Custom Search

Sunday, December 31, 2017

Botnet Statistics [2017-12-30]

detection period: 2017-12-30 00:00-23:59 UTC
total number of suspected botnet IPs: 37
number of botnet IPs notified to network operators: 33
number of spam blocked: 33301
recipient count of spam blocked: 997783

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3DE-CCC-201712013
4SC-FLOKINET-LTD-201608262
5KORNET-KR2
6CHINANET-ZJ2
7hostio1
8WestVPS-NET1
9UNICOM-CN1
10ULVT-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China5
4Germany4
5Russian Federation2
6Netherlands2
7South Korea2
8Iceland2
9South Africa1
10Norway1

Suspected Bot List [2017-12-30]

detection period: 2017-12-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU5.188.11.166Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Saturday, December 30, 2017

Botnet Statistics [2017-12-29]

detection period: 2017-12-29 00:00-23:59 UTC
total number of suspected botnet IPs: 36
number of botnet IPs notified to network operators: 33
number of spam blocked: 62273
recipient count of spam blocked: 1865812

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3DE-CCC-201712014
4SC-FLOKINET-LTD-201608262
5CHINANET-ZJ2
6hostio1
7WestVPS-NET1
8UNICOM-CN1
9ULVT-NET1
10SMARTWEB-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Germany6
2United States5
3Costa Rica5
4China4
5Russian Federation2
6Netherlands2
7Iceland2
8Norway1
9Macau1
10Kyrgyzstan1

Suspected Bot List [2017-12-29]

detection period: 2017-12-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU5.188.11.166Russian Federation

List from greylisting:

Friday, December 29, 2017

Botnet Statistics [2017-12-28]

detection period: 2017-12-28 00:00-23:59 UTC
total number of suspected botnet IPs: 36
number of botnet IPs notified to network operators: 25
number of spam blocked: 37910
recipient count of spam blocked: 955586

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2TEMPORARY-CONGRESS-NET3
3ENCRYPTED-TRANSIT-IPV43
4SC-FLOKINET-LTD-201608262
5KORNET-KR2
6CHINANET-ZJ2
7hostio1
8WestVPS-NET1
9UNICOM-CN1
10ULVT-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Germany5
2Costa Rica5
3United States4
4China4
5Russian Federation2
6Netherlands2
7South Korea2
8Iceland2
9South Africa1
10Norway1

Suspected Bot List [2017-12-28]

detection period: 2017-12-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
DE151.217.47.72Germany
DE151.217.63.41Germany
DE151.217.68.28Germany
KG31.135.255.209Kyrgyzstan
RU5.188.11.166Russian Federation
RU95.68.240.209Russian Federation
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, December 28, 2017

Botnet Statistics [2017-12-27]

detection period: 2017-12-27 00:00-23:59 UTC
total number of suspected botnet IPs: 36
number of botnet IPs notified to network operators: 25
number of spam blocked: 46887
recipient count of spam blocked: 1395303

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3TEMPORARY-CONGRESS-NET2
4SC-FLOKINET-LTD-201608262
5KORNET-KR2
6CHINANET-ZJ2
7hostio1
8WestVPS-NET1
9UNICOM-CN1
10ULVT-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Germany5
3Costa Rica5
4China4
5Russian Federation2
6Netherlands2
7South Korea2
8Iceland2
9South Africa1
10Norway1

Suspected Bot List [2017-12-27]

detection period: 2017-12-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
DE151.217.47.72Germany
DE151.217.68.28Germany
KG31.135.255.209Kyrgyzstan
RU5.188.11.166Russian Federation
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, December 27, 2017

Botnet Statistics [2017-12-26]

detection period: 2017-12-26 00:00-23:59 UTC
total number of suspected botnet IPs: 30
number of botnet IPs notified to network operators: 22
number of spam blocked: 10236
recipient count of spam blocked: 306616

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2SC-FLOKINET-LTD-201608262
3KORNET-KR2
4ENCRYPTED-TRANSIT-IPV42
5CHINANET-ZJ2
6hostio1
7WestVPS-NET1
8UNICOM-CN1
9ULVT-NET1
10TEMPORARY-CONGRESS-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Costa Rica5
2China4
3United States3
4Russian Federation2
5Netherlands2
6South Korea2
7Iceland2
8Hong Kong2
9South Africa1
10Norway1

Suspected Bot List [2017-12-26]

detection period: 2017-12-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
DE151.217.68.28Germany
KG31.135.255.209Kyrgyzstan
RU5.188.11.166Russian Federation
RU95.68.240.209Russian Federation
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, December 26, 2017

Botnet Statistics [2017-12-25]

detection period: 2017-12-25 00:00-23:59 UTC
total number of suspected botnet IPs: 31
number of botnet IPs notified to network operators: 24
number of spam blocked: 34103
recipient count of spam blocked: 1018247

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3SC-FLOKINET-LTD-201608262
4CHINANET-ZJ2
5hostio1
6WestVPS-NET1
7UNICOM-CN1
8STADTWERKE-SCHWEDT-NET1
9SMARTWEB-NET1
10SC-FLOKINET-LTD-201211161

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4Germany3
5Netherlands2
6Iceland2
7Seychelles1
8Russian Federation1
9Norway1
10South Korea1

Suspected Bot List [2017-12-25]

detection period: 2017-12-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU5.188.11.166Russian Federation
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Monday, December 25, 2017

Botnet Statistics [2017-12-24]

detection period: 2017-12-24 00:00-23:59 UTC
total number of suspected botnet IPs: 36
number of botnet IPs notified to network operators: 27
number of spam blocked: 50807
recipient count of spam blocked: 1520208

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3CHINANET-ZJ3
4SC-FLOKINET-LTD-201608262
5KORNET-KR2
6hostio1
7WestVPS-NET1
8UNICOM-SX1
9UNICOM-CN1
10ULVT-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China6
2United States5
3Costa Rica5
4Russian Federation3
5Netherlands2
6South Korea2
7Iceland2
8Hong Kong2
9South Africa1
10Norway1

Suspected Bot List [2017-12-24]

detection period: 2017-12-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU5.188.11.166Russian Federation
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, December 24, 2017

Botnet Statistics [2017-12-23]

detection period: 2017-12-23 00:00-23:59 UTC
total number of suspected botnet IPs: 36
number of botnet IPs notified to network operators: 28
number of spam blocked: 70618
recipient count of spam blocked: 2129724

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3KORNET-KR3
4SC-FLOKINET-LTD-201608262
5CHINANET-ZJ2
6hostio1
7WestVPS-NET1
8UNICOM-CN1
9ULVT-NET1
10SMARTWEB-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4South Korea3
5Germany3
6Russian Federation2
7Netherlands2
8Iceland2
9South Africa1
10Norway1

Suspected Bot List [2017-12-23]

detection period: 2017-12-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, December 23, 2017

Botnet Statistics [2017-12-22]

detection period: 2017-12-22 00:00-23:59 UTC
total number of suspected botnet IPs: 28
number of botnet IPs notified to network operators: 23
number of spam blocked: 19535
recipient count of spam blocked: 585151

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV43
3SC-FLOKINET-LTD-201608262
4CHINANET-ZJ2
5hostio1
6WestVPS-NET1
7UNICOM-CN1
8SMARTWEB-NET1
9NO-UPC-200507071
10NETVIGATOR1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Costa Rica5
2United States4
3China4
4Netherlands2
5Iceland2
6Germany2
7Russian Federation1
8Norway1
9South Korea1
10Israel1

Suspected Bot List [2017-12-22]

detection period: 2017-12-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Friday, December 22, 2017

Botnet Statistics [2017-12-21]

detection period: 2017-12-21 00:00-23:59 UTC
total number of suspected botnet IPs: 37
number of botnet IPs notified to network operators: 30
number of spam blocked: 42175
recipient count of spam blocked: 1280087

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3KORNET-KR3
4SC-FLOKINET-LTD-201608262
5IL-BEZEQ-INTERNATIONAL-200012292
6CHINANET-ZJ2
7hostio1
8UNICOM-CN1
9ULVT-NET1
10TakeWYN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4South Korea3
5Germany3
6Russian Federation2
7Netherlands2
8Iceland2
9Israel2
10Hong Kong2

Suspected Bot List [2017-12-21]

detection period: 2017-12-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, December 21, 2017

Suspected Bots' IP List for November 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-11-01]
Suspected Bots IP [2017-11-02]
Suspected Bots IP [2017-11-03]
Suspected Bots IP [2017-11-04]
Suspected Bots IP [2017-11-05]
Suspected Bots IP [2017-11-06]
Suspected Bots IP [2017-11-07]
Suspected Bots IP [2017-11-08]
Suspected Bots IP [2017-11-09]
Suspected Bots IP [2017-11-10]
Suspected Bots IP [2017-11-11]
Suspected Bots IP [2017-11-12]
Suspected Bots IP [2017-11-13]
Suspected Bots IP [2017-11-14]
Suspected Bots IP [2017-11-15]
Suspected Bots IP [2017-11-16]
Suspected Bots IP [2017-11-17]
Suspected Bots IP [2017-11-18]
Suspected Bots IP [2017-11-19]
Suspected Bots IP [2017-11-20]
Suspected Bots IP [2017-11-21]
Suspected Bots IP [2017-11-22]
Suspected Bots IP [2017-11-23]
Suspected Bots IP [2017-11-24]
Suspected Bots IP [2017-11-25]
Suspected Bots IP [2017-11-26]
Suspected Bots IP [2017-11-27]
Suspected Bots IP [2017-11-28]
Suspected Bots IP [2017-11-29]
Suspected Bots IP [2017-11-30]

Botnet Statistics [2017-12-20]

detection period: 2017-12-20 00:00-23:59 UTC
total number of suspected botnet IPs: 41
number of botnet IPs notified to network operators: 39
number of spam blocked: 67930
recipient count of spam blocked: 1969911

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3SC-FLOKINET-LTD-201608262
4KORNET-KR2
5IL-BEZEQ-INTERNATIONAL-200012292
6CHINANET-ZJ2
7hostio1
8UNICOM-CN1
9ULVT-NET1
10TakeWYN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States6
2Costa Rica5
3China4
4Russian Federation2
5Netherlands2
6South Korea2
7Iceland2
8Israel2
9Hong Kong2
10Germany2

Suspected Bot List [2017-12-20]

detection period: 2017-12-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU95.68.240.209Russian Federation

List from greylisting:

Wednesday, December 20, 2017

Botnet Statistics [2017-12-19]

detection period: 2017-12-19 00:00-23:59 UTC
total number of suspected botnet IPs: 40
number of botnet IPs notified to network operators: 37
number of spam blocked: 57585
recipient count of spam blocked: 1683935

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3SC-FLOKINET-LTD-201608262
4IL-BEZEQ-INTERNATIONAL-200012292
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8ULVT-NET1
9TakeWYN1
10STADTWERKE-SCHWEDT-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4Netherlands3
5Germany3
6Russian Federation2
7Iceland2
8Israel2
9Belize2
10Ukraine1

Suspected Bot List [2017-12-19]

detection period: 2017-12-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU95.68.240.209Russian Federation

List from greylisting:

Tuesday, December 19, 2017

Botnet Statistics [2017-12-18]

detection period: 2017-12-18 00:00-23:59 UTC
total number of suspected botnet IPs: 35
number of botnet IPs notified to network operators: 31
number of spam blocked: 27528
recipient count of spam blocked: 803046

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2SC-FLOKINET-LTD-201608262
3IL-BEZEQ-INTERNATIONAL-200012292
4ENCRYPTED-TRANSIT-IPV42
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8ULVT-NET1
9SMARTONE-MO1
10SAA1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Costa Rica5
2China4
3United States3
4Netherlands3
5Iceland2
6Israel2
7Belize2
8South Africa1
9Ukraine1
10Taiwan1

Suspected Bot List [2017-12-18]

detection period: 2017-12-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU95.68.240.209Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Monday, December 18, 2017

Botnet Statistics [2017-12-17]

detection period: 2017-12-17 00:00-23:59 UTC
total number of suspected botnet IPs: 42
number of botnet IPs notified to network operators: 40
number of spam blocked: 14297
recipient count of spam blocked: 430572

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU5
2CR-RACO-LACNIC5
3SC-FLOKINET-LTD-201608262
4KORNET-KR2
5IL-BEZEQ-INTERNATIONAL-200012292
6HINET-NET2
7ENCRYPTED-TRANSIT-IPV42
8CHINANET-ZJ2
9hostio1
10UNICOM-CN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China11
2Costa Rica5
3United States3
4Netherlands3
5Taiwan2
6South Korea2
7Iceland2
8Israel2
9Germany2
10Belize2

Suspected Bot List [2017-12-17]

detection period: 2017-12-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Sunday, December 17, 2017

Botnet Statistics [2017-12-16]

detection period: 2017-12-16 00:00-23:59 UTC
total number of suspected botnet IPs: 141
number of botnet IPs notified to network operators: 135
number of spam blocked: 35121
recipient count of spam blocked: 625426

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU24
2Baidu11
3CHINANET-GD10
4VNPT-VNNIC-VN9
5CHINANET-HB8
6UNIFIEDLAYER-NETWORK-147
7CHINANET-ZJ-HZ7
8CR-RACO-LACNIC5
9CHINANET-ZJ-ZX5
10CHINANET-JS5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China80
2Viet Nam12
3United States9
4Costa Rica5
5Netherlands3
6Italy3
7Thailand2
8Russian Federation2
9South Korea2
10Iceland2

Suspected Bot List [2017-12-16]

detection period: 2017-12-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Saturday, December 16, 2017

Botnet Statistics [2017-12-15]

detection period: 2017-12-15 00:00-23:59 UTC
total number of suspected botnet IPs: 256
number of botnet IPs notified to network operators: 235
number of spam blocked: 62940
recipient count of spam blocked: 1228379

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU31
2CHINANET-ZJ-HZ21
3Baidu16
4CHINANET-GD13
5UNIFIEDLAYER-NETWORK-1410
6CHINANET-HB9
7VNPT-VNNIC-VN8
8CHINANET-ZJ7
9CHINANET-ZJ-ZX6
10CHINANET-JS6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China136
2United States17
3Viet Nam15
4India14
5Brazil7
6Germany5
7Costa Rica5
8Taiwan4
9Pakistan4
10South Korea4

Suspected Bot List [2017-12-15]

detection period: 2017-12-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, December 15, 2017

Botnet Statistics [2017-12-14]

detection period: 2017-12-14 00:00-23:59 UTC
total number of suspected botnet IPs: 236
number of botnet IPs notified to network operators: 228
number of spam blocked: 92821
recipient count of spam blocked: 2110080

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU24
2CHINANET-ZJ-HZ23
3CHINANET-HB23
4Baidu14
5CHINANET-GD13
6UNIFIEDLAYER-NETWORK-1412
7CHINANET-JS10
8VNPT-VNNIC-VN9
9CHINANET-ZJ8
10CR-RACO-LACNIC6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China143
2United States23
3Viet Nam17
4Costa Rica6
5Russian Federation4
6Netherlands4
7South Korea4
8India4
9Brazil4
10Taiwan3

Suspected Bot List [2017-12-14]

detection period: 2017-12-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, December 14, 2017

Botnet Statistics [2017-12-13]

detection period: 2017-12-13 00:00-23:59 UTC
total number of suspected botnet IPs: 221
number of botnet IPs notified to network operators: 210
number of spam blocked: 60339
recipient count of spam blocked: 1265579

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB23
2CHINANET-ZJ-HZ20
3WASU18
4Baidu16
5UNIFIEDLAYER-NETWORK-1413
6CHINANET-GD10
7CHINANET-ZJ8
8CHINANET-JS7
9HINET-NET5
10002.578.819/0001-665

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China127
2United States20
3Brazil13
4Viet Nam9
5India8
6Taiwan5
7Netherlands4
8Italy4
9South Korea3
10Germany3

Suspected Bot List [2017-12-13]

detection period: 2017-12-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, December 13, 2017

Botnet Statistics [2017-12-12]

detection period: 2017-12-12 00:00-23:59 UTC
total number of suspected botnet IPs: 270
number of botnet IPs notified to network operators: 251
number of spam blocked: 52077
recipient count of spam blocked: 930188

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD24
2CHINANET-ZJ-HZ23
3CHINANET-HB18
4Baidu15
5WASU10
6UNIFIEDLAYER-NETWORK-149
7UNICOM-GD9
8VNPT-VNNIC-VN8
9CHINANET-JS7
10CHINANET-ZJ6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China143
2United States20
3Viet Nam16
4Brazil13
5India11
6Taiwan6
7Thailand6
8Czech Republic6
9South Korea4
10Iran4

Suspected Bot List [2017-12-12]

detection period: 2017-12-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
US23.129.64.101United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, December 12, 2017

Botnet Statistics [2017-12-11]

detection period: 2017-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 313
number of botnet IPs notified to network operators: 244
number of spam blocked: 57173
recipient count of spam blocked: 1380124

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1MSFT57
2CHINANET-HB34
3CHINANET-GD25
4WASU21
5Baidu18
6CHINANET-ZJ-HZ17
7CHINANET-JS16
8VNPT-VNNIC-VN11
9HOSTWINDS-17-610
10CHINANET-ZJ5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China158
2United States72
3Viet Nam17
4Brazil9
5Spain5
6Czech Republic5
7Italy4
8Germany4
9India3
10Slovakia2

Suspected Bot List [2017-12-11]

detection period: 2017-12-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 69

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
US23.129.64.101United States
US23.129.64.102United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, December 11, 2017

Botnet Statistics [2017-12-10]

detection period: 2017-12-10 00:00-23:59 UTC
total number of suspected botnet IPs: 281
number of botnet IPs notified to network operators: 272
number of spam blocked: 72004
recipient count of spam blocked: 1579249

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD34
2CHINANET-HB29
3VNPT-VNNIC-VN24
4CHINANET-ZJ-HZ18
5Baidu18
6CHINANET-JS16
7UNICOM-GD8
8CHINANET-ZJ8
9FPT-VN7
10WASU4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China158
2Viet Nam44
3Brazil16
4United States7
5Germany5
6Russian Federation4
7Czech Republic4
8Netherlands3
9South Korea3
10Spain3

Suspected Bot List [2017-12-10]

detection period: 2017-12-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
US23.129.64.102United States

List from greylisting:

Sunday, December 10, 2017

Botnet Statistics [2017-12-09]

detection period: 2017-12-09 00:00-23:59 UTC
total number of suspected botnet IPs: 285
number of botnet IPs notified to network operators: 276
number of spam blocked: 59867
recipient count of spam blocked: 1437541

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB52
2UNICOM-GD27
3CHINANET-ZJ-HZ23
4CHINANET-GD18
5Baidu18
6VNPT-VNNIC-VN16
7UNIFIEDLAYER-NETWORK-147
8CHINANET-JS7
9CHINANET-ZJ5
10002.578.819/0001-665

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China168
2Viet Nam26
3Brazil15
4United States13
5India5
6Germany5
7Czech Republic5
8Thailand3
9Netherlands3
10Italy3

Suspected Bot List [2017-12-09]

detection period: 2017-12-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States
US23.129.64.102United States

List from greylisting:

Saturday, December 9, 2017

Botnet Statistics [2017-12-08]

detection period: 2017-12-08 00:00-23:59 UTC
total number of suspected botnet IPs: 237
number of botnet IPs notified to network operators: 220
number of spam blocked: 48796
recipient count of spam blocked: 995903

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB38
2Baidu18
3CHINANET-ZJ-HZ16
4UNICOM-GD12
5CHINANET-JS11
6VNPT-VNNIC-VN10
7CHINANET-GD10
8UNIFIEDLAYER-NETWORK-147
9CHINANET-ZJ7
10KORNET-KR3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China126
2Viet Nam22
3Brazil14
4United States11
5Russian Federation7
6India4
7Thailand3
8Romania3
9South Korea3
10Iran3

Suspected Bot List [2017-12-08]

detection period: 2017-12-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Friday, December 8, 2017

Botnet Statistics [2017-12-07]

detection period: 2017-12-07 00:00-23:59 UTC
total number of suspected botnet IPs: 236
number of botnet IPs notified to network operators: 224
number of spam blocked: 74863
recipient count of spam blocked: 1970187

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD30
2CHINANET-HB21
3CHINANET-ZJ-HZ18
4Baidu18
5UNICOM-GD9
6CHINANET-JS8
7VNPT-VNNIC-VN7
8UNIFIEDLAYER-NETWORK-147
9CHINANET-ZJ5
10UNICOM-HB4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China133
2Brazil14
3United States12
4Viet Nam10
5India7
6Russian Federation6
7Czech Republic5
8Germany4
9Turkey3
10Netherlands3

Suspected Bot List [2017-12-07]

detection period: 2017-12-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan

List from greylisting:

Thursday, December 7, 2017

Botnet Statistics [2017-12-06]

detection period: 2017-12-06 00:00-23:59 UTC
total number of suspected botnet IPs: 257
number of botnet IPs notified to network operators: 234
number of spam blocked: 46569
recipient count of spam blocked: 813627

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB38
2Baidu18
3CHINANET-ZJ-HZ16
4CHINANET-GD13
5VNPT-VNNIC-VN10
6UNIFIEDLAYER-NETWORK-1410
7UNICOM-HB6
8CHINANET-JS6
9CHINANET-ZJ4
10CHINANET-FJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China124
2United States20
3Viet Nam17
4Brazil15
5Russian Federation14
6Czech Republic9
7India5
8Germany5
9Iran4
10Netherlands3

Suspected Bot List [2017-12-06]

detection period: 2017-12-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, December 6, 2017

Botnet Statistics [2017-12-05]

detection period: 2017-12-05 00:00-23:59 UTC
total number of suspected botnet IPs: 243
number of botnet IPs notified to network operators: 218
number of spam blocked: 30225
recipient count of spam blocked: 380487

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ-HZ20
2Baidu18
3VNPT-VNNIC-VN16
4CHINANET-HB16
5CHINANET-ZJ8
6CHINANET-GD7
7UNIFIEDLAYER-NETWORK-146
8CHINANET-JS6
9VIETEL-VNNIC-VN5
10002.578.819/0001-665

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China102
2Viet Nam28
3United States18
4Brazil14
5Russian Federation8
6India7
7Mexico4
8Czech Republic4
9Argentina4
10Netherlands3

Suspected Bot List [2017-12-05]

detection period: 2017-12-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, December 5, 2017

Botnet Statistics [2017-12-04]

detection period: 2017-12-04 00:00-23:59 UTC
total number of suspected botnet IPs: 241
number of botnet IPs notified to network operators: 224
number of spam blocked: 13105
recipient count of spam blocked: 13105

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB26
2VNPT-VNNIC-VN22
3Baidu16
4CHINANET-GD15
5CHINANET-ZJ-HZ14
6LSN-DLLSTX-710
7FPT-VN7
8CHINANET-ZJ-ZX7
9CHINANET-AH6
10ETC-VNNIC-VN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China112
2Viet Nam41
3United States16
4Brazil10
5India8
6Iran7
7Russian Federation6
8Czech Republic5
9Thailand3
10Pakistan2

Suspected Bot List [2017-12-04]

detection period: 2017-12-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, December 4, 2017

Botnet Statistics [2017-12-03]

detection period: 2017-12-03 00:00-23:59 UTC
total number of suspected botnet IPs: 238
number of botnet IPs notified to network operators: 227
number of spam blocked: 22416
recipient count of spam blocked: 292667

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB30
2CHINANET-GD26
3VNPT-VNNIC-VN17
4Baidu16
5CHINANET-ZJ-HZ15
6CHINANET-ZJ8
7CHINANET-JS8
8CHINANET-ZJ-ZX5
9CHINANET-AH5
10CHINANET-HN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China137
2Viet Nam31
3Brazil18
4United States9
5Romania4
6Germany4
7Argentina4
8Iran3
9Ukraine2
10Taiwan2

Suspected Bot List [2017-12-03]

detection period: 2017-12-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States

List from greylisting:

Sunday, December 3, 2017

Botnet Statistics [2017-12-02]

detection period: 2017-12-02 00:00-23:59 UTC
total number of suspected botnet IPs: 204
number of botnet IPs notified to network operators: 198
number of spam blocked: 29085
recipient count of spam blocked: 267639

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ-HZ19
2CHINANET-GD18
3CHINANET-HB17
4Baidu13
5VNPT-VNNIC-VN9
6CHINANET-JS8
7001.766.744/0001-846
8CHINANET-AH5
9LSN-DLLSTX-24
10CHINANET-ZJ-ZX4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China114
2Brazil20
3Viet Nam12
4United States12
5Iran4
6Czech Republic4
7Romania3
8South Korea3
9Italy3
10India3

Suspected Bot List [2017-12-02]

detection period: 2017-12-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
RU95.68.240.209Russian Federation

List from greylisting:

Saturday, December 2, 2017

Botnet Statistics for November 2017

detection period: 2017-11-01 00:00 - 2017-11-30 23:59 UTC
total number of suspected botnet IPs: 6407
number of blocked spams: 2288563
recipient count of blocked spams: 43448606

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China4171
2Viet Nam765
3United States412
4India140
5Brazil132
6Russian Federation89
7Thailand60
8Italy50
9Ukraine38
10Indonesia36
11Romania34
12France28
13Taiwan23
14Iran23
15Argentina23
16Poland19
17Turkey18
18Czech Republic18
19South Korea16
20Pakistan15
21Kazakhstan15
22Colombia15
23United Kingdom13
24Germany12
25Mexico11

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China724360
2United States540104
3Brazil165226
4Canada118316
5Germany117359
6Hong Kong85123
7Venezuela72241
8Netherlands57282
9Russian Federation55201
10Romania48568
11United Kingdom47301
12Ukraine43094
13Czech Republic41096
14Israel29650
15Belize27923
16Poland21072
17Norway20682
18Iceland16829
19South Korea13478
20Kyrgyzstan13106
21Tunisia7022
22Mexico5711
23Macau3595
24South Africa2594
25Singapore2513

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-12-01]

detection period: 2017-12-01 00:00-23:59 UTC
total number of suspected botnet IPs: 278
number of botnet IPs notified to network operators: 258
number of spam blocked: 29732
recipient count of spam blocked: 50201

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD36
2CHINANET-HB25
3CHINANET-ZJ-HZ19
4001.766.744/0001-8418
5CHINANET-JS14
6Baidu11
7LSN-DLLSTX-210
8VNPT-VNNIC-VN8
9FPT-VN6
10CHINANET-ZJ4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China128
2Brazil36
3Viet Nam21
4United States14
5Poland9
6India9
7Czech Republic7
8Romania4
9Italy4
10Argentina4