Custom Search

Saturday, April 29, 2017

Botnet Statistics [2017-04-28]

detection period: 2017-04-28 00:00-23:59 UTC
total number of suspected botnet IPs: 411
number of botnet IPs notified to network operators: 401
number of spam blocked: 129360
recipient count of spam blocked: 129372

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET81
2WASU69
3VNPT-VNNIC-VN46
4CHINANET-JS18
5CHINANET-GD18
6FPT-VN11
7VIETEL-VN10
8UNICOM-JS10
9BSNLNET8
10VIETEL-VNNIC-VN6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China227
2Viet Nam86
3United States15
4Ukraine10
5Russian Federation10
6India9
7South Korea6
8Thailand4
9United Kingdom4
10Brazil4

Suspected Bot List [2017-04-28]

detection period: 2017-04-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, April 28, 2017

Botnet Statistics for March 2017

detection period: 2017-03-01 00:00 - 2017-03-31 23:59 UTC
total number of suspected botnet IPs: 16031
number of blocked spams: 1211856
recipient count of blocked spams: 33008055

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan7963
2China5025
3Viet Nam387
4India332
5United States254
6Mexico148
7Russian Federation140
8Brazil135
9Iran116
10Indonesia90
11Peru83
12Pakistan72
13South Korea72
14Turkey64
15Colombia61
16Argentina57
17Saudi Arabia45
18Italy44
19France38
20Tunisia36
21Thailand32
22Ukraine29
23Germany28
24South Africa26
25Bangladesh26

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1Taiwan1157391
2United States36098
3China8055
4Russian Federation1587
5Sweden1128
6Netherlands1074
7Estonia1060
8Mexico571
9Romania455
10South Korea435
11Benin424
12Chile411
13Thailand343
14Colombia332
15Brazil330
16Canada207
17France204
18India189
19Ukraine175
20United Kingdom145
21Peru131
22Hong Kong128
23Ecuador119
24Italy118
25Macau102

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-04-27]

detection period: 2017-04-27 00:00-23:59 UTC
total number of suspected botnet IPs: 522
number of botnet IPs notified to network operators: 509
number of spam blocked: 46207
recipient count of spam blocked: 95410

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET82
2WASU72
3VNPT-VNNIC-VN47
4CHINANET-JS35
5CHINANET-GD28
6ETC-VNNIC-VN13
7UNICOM-JS11
8UNICOM-BJ11
9FPT-VN11
10BB-Multiplay11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China280
2Viet Nam98
3India27
4United States19
5Brazil12
6Netherlands10
7Russian Federation9
8Thailand8
9Ukraine7
10Taiwan4

Suspected Bot List [2017-04-27]

detection period: 2017-04-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
SA37.216.243.35Saudi Arabia
US97.89.253.230United States

List from greylisting:

Thursday, April 27, 2017

Botnet Statistics [2017-04-26]

detection period: 2017-04-26 00:00-23:59 UTC
total number of suspected botnet IPs: 407
number of botnet IPs notified to network operators: 396
number of spam blocked: 97195
recipient count of spam blocked: 118436

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET68
2WASU59
3CHINANET-JS57
4VNPT-VNNIC-VN29
5CHINANET-GD26
6UNICOM-JS12
7UNICOM-BJ12
8VIETEL-VN5
9Chinafic5
10WASU-BB4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China270
2Viet Nam46
3United States14
4Russian Federation13
5South Korea5
6India5
7United Kingdom4
8France4
9Germany4
10Brazil4

Suspected Bot List [2017-04-26]

detection period: 2017-04-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
SA37.216.243.35Saudi Arabia
US97.89.253.230United States

List from greylisting:

Wednesday, April 26, 2017

Botnet Statistics [2017-04-25]

detection period: 2017-04-25 00:00-23:59 UTC
total number of suspected botnet IPs: 416
number of botnet IPs notified to network operators: 381
number of spam blocked: 189627
recipient count of spam blocked: 189627

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU60
2CMNET44
3CHINANET-JS38
4VNPT-VNNIC-VN27
5UNICOM-JS15
6CHINANET-GD15
7UNICOM-BJ10
8VIETEL-VN7
9FPT-VN7
10BM-ID7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China219
2Viet Nam48
3India32
4United States19
5Indonesia9
6Bangladesh8
7Turkey5
8Thailand5
9Singapore5
10Brazil5

Suspected Bot List [2017-04-25]

detection period: 2017-04-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 35

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, April 25, 2017

Botnet Statistics [2017-04-24]

detection period: 2017-04-24 00:00-23:59 UTC
total number of suspected botnet IPs: 289
number of botnet IPs notified to network operators: 278
number of spam blocked: 102460
recipient count of spam blocked: 132955

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU78
2CMNET39
3UNICOM-BJ16
4CHINANET-GD13
5PUHI-AP7
6Chinafic5
7ALISOFT4
8HINET-NET3
9HICHINA3
10BSNLNET3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China179
2India15
3United States13
4Singapore9
5Viet Nam8
6Brazil8
7Taiwan5
8Thailand4
9Hong Kong4
10Russian Federation3

Suspected Bot List [2017-04-24]

detection period: 2017-04-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US97.89.253.230United States

List from greylisting:

Monday, April 24, 2017

Botnet Statistics [2017-04-23]

detection period: 2017-04-23 00:00-23:59 UTC
total number of suspected botnet IPs: 286
number of botnet IPs notified to network operators: 283
number of spam blocked: 1030
recipient count of spam blocked: 1030

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU94
2CMNET81
3CHINANET-GD17
4UNICOM-BJ14
5Chinafic5
6WASU-BB4
7NETERRA-TSHOOT-NET3
8TELSTRAINTERNET2-AU2
9KORNET-KR2
10CHINANET-SC2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China236
2United States6
3Russian Federation6
4South Korea4
5United Kingdom4
6France3
7Germany3
8Brazil3
9Bulgaria3
10Australia3

Suspected Bot List [2017-04-23]

detection period: 2017-04-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, April 23, 2017

Suspected Bots' IP List for March 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-03-01]
Suspected Bots IP [2017-03-02]
Suspected Bots IP [2017-03-03]
Suspected Bots IP [2017-03-04]
Suspected Bots IP [2017-03-05]
Suspected Bots IP [2017-03-06]
Suspected Bots IP [2017-03-07]
Suspected Bots IP [2017-03-08]
Suspected Bots IP [2017-03-09]
Suspected Bots IP [2017-03-10]
Suspected Bots IP [2017-03-11]
Suspected Bots IP [2017-03-12]
Suspected Bots IP [2017-03-13]
Suspected Bots IP [2017-03-14]
Suspected Bots IP [2017-03-15]
Suspected Bots IP [2017-03-16]
Suspected Bots IP [2017-03-17]
Suspected Bots IP [2017-03-18]
Suspected Bots IP [2017-03-19]
Suspected Bots IP [2017-03-20]
Suspected Bots IP [2017-03-21]
Suspected Bots IP [2017-03-22]
Suspected Bots IP [2017-03-23]
Suspected Bots IP [2017-03-24]
Suspected Bots IP [2017-03-25]
Suspected Bots IP [2017-03-26]
Suspected Bots IP [2017-03-27]
Suspected Bots IP [2017-03-28]
Suspected Bots IP [2017-03-29]
Suspected Bots IP [2017-03-30]
Suspected Bots IP [2017-03-31]

Botnet Statistics [2017-04-22]

detection period: 2017-04-22 00:00-23:59 UTC
total number of suspected botnet IPs: 112
number of botnet IPs notified to network operators: 110
number of spam blocked: 13414
recipient count of spam blocked: 65342

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET24
2CHINANET-GD15
3NETERRA-TSHOOT-NET7
4UNICOM-BJ5
5Chinafic5
6tonghnetwork2
7xDSL-CLNT-KAMENSKTEL1
8ZZTB-MIB1
9YITAIFENG1
10WESTCALL-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China70
2Bulgaria7
3United States5
4Russian Federation5
5Germany3
6Viet Nam2
7Taiwan2
8Poland2
9South Korea2
10India2

Suspected Bot List [2017-04-22]

detection period: 2017-04-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, April 22, 2017

Botnet Statistics [2017-04-21]

detection period: 2017-04-21 00:00-23:59 UTC
total number of suspected botnet IPs: 354
number of botnet IPs notified to network operators: 336
number of spam blocked: 19061
recipient count of spam blocked: 125006

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET78
2WASU68
3CHINANET-GD12
4UNICOM-BJ11
5VNPT-VNNIC-VN6
6KORNET-KR5
7Chinafic5
8CHINANET-JS5
9CHINANET-AH5
10ALISOFT5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China232
2Russian Federation19
3India14
4Viet Nam13
5United States13
6South Korea6
7Germany5
8Hong Kong3
9Argentina3
10Venezuela2

Suspected Bot List [2017-04-21]

detection period: 2017-04-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.42.24.98Argentina
MX148.243.192.238Mexico
RS89.216.28.123Serbia
RU77.72.82.21Russian Federation
US74.222.4.250United States
US97.89.253.230United States
US140.239.81.98United States
UY167.56.2.57Uruguay

List from greylisting:

Thursday, April 20, 2017

Botnet Statistics [2017-04-19]

detection period: 2017-04-19 00:00-23:59 UTC
total number of suspected botnet IPs: 509
number of botnet IPs notified to network operators: 491
number of spam blocked: 15483
recipient count of spam blocked: 67999

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET115
2WASU96
3CHINANET-GD20
4CHINANET-AH12
5VNPT-VNNIC-VN10
6KORNET-KR10
7UNICOM-BJ9
8CHINANET-JS8
9CHINANET-YN7
10UNICOM-SD6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China345
2Russian Federation22
3Viet Nam19
4United States19
5India18
6South Korea14
7Ukraine5
8Iran5
9Hong Kong4
10South Africa3

Suspected Bot List [2017-04-19]

detection period: 2017-04-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, April 19, 2017

Botnet Statistics [2017-04-18]

detection period: 2017-04-18 00:00-23:59 UTC
total number of suspected botnet IPs: 409
number of botnet IPs notified to network operators: 396
number of spam blocked: 3754
recipient count of spam blocked: 20779

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET91
2WASU79
3CHINANET-GD23
4VNPT-VNNIC-VN8
5CHINANET-AH7
6KORNET-KR6
7UNICOM-GD5
8Chinafic5
9ALISOFT5
10UNICOM-HA4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China278
2Russian Federation20
3Viet Nam18
4United States11
5South Korea11
6India9
7Thailand5
8Ukraine4
9Argentina4
10Romania3

Suspected Bot List [2017-04-18]

detection period: 2017-04-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.42.24.98Argentina
US97.89.253.230United States
UY167.56.227.204Uruguay

List from greylisting:

Tuesday, April 18, 2017

Botnet Statistics [2017-04-17]

detection period: 2017-04-17 00:00-23:59 UTC
total number of suspected botnet IPs: 303
number of botnet IPs notified to network operators: 295
number of spam blocked: 2582
recipient count of spam blocked: 79400

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU88
2CMNET87
3CHINANET-GD20
4UNICOM-BJ11
5Chinafic5
6tonghnetwork3
7KORNET-KR2
8CHINANET-SX2
9CBC-CM-42
10xDSL-CLNT-KAMENSKTEL1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China235
2United States9
3Russian Federation8
4Singapore3
5South Korea3
6Japan3
7Hong Kong3
8United Kingdom3
9France3
10Spain3

Suspected Bot List [2017-04-17]

detection period: 2017-04-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BJ197.234.219.18Benin

List from greylisting:

Monday, April 17, 2017

Botnet Statistics [2017-04-16]

detection period: 2017-04-16 00:00-23:59 UTC
total number of suspected botnet IPs: 273
number of botnet IPs notified to network operators: 263
number of spam blocked: 1923
recipient count of spam blocked: 31981

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET83
2WASU60
3UNICOM-BJ8
4CHINANET-GD8
5Chinafic5
6UNICOM-HA4
7SMARTONE-MB4
8ALISOFT4
9UY-ANTA-LACNIC3
10CAT3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China198
2United States17
3Hong Kong7
4Russian Federation6
5Thailand5
6Uruguay3
7Taiwan3
8South Korea3
9Japan3
10United Kingdom3

Suspected Bot List [2017-04-16]

detection period: 2017-04-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.42.24.98Argentina
PK182.185.1.163Pakistan
US97.89.253.230United States
UY167.57.0.19Uruguay
UY179.25.64.127Uruguay
UY179.26.148.20Uruguay

List from greylisting:

Sunday, April 16, 2017

Botnet Statistics [2017-04-15]

detection period: 2017-04-15 00:00-23:59 UTC
total number of suspected botnet IPs: 168
number of botnet IPs notified to network operators: 165
number of spam blocked: 3708
recipient count of spam blocked: 16463

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET45
2WASU33
3CHINANET-GD9
4UNICOM-BJ8
5VNPT-VNNIC-VN3
6BSNLNET3
7UNICOM-HA2
8UNICOM-GD2
9CHINANET-ZJ2
10CHINANET-SC2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China119
2United States10
3Russian Federation6
4Viet Nam4
5Japan4
6India3
7United Kingdom3
8Thailand2
9Netherlands2
10South Korea2

Suspected Bot List [2017-04-15]

detection period: 2017-04-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, April 15, 2017

Botnet Statistics [2017-04-14]

detection period: 2017-04-14 00:00-23:59 UTC
total number of suspected botnet IPs: 312
number of botnet IPs notified to network operators: 295
number of spam blocked: 18091
recipient count of spam blocked: 103257

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET55
2WASU33
3UNICOM-BJ10
4CHINANET-GD10
5CHINANET-AH10
6KORNET-KR6
7Chinafic5
8CHINANET-JS5
9VNPT-VNNIC-VN4
10UNICOM-SD4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China183
2United States18
3Russian Federation17
4India11
5Viet Nam9
6South Korea8
7Ukraine6
8Thailand3
9Netherlands3
10Japan3

Suspected Bot List [2017-04-14]

detection period: 2017-04-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
PS178.214.77.180Occupied Palestinian Territory
RS89.216.28.123Serbia
TR85.99.231.121Turkey
US74.222.4.250United States
US97.89.253.230United States

List from greylisting:

Tuesday, April 11, 2017

Botnet Statistics [2017-04-10]

detection period: 2017-04-10 00:00-23:59 UTC
total number of suspected botnet IPs: 343
number of botnet IPs notified to network operators: 333
number of spam blocked: 15318
recipient count of spam blocked: 67229

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET102
2WASU59
3CHINANET-GD23
4UNICOM-BJ11
5CHINANET-JS6
6MSFT5
7KORNET-KR5
8Chinafic5
9UNICOM-HA3
10KRNIC-KR3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China243
2United States19
3India18
4South Korea9
5Russian Federation7
6Indonesia5
7Viet Nam4
8Iran4
9Japan3
10Italy3

Suspected Bot List [2017-04-10]

detection period: 2017-04-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, April 10, 2017

Botnet Statistics [2017-04-09]

detection period: 2017-04-09 00:00-23:59 UTC
total number of suspected botnet IPs: 265
number of botnet IPs notified to network operators: 257
number of spam blocked: 12529
recipient count of spam blocked: 59644

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET99
2WASU72
3WASU-BB13
4UNICOM-BJ13
5CHINANET-GD7
6Chinafic5
7JUMPLINE-COM3
8VE-TTRU-LACNIC2
9UNICOM-JL2
10HINET-NET2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China226
2United States9
3Brazil4
4Taiwan3
5Venezuela2
6Russian Federation2
7South Korea2
8Japan2
9Italy2
10Hong Kong2

Suspected Bot List [2017-04-09]

detection period: 2017-04-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, April 9, 2017

Botnet Statistics [2017-04-08]

detection period: 2017-04-08 00:00-23:59 UTC
total number of suspected botnet IPs: 248
number of botnet IPs notified to network operators: 235
number of spam blocked: 13466
recipient count of spam blocked: 89825

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET47
2WASU31
3UNICOM-BJ10
4CHINANET-GD8
5CHINANET-JS6
6BSNLNET4
7ALISOFT4
8UNICOM-SD3
9UNICOM-GD3
10KORNET-KR3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China157
2United States13
3Russian Federation12
4India9
5South Korea5
6Thailand4
7Viet Nam3
8Taiwan3
9Pakistan3
10Ukraine2

Suspected Bot List [2017-04-08]

detection period: 2017-04-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN122.174.127.201India
MX200.79.121.225Mexico
US67.229.103.42United States

List from greylisting:

Saturday, April 8, 2017

Botnet Statistics [2017-04-07]

detection period: 2017-04-07 00:00-23:59 UTC
total number of suspected botnet IPs: 352
number of botnet IPs notified to network operators: 335
number of spam blocked: 10680
recipient count of spam blocked: 104397

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET76
2WASU21
3UNICOM-BJ9
4CHINANET-JS9
5CHINANET-HN9
6CHINANET-GD8
7CHINANET-AH8
8KORNET-KR6
9VNPT-VNNIC-VN5
10UNICOM-SD5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China213
2United States16
3India14
4Viet Nam13
5South Korea7
6Russian Federation6
7Taiwan5
8Bangladesh5
9Pakistan4
10France4

Suspected Bot List [2017-04-07]

detection period: 2017-04-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX200.79.121.225Mexico
TW123.195.73.108Taiwan

List from greylisting:

Friday, April 7, 2017

Botnet Statistics [2017-04-06]

detection period: 2017-04-06 00:00-23:59 UTC
total number of suspected botnet IPs: 440
number of botnet IPs notified to network operators: 420
number of spam blocked: 10255
recipient count of spam blocked: 53974

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET111
2WASU52
3CHINANET-GD28
4UNICOM-BJ13
5CHINANET-AH13
6CHINANET-HN8
7CHINANET-JS7
8KORNET-KR6
9CHINANET-YN6
10BSNLNET6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China314
2India18
3Russian Federation16
4United States15
5South Korea10
6Viet Nam5
7Ukraine5
8Japan4
9Taiwan3
10Thailand3

Suspected Bot List [2017-04-06]

detection period: 2017-04-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, April 6, 2017

Botnet Statistics [2017-04-05]

detection period: 2017-04-05 00:00-23:59 UTC
total number of suspected botnet IPs: 537
number of botnet IPs notified to network operators: 507
number of spam blocked: 5165
recipient count of spam blocked: 63217

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET95
2WASU38
3CHINANET-JS21
4KORNET-KR19
5CHINANET-AH16
6CHINANET-GD14
7UNICOM-SD8
8UNICOM-BJ8
9CHINANET-HN8
10BSNLNET8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China319
2Russian Federation32
3United States25
4India25
5South Korea24
6Viet Nam11
7Ukraine9
8Taiwan8
9Pakistan7
10Mexico4

Suspected Bot List [2017-04-05]

detection period: 2017-04-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 30

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DZ105.104.21.224Algeria
MX200.79.121.225Mexico
US97.89.253.230United States
UY179.26.55.78Uruguay

List from greylisting:

Wednesday, April 5, 2017

Botnet Statistics [2017-04-04]

detection period: 2017-04-04 00:00-23:59 UTC
total number of suspected botnet IPs: 567
number of botnet IPs notified to network operators: 535
number of spam blocked: 2955
recipient count of spam blocked: 4423

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET53
2WASU40
3CHINANET-AH26
4KORNET-KR23
5CHINANET-GD23
6BSNLNET19
7CHINANET-JS16
8UNICOM-BJ12
9CHINANET-HN10
10CHINANET-SC9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China329
2India43
3Russian Federation32
4South Korea32
5United States22
6Viet Nam12
7Ukraine7
8Antigua And Barbuda6
9Taiwan5
10Japan5

Suspected Bot List [2017-04-04]

detection period: 2017-04-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, April 4, 2017

Botnet Statistics [2017-04-03]

detection period: 2017-04-03 00:00-23:59 UTC
total number of suspected botnet IPs: 555
number of botnet IPs notified to network operators: 528
number of spam blocked: 1975
recipient count of spam blocked: 3115

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET67
2WASU36
3CHINANET-AH20
4CHINANET-GD18
5CHINANET-JS17
6KORNET-KR14
7BSNLNET13
8VNPT-VNNIC-VN10
9UNICOM-SD7
10CHINANET-YN7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China313
2India33
3Russian Federation29
4United States26
5South Korea20
6Viet Nam18
7Iran8
8Ukraine7
9Indonesia7
10Taiwan6

Suspected Bot List [2017-04-03]

detection period: 2017-04-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 27

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, April 3, 2017

Botnet Statistics [2017-04-02]

detection period: 2017-04-02 00:00-23:59 UTC
total number of suspected botnet IPs: 490
number of botnet IPs notified to network operators: 454
number of spam blocked: 1020
recipient count of spam blocked: 1020

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET85
2CHINANET-GD19
3WASU15
4KORNET-KR14
5CHINANET-AH11
6CHINANET-JS10
7BSNLNET10
8CHINANET-HN7
9BHARTI-IN7
10UNICOM-SD6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China259
2India29
3Russian Federation25
4United States24
5South Korea16
6Viet Nam10
7Mexico9
8Indonesia8
9Japan5
10Canada5

Suspected Bot List [2017-04-02]

detection period: 2017-04-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, April 2, 2017

Botnet Statistics [2017-04-01]

detection period: 2017-04-01 00:00-23:59 UTC
total number of suspected botnet IPs: 390
number of botnet IPs notified to network operators: 358
number of spam blocked: 847
recipient count of spam blocked: 847

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET35
2CHINANET-GD16
3BSNLNET11
4CHINANET-JS10
5VNPT-VNNIC-VN9
6KORNET-KR9
7CHINANET-AH8
8CHINANET-GZ6
9UNICOM-GD5
10IDTELKOM-ID5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China177
2India34
3Russian Federation19
4Viet Nam18
5United States16
6South Korea15
7Mexico10
8Ukraine9
9Indonesia8
10Japan6

Suspected Bot List [2017-04-01]

detection period: 2017-04-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, April 1, 2017

Botnet Statistics [2017-03-31]

detection period: 2017-03-31 00:00-23:59 UTC
total number of suspected botnet IPs: 363
number of botnet IPs notified to network operators: 314
number of spam blocked: 944
recipient count of spam blocked: 944

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET17
2CHINANET-GD15
3CHINANET-JS13
4VNPT-VNNIC-VN11
5KORNET-KR9
6CHINANET-AH8
7BHARTI-IN7
8UNICOM-GD5
9SINGLEHOP5
10Chinafic5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China138
2India26
3Viet Nam18
4United States17
5South Korea17
6Russian Federation15
7Indonesia11
8Pakistan9
9Peru8
10Mexico7

Suspected Bot List [2017-03-31]

detection period: 2017-03-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 49

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, March 31, 2017

Botnet Statistics [2017-03-30]

detection period: 2017-03-30 00:00-23:59 UTC
total number of suspected botnet IPs: 260
number of botnet IPs notified to network operators: 223
number of spam blocked: 914
recipient count of spam blocked: 943

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1SINGLEHOP14
2CMNET14
3CHINANET-AH9
4VNPT-VNNIC-VN8
5CHINANET-GD8
6BHARTI-IN6
7UNICOM-BJ5
8Chinafic5
9CHINANET-JS4
10BSNLNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China80
2United States28
3India24
4Viet Nam13
5Russian Federation11
6Mexico11
7Indonesia9
8Turkey6
9Peru6
10Saudi Arabia5

Suspected Bot List [2017-03-30]

detection period: 2017-03-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 37

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, March 30, 2017

Botnet Statistics [2017-03-29]

detection period: 2017-03-29 00:00-23:59 UTC
total number of suspected botnet IPs: 279
number of botnet IPs notified to network operators: 250
number of spam blocked: 2394
recipient count of spam blocked: 32388

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET11
2VNPT-VNNIC-VN9
3ALISOFT8
4CHINANET-JS6
5Chinafic5
6CHINANET-JX5
7CHINANET-GZ5
8CHINANET-AH5
9VIETEL-VNNIC-VN4
10UNICOM-SH4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China109
2Viet Nam15
3United States14
4Russian Federation14
5Mexico9
6Argentina8
7India7
8Indonesia7
9Brazil6
10Ukraine5

Suspected Bot List [2017-03-29]

detection period: 2017-03-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 29

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.125.123.132Argentina

List from greylisting:

Wednesday, March 29, 2017

Botnet Statistics [2017-03-28]

detection period: 2017-03-28 00:00-23:59 UTC
total number of suspected botnet IPs: 246
number of botnet IPs notified to network operators: 234
number of spam blocked: 2339
recipient count of spam blocked: 39216

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU-BB18
2UNICOM-ZJ16
3CMNET13
4CHINANET-GD9
5UNICOM-GD6
6CHINANET-JS6
7ALISOFT6
8UNICOM-SD5
9UNICOM-BJ5
10Chinafic5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China147
2Russian Federation16
3United States12
4India7
5Viet Nam6
6South Korea5
7Taiwan4
8Japan4
9Pakistan3
10Mexico3

Suspected Bot List [2017-03-28]

detection period: 2017-03-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TW123.194.225.45Taiwan

List from greylisting:

Tuesday, March 28, 2017

Botnet Statistics [2017-03-27]

detection period: 2017-03-27 00:00-23:59 UTC
total number of suspected botnet IPs: 323
number of botnet IPs notified to network operators: 316
number of spam blocked: 1597
recipient count of spam blocked: 19780

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ59
2WASU-BB40
3CMNET13
4CHINANET-JS12
5CHINANET-GD10
6CHINANET-AH8
7ALISOFT6
8WASU5
9UNICOM-BJ5
10Chinafic5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China223
2Russian Federation15
3United States14
4South Korea8
5India8
6Ukraine5
7Mexico4
8Taiwan3
9Netherlands2
10Kazakhstan2

Suspected Bot List [2017-03-27]

detection period: 2017-03-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, March 27, 2017

Suspected Bot List [2017-03-26]

detection period: 2017-03-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
UY167.57.56.100Uruguay

List from greylisting:

Botnet Statistics [2017-03-26]

detection period: 2017-03-26 00:00-23:59 UTC
total number of suspected botnet IPs: 285
number of botnet IPs notified to network operators: 274
number of spam blocked: 1532
recipient count of spam blocked: 23294

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ50
2WASU-BB38
3CMNET9
4ALISOFT8
5CHINANET-JS6
6CHINANET-AH6
7Chinafic5
8CHINANET-HN5
9CHINANET-HB5
10CHINANET-GD5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China187
2Russian Federation17
3United States12
4Viet Nam9
5Brazil6
6India5
7South Korea4
8Thailand3
9Mexico3
10Ukraine2

Sunday, March 26, 2017

Botnet Statistics [2017-03-25]

detection period: 2017-03-25 00:00-23:59 UTC
total number of suspected botnet IPs: 255
number of botnet IPs notified to network operators: 223
number of spam blocked: 684
recipient count of spam blocked: 684

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ48
2WASU-BB26
3VNPT-VNNIC-VN10
4CHINANET-GD7
5Chinafic5
6CMNET5
7WASU4
8PE-TPSA-LACNIC4
9FPT-VN4
10PTCLBB-PK3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China120
2Viet Nam19
3India17
4United States8
5Brazil8
6Mexico7
7Turkey6
8Saudi Arabia6
9Argentina6
10Peru5

Suspected Bot List [2017-03-25]

detection period: 2017-03-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, March 25, 2017

Botnet Statistics [2017-03-24]

detection period: 2017-03-24 00:00-23:59 UTC
total number of suspected botnet IPs: 680
number of botnet IPs notified to network operators: 623
number of spam blocked: 2222
recipient count of spam blocked: 32469

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ129
2WASU62
3WASU-BB59
4CMNET16
5CHINANET-GD15
6UNICOM-GX14
7VNPT-VNNIC-VN13
8CHINANET-JS10
9CHINANET-CQ10
10UNICOM-SD8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China429
2Viet Nam30
3India23
4Russian Federation18
5Mexico17
6United States16
7Taiwan15
8Brazil11
9Peru8
10South Korea8

Suspected Bot List [2017-03-24]

detection period: 2017-03-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 57

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
BJ164.160.143.5Benin
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IN125.16.240.197India
IN203.192.212.52India
MV202.1.197.227Republic of Maldives
RU91.197.234.102Russian Federation
TW118.233.120.41Taiwan
TW118.233.127.25Taiwan
TW123.194.125.182Taiwan
ZA196.46.23.122South Africa

List from greylisting:

Friday, March 24, 2017

Suspected Bot List [2017-03-23]

detection period: 2017-03-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 72

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
BJ197.234.219.53Benin
BO186.27.126.130Bolivia
CL186.79.165.175Chile
CL200.50.61.39Chile
CN58.211.143.130China
CN59.76.48.238China
CN59.110.70.226China
CN60.205.157.58China
CN120.25.166.199China
CN120.26.98.146China
CN120.55.64.90China
CN120.77.17.171China
CN121.31.64.106China
CN123.56.77.15China
CN123.56.191.65China
CN182.92.223.227China
CN221.231.97.123China
CO186.154.234.164Colombia
CO190.60.234.186Colombia
EC186.69.32.14Ecuador
FR178.32.6.67France
IN125.16.240.197India
IN203.192.212.52India
IN223.196.86.227India
IN223.196.86.228India
KR61.14.208.52South Korea
MX200.39.24.109Mexico
MX201.144.15.227Mexico
PE190.117.120.241Peru
RU91.197.234.102Russian Federation
RU95.37.217.132Russian Federation
TH203.154.115.180Thailand
TW114.41.242.186Taiwan
TW123.194.125.182Taiwan
UY167.57.10.212Uruguay
ZA196.46.23.122South Africa

List from greylisting: