Custom Search

Wednesday, June 21, 2017

Botnet Statistics [2017-06-20]

detection period: 2017-06-20 00:00-23:59 UTC
total number of suspected botnet IPs: 864
number of botnet IPs notified to network operators: 776
number of spam blocked: 120495
recipient count of spam blocked: 2762404

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET104
2WASU78
3UNICOM-ZJ50
4CHINANET-GD49
5CHINANET-JS31
6UA-VOLIA-2006112423
7VNPT-VNNIC-VN17
8HOSTKEY-NET16
9JOESDC-0115
10JLU-CN15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China503
2United States88
3Viet Nam42
4Ukraine27
5Russian Federation25
6Netherlands17
7Brazil17
8India14
9Taiwan11
10Hong Kong8

Suspected Bot List [2017-06-20]

detection period: 2017-06-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 98

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
IN182.73.244.70India
IN203.115.109.254India
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
MX201.163.21.226Mexico
MY161.139.20.49Malaysia
NL5.39.220.65Netherlands
NL5.39.220.76Netherlands
NL5.39.220.77Netherlands
NL5.39.220.78Netherlands
NL5.39.220.79Netherlands
NL5.39.220.80Netherlands
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU37.1.58.244Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU90.188.95.206Russian Federation
RU91.122.195.202Russian Federation
RU95.53.247.194Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU178.141.249.246Russian Federation
RU185.52.68.8Russian Federation
RU194.79.7.70Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
TH45.122.48.162Thailand
TH49.231.180.196Thailand
TH183.89.127.32Thailand
TH203.151.206.113Thailand
TH203.157.30.1Thailand
TW106.1.195.68Taiwan
US173.44.228.36United States
US173.44.228.37United States
US173.44.228.38United States
US173.44.228.39United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, June 20, 2017

Botnet Statistics [2017-06-19]

detection period: 2017-06-19 00:00-23:59 UTC
total number of suspected botnet IPs: 893
number of botnet IPs notified to network operators: 781
number of spam blocked: 112259
recipient count of spam blocked: 2757738

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET91
2WASU61
3VNPT-VNNIC-VN56
4UNICOM-ZJ39
5EONIX-NET-50-2-0-0-1-BLK-729
6SHARKTECH-328
7CHINANET-GD26
8CHINANET-JS21
9JLU-CN17
10MSFT16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China424
2United States106
3Viet Nam105
4Russian Federation33
5Brazil20
6United Kingdom17
7Romania16
8Taiwan14
9Bulgaria13
10South Korea11

Suspected Bot List [2017-06-19]

detection period: 2017-06-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 112

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
ID219.83.84.146Indonesia
IN203.115.109.254India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU37.1.39.132Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU78.25.98.230Russian Federation
RU80.71.240.160Russian Federation
RU83.220.188.72Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU90.188.95.206Russian Federation
RU91.122.195.202Russian Federation
RU95.53.247.194Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU109.194.197.79Russian Federation
RU176.118.237.85Russian Federation
RU178.141.104.178Russian Federation
RU178.141.249.246Russian Federation
RU185.127.25.68Russian Federation
RU194.79.7.70Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.139Singapore
SG112.140.187.82Singapore
TH103.3.65.51Thailand
TH203.151.206.113Thailand
TW106.1.195.68Taiwan
TW118.233.116.192Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, June 19, 2017

Botnet Statistics [2017-06-18]

detection period: 2017-06-18 00:00-23:59 UTC
total number of suspected botnet IPs: 766
number of botnet IPs notified to network operators: 708
number of spam blocked: 111100
recipient count of spam blocked: 2747151

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET83
2WASU53
3CHINANET-JS39
4CHINANET-GD34
5VNPT-VNNIC-VN30
6HINET-NET28
7PVS-BLOCK0116
8UK-RAPIDSWITCH-2009022514
9JLU-CN14
10HINET14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China404
2Viet Nam56
3United States53
4Taiwan44
5United Kingdom25
6Russian Federation18
7Netherlands17
8Brazil15
9Germany13
10Hong Kong11

Suspected Bot List [2017-06-18]

detection period: 2017-06-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 58

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CZ93.170.122.30Czech Republic
ID219.83.84.146Indonesia
IN202.62.88.81India
IN203.115.109.254India
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PL91.185.189.179Poland
RU80.71.246.68Russian Federation
RU83.169.208.218Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU95.53.247.194Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU178.141.186.48Russian Federation
RU185.127.25.68Russian Federation
RU195.98.189.178Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
SG112.140.184.136Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH49.231.180.196Thailand
TH103.3.65.51Thailand
TH203.151.206.113Thailand
TH203.156.163.35Thailand
TW106.1.195.68Taiwan
TW118.233.116.192Taiwan
US206.125.41.139United States
UY167.57.14.125Uruguay
UY167.57.135.202Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Sunday, June 18, 2017

Botnet Statistics for May 2017

detection period: 2017-05-01 00:00 - 2017-05-31 23:59 UTC
total number of suspected botnet IPs: 14571
number of blocked spams: 643100
recipient count of blocked spams: 4254342

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China6404
2Viet Nam2010
3United States1789
4Ukraine1089
5India375
6Netherlands279
7Russian Federation226
8United Kingdom192
9Taiwan158
10Brazil122
11Estonia119
12South Korea92
13Argentina82
14Turkey80
15Romania78
16Bulgaria78
17Indonesia72
18Poland68
19Japan63
20Thailand62
21Italy59
22France55
23Iran50
24Hong Kong49
25Lithuania45

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1United States221666
2Ukraine98435
3United Kingdom49720
4Netherlands37318
5China36733
6Poland32928
7Russian Federation24025
8Hong Kong16047
9Bangladesh13834
10Estonia13343
11Belgium12617
12Canada11208
13Czech Republic10411
14Sweden7141
15Romania6995
16Turkey5582
17Bulgaria5555
18Virgin (British) Islands4608
19Lithuania3737
20Colombia3358
21Viet Nam3233
22Taiwan2740
23Nigeria2402
24Iceland2147
25Australia2120

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-06-17]

detection period: 2017-06-17 00:00-23:59 UTC
total number of suspected botnet IPs: 743
number of botnet IPs notified to network operators: 679
number of spam blocked: 116713
recipient count of spam blocked: 2930076

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET61
2CHINANET-GD48
3WASU47
4VNPT-VNNIC-VN43
5CC-1523
6CHINANET-JS22
7JLU-CN18
8PL-ARTNET-2012070413
9CHINANET-JX13
10BG-POWERNET-2007073113

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China366
2Viet Nam86
3United States72
4Russian Federation29
5Poland19
6Brazil15
7Taiwan14
8Bulgaria14
9India12
10Singapore11

Suspected Bot List [2017-06-17]

detection period: 2017-06-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 64

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
DE136.243.22.27Germany
IN203.115.109.254India
IN223.196.86.227India
JO79.173.252.192Jordan
JO185.98.225.114Jordan
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PL91.185.189.179Poland
RU37.29.7.122Russian Federation
RU80.71.246.68Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU195.98.189.178Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SA88.85.228.90Saudi Arabia
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TR185.26.146.61Turkey
TW106.1.195.68Taiwan
US96.33.171.230United States
US104.176.105.3United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, June 17, 2017

Botnet Statistics [2017-06-16]

detection period: 2017-06-16 00:00-23:59 UTC
total number of suspected botnet IPs: 738
number of botnet IPs notified to network operators: 672
number of spam blocked: 139539
recipient count of spam blocked: 3170456

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET55
2WASU52
3CHINANET-GD48
4CHINANET-JS30
5UK-ABSTATION-2012071224
6VNPT-VNNIC-VN21
7JLU-CN19
8EONIX-NET-173-44-128-0-1-BLK-415
9PL-ARTNET-2012070413
10CUBEMOTION13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China393
2United States89
3Viet Nam37
4United Kingdom25
5Russian Federation24
6Poland16
7Brazil15
8Singapore11
9Romania10
10France9

Suspected Bot List [2017-06-16]

detection period: 2017-06-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 66

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
IN122.168.194.53India
IN223.196.86.227India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX148.243.192.238Mexico
MX189.211.198.181Mexico
MY161.139.20.49Malaysia
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU31.173.216.163Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU46.249.12.24Russian Federation
RU80.71.246.68Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU91.122.195.202Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU185.188.182.25Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH103.3.65.51Thailand
TH122.154.239.122Thailand
TH203.151.206.113Thailand
TW106.1.195.68Taiwan
US96.33.171.230United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, June 16, 2017

Botnet Statistics [2017-06-15]

detection period: 2017-06-15 00:00-23:59 UTC
total number of suspected botnet IPs: 1032
number of botnet IPs notified to network operators: 948
number of spam blocked: 138018
recipient count of spam blocked: 2946944

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ168
2CMNET114
3WASU87
4CHINANET-GD43
5VNPT-VNNIC-VN34
6CHINANET-JS29
7JLU-CN23
8CHINANET-HA16
9DELTAHOST-NET15
10CNCBTJQ-NET14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China679
2United States88
3Viet Nam52
4Russian Federation42
5Ukraine28
6France15
7Germany15
8Singapore10
9Taiwan9
10Brazil9

Suspected Bot List [2017-06-15]

detection period: 2017-06-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 84

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU37.1.43.163Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU78.25.98.230Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU91.122.195.202Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU109.194.197.79Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU185.188.182.25Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.139Singapore
SG112.140.187.82Singapore
TH49.231.180.196Thailand
TH61.7.228.51Thailand
TH203.151.206.113Thailand
TW106.1.195.68Taiwan
US96.33.171.230United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, June 15, 2017

Botnet Statistics [2017-06-14]

detection period: 2017-06-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1020
number of botnet IPs notified to network operators: 941
number of spam blocked: 115660
recipient count of spam blocked: 2507972

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ179
2CMNET102
3WASU84
4CHINANET-GD43
5VNPT-VNNIC-VN33
6CHINANET-JS25
7JLU-CN19
8CNCBTJQ-NET14
9CHINANET-HA14
10LADEDICATED213

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China635
2United States105
3Viet Nam67
4Russian Federation38
5France18
6India16
7Brazil15
8South Korea9
9Singapore8
10Romania8

Suspected Bot List [2017-06-14]

detection period: 2017-06-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 79

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
ID219.83.84.146Indonesia
IN223.196.86.227India
IT31.14.140.139Italy
MM103.27.118.146Myanmar
MO116.193.10.34Macau
MO116.193.10.35Macau
MX148.243.192.238Mexico
MX189.211.198.181Mexico
PK202.83.163.219Pakistan
PK203.135.54.91Pakistan
RU37.1.43.163Russian Federation
RU78.25.98.230Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU91.122.195.202Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.188.182.25Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.46.215.107Russian Federation
RU212.164.221.82Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.139Singapore
SG112.140.187.82Singapore
TH49.231.180.196Thailand
TH61.7.228.51Thailand
TH119.46.90.105Thailand
TH203.151.206.113Thailand
TH203.156.163.35Thailand
TW106.1.195.68Taiwan
US69.85.239.37United States
US96.33.171.230United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, June 14, 2017

Botnet Statistics [2017-06-13]

detection period: 2017-06-13 00:00-23:59 UTC
total number of suspected botnet IPs: 903
number of botnet IPs notified to network operators: 845
number of spam blocked: 103968
recipient count of spam blocked: 2197315

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ138
2CMNET108
3WASU66
4VNPT-VNNIC-VN44
5COLOAT26
6JLU-CN23
7UK-RAPIDSWITCH-2009022516
8LSN-DLLSTX-114
9CHINANET-GD14
10CC-1813

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China496
2United States106
3Viet Nam80
4India40
5Russian Federation19
6United Kingdom16
7Brazil14
8Netherlands12
9Indonesia10
10Taiwan9

Suspected Bot List [2017-06-13]

detection period: 2017-06-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 58

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CO190.60.234.186Colombia
IT31.14.140.139Italy
MO116.193.10.34Macau
MO116.193.10.35Macau
PK202.83.163.219Pakistan
RU37.1.5.35Russian Federation
RU37.29.7.122Russian Federation
RU78.25.98.230Russian Federation
RU87.226.213.86Russian Federation
RU90.188.18.74Russian Federation
RU91.122.195.202Russian Federation
RU109.111.189.234Russian Federation
RU176.118.237.85Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
TW106.1.195.68Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, June 13, 2017

Botnet Statistics [2017-06-12]

detection period: 2017-06-12 00:00-23:59 UTC
total number of suspected botnet IPs: 945
number of botnet IPs notified to network operators: 868
number of spam blocked: 114548
recipient count of spam blocked: 2773334

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ107
2CMNET102
3WASU81
4HSI-432
5VNPT-VNNIC-VN30
6CHINANET-JS25
7JLU-CN22
8CHINANET-GD22
9UK-RAPIDSWITCH-2007041816
10CHINANET-JX16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China553
2United States114
3Viet Nam66
4United Kingdom23
5Brazil20
6France18
7Russian Federation16
8India11
9Taiwan10
10Indonesia9

Suspected Bot List [2017-06-12]

detection period: 2017-06-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 77

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CO190.60.234.186Colombia
DK217.157.8.180Denmark
ID219.83.84.146Indonesia
IN223.196.86.227India
KW37.34.243.227Kuwait
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.61.49.204Pakistan
PK202.83.163.219Pakistan
PK203.135.54.91Pakistan
PL91.185.189.179Poland
RU37.1.5.35Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU109.194.197.79Russian Federation
RU176.118.237.85Russian Federation
RU178.141.249.246Russian Federation
RU194.79.7.70Russian Federation
RU195.98.189.178Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SE88.83.40.246Sweden
SG112.140.184.136Singapore
SG112.140.184.139Singapore
TW106.1.195.68Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, June 12, 2017

Botnet Statistics [2017-06-11]

detection period: 2017-06-11 00:00-23:59 UTC
total number of suspected botnet IPs: 922
number of botnet IPs notified to network operators: 873
number of spam blocked: 118398
recipient count of spam blocked: 3203698

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ104
2CMNET100
3WASU89
4VNPT-VNNIC-VN45
5CHINANET-JS33
6VIRTONO-NETWORKS-SRL30
7NDCHOST29
8JLU-CN25
9CHINANET-GD22
10FPT-VN13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China534
2Viet Nam98
3United States61
4Romania35
5Russian Federation18
6Brazil14
7Taiwan13
8United Kingdom13
9Bulgaria13
10Indonesia11

Suspected Bot List [2017-06-11]

detection period: 2017-06-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 49

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CO190.60.234.186Colombia
ID219.83.84.146Indonesia
JO79.173.252.192Jordan
MM103.27.118.146Myanmar
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.61.49.204Pakistan
PL91.185.189.179Poland
RU37.1.5.35Russian Federation
RU37.1.38.108Russian Federation
RU87.226.213.86Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU195.98.189.178Russian Federation
RU212.46.215.107Russian Federation
TW106.1.195.68Taiwan
US206.125.41.139United States
UY167.57.43.8Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Sunday, June 11, 2017

Botnet Statistics [2017-06-10]

detection period: 2017-06-10 00:00-23:59 UTC
total number of suspected botnet IPs: 804
number of botnet IPs notified to network operators: 781
number of spam blocked: 146670
recipient count of spam blocked: 3764233

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET73
2UNICOM-ZJ64
3WASU56
4VNPT-VNNIC-VN39
5CHINANET-JS35
6CHINANET-GD28
7VIRTONO-NETWORKS-SRL27
8JLU-CN24
9CHINANET-HA17
10UK-RAPIDSWITCH-2007041816

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China466
2Viet Nam74
3United States53
4Romania31
5United Kingdom27
6Russian Federation16
7Brazil15
8India10
9France10
10Taiwan8

Suspected Bot List [2017-06-10]

detection period: 2017-06-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AE83.110.73.73Arab Emirates
AR181.231.28.20Argentina
CO190.60.234.186Colombia
IT31.14.140.139Italy
IT188.213.168.54Italy
MM103.27.118.146Myanmar
MO116.193.10.34Macau
MO116.193.10.35Macau
PL91.185.189.179Poland
TW106.1.195.68Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, June 10, 2017

Botnet Statistics [2017-06-09]

detection period: 2017-06-09 00:00-23:59 UTC
total number of suspected botnet IPs: 921
number of botnet IPs notified to network operators: 860
number of spam blocked: 148475
recipient count of spam blocked: 3278706

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU91
2CMNET82
3UNICOM-ZJ59
4CHINANET-JS46
5CHINANET-GD43
6VNPT-VNNIC-VN33
7VIRTONO-NETWORKS-SRL31
8SERVERCRATE-0326
9JLU-CN23
10UK-RAPIDSWITCH-2009022516

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China531
2United States68
3Viet Nam57
4Romania34
5Russian Federation29
6Brazil18
7India17
8United Kingdom17
9Poland16
10Netherlands13

Suspected Bot List [2017-06-09]

detection period: 2017-06-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 62

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.73.73Arab Emirates
AE83.110.75.64Arab Emirates
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IT188.213.168.54Italy
MM103.27.118.146Myanmar
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PL91.185.189.179Poland
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU78.25.98.230Russian Federation
RU79.120.71.229Russian Federation
RU83.239.58.162Russian Federation
RU85.237.39.182Russian Federation
RU87.226.213.86Russian Federation
RU90.188.18.74Russian Federation
RU90.188.95.206Russian Federation
RU91.122.195.202Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.52.69.55Russian Federation
RU185.127.25.68Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
TW106.1.195.68Taiwan
US96.33.171.230United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, June 9, 2017

Botnet Statistics [2017-06-08]

detection period: 2017-06-08 00:00-23:59 UTC
total number of suspected botnet IPs: 898
number of botnet IPs notified to network operators: 871
number of spam blocked: 118665
recipient count of spam blocked: 2648280

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET108
2WASU69
3UNICOM-ZJ62
4CHINANET-GD44
5CHINANET-JS36
6UA-VOLIA-2008040429
7JLU-CN26
8LSN-DLLSTX-222
9CHINANET-HA20
10VNPT-VNNIC-VN15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China566
2United States86
3Ukraine32
4Viet Nam28
5Russian Federation28
6France17
7Taiwan13
8Brazil12
9Netherlands8
10Singapore7

Suspected Bot List [2017-06-08]

detection period: 2017-06-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 27

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.75.64Arab Emirates
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
ID219.83.84.146Indonesia
IN182.73.244.70India
IN223.196.86.227India
IT188.213.168.54Italy
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.83.163.219Pakistan
PL91.185.189.179Poland
SG112.140.184.136Singapore
SG112.140.184.139Singapore
TW106.1.195.68Taiwan
US206.125.41.139United States
UY167.56.227.21Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Thursday, June 8, 2017

Botnet Statistics [2017-06-07]

detection period: 2017-06-07 00:00-23:59 UTC
total number of suspected botnet IPs: 958
number of botnet IPs notified to network operators: 922
number of spam blocked: 120879
recipient count of spam blocked: 2514162

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET90
2UNICOM-ZJ78
3WASU73
4CHINANET-GD53
5CHINANET-JS31
6UA-VOLIA-2008040429
7VNPT-VNNIC-VN26
8JLU-CN23
9UK-RAPIDSWITCH-2007041814
10LSN-DLLSTX-314

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China534
2United States81
3Ukraine47
4Viet Nam45
5Russian Federation30
6Poland27
7Taiwan14
8India14
9United Kingdom14
10Brazil13

Suspected Bot List [2017-06-07]

detection period: 2017-06-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.75.64Arab Emirates
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IT188.213.168.54Italy
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
NG197.211.53.242Nigeria
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU185.52.69.55Russian Federation
TW106.1.195.68Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, June 7, 2017

Botnet Statistics [2017-06-06]

detection period: 2017-06-06 00:00-23:59 UTC
total number of suspected botnet IPs: 674
number of botnet IPs notified to network operators: 639
number of spam blocked: 67804
recipient count of spam blocked: 1063917

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU90
2UNICOM-ZJ90
3CMNET87
4CHINANET-GD45
5VNPT-VNNIC-VN31
6UA-VOLIA-2008040423
7HOSTENGINE21
8JOESDC-0113
9SERVERCRATE-0312
10LSN-DLLSTX-19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China373
2United States70
3Viet Nam61
4Ukraine31
5India25
6Brazil15
7Russian Federation8
8United Kingdom6
9France6
10Colombia6

Suspected Bot List [2017-06-06]

detection period: 2017-06-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 35

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
FR213.246.56.166France
IN223.196.86.227India
MO116.193.10.34Macau
MO116.193.10.35Macau
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, June 6, 2017

Botnet Statistics [2017-06-05]

detection period: 2017-06-05 00:00-23:59 UTC
total number of suspected botnet IPs: 827
number of botnet IPs notified to network operators: 781
number of spam blocked: 83310
recipient count of spam blocked: 1550940

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ112
2CMNET108
3WASU89
4CHINANET-GD66
5RU-ANDERS-2008102828
6dhakavoice24
7VNPT-VNNIC-VN22
8JLU-CN20
9CHINANET-JS16
10LSN-DLLSTX-813

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China518
2United States80
3Russian Federation48
4Viet Nam40
5United Kingdom25
6Brazil11
7India10
8Ukraine9
9Thailand6
10South Korea6

Suspected Bot List [2017-06-05]

detection period: 2017-06-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 46

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.75.64Arab Emirates
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IT31.14.140.139Italy
IT188.213.168.54Italy
MO116.193.10.34Macau
MO116.193.10.35Macau
NG41.203.117.86Nigeria
PL91.185.189.179Poland
US23.249.130.116United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, June 5, 2017

Botnet Statistics [2017-06-04]

detection period: 2017-06-04 00:00-23:59 UTC
total number of suspected botnet IPs: 958
number of botnet IPs notified to network operators: 922
number of spam blocked: 145564
recipient count of spam blocked: 3998677

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET100
2CHINANET-GD60
3UNICOM-ZJ52
4CHINANET-JS46
5WASU45
6VNPT-VNNIC-VN40
7UA-VOLIA-2006112427
8JLU-CN23
9MAROSNET-193-124-176-017
10CHINANET-HA15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China541
2United States73
3Viet Nam72
4Russian Federation41
5Ukraine32
6Brazil24
7Singapore13
8Bulgaria13
9Taiwan12
10France11

Suspected Bot List [2017-06-04]

detection period: 2017-06-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.75.64Arab Emirates
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
ID219.83.84.146Indonesia
IN175.176.184.5India
IT31.14.140.139Italy
IT188.213.168.54Italy
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
MY161.139.20.49Malaysia
NG41.203.117.86Nigeria
PL91.185.189.179Poland
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.187.82Singapore
TR185.93.69.114Turkey
TW106.1.195.68Taiwan
TW118.233.116.192Taiwan
US23.249.130.116United States
US96.33.171.230United States
US206.125.41.139United States
UY167.56.43.119Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Sunday, June 4, 2017

Botnet Statistics [2017-06-03]

detection period: 2017-06-03 00:00-23:59 UTC
total number of suspected botnet IPs: 1286
number of botnet IPs notified to network operators: 1173
number of spam blocked: 186654
recipient count of spam blocked: 4831904

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN77
2UNICOM-ZJ74
3CHINANET-GD69
4CHINANET-JS57
5CMNET47
6UA-VOLIA-2008040430
7dhakavoice29
8INFINITIE-NETWORKS-INTL29
9UA-VOLIA-2006112427
10JLU-CN24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China509
2Viet Nam132
3United States79
4India70
5Ukraine58
6United Kingdom35
7Brazil30
8Iran27
9Russian Federation23
10France22

Suspected Bot List [2017-06-03]

detection period: 2017-06-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 113

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IN175.176.184.5India
IT188.213.168.54Italy
LY197.215.136.166Libya
MM103.27.118.146Myanmar
MX189.211.198.181Mexico
MY161.139.20.49Malaysia
NG41.203.117.86Nigeria
PL91.185.189.179Poland
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TW106.1.195.68Taiwan
US96.33.171.230United States
US206.125.41.139United States
UY167.56.44.96Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Saturday, June 3, 2017

Botnet Statistics [2017-06-02]

detection period: 2017-06-02 00:00-23:59 UTC
total number of suspected botnet IPs: 996
number of botnet IPs notified to network operators: 908
number of spam blocked: 96712
recipient count of spam blocked: 1791987

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ91
2CMNET73
3WASU38
4VNPT-VNNIC-VN32
5abstation28
6UA-VOLIA-2008040428
7CHINANET-JS28
8CHINANET-GD26
9PL-ARTNET-2012070420
10JLU-CN20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China450
2United States106
3Viet Nam62
4Netherlands39
5India32
6United Kingdom32
7Ukraine31
8Poland23
9Russian Federation22
10France19

Suspected Bot List [2017-06-02]

detection period: 2017-06-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 89

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IN175.176.184.5India
IT188.213.168.54Italy
LY197.215.136.166Libya
MX189.211.198.181Mexico
MY161.139.20.49Malaysia
NG41.203.117.86Nigeria
PL91.185.189.179Poland
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.187.82Singapore
US96.33.171.230United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, June 2, 2017

Botnet Statistics [2017-06-01]

detection period: 2017-06-01 00:00-23:59 UTC
total number of suspected botnet IPs: 685
number of botnet IPs notified to network operators: 667
number of spam blocked: 45424
recipient count of spam blocked: 180042

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET63
2UNICOM-ZJ58
3VNPT-VNNIC-VN51
4WASU49
5CHINANET-GD39
6UA-VOLIA-2008040427
7CC-1524
8HSI-718
9SouthWestTechnologies-316
10VIETEL-VN14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China278
2United States114
3Viet Nam111
4Ukraine32
5Poland28
6United Kingdom27
7India12
8Russian Federation10
9Brazil10
10Singapore6

Suspected Bot List [2017-06-01]

detection period: 2017-06-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO186.27.126.130Bolivia
IT188.213.168.54Italy
NG41.203.117.86Nigeria
PL91.185.189.179Poland
SG112.140.184.136Singapore
SG112.140.187.82Singapore

List from greylisting:

Thursday, June 1, 2017

Botnet Statistics [2017-05-31]

detection period: 2017-05-31 00:00-23:59 UTC
total number of suspected botnet IPs: 578
number of botnet IPs notified to network operators: 567
number of spam blocked: 40253
recipient count of spam blocked: 89540

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET108
2WASU76
3UNICOM-ZJ60
4CHINANET-GD51
5UA-VOLIA-2008040429
6UA-VOLIA-2006112426
7LSN-DLLSTX-121
8CC-1618
9MAROSNET-194-67-196-016
10VNPT-VNNIC-VN15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China323
2United States86
3Ukraine55
4Viet Nam29
5Russian Federation19
6Lithuania14
7Hong Kong6
8India4
9France4
10Germany4

Suspected Bot List [2017-05-31]

detection period: 2017-05-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting: