Custom Search

Monday, November 30, 2015

Suspected Bot List [2015-11-29]

detection period: 2015-11-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MO27.109.136.25Macau
MO27.109.177.202Macau
MX187.141.118.20Mexico

List from greylisting:

country codeIP addressCountry
CM41.202.221.42Cameroon
MX187.177.172.13Mexico
US162.144.104.214United States
US162.144.131.227United States

Botnet Statistics [2015-11-29]

detection period: 2015-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1013
number of botnet IPs notified to network operators: 1006
number of spam blocked: 60522
recipient count of spam blocked: 417068

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-AH140
2CHINANET-ZJ-JH106
3CHINANET-ZJ93
4UNICOM-ZJ91
5CHINANET-HB90
6CHINANET-SC83
7CHINANET-JS72
8UNICOM-AH64
9WASU58
10WASU-BB43

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China955
2United States15
3Taiwan8
4Thailand5
5Hong Kong3
6Viet Nam2
7Russian Federation2
8Peru2
9Mexico2
10Macau2

Sunday, November 29, 2015

Suspected Bot List [2015-11-28]

detection period: 2015-11-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
UY167.57.126.193Uruguay

List from greylisting:

country codeIP addressCountry
BD180.210.130.16Bangladesh
BO186.27.127.129Bolivia
CM41.202.221.42Cameroon
IN117.244.15.243India
IN122.183.192.97India
KZ77.245.110.111Kazakhstan
MX200.94.75.210Mexico
US204.44.65.214United States

Botnet Statistics [2015-11-28]

detection period: 2015-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 313
number of botnet IPs notified to network operators: 304
number of spam blocked: 69976
recipient count of spam blocked: 213028

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD38
2CHINANET-ZJ20
3CHINANET-HB20
4CHINANET-AH18
5UNICOM-AH15
6VNPT-VNNIC-VN11
7CHINANET-ZJ-QZ11
8CHINANET-JS8
9CHINANET-HA8
10MAINT-CHINANET-HA6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China199
2Viet Nam18
3United States12
4Taiwan11
5Brazil8
6Thailand6
7Germany5
8Russian Federation4
9United Kingdom4
10South Korea3

Saturday, November 28, 2015

Suspected Bot List [2015-11-27]

detection period: 2015-11-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US50.203.120.116United States
UY167.57.48.123Uruguay
UY167.57.116.133Uruguay

List from greylisting:

country codeIP addressCountry
BD180.210.130.16Bangladesh
CM41.202.221.42Cameroon
MX189.254.134.100Mexico
RO92.82.45.160Romania
US50.116.123.183United States
US162.144.131.227United States

Botnet Statistics [2015-11-27]

detection period: 2015-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 460
number of botnet IPs notified to network operators: 451
number of spam blocked: 250287
recipient count of spam blocked: 357468

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ99
2WASU67
3WASU-BB64
4CHINANET-GD30
5CHINANET-HB23
6CHINANET-JS13
7CHINANET-AH13
8CHINANET-ZJ12
9UNICOM-AH11
10HINET-NET6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China382
2United States16
3Taiwan10
4Viet Nam8
5Thailand5
6Russian Federation3
7South Korea3
8Brazil3
9Uruguay2
10Ukraine2

Friday, November 27, 2015

Suspected Bot List [2015-11-26]

detection period: 2015-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.0.163.20Argentina
AR190.193.185.164Argentina
UY167.56.35.240Uruguay
UY167.56.188.201Uruguay

List from greylisting:

country codeIP addressCountry
AR186.60.128.8Argentina
ES87.235.177.251Spain
IN59.99.143.169India
IN117.213.188.109India
IN117.244.15.243India
MX187.177.172.13Mexico
MX189.254.134.100Mexico
US24.170.233.95United States
US155.94.148.35United States
US162.144.104.214United States

Botnet Statistics [2015-11-26]

detection period: 2015-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 834
number of botnet IPs notified to network operators: 820
number of spam blocked: 275819
recipient count of spam blocked: 358139

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ230
2WASU144
3WASU-BB119
4CHINANET-ZJ35
5CHINANET-HB34
6CHINANET-GD34
7CHINANET-AH32
8UNICOM-AH27
9VNPT-VNNIC-VN18
10HINET-NET13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China712
2Viet Nam39
3Taiwan16
4United States15
5Japan7
6Russian Federation5
7Thailand4
8India3
9Germany3
10Argentina3

Thursday, November 26, 2015

Suspected Bot List [2015-11-25]

detection period: 2015-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US208.73.201.211United States

List from greylisting:

country codeIP addressCountry
IN59.95.53.246India
IN61.3.255.153India
IN122.169.67.70India
IN182.64.74.230India
IN182.77.69.128India
KE195.202.72.107Kenya
PK39.33.198.48Pakistan
US50.116.123.183United States
US68.184.154.57United States
US162.144.104.214United States

Botnet Statistics [2015-11-25]

detection period: 2015-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1252
number of botnet IPs notified to network operators: 1241
number of spam blocked: 326610
recipient count of spam blocked: 1675979

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET419
2UNICOM-ZJ149
3WASU92
4WASU-BB79
5CHINANET-ZJ78
6CHINANET-HB74
7CHINANET-AH67
8UNICOM-AH58
9CHINANET-GD35
10SAKURA-NET25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China700
2Taiwan424
3Viet Nam33
4Japan27
5United States16
6South Korea5
7India5
8Russian Federation4
9Romania3
10Hong Kong3

Wednesday, November 25, 2015

Suspected Bot List [2015-11-24]

detection period: 2015-11-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US208.73.201.211United States

List from greylisting:

country codeIP addressCountry
BG217.9.224.141Bulgaria
CA184.107.73.206Canada
ES87.235.177.251Spain
IN59.94.75.191India
IN115.118.237.147India
IN122.178.157.134India
IN182.68.52.232India
MX187.177.172.13Mexico
MX189.254.134.100Mexico
US50.116.123.183United States
US162.144.104.214United States
US198.57.194.6United States
US198.57.247.223United States

Botnet Statistics [2015-11-24]

detection period: 2015-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 1326
number of botnet IPs notified to network operators: 1312
number of spam blocked: 281673
recipient count of spam blocked: 1915778

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET484
2WASU150
3UNICOM-ZJ114
4WASU-BB99
5CHINANET-HB69
6CHINANET-AH64
7UNICOM-AH61
8CHINANET-ZJ-QZ46
9CHINANET-ZJ41
10CHINANET-GD25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China740
2Taiwan488
3Viet Nam29
4United States16
5Japan5
6India5
7United Kingdom4
8Thailand3
9Panama3
10South Korea3

Tuesday, November 24, 2015

Suspected Bot List [2015-11-23]

detection period: 2015-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR190.30.19.182Argentina
AR190.48.75.13Argentina
AZ5.178.7.206Azerbaijan
ES87.235.177.251Spain
GR79.107.96.207Greece
IN61.1.32.119India
IN120.63.151.178India
IN202.134.182.2India
IN223.176.132.121India
ME46.161.92.226Montenegro
MX187.177.172.13Mexico
MX189.165.192.246Mexico
MX189.193.198.243Mexico
PH124.106.167.60Philippines
RO92.80.190.27Romania
US162.144.104.214United States
US198.57.194.6United States

Botnet Statistics [2015-11-23]

detection period: 2015-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 866
number of botnet IPs notified to network operators: 849
number of spam blocked: 222079
recipient count of spam blocked: 570844

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU113
2UNICOM-ZJ111
3WASU-BB88
4CHINANET-HB79
5CHINANET-AH78
6CHINANET-ZJ76
7UNICOM-AH60
8VNPT-VNNIC-VN32
9UNICOM-BJ17
10CHINANET-GD15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China699
2Viet Nam73
3United States12
4Taiwan9
5Thailand8
6Brazil7
7India5
8Germany5
9Mexico4
10Indonesia4

Monday, November 23, 2015

Suspected Bot List [2015-11-22]

detection period: 2015-11-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR186.56.109.6Argentina
AR190.7.61.199Argentina
CO190.61.4.62Colombia
EG196.218.145.190Egypt
IN122.163.4.109India
IN202.63.98.161India
KE195.202.72.107Kenya
LK175.157.191.231Sri Lanka
MX189.241.78.220Mexico
PY190.121.174.65Paraguay
US50.116.123.183United States
US162.144.104.214United States
US192.185.4.117United States

Botnet Statistics [2015-11-22]

detection period: 2015-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 624
number of botnet IPs notified to network operators: 611
number of spam blocked: 249623
recipient count of spam blocked: 413547

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ79
2CHINANET-HB78
3WASU57
4UNICOM-AH55
5CHINANET-ZJ55
6CHINANET-AH48
7WASU-BB37
8VNPT-VNNIC-VN34
9CHINANET-GD18
10UNICOM-BJ13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China483
2Viet Nam54
3United States17
4Russian Federation16
5Germany4
6Brazil4
7Taiwan3
8Turkey3
9Iran3
10India3

Sunday, November 22, 2015

Suspected Bot List [2015-11-21]

detection period: 2015-11-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR190.210.149.165Argentina
US155.94.148.35United States

Botnet Statistics [2015-11-21]

detection period: 2015-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 351
number of botnet IPs notified to network operators: 349
number of spam blocked: 267927
recipient count of spam blocked: 543423

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ94
2CHINANET-HB75
3UNICOM-AH24
4CHINANET-JS22
5CHINANET-GD22
6UNICOM-BJ11
7CHINANET-AH10
8CHINANET-ZJ-SX6
9CHINANET-ZJ-JH4
10BJENET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China304
2United States13
3Taiwan5
4Thailand4
5Germany3
6Russian Federation2
7Bulgaria2
8Viet Nam1
9Ukraine1
10Turkey1

Saturday, November 21, 2015

Suspected Bot List [2015-11-20]

detection period: 2015-11-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR190.210.149.165Argentina
IN117.218.69.229India
MX187.217.165.227Mexico
RO92.85.147.129Romania
US162.144.104.214United States

Botnet Statistics [2015-11-20]

detection period: 2015-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 631
number of botnet IPs notified to network operators: 626
number of spam blocked: 205946
recipient count of spam blocked: 338020

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU123
2WASU-BB75
3CHINANET-HB70
4CHINANET-ZJ65
5CHINANET-AH51
6UNICOM-ZJ50
7CHINANET-GD28
8UNICOM-AH27
9CHINANET-JS10
10UNICOM-BJ8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China556
2Viet Nam11
3Taiwan10
4United States8
5Ukraine6
6Russian Federation4
7Brazil4
8Thailand3
9India3
10Germany3

Friday, November 20, 2015

Suspected Bot List [2015-11-19]

detection period: 2015-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 33

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DO200.42.219.44Dominican Republic
MX187.131.35.15Mexico
TW123.194.31.30Taiwan
US50.255.96.65United States

List from greylisting:

country codeIP addressCountry
AE217.165.164.208Arab Emirates
AR181.15.123.18Argentina
AR181.31.12.106Argentina
AR190.178.7.131Argentina
AR190.190.127.21Argentina
CN121.40.80.62China
ES87.235.177.251Spain
IN14.140.253.194India
IN59.88.217.24India
IN59.96.110.179India
IN61.0.94.241India
IN117.193.186.195India
IN117.214.44.205India
IN120.57.166.19India
IN122.168.5.151India
IN122.170.9.100India
MA41.137.56.4Morocco
MX200.94.75.210Mexico
PH58.71.96.62Philippines
RO89.120.95.9Romania
RO92.82.94.33Romania
RO109.99.32.166Romania
UA178.213.107.190Ukraine
UA193.107.130.184Ukraine
US64.6.236.75United States
US66.188.117.246United States
US96.39.42.105United States
US155.94.148.35United States
US162.144.104.214United States

Botnet Statistics [2015-11-19]

detection period: 2015-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 850
number of botnet IPs notified to network operators: 817
number of spam blocked: 251106
recipient count of spam blocked: 450161

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU114
2UNICOM-ZJ98
3WASU-BB70
4CHINANET-HB47
5VNPT-VNNIC-VN43
6CHINANET-ZJ43
7CHINANET-AH40
8UNICOM-AH34
9CHINANET-GD32
10SC-CH-NET-SRL18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China566
2Viet Nam87
3United States30
4European Union18
5India14
6South Korea12
7Brazil12
8Ukraine10
9Poland9
10Taiwan8

Thursday, November 19, 2015

Suspected Bot List [2015-11-18]

detection period: 2015-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR24.232.112.60Argentina
DO200.42.219.44Dominican Republic
MX187.131.35.15Mexico
MX189.176.244.187Mexico
US50.255.96.65United States

List from greylisting:

country codeIP addressCountry
AM46.241.201.205Armenia
AR190.210.149.165Argentina
ES87.235.177.251Spain
IN59.90.79.135India
IN61.3.200.126India
IN117.208.234.77India
IN122.169.4.100India
IN122.175.238.191India
IN182.68.153.40India
KG91.192.66.210Kyrgyzstan
RO89.122.16.246Romania
RO92.81.30.225Romania
RU91.218.163.6Russian Federation
TR46.2.123.10Turkey
US64.6.236.75United States
US155.94.148.35United States
US216.172.173.36United States

Botnet Statistics [2015-11-18]

detection period: 2015-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 852
number of botnet IPs notified to network operators: 830
number of spam blocked: 287342
recipient count of spam blocked: 565299

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ134
2WASU93
3WASU-BB85
4CHINANET-ZJ58
5CHINANET-HB51
6CHINANET-GD49
7CHINANET-AH47
8UNICOM-AH44
9VNPT-VNNIC-VN37
10CHINANET-JS18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China655
2Viet Nam68
3Japan18
4United States13
5India10
6Ukraine9
7Taiwan9
8Russian Federation9
9Brazil7
10Turkey5

Wednesday, November 18, 2015

Suspected Bot List [2015-11-17]

detection period: 2015-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR24.232.112.60Argentina
DO200.42.219.44Dominican Republic
MX189.176.244.187Mexico
MX189.176.250.180Mexico
US50.203.120.116United States
US50.241.22.137United States
US50.255.96.65United States

List from greylisting:

country codeIP addressCountry
AE217.165.126.154Arab Emirates
AR190.210.9.23Argentina
AR190.210.149.165Argentina
IN27.251.239.186India
KW62.215.59.49Kuwait
US64.6.236.75United States
US155.94.148.35United States
US162.144.34.20United States
US173.254.219.249United States

Botnet Statistics [2015-11-17]

detection period: 2015-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 938
number of botnet IPs notified to network operators: 922
number of spam blocked: 323425
recipient count of spam blocked: 601971

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ142
2WASU129
3CHINANET-ZJ107
4CHINANET-HB103
5CHINANET-AH86
6UNICOM-AH83
7WASU-BB73
8CHINANET-GD23
9CHINANET-JS19
10UNICOM-BJ17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China861
2United States19
3Taiwan8
4Germany5
5Viet Nam4
6South Africa3
7India3
8Indonesia3
9Argentina3
10Turkey2

Tuesday, November 17, 2015

Suspected Bot List [2015-11-16]

detection period: 2015-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 312

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AE83.110.58.100Arab Emirates
AE83.110.74.187Arab Emirates
AE83.110.94.204Arab Emirates
AE83.110.136.131Arab Emirates
AE83.110.137.198Arab Emirates
AE83.110.148.145Arab Emirates
AL77.247.90.245Albania
AL79.106.110.62Albania
AR181.16.111.105Argentina
AR181.23.216.43Argentina
AR181.25.209.8Argentina
AR181.28.238.229Argentina
AR181.164.238.100Argentina
AR181.165.253.43Argentina
AR181.167.129.209Argentina
AR181.167.251.189Argentina
AR181.168.32.176Argentina
AR181.189.210.157Argentina
AR186.122.136.158Argentina
AR186.138.199.143Argentina
AR190.2.21.101Argentina
AR190.3.71.234Argentina
AR190.17.223.54Argentina
AR190.30.245.109Argentina
AR190.55.196.183Argentina
AR190.104.249.64Argentina
AR190.105.127.9Argentina
AR190.173.18.213Argentina
AR190.174.27.80Argentina
AR190.188.105.228Argentina
AR190.210.9.23Argentina
AR190.210.149.165Argentina
AR190.230.135.148Argentina
AR190.244.20.53Argentina
AR190.245.81.170Argentina
AR200.3.189.248Argentina
AR200.68.92.93Argentina
AR200.123.157.186Argentina
AR201.231.145.78Argentina
AR201.251.136.4Argentina
BD103.242.216.226Bangladesh
BD103.242.219.18Bangladesh
BG78.90.7.87Bulgaria
BO181.114.119.188Bolivia
BO181.115.140.101Bolivia
BO190.129.154.139Bolivia
BO190.129.165.152Bolivia
BO200.87.131.142Bolivia
BO200.87.146.149Bolivia
BO200.87.171.186Bolivia
CO190.7.130.107Colombia
DO148.103.232.19Dominican Republic
DO186.120.186.44Dominican Republic
DZ41.107.119.173Algeria
DZ105.104.147.189Algeria
DZ197.115.133.111Algeria
DZ197.117.188.77Algeria
EC190.63.4.145Ecuador
EC190.214.21.185Ecuador
EC200.125.236.186Ecuador
EC201.238.179.191Ecuador
ES79.146.91.45Spain
ES81.33.189.78Spain
ES83.50.65.136Spain
ES83.50.85.164Spain
ES83.58.254.143Spain
ES88.14.234.199Spain
ES89.7.171.108Spain
ES95.60.187.163Spain
ES95.121.21.175Spain
ET213.55.115.109Ethiopia
GB2.216.118.87United Kingdom
GB2.217.115.252United Kingdom
GB2.218.63.114United Kingdom
GB5.65.82.7United Kingdom
GB5.71.65.90United Kingdom
GB90.194.114.60United Kingdom
GB151.224.19.190United Kingdom
GB151.230.64.99United Kingdom
GB213.41.83.218United Kingdom
GH41.218.217.7Ghana
GH41.218.223.182Ghana
GH196.11.90.10Ghana
GR79.107.229.143Greece
GR79.166.26.220Greece
GR141.237.106.161Greece
GT181.189.152.102Guatemala
GT200.6.244.122Guatemala
GT200.35.180.180Guatemala
HN190.53.241.206Honduras
IL94.159.171.16Israel
IN1.39.36.129India
IN1.39.49.178India
IN27.34.253.42India
IN27.109.24.174India
IN27.251.185.54India
IN59.92.99.223India
IN59.177.217.119India
IN59.178.76.115India
IN59.182.179.49India
IN59.183.184.174India
IN60.243.252.209India
IN60.254.96.212India
IN61.2.19.101India
IN61.3.146.51India
IN103.2.132.117India
IN103.2.132.203India
IN103.2.134.134India
IN106.216.137.99India
IN115.98.50.253India
IN117.194.17.103India
IN117.194.149.74India
IN117.194.200.78India
IN117.195.228.122India
IN117.199.191.198India
IN117.200.89.247India
IN117.202.112.247India
IN117.205.119.180India
IN117.206.187.172India
IN117.207.169.68India
IN117.211.165.83India
IN117.213.94.159India
IN117.214.32.211India
IN117.218.64.133India
IN117.222.46.82India
IN117.222.66.238India
IN117.228.111.158India
IN117.229.67.181India
IN117.234.170.235India
IN117.242.213.120India
IN117.244.99.5India
IN117.253.167.250India
IN120.57.232.205India
IN120.59.38.50India
IN120.88.181.157India
IN122.161.58.163India
IN122.161.90.13India
IN122.161.212.210India
IN122.163.16.152India
IN122.163.60.147India
IN122.163.77.10India
IN122.163.93.55India
IN122.163.215.146India
IN122.164.236.117India
IN122.167.38.86India
IN122.167.116.218India
IN122.168.57.12India
IN122.168.141.69India
IN122.168.246.215India
IN122.170.57.31India
IN122.171.123.210India
IN122.171.215.79India
IN122.172.149.44India
IN122.172.205.116India
IN122.172.248.169India
IN122.173.81.123India
IN122.175.209.46India
IN122.176.68.209India
IN122.176.252.207India
IN122.178.175.231India
IN123.201.198.103India
IN125.19.97.198India
IN150.129.29.187India
IN150.129.126.195India
IN182.57.254.227India
IN182.68.97.252India
IN182.69.140.211India
IN182.71.160.209India
IN182.73.21.86India
IN182.73.204.34India
IN182.74.184.211India
IN182.74.209.226India
IN202.63.115.82India
IN223.176.14.154India
IQ93.91.194.202Iraq
IQ95.170.192.216Iraq
IQ130.193.199.35Iraq
IQ130.193.220.86Iraq
IR85.133.226.60Iran
IR89.165.82.128Iran
IT5.170.2.190Italy
IT95.227.194.158Italy
IT95.237.165.128Italy
IT95.240.6.201Italy
IT95.241.162.251Italy
IT95.245.67.86Italy
IT95.249.14.185Italy
IT95.252.75.233Italy
IT188.11.173.22Italy
KE41.215.52.146Kenya
KE105.50.37.96Kenya
KE197.254.85.130Kenya
KH114.134.189.169Cambodia
KH114.134.189.181Cambodia
KH114.134.189.191Cambodia
KW62.215.163.226Kuwait
KW83.96.52.126Kuwait
KW168.187.16.253Kuwait
KZ2.132.85.222Kazakhstan
LB85.112.70.168Lebanon
LK175.157.242.90Sri Lanka
LK175.157.244.13Sri Lanka
ME46.161.108.193Montenegro
ME178.175.52.126Montenegro
MO60.246.188.34Macau
MU41.212.158.50Mauritius
MX177.229.148.43Mexico
MX177.232.114.234Mexico
MX177.240.65.93Mexico
MX177.244.43.3Mexico
MX187.176.65.213Mexico
MX187.178.247.65Mexico
MX187.242.160.185Mexico
MX189.193.89.234Mexico
MX189.197.182.248Mexico
MX189.205.202.141Mexico
MX189.206.54.50Mexico
MX189.208.101.130Mexico
MX189.209.22.31Mexico
MX201.128.223.211Mexico
MX201.163.42.34Mexico
MX201.164.160.255Mexico
MY123.136.106.205Malaysia
NG41.75.203.11Nigeria
PH122.52.117.37Philippines
PH122.54.77.92Philippines
PK39.32.69.49Pakistan
PK39.32.144.148Pakistan
PK39.32.165.111Pakistan
PK39.32.169.43Pakistan
PK39.32.181.128Pakistan
PK39.33.232.178Pakistan
PK39.34.105.112Pakistan
PK39.42.64.12Pakistan
PK39.43.110.49Pakistan
PK39.45.20.86Pakistan
PK39.48.125.80Pakistan
PK39.49.50.236Pakistan
PK39.54.182.153Pakistan
PK39.55.32.145Pakistan
PK39.55.139.143Pakistan
PK39.55.239.60Pakistan
PK115.186.58.204Pakistan
PK115.186.92.110Pakistan
PK115.186.103.12Pakistan
PK119.157.0.231Pakistan
PK182.178.139.231Pakistan
PK182.185.12.164Pakistan
PK182.185.24.106Pakistan
PK182.185.69.34Pakistan
PK182.185.223.211Pakistan
PK182.185.253.141Pakistan
PK182.186.247.140Pakistan
PK182.188.221.236Pakistan
PK182.191.67.80Pakistan
PK203.101.179.84Pakistan
PY186.17.144.143Paraguay
PY190.128.150.70Paraguay
PY200.85.41.182Paraguay
RO86.34.169.14Romania
RO86.34.184.210Romania
RO86.35.228.61Romania
RO89.122.180.237Romania
RO92.82.235.235Romania
RO92.83.191.58Romania
RO92.84.44.76Romania
RO92.84.84.202Romania
RO92.85.89.95Romania
RO92.85.179.216Romania
RO92.86.201.3Romania
RS24.135.208.76Serbia
RS89.216.138.101Serbia
RS178.148.191.52Serbia
RS178.149.82.179Serbia
RS178.149.254.46Serbia
RS188.2.61.118Serbia
RS188.2.86.47Serbia
RS188.2.153.54Serbia
SD196.202.152.242Sudan
SK78.99.98.95Slovakia
SV190.86.175.37El Salvador
TH112.143.6.20Thailand
TM217.174.234.7Turkmenistan
TR31.155.249.199Turkey
TR46.2.3.59Turkey
TR46.2.69.110Turkey
TR46.2.252.238Turkey
TR94.78.71.237Turkey
TR188.3.217.92Turkey
TW118.233.217.210Taiwan
TW123.192.223.214Taiwan
TW123.193.125.70Taiwan
TZ41.59.251.190Tanzania
US47.67.124.51United States
US47.67.219.84United States
US50.255.165.230United States
US64.6.236.75United States
US162.144.34.20United States
UY167.56.17.167Uruguay
UY167.58.33.102Uruguay
UY167.60.19.84Uruguay
UY167.62.149.58Uruguay
UY179.25.159.21Uruguay
UY179.29.114.80Uruguay
UY186.48.23.209Uruguay
UY186.48.170.151Uruguay
UY186.50.51.116Uruguay
UZ213.230.77.35Uzbekistan
UZ213.230.78.26Uzbekistan
UZ213.230.101.182Uzbekistan
ZA197.255.127.177South Africa
ZM41.72.121.213Zambia

Botnet Statistics [2015-11-16]

detection period: 2015-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2679
number of botnet IPs notified to network operators: 2367
number of spam blocked: 75597
recipient count of spam blocked: 1471299

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET443
2UNICOM-ZJ132
3WASU97
4VNPT-VNNIC-VN94
5CHINANET-ZJ91
6CHINANET-HB85
7WASU-BB76
8UNICOM-AH73
9CHINANET-AH73
10FPT-VN52

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China753
2Taiwan456
3Viet Nam262
4India154
5Turkey73
6Iran52
7Mexico47
8Italy46
9Peru36
10Pakistan35

Monday, November 16, 2015

Suspected Bot List [2015-11-15]

detection period: 2015-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR24.232.112.60Argentina
DO200.42.219.44Dominican Republic
MX187.131.22.18Mexico
MX189.176.244.109Mexico
MX189.252.9.19Mexico
US50.255.96.65United States

List from greylisting:

country codeIP addressCountry
AR190.210.149.165Argentina
MX187.177.172.13Mexico
RS178.149.66.24Serbia
TW123.192.242.219Taiwan
US64.6.236.75United States
US155.94.254.59United States
US162.144.104.214United States

Botnet Statistics [2015-11-15]

detection period: 2015-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 1702
number of botnet IPs notified to network operators: 1689
number of spam blocked: 139446
recipient count of spam blocked: 3811623

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1031
2CHINANET-GD97
3CHINANET-ZJ73
4CHINANET-AH69
5CHINANET-HB67
6UNICOM-AH52
7UNICOM-ZJ40
8CHINANET-JS31
9WASU24
10WASU-BB23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1037
2China575
3Viet Nam29
4United States13
5Thailand5
6Germany5
7Russian Federation4
8Mexico4
9Chile3
10Turkey2

Sunday, November 15, 2015

Suspected Bot List [2015-11-14]

detection period: 2015-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 27

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR181.15.90.37Argentina
AR181.166.80.209Argentina
AR190.103.225.98Argentina
AR190.210.149.165Argentina
IN1.39.63.68India
IN106.219.5.34India
IN117.204.46.9India
IN117.221.90.59India
IN117.241.6.234India
IN120.61.162.107India
IN120.63.149.16India
IN122.176.201.244India
IN182.64.241.228India
IN182.74.175.198India
IR5.200.68.118Iran
MX189.233.57.251Mexico
PK39.33.223.118Pakistan
PK39.43.107.227Pakistan
PL188.146.68.67Poland
PL188.146.68.90Poland
RO109.96.244.164Romania
RO109.101.24.206Romania
TH222.123.128.1Thailand
TR31.155.211.81Turkey
UA91.211.213.35Ukraine
UA194.8.147.152Ukraine
US64.6.236.75United States

Botnet Statistics [2015-11-14]

detection period: 2015-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1477
number of botnet IPs notified to network operators: 1450
number of spam blocked: 137467
recipient count of spam blocked: 3411616

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET889
2VNPT-VNNIC-VN54
3CHINANET-ZJ42
4CHINANET-HB42
5CHINANET-GD41
6CHINANET-AH39
7CHINANET-ZJ-NB32
8UNICOM-AH27
9CHINANET-JS19
10FPT-VN18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan894
2China321
3Viet Nam108
4Ukraine27
5Brazil16
6India14
7Poland10
8Romania9
9Turkey8
10Germany6

Saturday, November 14, 2015

Suspected Bots' IP List for October 2015

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2015-10-01]
Suspected Bots IP [2015-10-02]
Suspected Bots IP [2015-10-03]
Suspected Bots IP [2015-10-04]
Suspected Bots IP [2015-10-05]
Suspected Bots IP [2015-10-06]
Suspected Bots IP [2015-10-07]
Suspected Bots IP [2015-10-08]
Suspected Bots IP [2015-10-09]
Suspected Bots IP [2015-10-10]
Suspected Bots IP [2015-10-11]
Suspected Bots IP [2015-10-12]
Suspected Bots IP [2015-10-13]
Suspected Bots IP [2015-10-15]
Suspected Bots IP [2015-10-16]
Suspected Bots IP [2015-10-17]
Suspected Bots IP [2015-10-18]
Suspected Bots IP [2015-10-19]
Suspected Bots IP [2015-10-20]
Suspected Bots IP [2015-10-21]
Suspected Bots IP [2015-10-22]
Suspected Bots IP [2015-10-23]
Suspected Bots IP [2015-10-24]
Suspected Bots IP [2015-10-25]
Suspected Bots IP [2015-10-26]
Suspected Bots IP [2015-10-27]
Suspected Bots IP [2015-10-28]
Suspected Bots IP [2015-10-29]
Suspected Bots IP [2015-10-30]
Suspected Bots IP [2015-10-31]

Suspected Bot List [2015-11-13]

detection period: 2015-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AR190.55.85.72Argentina
AR190.210.149.165Argentina
EG196.204.215.17Egypt
IN59.96.225.39India
IN117.201.162.8India
IN117.217.240.90India
IN117.222.172.188India
IN122.161.42.30India
IN122.172.118.126India
IN122.176.118.183India
KZ5.34.77.57Kazakhstan
PK39.43.67.134Pakistan
US64.6.236.75United States

Botnet Statistics [2015-11-13]

detection period: 2015-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 609
number of botnet IPs notified to network operators: 596
number of spam blocked: 24988
recipient count of spam blocked: 158698

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD135
2VNPT-VNNIC-VN44
3CHINANET-ZJ44
4CHINANET-AH35
5WASU33
6CHINANET-HB32
7UNICOM-AH31
8UNICOM-ZJ23
9WASU-BB19
10CHINANET-ZJ-NB19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China426
2Viet Nam92
3India13
4Brazil12
5Ukraine8
6United States6
7Taiwan6
8Turkey6
9Germany5
10Romania4

Friday, November 13, 2015

Suspected Bot List [2015-11-12]

detection period: 2015-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
UY167.57.3.42Uruguay

List from greylisting:

country codeIP addressCountry
AR190.210.149.165Argentina
CO200.80.10.68Colombia
IN117.221.189.203India
IN182.68.74.98India
MX187.210.168.130Mexico
MX189.136.51.233Mexico
RO89.122.108.233Romania
US162.144.34.20United States

Botnet Statistics [2015-11-12]

detection period: 2015-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 1387
number of botnet IPs notified to network operators: 1378
number of spam blocked: 130210
recipient count of spam blocked: 3179327

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET660
2UNICOM-ZJ141
3WASU115
4CHINANET-GD107
5WASU-BB86
6CHINANET-AH40
7CHINANET-ZJ33
8UNICOM-AH32
9CHINANET-HB23
10CHINANET-JS11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan663
2China651
3Viet Nam18
4United States7
5Ukraine5
6Germany5
7Brazil5
8Russian Federation4
9India3
10Turkey2

Thursday, November 12, 2015

Suspected Bot List [2015-11-11]

detection period: 2015-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 24

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
GB163.172.10.74United Kingdom
UY167.57.3.42Uruguay

List from greylisting:

country codeIP addressCountry
AE83.111.52.4Arab Emirates
AR181.15.123.18Argentina
AR181.16.100.172Argentina
AR186.128.171.225Argentina
CO200.80.10.68Colombia
ES87.235.177.251Spain
IN61.3.171.193India
IN116.73.193.4India
IQ130.193.224.173Iraq
MO122.100.152.220Macau
MX177.228.177.90Mexico
MX187.210.168.130Mexico
RO86.35.247.78Romania
RO89.121.207.83Romania
RO92.81.55.89Romania
RO109.98.164.156Romania
RO109.100.100.57Romania
RO109.102.91.85Romania
RO109.102.253.218Romania
TR95.65.237.66Turkey
US162.144.131.227United States
US173.254.219.249United States

Botnet Statistics [2015-11-11]

detection period: 2015-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1863
number of botnet IPs notified to network operators: 1839
number of spam blocked: 165368
recipient count of spam blocked: 4194663

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1011
2UNICOM-ZJ161
3CHINANET-GD121
4WASU103
5WASU-BB76
6CHINANET-AH36
7CHINANET-HB35
8CHINANET-ZJ-NB32
9UNICOM-AH30
10VNPT-VNNIC-VN27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1017
2China686
3Viet Nam52
4Brazil14
5United States13
6Romania8
7Germany8
8Ukraine6
9Russian Federation5
10India5

Wednesday, November 11, 2015

Suspected Bot List [2015-11-10]

detection period: 2015-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

country codeIP addressCountry
AE83.111.52.4Arab Emirates
AR181.170.31.42Argentina
AR186.38.47.235Argentina
AR186.56.20.105Argentina
AR186.138.189.251Argentina
AR190.191.110.78Argentina
AR200.41.195.67Argentina
CR201.203.219.188Costa Rica
GR109.242.152.87Greece
IL213.57.88.54Israel
IN45.123.25.243India
IN117.247.165.48India
IN122.162.70.154India
KZ5.34.42.238Kazakhstan
KZ46.34.213.188Kazakhstan
MX187.179.191.83Mexico
MX187.210.168.130Mexico
RO89.122.164.147Romania
RO89.123.127.10Romania
RO92.80.212.6Romania
RO109.97.238.245Romania
US75.131.26.125United States
US173.254.219.249United States
US192.254.137.244United States
US216.172.173.36United States

Botnet Statistics [2015-11-10]

detection period: 2015-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1740
number of botnet IPs notified to network operators: 1715
number of spam blocked: 113116
recipient count of spam blocked: 2802311

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1029
2UNICOM-ZJ151
3WASU107
4WASU-BB89
5CHINANET-GD56
6VNPT-VNNIC-VN42
7CHINANET-ZJ-NB15
8VIETEL-VN9
9UNICOM-BJ8
10CHINANET-ZJ-JH8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1030
2China509
3Viet Nam81
4Russian Federation15
5Brazil12
6Ukraine10
7United States9
8Turkey7
9Romania6
10Argentina6