Custom Search

Monday, November 20, 2017

Botnet Statistics [2017-11-19]

detection period: 2017-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 150
number of botnet IPs notified to network operators: 144
number of spam blocked: 12218
recipient count of spam blocked: 29125

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD34
2CHINANET-HB20
3CHINANET-JS13
4Baidu13
5CHINANET-ZJ6
6CHINANET-ZJ-TZ4
7CHINANET-SD4
8UNICOM-GD3
9PSINETA3
10CHINANET-AH3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China120
2United States4
3Russian Federation4
4Brazil4
5Taiwan2
6Netherlands2
7Bangladesh2
8Ukraine1
9Thailand1
10Romania1

Suspected Bot List [2017-11-19]

detection period: 2017-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, November 19, 2017

Botnet Statistics [2017-11-18]

detection period: 2017-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 205
number of botnet IPs notified to network operators: 186
number of spam blocked: 42513
recipient count of spam blocked: 657345

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD25
2CHINANET-HB16
3CHINANET-JS15
4Baidu13
5VNPT-VNNIC-VN11
6PSINETA6
7CHINANET-ZJ-TZ6
8VIETEL-VN4
9UNICOM-HB4
10FPT-VN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China104
2Viet Nam27
3United States13
4Russian Federation8
5Brazil7
6Germany4
7Ukraine3
8Thailand3
9Romania3
10South Korea3

Suspected Bot List [2017-11-18]

detection period: 2017-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States

List from greylisting:

Saturday, November 18, 2017

Botnet Statistics [2017-11-17]

detection period: 2017-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 272
number of botnet IPs notified to network operators: 259
number of spam blocked: 67442
recipient count of spam blocked: 1307920

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB41
2UNICOM-ZJ37
3CHINANET-GD35
4CHINANET-JS18
5WASU14
6VNPT-VNNIC-VN12
7Baidu12
8UNIFIEDLAYER-NETWORK-1411
9VIETEL-VNNIC-VN3
10VIETEL-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China186
2Viet Nam24
3United States20
4Russian Federation5
5Thailand3
6Italy3
7India3
8Germany3
9Brazil3
10Argentina3

Suspected Bot List [2017-11-17]

detection period: 2017-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States

List from greylisting:

Friday, November 17, 2017

Suspected Bots' IP List for October 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-10-01]
Suspected Bots IP [2017-10-02]
Suspected Bots IP [2017-10-04]
Suspected Bots IP [2017-10-05]
Suspected Bots IP [2017-10-06]
Suspected Bots IP [2017-10-07]
Suspected Bots IP [2017-10-08]
Suspected Bots IP [2017-10-10]
Suspected Bots IP [2017-10-11]
Suspected Bots IP [2017-10-12]
Suspected Bots IP [2017-10-13]
Suspected Bots IP [2017-10-14]
Suspected Bots IP [2017-10-15]
Suspected Bots IP [2017-10-16]
Suspected Bots IP [2017-10-17]
Suspected Bots IP [2017-10-18]
Suspected Bots IP [2017-10-19]
Suspected Bots IP [2017-10-20]
Suspected Bots IP [2017-10-21]
Suspected Bots IP [2017-10-22]
Suspected Bots IP [2017-10-23]
Suspected Bots IP [2017-10-24]
Suspected Bots IP [2017-10-25]
Suspected Bots IP [2017-10-26]
Suspected Bots IP [2017-10-27]
Suspected Bots IP [2017-10-28]
Suspected Bots IP [2017-10-29]
Suspected Bots IP [2017-10-30]
Suspected Bots IP [2017-10-31]

Botnet Statistics [2017-11-16]

detection period: 2017-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 317
number of botnet IPs notified to network operators: 309
number of spam blocked: 51356
recipient count of spam blocked: 987310

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ67
2CMNET26
3CHINANET-HB25
4Baidu25
5WASU21
6CHINANET-JS18
7CHINANET-GD14
8VNPT-VNNIC-VN10
9UNIFIEDLAYER-NETWORK-138
10UNIFIEDLAYER-NETWORK-146

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China231
2Viet Nam27
3United States19
4Germany3
5Turkey2
6Russian Federation2
7Romania2
8Norway2
9South Korea2
10Iceland2

Suspected Bot List [2017-11-16]

detection period: 2017-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan

List from greylisting:

Thursday, November 16, 2017

Botnet Statistics [2017-11-15]

detection period: 2017-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 315
number of botnet IPs notified to network operators: 307
number of spam blocked: 29126
recipient count of spam blocked: 418045

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ77
2WASU35
3CHINANET-GD28
4Baidu27
5CMNET21
6CHINANET-HB20
7CHINANET-JS15
8CHINANET-ZJ-TZ12
9UNIFIEDLAYER-NETWORK-1411
10UNICOM-HB3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China265
2United States15
3Russian Federation4
4Germany3
5Viet Nam2
6Taiwan2
7Turkey2
8Norway2
9Iceland2
10Brazil2

Suspected Bot List [2017-11-15]

detection period: 2017-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, November 15, 2017

Botnet Statistics [2017-11-14]

detection period: 2017-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 513
number of botnet IPs notified to network operators: 491
number of spam blocked: 98073
recipient count of spam blocked: 2322895

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD147
2UNICOM-ZJ72
3CHINANET-HB46
4Baidu27
5WASU25
6CMNET20
7CHINANET-JS18
8CHINANET-ZJ-TZ15
9VNPT-VNNIC-VN11
10UNIFIEDLAYER-NETWORK-148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China398
2Viet Nam24
3United States21
4India9
5Brazil7
6Thailand4
7Russian Federation4
8Romania4
9Germany4
10Ukraine3

Suspected Bot List [2017-11-14]

detection period: 2017-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States

List from greylisting:

Tuesday, November 14, 2017

Botnet Statistics [2017-11-13]

detection period: 2017-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 363
number of botnet IPs notified to network operators: 347
number of spam blocked: 83654
recipient count of spam blocked: 2141817

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ60
2CHINANET-HB52
3WASU33
4Baidu27
5CHINANET-JS22
6CMNET19
7VNPT-VNNIC-VN15
8LSN-DLLSTX-28
9CHINANET-GD8
10UNICOM-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China261
2Viet Nam30
3United States18
4Russian Federation6
5Turkey5
6India4
7Germany4
8Argentina4
9Ukraine3
10Romania3

Suspected Bot List [2017-11-13]

detection period: 2017-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR191.85.180.182Argentina
BG93.123.73.123Bulgaria
KG31.135.255.209Kyrgyzstan
RU83.234.38.139Russian Federation
RU95.68.240.209Russian Federation
US23.129.64.101United States

List from greylisting:

Monday, November 13, 2017

Botnet Statistics [2017-11-12]

detection period: 2017-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 384
number of botnet IPs notified to network operators: 366
number of spam blocked: 82834
recipient count of spam blocked: 2209188

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ56
2CHINANET-HB45
3VNPT-VNNIC-VN33
4Baidu26
5WASU25
6CHINANET-JS23
7CMNET17
8VIETEL-VN7
9ETC-VNNIC-VN7
10FPT-VN6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China230
2Viet Nam66
3Russian Federation13
4United States9
5India7
6Brazil6
7Romania5
8Taiwan3
9Iran3
10Indonesia3

Suspected Bot List [2017-11-12]

detection period: 2017-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Sunday, November 12, 2017

Botnet Statistics [2017-11-11]

detection period: 2017-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 296
number of botnet IPs notified to network operators: 284
number of spam blocked: 84782
recipient count of spam blocked: 1999217

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB41
2CHINANET-JS34
3Baidu26
4VNPT-VNNIC-VN22
5UNICOM-ZJ10
6VIETEL-VN9
7CMNET9
8CHINANET-GD9
9PSINETA6
10WASU5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China177
2Viet Nam44
3United States13
4Russian Federation6
5Romania5
6Turkey4
7Netherlands4
8Thailand3
9India3
10Germany3

Suspected Bot List [2017-11-11]

detection period: 2017-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Saturday, November 11, 2017

Botnet Statistics [2017-11-10]

detection period: 2017-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 250
number of botnet IPs notified to network operators: 231
number of spam blocked: 91194
recipient count of spam blocked: 2136158

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS35
2CHINANET-HB34
3Baidu27
4CHINANET-GD9
5MSFT7
6CHINANET-ZJ-TZ7
7UNIFIEDLAYER-NETWORK-146
8WASU4
9VIETEL-VN4
10CHINANET-ZJ4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China161
2United States25
3Viet Nam12
4Russian Federation5
5Romania5
6India4
7Germany4
8Taiwan3
9Netherlands3
10Norway2

Suspected Bot List [2017-11-10]

detection period: 2017-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Friday, November 10, 2017

Botnet Statistics [2017-11-09]

detection period: 2017-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 449
number of botnet IPs notified to network operators: 434
number of spam blocked: 97869
recipient count of spam blocked: 2235404

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ105
2WASU54
3CHINANET-JS36
4CMNET27
5Baidu27
6CHINANET-HB25
7CHINANET-GD13
8VNPT-VNNIC-VN8
9UNIFIEDLAYER-NETWORK-148
10FPT-VN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China336
2Viet Nam25
3United States18
4Romania6
5Russian Federation4
6Italy4
7India4
8United Kingdom4
9Germany4
10Brazil4

Suspected Bot List [2017-11-09]

detection period: 2017-11-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Thursday, November 9, 2017

Botnet Statistics [2017-11-08]

detection period: 2017-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 496
number of botnet IPs notified to network operators: 430
number of spam blocked: 80254
recipient count of spam blocked: 1845716

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ106
2WASU54
3MSFT48
4CHINANET-JS34
5Baidu27
6CMNET23
7CHINANET-HB23
8CHINANET-ZJ-TZ13
9CHINANET-GD13
10ARUBADE-NET12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China335
2United States64
3Viet Nam15
4India15
5France12
6Russian Federation5
7Romania5
8United Kingdom4
9Germany4
10Brazil3

Suspected Bot List [2017-11-08]

detection period: 2017-11-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 66

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Wednesday, November 8, 2017

Botnet Statistics [2017-11-07]

detection period: 2017-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 452
number of botnet IPs notified to network operators: 434
number of spam blocked: 72469
recipient count of spam blocked: 1772739

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ97
2CHINANET-JS67
3WASU33
4CMNET25
5CHINANET-HB25
6Baidu25
7CHINANET-GD17
8UNIFIEDLAYER-NETWORK-147
9VIETEL-VNNIC-VN5
10UNICOM-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China342
2United States15
3Viet Nam12
4India11
5Russian Federation5
6Romania5
7Italy4
8Indonesia4
9Germany4
10Turkey3

Suspected Bot List [2017-11-07]

detection period: 2017-11-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Tuesday, November 7, 2017

Botnet Statistics [2017-11-06]

detection period: 2017-11-06 00:00-23:59 UTC
total number of suspected botnet IPs: 414
number of botnet IPs notified to network operators: 405
number of spam blocked: 66123
recipient count of spam blocked: 1648305

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ85
2CHINANET-JS64
3WASU39
4CHINANET-GD31
5CHINANET-HB24
6CMNET19
7Baidu18
8CC-1610
9UNIFIEDLAYER-NETWORK-147
10CHINANET-ZJ7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China335
2United States21
3Russian Federation5
4Romania5
5Canada5
6Hong Kong3
7United Kingdom3
8Germany3
9Brazil3
10Thailand2

Suspected Bot List [2017-11-06]

detection period: 2017-11-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Monday, November 6, 2017

Botnet Statistics [2017-11-05]

detection period: 2017-11-05 00:00-23:59 UTC
total number of suspected botnet IPs: 375
number of botnet IPs notified to network operators: 360
number of spam blocked: 63786
recipient count of spam blocked: 1510393

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB48
2VNPT-VNNIC-VN38
3CHINANET-JS37
4UNICOM-ZJ26
5CHINANET-GD15
6Baidu15
7FPT-VN14
8WASU12
9CMNET11
10ETC-VNNIC-VN7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China216
2Viet Nam71
3Russian Federation10
4United States9
5Brazil7
6Romania6
7Thailand5
8Ukraine4
9United Kingdom4
10Turkey3

Suspected Bot List [2017-11-05]

detection period: 2017-11-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Sunday, November 5, 2017

Botnet Statistics [2017-11-04]

detection period: 2017-11-04 00:00-23:59 UTC
total number of suspected botnet IPs: 227
number of botnet IPs notified to network operators: 218
number of spam blocked: 61919
recipient count of spam blocked: 1422818

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS32
2CHINANET-GD26
3CHINANET-HB19
4Baidu15
5ARUBA-NET12
6VNPT-VNNIC-VN5
7CHINANET-ZJ-TZ5
8CHINANET-ZJ4
9VIETEL-VN3
10UNIFIEDLAYER-NETWORK-143

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China135
2Viet Nam15
3Italy14
4United States13
5Russian Federation9
6Romania4
7United Kingdom4
8India3
9Germany3
10Brazil3

Suspected Bot List [2017-11-04]

detection period: 2017-11-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
NL94.177.123.116Netherlands
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Saturday, November 4, 2017

Botnet Statistics [2017-11-03]

detection period: 2017-11-03 00:00-23:59 UTC
total number of suspected botnet IPs: 338
number of botnet IPs notified to network operators: 318
number of spam blocked: 79213
recipient count of spam blocked: 1854303

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ50
2WASU28
3CHINANET-JS20
4CHINANET-HB17
5VNPT-VNNIC-VN16
6CHINANET-ZJ-TZ16
7Baidu15
8CMNET9
9VIETEL-VN8
10UNIFIEDLAYER-NETWORK-148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China212
2Viet Nam39
3United States14
4India11
5Russian Federation7
6Romania6
7United Kingdom4
8Indonesia3
9Germany3
10Brazil3

Suspected Bot List [2017-11-03]

detection period: 2017-11-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Friday, November 3, 2017

Botnet Statistics [2017-11-02]

detection period: 2017-11-02 00:00-23:59 UTC
total number of suspected botnet IPs: 360
number of botnet IPs notified to network operators: 345
number of spam blocked: 77814
recipient count of spam blocked: 1715832

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ70
2WASU41
3CHINANET-HB27
4CMNET24
5CHINANET-JS20
6Baidu14
7VNPT-VNNIC-VN11
8CHINANET-GD11
9CHINANET-ZJ-TZ7
10JOESDC-016

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China258
2Viet Nam20
3United States14
4India10
5Russian Federation5
6Indonesia5
7United Kingdom4
8Germany4
9Taiwan3
10Romania3

Suspected Bot List [2017-11-02]

detection period: 2017-11-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
CA167.114.34.116Canada
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Thursday, November 2, 2017

Botnet Statistics [2017-11-01]

detection period: 2017-11-01 00:00-23:59 UTC
total number of suspected botnet IPs: 401
number of botnet IPs notified to network operators: 373
number of spam blocked: 80896
recipient count of spam blocked: 1741027

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ85
2WASU43
3CHINANET-HB21
4CHINANET-JS20
5MSFT16
6CHINANET-GD16
7CMNET15
8Baidu14
9UNIFIEDLAYER-NETWORK-1410
10VNPT-VNNIC-VN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China275
2United States32
3Viet Nam20
4India15
5Russian Federation7
6Israel5
7Romania4
8South Korea4
9Italy4
10Germany4

Suspected Bot List [2017-11-01]

detection period: 2017-11-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 28

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
CA167.114.34.116Canada
IN203.153.39.140India
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Wednesday, November 1, 2017

Botnet Statistics for October 2017

detection period: 2017-10-01 00:00 - 2017-10-31 23:59 UTC
total number of suspected botnet IPs: 9754
number of blocked spams: 1862225
recipient count of blocked spams: 29017655

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China3553
2Viet Nam1425
3India590
4United States379
5Mexico300
6Brazil273
7Iran271
8Peru227
9Colombia173
10Turkey157
11Saudi Arabia110
12Argentina108
13Indonesia104
14Pakistan90
15Italy88
16Russian Federation84
17Thailand83
18Tunisia75
19South Korea63
20Poland56
21Taiwan55
22Bolivia53
23Ukraine50
24Macedonia50
25Bulgaria47

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1United States582453
2China558994
3Brazil125398
4Netherlands106317
5Russian Federation72759
6United Kingdom57362
7Ukraine54610
8Germany53182
9Hong Kong46770
10Venezuela24511
11Canada22465
12Romania21294
13South Korea18736
14Macau15669
15Poland15362
16Norway14451
17South Africa13186
18Belize9788
19Tunisia6744
20Singapore6722
21Bulgaria3722
22Hungary3134
23Iceland2664
24Viet Nam2651
25India2627

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-10-31]

detection period: 2017-10-31 00:00-23:59 UTC
total number of suspected botnet IPs: 383
number of botnet IPs notified to network operators: 365
number of spam blocked: 76943
recipient count of spam blocked: 1738597

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ79
2WASU34
3CHINANET-GD28
4CMNET23
5CHINANET-JS20
6Baidu15
7VNPT-VNNIC-VN12
8CHINANET-HB12
9UNIFIEDLAYER-NETWORK-146
10UNICOM-HB6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China262
2Viet Nam19
3United States17
4India14
5Brazil10
6Germany7
7Russian Federation4
8Romania4
9Iran3
10Indonesia3

Suspected Bot List [2017-10-31]

detection period: 2017-10-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
CA167.114.34.116Canada
IN203.153.39.140India
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Tuesday, October 31, 2017

Botnet Statistics [2017-10-30]

detection period: 2017-10-30 00:00-23:59 UTC
total number of suspected botnet IPs: 367
number of botnet IPs notified to network operators: 349
number of spam blocked: 72438
recipient count of spam blocked: 1718001

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ72
2WASU36
3CHINANET-GD31
4CHINANET-JS24
5Baidu15
6CMNET13
7CHINANET-HB12
8UNIFIEDLAYER-NETWORK-147
9VNPT-VNNIC-VN5
10UNICOM-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China264
2United States21
3Viet Nam7
4Brazil7
5India6
6Russian Federation5
7Turkey4
8Romania4
9Israel4
10Germany4

Suspected Bot List [2017-10-30]

detection period: 2017-10-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
FR82.64.21.28France
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Monday, October 30, 2017

Botnet Statistics [2017-10-29]

detection period: 2017-10-29 00:00-23:59 UTC
total number of suspected botnet IPs: 341
number of botnet IPs notified to network operators: 320
number of spam blocked: 56830
recipient count of spam blocked: 1330539

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS40
2UNICOM-ZJ32
3VNPT-VNNIC-VN22
4CHINANET-GD15
5Baidu15
6WASU13
7FPT-VN9
8CMNET8
9CHINANET-ZJ8
10CHINANET-LN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China208
2Viet Nam50
3United States11
4Brazil10
5Russian Federation8
6Romania6
7Germany6
8Argentina6
9South Korea3
10India3

Suspected Bot List [2017-10-29]

detection period: 2017-10-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
FR82.64.21.28France
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Saturday, October 28, 2017

Botnet Statistics [2017-10-27]

detection period: 2017-10-27 00:00-23:59 UTC
total number of suspected botnet IPs: 441
number of botnet IPs notified to network operators: 425
number of spam blocked: 65988
recipient count of spam blocked: 1279481

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ80
2CHINANET-JS41
3Baidu40
4WASU29
5VNPT-VNNIC-VN24
6CMNET23
7CHINANET-GD21
8VIETEL-VN11
9UNIFIEDLAYER-NETWORK-1410
10FPT-VN9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China298
2Viet Nam61
3United States22
4Germany7
5Italy6
6Thailand4
7Russian Federation4
8Brazil4
9Romania3
10South Korea3

Suspected Bot List [2017-10-27]

detection period: 2017-10-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
FR82.64.21.28France
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, October 27, 2017

Botnet Statistics [2017-10-26]

detection period: 2017-10-26 00:00-23:59 UTC
total number of suspected botnet IPs: 371
number of botnet IPs notified to network operators: 359
number of spam blocked: 67326
recipient count of spam blocked: 1308837

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ81
2Baidu59
3WASU36
4CMNET27
5CHINANET-JS21
6VNPT-VNNIC-VN16
7UNIFIEDLAYER-NETWORK-148
8CHINANET-HB7
9CHINANET-GD7
10FPT-VN5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China265
2Viet Nam26
3United States25
4Russian Federation8
5Taiwan5
6South Korea5
7Germany5
8Romania3
9Italy3
10Hong Kong3

Suspected Bot List [2017-10-26]

detection period: 2017-10-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Thursday, October 26, 2017

Botnet Statistics [2017-10-25]

detection period: 2017-10-25 00:00-23:59 UTC
total number of suspected botnet IPs: 418
number of botnet IPs notified to network operators: 397
number of spam blocked: 50905
recipient count of spam blocked: 843840

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ85
2Baidu56
3WASU41
4CMNET24
5CHINANET-JS23
6VNPT-VNNIC-VN18
7CHINANET-HB11
8CHINANET-LN10
9CHINANET-GD10
10UNIFIEDLAYER-NETWORK-146

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China289
2Viet Nam39
3United States24
4India8
5Russian Federation6
6Taiwan5
7Thailand5
8Germany4
9Romania3
10South Korea3

Suspected Bot List [2017-10-25]

detection period: 2017-10-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Wednesday, October 25, 2017

Botnet Statistics [2017-10-24]

detection period: 2017-10-24 00:00-23:59 UTC
total number of suspected botnet IPs: 477
number of botnet IPs notified to network operators: 441
number of spam blocked: 69080
recipient count of spam blocked: 1534065

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ66
2Baidu64
3WASU29
4CMNET28
5CHINANET-GD27
6CHINANET-JS21
7VNPT-VNNIC-VN19
8CHINANET-HB12
9CHINANET-HN9
10CHINANET-LN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China304
2Viet Nam41
3United States27
4Russian Federation11
5India11
6Brazil9
7Taiwan6
8Romania5
9Germany5
10Colombia4

Suspected Bot List [2017-10-24]

detection period: 2017-10-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.173.254.28Argentina
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, October 24, 2017

Botnet Statistics [2017-10-23]

detection period: 2017-10-23 00:00-23:59 UTC
total number of suspected botnet IPs: 377
number of botnet IPs notified to network operators: 366
number of spam blocked: 71753
recipient count of spam blocked: 1572987

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ75
2Baidu67
3WASU34
4CHINANET-GD34
5CHINANET-JS24
6CMNET16
7CHINANET-HB10
8UNIFIEDLAYER-NETWORK-147
9UNICOM-HB5
10CHINANET-LN5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China308
2United States19
3Russian Federation5
4Germany5
5Taiwan4
6Turkey4
7Argentina3
8Sweden2
9Romania2
10South Korea2

Suspected Bot List [2017-10-23]

detection period: 2017-10-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RS89.216.28.123Serbia
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, October 23, 2017

Botnet Statistics [2017-10-22]

detection period: 2017-10-22 00:00-23:59 UTC
total number of suspected botnet IPs: 347
number of botnet IPs notified to network operators: 332
number of spam blocked: 62348
recipient count of spam blocked: 1432527

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu67
2CHINANET-JS38
3CHINANET-GD31
4VNPT-VNNIC-VN29
5UNICOM-ZJ22
6CMNET11
7WASU9
8ETC-VNNIC-VN8
9CHINANET-HB8
10VIETEL-VN7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China216
2Viet Nam64
3United States12
4Germany7
5Russian Federation5
6Brazil5
7Taiwan3
8Romania3
9South Korea3
10Sweden2

Suspected Bot List [2017-10-22]

detection period: 2017-10-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, October 22, 2017

Botnet Statistics [2017-10-21]

detection period: 2017-10-21 00:00-23:59 UTC
total number of suspected botnet IPs: 296
number of botnet IPs notified to network operators: 280
number of spam blocked: 54106
recipient count of spam blocked: 1166226

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu67
2CHINANET-JS30
3CHINANET-GD30
4VNPT-VNNIC-VN20
5CHINANET-HB10
6VIETEL-VN8
7FPT-VN7
8LSN-DLLSTX-26
9VIETEL-VNNIC-VN5
10Turkbil-internet-hizmetleri3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China164
2Viet Nam44
3United States13
4Brazil8
5Germany7
6Russian Federation6
7Thailand5
8Turkey4
9Taiwan3
10South Korea3

Suspected Bot List [2017-10-21]

detection period: 2017-10-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ES176.86.145.47Spain
RS89.216.28.123Serbia
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
TH61.7.236.60Thailand
ZA196.46.23.122South Africa

List from greylisting:

Saturday, October 21, 2017

Botnet Statistics [2017-10-20]

detection period: 2017-10-20 00:00-23:59 UTC
total number of suspected botnet IPs: 416
number of botnet IPs notified to network operators: 380
number of spam blocked: 46038
recipient count of spam blocked: 550435

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ74
2Baidu67
3CHINANET-JS32
4WASU27
5VNPT-VNNIC-VN26
6CHINANET-GD20
7UNIFIEDLAYER-NETWORK-1410
8CMNET10
9FPT-VN8
10CHINANET-HB8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China260
2Viet Nam55
3India19
4United States17
5Taiwan5
6Russian Federation5
7Germany4
8Thailand3
9Pakistan3
10South Korea3

Suspected Bot List [2017-10-20]

detection period: 2017-10-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Friday, October 20, 2017

Botnet Statistics [2017-10-19]

detection period: 2017-10-19 00:00-23:59 UTC
total number of suspected botnet IPs: 474
number of botnet IPs notified to network operators: 430
number of spam blocked: 48926
recipient count of spam blocked: 969921

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ75
2Baidu67
3WASU42
4CHINANET-JS25
5CMNET21
6CHINANET-GD18
7VNPT-VNNIC-VN17
8UNIFIEDLAYER-NETWORK-1410
9VIETEL-VN9
10CHINANET-HB8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China294
2Viet Nam38
3India21
4United States19
5Romania6
6Pakistan6
7Brazil6
8South Korea5
9South Africa4
10Taiwan4