79.199.92Poland
RO109.103.53.194Romania
TW123.194.241.175Taiwan
TW180.177.39.158Taiwan
US162.144.100.188United States
US162.144.104.214United States
US192.185.82.156United States

Botnet Statistics [2015-12-13]

detection period: 2015-12-13 00:00-23:59 UTC
total number of suspected botnet IPs: 2215
number of botnet IPs notified to network operators: 2201
number of spam blocked: 158031
recipient count of spam blocked: 1642397

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET586
2CHINANET-AH304
3CHINANET-JS245
4CHINANET-HB186
5CHINANET-ZJ-JH145
6UNICOM-AH142
7CHINANET-SC95
8CHINANET-ZJ92
9UNICOM-ZJ80
10CHINANET-GD74

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1492
2Taiwan592
3Viet Nam66
4United States10
5Ukraine4
6Russian Federation4
7India4
8Indonesia4
9United Kingdom4
10Turkey3
*

Sunday, December 13, 2015

Suspected Bot List [2015-12-12]

detection period: 2015-12-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 30

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.251Argentina

List from greylisting:

country codeIP addressCountry
AR24.232.242.243Argentina
AR186.59.64.213Argentina
AR190.175.21.49Argentina
AR190.176.150.212Argentina
AZ91.135.255.133Azerbaijan
IN117.216.129.96India
IN117.220.208.8India
IN117.222.4.145India
IN122.174.73.147India
IN122.176.104.108India
IN182.56.105.39India
IN182.64.121.158India
IN182.72.168.122India
MN122.201.18.147Mongolia
MX187.177.172.13Mexico
PK39.52.37.84Pakistan
TR213.142.146.29Turkey
UA89.252.38.235Ukraine
US50.61.143.205United States
US68.190.32.125United States
US108.167.133.25United States
US162.144.104.214United States
US192.163.247.190United States
US192.163.248.87United States
US192.185.2.54United States
US192.185.81.108United States
US192.185.82.156United States
US200.12.232.6United States
US216.172.173.36United States

Botnet Statistics [2015-12-12]

detection period: 2015-12-12 00:00-23:59 UTC
total number of suspected botnet IPs: 2010
number of botnet IPs notified to network operators: 1981
number of spam blocked: 203101
recipient count of spam blocked: 1195766

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET341
2CHINANET-AH292
3CHINANET-ZJ-JH238
4CHINANET-HB171
5UNICOM-AH138
6CHINANET-ZJ138
7CHINANET-JS138
8CHINANET-GD112
9CHINANET-SD86
10CHINANET-SC61

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1414
2Taiwan343
3Viet Nam93
4United States38
5Ukraine16
6India15
7Brazil11
8Russian Federation8
9Kazakhstan6
10Germany6
*

Saturday, December 12, 2015

Suspected Bots' IP List for November 2015

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2015-11-01]
Suspected Bots IP [2015-11-02]
Suspected Bots IP [2015-11-03]
Suspected Bots IP [2015-11-04]
Suspected Bots IP [2015-11-05]
Suspected Bots IP [2015-11-06]
Suspected Bots IP [2015-11-07]
Suspected Bots IP [2015-11-08]
Suspected Bots IP [2015-11-09]
Suspected Bots IP [2015-11-10]
Suspected Bots IP [2015-11-11]
Suspected Bots IP [2015-11-12]
Suspected Bots IP [2015-11-13]
Suspected Bots IP [2015-11-14]
Suspected Bots IP [2015-11-15]
Suspected Bots IP [2015-11-16]
Suspected Bots IP [2015-11-17]
Suspected Bots IP [2015-11-18]
Suspected Bots IP [2015-11-19]
Suspected Bots IP [2015-11-20]
Suspected Bots IP [2015-11-21]
Suspected Bots IP [2015-11-22]
Suspected Bots IP [2015-11-23]
Suspected Bots IP [2015-11-24]
Suspected Bots IP [2015-11-25]
Suspected Bots IP [2015-11-26]
Suspected Bots IP [2015-11-27]
Suspected Bots IP [2015-11-28]
Suspected Bots IP [2015-11-29]
Suspected Bots IP [2015-11-30]

Suspected Bot List [2015-12-11]

detection period: 2015-12-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.251Argentina

List from greylisting:

country codeIP addressCountry
AR190.55.142.231Argentina
CO190.60.207.187Colombia
IN112.133.244.22India
IN120.56.51.28India
IN122.170.20.43India
IN182.69.53.233India
MX177.225.131.179Mexico
RO81.12.170.22Romania
TR213.142.146.29Turkey
US162.144.104.214United States
US200.12.232.6United States

Botnet Statistics [2015-12-11]

detection period: 2015-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1790
number of botnet IPs notified to network operators: 1778
number of spam blocked: 179572
recipient count of spam blocked: 336209

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH300
2CHINANET-ZJ-JH228
3CHINANET-SC156
4CHINANET-HB146
5CHINANET-ZJ141
6WASU134
7UNICOM-AH133
8CHINANET-GD88
9WASU-BB86
10CHINANET-SD62

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1625
2Viet Nam64
3Russian Federation17
4United States13
5India8
6Taiwan7
7Turkey7
8Thailand6
9Brazil6
10Ukraine4
*

Friday, December 11, 2015

Suspected Bot List [2015-12-10]

detection period: 2015-12-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 27

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.138.82.251Argentina

List from greylisting:

country codeIP addressCountry
AR181.29.89.23Argentina
AR190.17.133.118Argentina
AR190.50.36.203Argentina
BH185.36.91.159Bahrain
ES87.235.177.251Spain
ES89.6.239.131Spain
GR37.6.241.156Greece
IN115.97.227.127India
IN115.113.249.2India
IN115.118.22.93India
IN116.74.71.196India
IN117.55.245.156India
IN122.162.117.9India
IN122.173.89.39India
IN182.65.252.153India
IN182.65.254.142India
IN182.72.153.186India
IN203.109.124.46India
KE197.254.17.158Kenya
ME178.175.20.230Montenegro
MX177.241.205.135Mexico
MX189.171.43.197Mexico
RO92.82.7.92Romania
RS178.148.238.160Serbia
US162.144.104.214United States
US192.163.247.190United States

Botnet Statistics [2015-12-10]

detection period: 2015-12-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1981
number of botnet IPs notified to network operators: 1954
number of spam blocked: 182274
recipient count of spam blocked: 1317232

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET389
2CHINANET-GD192
3CHINANET-AH183
4CHINANET-ZJ-JH166
5CHINANET-SC116
6CHINANET-JS111
7CHINANET-HB105
8UNICOM-ZJ104
9WASU96
10CHINANET-ZJ91

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1431
2Taiwan390
3Viet Nam41
4India15
5United States12
6Turkey10
7Ukraine7
8Brazil7
9Thailand6
10Poland6
*