Custom Search

Thursday, June 30, 2016

Suspected Bot List [2016-06-29]

detection period: 2016-06-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 96

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-29]

detection period: 2016-06-29 00:00-23:59 UTC
total number of suspected botnet IPs: 1970
number of botnet IPs notified to network operators: 1874
number of spam blocked: 4510
recipient count of spam blocked: 21194

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU546
2CNCITYNET150
3HINET-NET140
4SONET-NET131
5UNICOM-ZJ107
6RingLink76
7VNPT-VNNIC-VN48
8CHINANET-JS38
9WASU-BB32
10UNICOM-JS26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1157
2Taiwan275
3Viet Nam88
4India70
5Brazil37
6Mexico36
7United States28
8South Korea20
9Turkey16
10Iran16

Wednesday, June 29, 2016

Suspected Bot List [2016-06-28]

detection period: 2016-06-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 98

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-28]

detection period: 2016-06-28 00:00-23:59 UTC
total number of suspected botnet IPs: 1717
number of botnet IPs notified to network operators: 1619
number of spam blocked: 1950
recipient count of spam blocked: 19714

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU397
2SONET-NET191
3UNICOM-ZJ99
4HINET-NET94
5CNCITYNET92
6WASU-BB51
7VNPT-VNNIC-VN41
8UNICOM-JS36
9RingLink35
10CHINANET-JS34

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China876
2Taiwan288
3India78
4Viet Nam69
5Mexico42
6Iran30
7Turkey28
8Brazil24
9United States23
10Peru23

Tuesday, June 28, 2016

Suspected Bot List [2016-06-27]

detection period: 2016-06-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 82

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-27]

detection period: 2016-06-27 00:00-23:59 UTC
total number of suspected botnet IPs: 2312
number of botnet IPs notified to network operators: 2230
number of spam blocked: 3402
recipient count of spam blocked: 12252

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU426
2SONET-NET344
3HINET-NET289
4CNCITYNET168
5UNICOM-ZJ100
6RingLink63
7WASU-BB49
8VNPT-VNNIC-VN34
9CHINANET-JS33
10UNICOM-JS31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1036
2Taiwan635
3India100
4Viet Nam62
5Mexico46
6Brazil38
7Turkey30
8South Korea25
9United States24
10Iran22

Monday, June 27, 2016

Suspected Bot List [2016-06-26]

detection period: 2016-06-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 57

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
GB163.172.143.102United Kingdom

List from greylisting:

Botnet Statistics [2016-06-26]

detection period: 2016-06-26 00:00-23:59 UTC
total number of suspected botnet IPs: 1451
number of botnet IPs notified to network operators: 1395
number of spam blocked: 2149
recipient count of spam blocked: 8239

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU349
2CNCITYNET128
3SONET-NET126
4HINET-NET111
5UNICOM-ZJ95
6RingLink53
7WASU-BB48
8VNPT-VNNIC-VN36
9UNICOM-JS18
10CHINANET-GD18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China826
2Taiwan240
3Viet Nam69
4India36
5United States27
6Iran23
7South Korea17
8Mexico15
9Turkey14
10Brazil12

Sunday, June 26, 2016

Suspected Bot List [2016-06-25]

detection period: 2016-06-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 60

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-25]

detection period: 2016-06-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1021
number of botnet IPs notified to network operators: 961
number of spam blocked: 518
recipient count of spam blocked: 14117

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CNCITYNET192
2RingLink78
3UNICOM-ZJ34
4TencentCloud25
5VNPT-VNNIC-VN24
6KORNET-KR22
7UNICOM-BJ21
8ALISOFT21
9CHINANET-GD20
10MX-USCV4-LACNIC16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China530
2Viet Nam56
3India50
4Mexico33
5South Korea28
6Iran28
7Brazil27
8United States19
9Turkey19
10Peru16

Saturday, June 25, 2016

Suspected Bot List [2016-06-24]

detection period: 2016-06-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 43

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-24]

detection period: 2016-06-24 00:00-23:59 UTC
total number of suspected botnet IPs: 787
number of botnet IPs notified to network operators: 744
number of spam blocked: 4
recipient count of spam blocked: 4

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CNCITYNET113
2WASU95
3RingLink54
4UNICOM-ZJ30
5CHINANET-JS26
6UNICOM-JS24
7MX-USCV4-LACNIC19
8TencentCloud16
9UNICOM-BJ13
10WASU-BB12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China462
2India37
3Brazil32
4Mexico31
5Viet Nam19
6United States17
7Colombia17
8Peru14
9South Korea14
10Iran12

Friday, June 24, 2016

Suspected Bot List [2016-06-23]

detection period: 2016-06-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 73

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-23]

detection period: 2016-06-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1290
number of botnet IPs notified to network operators: 1217
number of spam blocked: 5724
recipient count of spam blocked: 5753

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU424
2CNCITYNET110
3UNICOM-ZJ102
4CHINANET-JS54
5RingLink46
6WASU-BB42
7UNICOM-JS32
8UNICOM-BJ22
9VNPT-VNNIC-VN19
10CMNET16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China951
2Viet Nam38
3India37
4Mexico25
5Turkey20
6Brazil20
7United States15
8South Korea14
9Iran11
10Colombia10

Thursday, June 23, 2016

Botnet Statistics [2016-06-22]

detection period: 2016-06-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1448
number of botnet IPs notified to network operators: 1406
number of spam blocked: 2156
recipient count of spam blocked: 42467

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU405
2CNCITYNET157
3UNICOM-ZJ95
4RingLink69
5VNPT-VNNIC-VN61
6WASU-BB45
7CHINANET-JS44
8UNICOM-JS34
9TencentCloud31
10UNICOM-BJ21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1046
2Viet Nam107
3India48
4Brazil23
5Mexico21
6South Korea18
7Iran18
8United States14
9Thailand13
10Russian Federation12

Wednesday, June 22, 2016

Suspected Bot List [2016-06-21]

detection period: 2016-06-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 29

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-21]

detection period: 2016-06-21 00:00-23:59 UTC
total number of suspected botnet IPs: 1095
number of botnet IPs notified to network operators: 1066
number of spam blocked: 3148
recipient count of spam blocked: 3148

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU313
2CNCITYNET121
3UNICOM-ZJ86
4RingLink51
5VNPT-VNNIC-VN46
6UNICOM-JS34
7CHINANET-JS34
8WASU-BB27
9CMNET20
10TencentCloud18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China796
2Viet Nam75
3India35
4Mexico17
5South Korea17
6Brazil15
7United States14
8Germany13
9Russian Federation11
10Turkey10

Tuesday, June 21, 2016

Suspected Bot List [2016-06-20]

detection period: 2016-06-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-20]

detection period: 2016-06-20 00:00-23:59 UTC
total number of suspected botnet IPs: 1003
number of botnet IPs notified to network operators: 991
number of spam blocked: 1453
recipient count of spam blocked: 1453

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU522
2UNICOM-ZJ91
3CNCITYNET52
4WASU-BB39
5CHINANET-JS37
6UNICOM-JS35
7RingLink22
8UNICOM-BJ16
9CHINANET-GD16
10CHINANET-HN9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China891
2Viet Nam14
3India11
4Brazil10
5Mexico9
6Russian Federation6
7Peru5
8Colombia5
9Iran4
10Indonesia4

Monday, June 20, 2016

Suspected Bot List [2016-06-19]

detection period: 2016-06-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-19]

detection period: 2016-06-19 00:00-23:59 UTC
total number of suspected botnet IPs: 796
number of botnet IPs notified to network operators: 779
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU265
2CNCITYNET96
3UNICOM-ZJ86
4RingLink49
5WASU-BB42
6CHINANET-JS28
7UNICOM-JS22
8CMNET9
9TencentCloud8
10UNICOM-BJ7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China666
2Viet Nam13
3India13
4Brazil13
5Mexico10
6Russian Federation8
7South Korea8
8United States5
9Iran5
10United Kingdom4

Sunday, June 19, 2016

Suspected Bot List [2016-06-18]

detection period: 2016-06-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RS178.148.117.154Serbia

List from greylisting:

Botnet Statistics [2016-06-18]

detection period: 2016-06-18 00:00-23:59 UTC
total number of suspected botnet IPs: 540
number of botnet IPs notified to network operators: 515
number of spam blocked: 489
recipient count of spam blocked: 14185

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CNCITYNET165
2RingLink91
3TencentCloud20
4KORNET-KR16
5CMNET16
6VNPT-VNNIC-VN11
7UNICOM-BJ11
8CHINANET-GD8
9HICHINA7
10CHINANET-ZJ7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China379
2South Korea17
3Viet Nam16
4Taiwan10
5Brazil9
6United States8
7Russian Federation8
8Mexico8
9Turkey7
10Japan7

Saturday, June 18, 2016

Suspected Bot List [2016-06-17]

detection period: 2016-06-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 29

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.108.35.2Argentina
CA45.62.242.80Canada
CZ109.238.208.242Czech Republic
ID202.61.126.62Indonesia
IN203.192.212.52India
IN223.196.86.210India
IN223.196.86.215India
IN223.196.87.19India
RS89.216.118.10Serbia
TR78.186.4.165Turkey
TR78.186.10.224Turkey
TR78.189.128.103Turkey
TR78.189.231.24Turkey
TR85.105.14.48Turkey
TR85.105.33.188Turkey
TR88.225.216.167Turkey
TR88.247.23.135Turkey
TR88.247.56.225Turkey
TW211.78.82.186Taiwan
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2016-06-17]

detection period: 2016-06-17 00:00-23:59 UTC
total number of suspected botnet IPs: 1523
number of botnet IPs notified to network operators: 1495
number of spam blocked: 6518
recipient count of spam blocked: 153258

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CNCITYNET366
2WASU294
3RingLink162
4TencentCloud70
5UNICOM-ZJ59
6CHINANET-JS37
7KORNET-KR31
8VNPT-VNNIC-VN29
9UNICOM-GX28
10CHINANET-GD20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1239
2Viet Nam39
3South Korea36
4Brazil24
5United States21
6Russian Federation18
7Turkey12
8India10
9Taiwan9
10United Kingdom8

Friday, June 17, 2016

Suspected Bot List [2016-06-16]

detection period: 2016-06-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 29

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.30.11.71Argentina
AR190.108.35.2Argentina
AR209.13.156.2Argentina
BO186.27.126.130Bolivia
ID202.61.126.62Indonesia
IN114.79.160.30India
IN203.192.212.52India
RS89.216.118.10Serbia
RU95.71.48.188Russian Federation
TR78.186.4.165Turkey
TR78.186.10.224Turkey
TR78.189.128.103Turkey
TR78.189.231.24Turkey
TR85.105.14.48Turkey
TR85.105.33.188Turkey
TR88.225.216.167Turkey
TR88.247.23.135Turkey
TR88.247.56.225Turkey
TW211.78.82.186Taiwan
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2016-06-16]

detection period: 2016-06-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2094
number of botnet IPs notified to network operators: 2066
number of spam blocked: 6458
recipient count of spam blocked: 175495

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU496
2CNCITYNET416
3RingLink165
4CHINANET-JS111
5UNICOM-ZJ94
6UNICOM-JS79
7TencentCloud72
8WASU-BB41
9CHINANET-GD34
10KORNET-KR33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1824
2South Korea38
3Brazil27
4United States16
5Russian Federation16
6India15
7Taiwan14
8Turkey14
9Iran13
10Indonesia9

Thursday, June 16, 2016

Suspected Bot List [2016-06-15]

detection period: 2016-06-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 24

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR170.51.72.177Argentina
AR190.108.35.2Argentina
AR209.13.156.2Argentina
BO186.27.126.130Bolivia
ID202.61.126.62Indonesia
IN203.192.212.52India
RS89.216.118.10Serbia
TR78.186.4.165Turkey
TR78.189.128.103Turkey
TR78.189.231.24Turkey
TR85.105.14.48Turkey
TR85.105.33.188Turkey
TR88.225.216.167Turkey
TR88.247.23.135Turkey
TR88.247.56.225Turkey
TW106.1.5.95Taiwan
TW211.78.82.186Taiwan
US71.95.169.126United States
UZ89.236.217.169Uzbekistan

List from greylisting:

Botnet Statistics [2016-06-15]

detection period: 2016-06-15 00:00-23:59 UTC
total number of suspected botnet IPs: 1636
number of botnet IPs notified to network operators: 1612
number of spam blocked: 7278
recipient count of spam blocked: 128057

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CNCITYNET377
2WASU346
3RingLink147
4CHINANET-JS101
5UNICOM-ZJ72
6UNICOM-JS57
7TencentCloud50
8WASU-BB39
9CHINANET-GD29
10KORNET-KR28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1429
2South Korea34
3Brazil19
4Taiwan16
5United States15
6Turkey11
7Russian Federation9
8Iran8
9United Kingdom8
10India7

Wednesday, June 15, 2016

Suspected Bot List [2016-06-14]

detection period: 2016-06-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR209.13.156.2Argentina
BO186.27.126.130Bolivia
ID202.61.126.62Indonesia
IN114.79.160.30India
IN203.192.212.52India
IN223.196.86.210India
IN223.196.86.215India
IN223.196.87.19India
RS89.216.118.10Serbia
RU95.71.48.188Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2016-06-14]

detection period: 2016-06-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1994
number of botnet IPs notified to network operators: 1981
number of spam blocked: 6938
recipient count of spam blocked: 181587

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU466
2CNCITYNET428
3RingLink175
4UNICOM-ZJ102
5CHINANET-JS74
6UNICOM-JS73
7HINET-NET71
8TencentCloud67
9WASU-BB36
10CHINANET-GD34

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1670
2Taiwan110
3South Korea37
4United States18
5Russian Federation16
6Brazil14
7India12
8Turkey11
9Indonesia8
10Iran7

Tuesday, June 14, 2016

Suspected Bot List [2016-06-13]

detection period: 2016-06-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.30.11.71Argentina
AR190.108.35.2Argentina
AR209.13.156.2Argentina
ID202.61.126.62Indonesia
IN203.192.212.52India
PH122.53.178.100Philippines
RS89.216.118.10Serbia
RU95.71.48.188Russian Federation
TR78.186.4.165Turkey
TR78.189.128.103Turkey
TR78.189.231.24Turkey
TR81.213.108.83Turkey
TR85.105.14.48Turkey
TR85.105.33.188Turkey
TR88.225.216.167Turkey
TR88.247.23.135Turkey
TR88.247.56.225Turkey
TR88.247.61.50Turkey
US24.196.69.180United States
ZA196.46.23.122South Africa
ZW41.220.28.138Zimbabwe

List from greylisting:

Botnet Statistics [2016-06-13]

detection period: 2016-06-13 00:00-23:59 UTC
total number of suspected botnet IPs: 2336
number of botnet IPs notified to network operators: 2311
number of spam blocked: 12955
recipient count of spam blocked: 299156

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CNCITYNET463
2WASU450
3HINET-NET251
4RingLink173
5CHINANET-JS104
6UNICOM-JS88
7UNICOM-ZJ81
8TencentCloud65
9WASU-BB38
10SONET-NET38

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China1725
2Taiwan325
3South Korea40
4United States25
5Brazil23
6Viet Nam18
7Russian Federation18
8Turkey14
9Indonesia13
10United Kingdom11

Monday, June 13, 2016

Suspected Bot List [2016-06-12]

detection period: 2016-06-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN203.192.212.52India
PK39.32.184.239Pakistan
TR78.189.128.103Turkey

List from greylisting:

Botnet Statistics [2016-06-12]

detection period: 2016-06-12 00:00-23:59 UTC
total number of suspected botnet IPs: 1397
number of botnet IPs notified to network operators: 1392
number of spam blocked: 1249
recipient count of spam blocked: 12994

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU507
2HINET-NET285
3UNICOM-ZJ104
4UNICOM-JS98
5CHINANET-JS68
6CNCITYNET52
7SONET-NET48
8WASU-BB40
9CHINANET-GD20
10HINET19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China992
2Taiwan356
3United States7
4Russian Federation6
5South Korea6
6United Kingdom5
7Brazil3
8Turkey2
9India2
10Germany2

Sunday, June 12, 2016

Suspected Bots' IP List for May 2016

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2016-05-01]
Suspected Bots IP [2016-05-02]
Suspected Bots IP [2016-05-03]
Suspected Bots IP [2016-05-04]
Suspected Bots IP [2016-05-05]
Suspected Bots IP [2016-05-06]
Suspected Bots IP [2016-05-07]
Suspected Bots IP [2016-05-08]
Suspected Bots IP [2016-05-09]
Suspected Bots IP [2016-05-10]
Suspected Bots IP [2016-05-11]
Suspected Bots IP [2016-05-12]
Suspected Bots IP [2016-05-13]
Suspected Bots IP [2016-05-14]
Suspected Bots IP [2016-05-15]
Suspected Bots IP [2016-05-16]
Suspected Bots IP [2016-05-17]
Suspected Bots IP [2016-05-18]
Suspected Bots IP [2016-05-19]
Suspected Bots IP [2016-05-20]
Suspected Bots IP [2016-05-21]
Suspected Bots IP [2016-05-22]
Suspected Bots IP [2016-05-23]
Suspected Bots IP [2016-05-24]
Suspected Bots IP [2016-05-25]
Suspected Bots IP [2016-05-26]
Suspected Bots IP [2016-05-27]
Suspected Bots IP [2016-05-28]
Suspected Bots IP [2016-05-29]
Suspected Bots IP [2016-05-30]
Suspected Bots IP [2016-05-31]

Suspected Bot List [2016-06-11]

detection period: 2016-06-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.55.243.116Argentina
TR85.105.33.188Turkey
UZ89.236.217.169Uzbekistan

List from greylisting:

Botnet Statistics [2016-06-11]

detection period: 2016-06-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1228
number of botnet IPs notified to network operators: 1220
number of spam blocked: 2805
recipient count of spam blocked: 21846

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET381
2WASU268
3SONET-NET74
4CNCITYNET69
5UNICOM-JS60
6UNICOM-ZJ44
7WASU-BB32
8HINET28
9CHINANET-GD28
10CHINANET-JS20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China629
2Taiwan487
3Viet Nam37
4India17
5Thailand6
6South Korea6
7Brazil5
8United States4
9Indonesia4
10Germany3

Saturday, June 11, 2016

Botnet Statistics for May 2016

Due to a failed vps, I lost the data needed for calculating blocked spam and the associated recipient count before May 23. Please keep that in mind when interpreting the information below.

detection period: 2016-05-01 00:00 - 2016-05-31 23:59 UTC
total number of suspected botnet IPs: 58317
number of blocked spams: 32818
recipient count of blocked spams: 243103

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China15517
2Mexico6470
3India5026
4Viet Nam4705
5Taiwan3536
6Iran2072
7Colombia1654
8Brazil1412
9Pakistan1144
10Turkey1116
11Indonesia944
12Peru792
13Tunisia749
14Ecuador548
15United States546
16Bangladesh525
17Bolivia511
18Romania503
19Italy463
20Poland438
21Arab Emirates438
22Venezuela412
23Macedonia389
24Argentina378
25Serbia338

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1Brazil14022
2Poland11794
3Taiwan3571
4China1408
5Germany1049
6Canada233
7Thailand156
8United States128
9Colombia114
10Turkey76
11Russian Federation57
12Mexico45
13Occupied Palestinian Territory44
14Argentina38
15Bolivia33
16Arab Emirates17
17Romania8
18Israel8
19France5
20Portugal3
21Viet Nam2
22Macedonia2
23Hong Kong2
24Malaysia1
25Italy1

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Suspected Bot List [2016-06-10]

detection period: 2016-06-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-10]

detection period: 2016-06-10 00:00-23:59 UTC
total number of suspected botnet IPs: 839
number of botnet IPs notified to network operators: 835
number of spam blocked: 2946
recipient count of spam blocked: 9730

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET450
2SONET-NET92
3CNCITYNET58
4HINET49
5RingLink24
6CHINANET-GD14
7UNICOM-GD9
8TencentCloud9
9KORNET-KR6
10CMNET6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Taiwan597
2China177
3United States13
4South Korea7
5Viet Nam4
6Thailand3
7Russian Federation3
8Netherlands3
9Indonesia3
10Brazil3

Friday, June 10, 2016

Suspected Bot List [2016-06-09]

detection period: 2016-06-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-09]

detection period: 2016-06-09 00:00-23:59 UTC
total number of suspected botnet IPs: 622
number of botnet IPs notified to network operators: 613
number of spam blocked: 3189
recipient count of spam blocked: 24762

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET266
2SONET-NET56
3HINET26
4CHINANET-GD26
5CNCITYNET25
6VNPT-VNNIC-VN18
7RingLink17
8DATANOC10
9UNICOM-BJ9
10CMNET7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Taiwan352
2China143
3Viet Nam30
4United States24
5Russian Federation8
6Brazil8
7Thailand6
8South Korea6
9India6
10Mexico5

Thursday, June 9, 2016

Suspected Bot List [2016-06-08]

detection period: 2016-06-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2016-06-08]

detection period: 2016-06-08 00:00-23:59 UTC
total number of suspected botnet IPs: 862
number of botnet IPs notified to network operators: 857
number of spam blocked: 7079
recipient count of spam blocked: 28555

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU357
2UNICOM-ZJ106
3HINET-NET81
4WASU-BB39
5CHINANET-JS32
6CHINANET-GD30
7UNICOM-JS26
8CMNET17
9SONET-NET15
10UNICOM-BJ13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China695
2Taiwan108
3United States7
4Thailand5
5Brazil5
6Viet Nam3
7Russian Federation3
8South Korea3
9Indonesia3
10Italy2

Wednesday, June 8, 2016

Suspected Bot List [2016-06-07]

detection period: 2016-06-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TW118.232.43.159Taiwan
UZ213.230.75.255Uzbekistan

List from greylisting:

Botnet Statistics [2016-06-07]

detection period: 2016-06-07 00:00-23:59 UTC
total number of suspected botnet IPs: 936
number of botnet IPs notified to network operators: 930
number of spam blocked: 4143
recipient count of spam blocked: 27035

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU339
2CHINANET-JS98
3UNICOM-JS72
4CNCITYNET58
5UNICOM-ZJ44
6CHINANET-GD35
7RingLink20
8WASU-BB17
9UNICOM-GD12
10CMNET11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China815
2Viet Nam18
3Brazil13
4South Korea11
5Taiwan8
6Thailand7
7Japan7
8Turkey6
9Ukraine5
10United States3

Tuesday, June 7, 2016

Suspected Bot List [2016-06-06]

detection period: 2016-06-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.228.161.218Argentina
CA192.243.119.137Canada
PL155.133.38.43Poland
RO81.89.9.171Romania
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2016-06-06]

detection period: 2016-06-06 00:00-23:59 UTC
total number of suspected botnet IPs: 1108
number of botnet IPs notified to network operators: 1095
number of spam blocked: 2784
recipient count of spam blocked: 9804

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU378
2CHINANET-JS180
3UNICOM-JS63
4CNCITYNET34
5CHINANET-GD34
6CHINANET-HA32
7HINET-NET31
8CHINANET-SD30
9VNPT-VNNIC-VN27
10CHINANET-AH24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China954
2Viet Nam45
3Taiwan37
4United States10
5India7
6Russian Federation5
7South Korea4
8France4
9Thailand3
10Romania3

Monday, June 6, 2016

Suspected Bot List [2016-06-05]

detection period: 2016-06-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AZ185.36.200.62Azerbaijan
CO190.7.146.126Colombia
DE213.252.158.9Germany
IN223.196.86.215India
PK39.54.69.73Pakistan
UA91.247.226.140Ukraine
US173.245.67.81United States

List from greylisting:

Botnet Statistics [2016-06-05]

detection period: 2016-06-05 00:00-23:59 UTC
total number of suspected botnet IPs: 1124
number of botnet IPs notified to network operators: 1106
number of spam blocked: 1539
recipient count of spam blocked: 21024

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU254
2CHINANET-JS118
3VNPT-VNNIC-VN83
4CNCITYNET67
5CHINANET-GD49
6CHINANET-HA40
7UNICOM-JS38
8HINET-NET36
9CHINANET-SD31
10CHINANET-QH28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China805
2Viet Nam137
3Taiwan45
4India17
5Brazil17
6United States11
7Ukraine9
8Thailand8
9Russian Federation8
10Romania5

Sunday, June 5, 2016

Suspected Bot List [2016-06-04]

detection period: 2016-06-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CO190.7.146.126Colombia
TW123.110.238.132Taiwan

List from greylisting:

Botnet Statistics [2016-06-04]

detection period: 2016-06-04 00:00-23:59 UTC
total number of suspected botnet IPs: 532
number of botnet IPs notified to network operators: 521
number of spam blocked: 3050
recipient count of spam blocked: 26766

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS81
2CHINANET-HA42
3UNICOM-JS40
4CNCITYNET40
5CHINANET-JX36
6CHINANET-QH35
7CHINANET-SD29
8CHINANET-GD29
9CHINANET-AH20
10CMNET15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China456
2United States17
3Taiwan10
4Viet Nam5
5Thailand5
6Germany4
7Turkey3
8South Korea3
9Indonesia3
10Colombia3

Saturday, June 4, 2016

Suspected Bot List [2016-06-03]

detection period: 2016-06-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CO190.7.146.126Colombia
IN49.205.141.7India
RO89.121.206.8Romania
TR85.98.33.84Turkey

List from greylisting:

Botnet Statistics [2016-06-03]

detection period: 2016-06-03 00:00-23:59 UTC
total number of suspected botnet IPs: 520
number of botnet IPs notified to network operators: 507
number of spam blocked: 7033
recipient count of spam blocked: 23786

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS87
2CNCITYNET49
3UNICOM-JS43
4CHINANET-GD29
5CHINANET-AH28
6UNICOM-BJ16
7CHINANET-JX16
8CMNET15
9RingLink12
10DATANOC12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China395
2United States39
3Viet Nam22
4Taiwan12
5Thailand6
6Turkey4
7South Korea4
8Romania3
9Mexico3
10Indonesia3

Friday, June 3, 2016

Suspected Bot List [2016-06-02]

detection period: 2016-06-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN59.88.162.59India
IN117.196.160.81India
IN117.206.132.66India
IN117.212.242.252India
IN117.221.94.9India
MO202.175.189.2Macau
VN220.231.127.15Viet Nam

List from greylisting:

Botnet Statistics [2016-06-02]

detection period: 2016-06-02 00:00-23:59 UTC
total number of suspected botnet IPs: 977
number of botnet IPs notified to network operators: 960
number of spam blocked: 3044
recipient count of spam blocked: 10034

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU259
2CHINANET-JS124
3UNICOM-JS65
4CNCITYNET51
5DATANOC46
6UNICOM-ZJ38
7VNPT-VNNIC-VN37
8MSFT37
9WASU-BB35
10CHINANET-GD27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China777
2United States87
3Viet Nam56
4India17
5Brazil5
6Japan3
7Taiwan2
8Turkey2
9Netherlands2
10Mexico2

Thursday, June 2, 2016

Suspected Bot List [2016-06-01]

detection period: 2016-06-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TW122.254.32.111Taiwan
UY200.58.149.178Uruguay

List from greylisting:

Botnet Statistics [2016-06-01]

detection period: 2016-06-01 00:00-23:59 UTC
total number of suspected botnet IPs: 1013
number of botnet IPs notified to network operators: 1005
number of spam blocked: 2571
recipient count of spam blocked: 9591

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU391
2CHINANET-JS145
3UNICOM-ZJ77
4WASU-BB34
5UNICOM-JS31
6CHINANET-JX27
7VNPT-VNNIC-VN25
8DATANOC24
9CHINANET-SD23
10CNCITYNET17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China879
2Viet Nam43
3United States40
4Taiwan8
5Poland3
6Mexico3
7Japan3
8Arab Emirates3
9Thailand2
10Russian Federation2

Wednesday, June 1, 2016

Suspected Bot List [2016-05-31]

detection period: 2016-05-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 142

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.178.157.68Argentina
BO190.129.78.100Bolivia
CO190.7.146.126Colombia
MX148.244.112.66Mexico
TR78.188.24.246Turkey

List from greylisting:

Botnet Statistics [2016-05-31]

detection period: 2016-05-31 00:00-23:59 UTC
total number of suspected botnet IPs: 1053
number of botnet IPs notified to network operators: 911
number of spam blocked: 960
recipient count of spam blocked: 22624

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU129
2CHINANET-JS59
3UNICOM-JS40
4DATANOC34
5VNPT-VNNIC-VN29
6CHINANET-GD27
7MSFT23
8UNICOM-ZJ20
9MX-USCV4-LACNIC17
10PTCLBB-PK16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China350
2India76
3United States65
4Viet Nam59
5Iran46
6Mexico42
7Turkey34
8Indonesia28
9Pakistan25
10Brazil22