Custom Search

Tuesday, January 31, 2017

Suspected Bot List [2017-01-30]

detection period: 2017-01-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
AR190.104.231.246Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
CO190.242.119.197Colombia
IN125.16.240.197India
IN203.192.212.52India
IN223.196.86.228India
KZ185.19.194.234Kazakhstan
SA212.12.175.222Saudi Arabia
TW106.1.195.68Taiwan
TW118.233.116.192Taiwan
TW123.194.119.227Taiwan
US206.125.41.139United States
US206.125.47.5United States
US206.125.47.7United States
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2017-01-30]

detection period: 2017-01-30 00:00-23:59 UTC
total number of suspected botnet IPs: 645
number of botnet IPs notified to network operators: 622
number of spam blocked: 25642
recipient count of spam blocked: 285411

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-SD58
2HINET-NET57
3CHINANET-JS56
4UNICOM-GX32
5UNICOM-LN28
6UNICOM-SX21
7CHINANET-ZJ15
8CHINANET-AH13
9CHINANET-GZ12
10CHINANET-GD11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China432
2Taiwan98
3United States14
4Brazil13
5Russian Federation11
6Germany9
7India7
8Colombia7
9Netherlands5
10Italy4

Monday, January 30, 2017

Suspected Bot List [2017-01-29]

detection period: 2017-01-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
AR190.104.231.246Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IN125.16.240.197India
IN203.192.212.52India
KZ185.19.194.234Kazakhstan
SA212.12.175.222Saudi Arabia
TW106.1.54.147Taiwan
TW118.233.116.192Taiwan
TW118.233.118.79Taiwan
US206.125.41.139United States
US206.125.47.5United States
US206.125.47.7United States
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2017-01-29]

detection period: 2017-01-29 00:00-23:59 UTC
total number of suspected botnet IPs: 637
number of botnet IPs notified to network operators: 618
number of spam blocked: 3793
recipient count of spam blocked: 105175

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS58
2HINET-NET53
3UNICOM-SD52
4UNICOM-GX35
5UNICOM-LN28
6CHINANET-GZ19
7CHINANET-ZJ18
8UNICOM-HE17
9UNICOM-SX16
10CHINANET-GD15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China463
2Taiwan83
3United States11
4Brazil11
5Russian Federation9
6Colombia6
7India5
8Germany5
9Italy3
10United Kingdom3

Sunday, January 29, 2017

Suspected Bot List [2017-01-28]

detection period: 2017-01-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
CO190.242.119.197Colombia
IN125.16.240.197India
IN203.192.212.52India
IN223.196.86.228India
KZ185.19.194.234Kazakhstan
TR84.51.57.149Turkey
TW106.1.62.35Taiwan
TW118.233.118.79Taiwan
US206.125.41.139United States
US206.125.47.5United States
US206.125.47.7United States
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2017-01-28]

detection period: 2017-01-28 00:00-23:59 UTC
total number of suspected botnet IPs: 563
number of botnet IPs notified to network operators: 544
number of spam blocked: 4686
recipient count of spam blocked: 127286

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS43
2HINET-NET42
3UNICOM-SD39
4UNICOM-GX24
5UNICOM-LN20
6CHINANET-ZJ15
7UNICOM-SX14
8CHINANET-XJ13
9CHINANET-AH13
10CHINANET-GZ12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China372
2Taiwan77
3Brazil18
4United States13
5Colombia9
6Russian Federation8
7India7
8Germany6
9Ukraine4
10Kazakhstan3

Saturday, January 28, 2017

Suspected Bot List [2017-01-27]

detection period: 2017-01-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.18.223Arab Emirates
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IN125.16.240.197India
IN203.192.212.52India
IN223.196.86.228India
SA212.12.175.222Saudi Arabia
TR84.51.57.149Turkey
TW118.233.116.192Taiwan
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2017-01-27]

detection period: 2017-01-27 00:00-23:59 UTC
total number of suspected botnet IPs: 155
number of botnet IPs notified to network operators: 140
number of spam blocked: 2462
recipient count of spam blocked: 55700

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1RingLink6
2ALISOFT6
3TencentCloud5
4CHINANET-ZJ5
5CHINANET-GD5
6002.558.157/0001-625
7LIGHTWAVENET-V4-13
8tonghnetwork2
9broadNnet-KR2
10UNICOM-GD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China55
2Brazil16
3United States10
4Russian Federation8
5Colombia6
6Taiwan5
7Spain5
8South Korea4
9Italy4
10Germany4

Friday, January 27, 2017

Suspected Bot List [2017-01-26]

detection period: 2017-01-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 26

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.18.223Arab Emirates
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IN125.16.240.197India
IN203.192.212.52India
IN223.196.86.228India
IT94.177.225.212Italy
SA212.12.175.222Saudi Arabia
TR84.51.57.149Turkey
TR213.74.209.50Turkey
TW118.233.116.192Taiwan
US206.125.41.139United States
US206.125.47.5United States
US206.125.47.7United States
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2017-01-26]

detection period: 2017-01-26 00:00-23:59 UTC
total number of suspected botnet IPs: 257
number of botnet IPs notified to network operators: 232
number of spam blocked: 8198
recipient count of spam blocked: 195864

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GX15
2DOPI18
3ALISOFT8
4TencentCloud6
5RingLink6
6UNKNOWN5
7UNICOM-GD5
8CHINANET-ZJ5
9KORNET-KR4
10CHINANET-HN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China90
2Brazil23
3United States21
4Russian Federation17
5Italy12
6Taiwan8
7United Kingdom8
8Germany8
9Colombia7
10South Korea5

Thursday, January 26, 2017

Suspected Bot List [2017-01-25]

detection period: 2017-01-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 24

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
BO186.27.126.130Bolivia
CO190.60.234.186Colombia
IN125.16.240.197India
IN203.192.212.52India
IN223.196.86.228India
MX189.206.98.28Mexico
SA212.12.175.222Saudi Arabia
TR213.74.209.50Turkey
TW118.233.116.192Taiwan
ZA196.46.23.122South Africa

List from greylisting:

Botnet Statistics [2017-01-25]

detection period: 2017-01-25 00:00-23:59 UTC
total number of suspected botnet IPs: 277
number of botnet IPs notified to network operators: 254
number of spam blocked: 15066
recipient count of spam blocked: 336957

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GX33
2CHINANET-HN14
3CHINANET-HB8
4CHINANET-GD8
5TencentCloud6
6RingLink6
7DOPI15
8CHINANET-ZJ5
9ALISOFT4
10UNICOM-SD3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China118
2United States16
3Brazil14
4Russian Federation13
5Italy12
6Taiwan9
7Colombia8
8Germany7
9Argentina7
10United Kingdom6

Wednesday, January 25, 2017

Suspected Bot List [2017-01-24]

detection period: 2017-01-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-24]

detection period: 2017-01-24 00:00-23:59 UTC
total number of suspected botnet IPs: 70
number of botnet IPs notified to network operators: 63
number of spam blocked: 2091
recipient count of spam blocked: 2091

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD4
2ALISOFT3
3CHINANET-ZJ2
4CHINANET-SN2
5tonghnetwork1
6smartnetTransfernetze1
7XIAOZHIYUN1-AP1
8WEB241
9VODAFONE-IT1
10VNPT-VNNIC-VN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China21
2Italy6
3United States5
4Russian Federation3
5India3
6Brazil3
7Viet Nam2
8Ukraine2
9Hong Kong2
10Spain2

Tuesday, January 24, 2017

Suspected Bot List [2017-01-23]

detection period: 2017-01-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-23]

detection period: 2017-01-23 00:00-23:59 UTC
total number of suspected botnet IPs: 75
number of botnet IPs notified to network operators: 67
number of spam blocked: 226
recipient count of spam blocked: 226

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
104.151.097/0001-945
2ALISOFT4
3UNICOM-GX3
4CHINANET-GD3
5KORNET-KR2
6CMNET2
7tonghnetwork1
8smartnetISDNeinwahl1
9UNICOM-CN1
10Timer1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China20
2Brazil11
3United States4
4Russian Federation4
5Spain4
6Italy3
7Colombia3
8Turkey2
9Poland2
10South Korea2

Monday, January 23, 2017

Suspected Bot List [2017-01-22]

detection period: 2017-01-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-22]

detection period: 2017-01-22 00:00-23:59 UTC
total number of suspected botnet IPs: 75
number of botnet IPs notified to network operators: 65
number of spam blocked: 310
recipient count of spam blocked: 310

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GX5
2CHINANET-GD5
3UNICOM-BJ3
4RO-JUMP-200511293
5ALISOFT3
6RingLink2
7KORNET-KR2
8CHINANET-SH2
9AR-CASA10-LACNIC2
10002.558.157/0001-622

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China28
2Brazil8
3Russian Federation5
4Romania4
5Colombia4
6Argentina4
7Italy3
8Czech Republic3
9Ukraine2
10South Korea2

Sunday, January 22, 2017

Suspected Bot List [2017-01-21]

detection period: 2017-01-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-21]

detection period: 2017-01-21 00:00-23:59 UTC
total number of suspected botnet IPs: 61
number of botnet IPs notified to network operators: 55
number of spam blocked: 137
recipient count of spam blocked: 137

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1tonghnetwork3
2UNICOM-GX2
3SMARTONE-MO2
4MX-ALES-LACNIC2
5CO-ETBE-LACNIC2
6CHINANET-GD2
7ALISOFT2
8WIMORE1
9VDC-NET1
10UNIFIEDLAYER-NETWORK-141

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China21
2Brazil7
3Viet Nam3
4United States3
5Italy3
6Colombia3
7Russian Federation2
8Mexico2
9Macau2
10India2

Saturday, January 21, 2017

Suspected Bot List [2017-01-20]

detection period: 2017-01-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-20]

detection period: 2017-01-20 00:00-23:59 UTC
total number of suspected botnet IPs: 60
number of botnet IPs notified to network operators: 55
number of spam blocked: 156
recipient count of spam blocked: 156

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD5
2UNICOM-GX2
3UNICOM-GD2
4TencentCloud2
5RingLink2
6RO-JUMP-200511292
7CO-ACSA-LACNIC2
8CHINANET-SN2
9ALISOFT2
10WEBSTREAM1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China29
2Russian Federation4
3Colombia4
4United States3
5India3
6Brazil2
7Venezuela1
8Ukraine1
9Saudi Arabia1
10Romania1

Friday, January 20, 2017

Suspected Bots' IP List for December 2016

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2016-12-01]
Suspected Bots IP [2016-12-02]
Suspected Bots IP [2016-12-03]
Suspected Bots IP [2016-12-04]
Suspected Bots IP [2016-12-05]
Suspected Bots IP [2016-12-06]
Suspected Bots IP [2016-12-07]
Suspected Bots IP [2016-12-08]
Suspected Bots IP [2016-12-09]
Suspected Bots IP [2016-12-10]
Suspected Bots IP [2016-12-11]
Suspected Bots IP [2016-12-12]
Suspected Bots IP [2016-12-13]
Suspected Bots IP [2016-12-14]
Suspected Bots IP [2016-12-15]
Suspected Bots IP [2016-12-16]
Suspected Bots IP [2016-12-17]
Suspected Bots IP [2016-12-18]
Suspected Bots IP [2016-12-19]
Suspected Bots IP [2016-12-20]
Suspected Bots IP [2016-12-21]
Suspected Bots IP [2016-12-22]
Suspected Bots IP [2016-12-23]
Suspected Bots IP [2016-12-24]
Suspected Bots IP [2016-12-25]
Suspected Bots IP [2016-12-26]
Suspected Bots IP [2016-12-27]
Suspected Bots IP [2016-12-28]
Suspected Bots IP [2016-12-29]
Suspected Bots IP [2016-12-30]
Suspected Bots IP [2016-12-31]

Suspected Bot List [2017-01-19]

detection period: 2017-01-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-19]

detection period: 2017-01-19 00:00-23:59 UTC
total number of suspected botnet IPs: 60
number of botnet IPs notified to network operators: 58
number of spam blocked: 246
recipient count of spam blocked: 246

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD5
2TencentCloud4
3CHINANET-SH4
4RO-JUMP-200511292
5CHINANET-ZJ2
6CHINANET-SN2
7CHINANET-JS2
8ALISOFT2
9tonghnetwork1
10UK-WEBFUSION-LEEDS1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China30
2Brazil4
3United States3
4Germany3
5Taiwan2
6Russian Federation2
7Romania2
8Hong Kong2
9Thailand1
10Pakistan1

Thursday, January 19, 2017

Suspected Bot List [2017-01-18]

detection period: 2017-01-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-18]

detection period: 2017-01-18 00:00-23:59 UTC
total number of suspected botnet IPs: 62
number of botnet IPs notified to network operators: 55
number of spam blocked: 305
recipient count of spam blocked: 305

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD8
2UNIFIEDLAYER-NETWORK-102
3RingLink2
4RO-JUMP-200511292
5DIRECT-HOSTING-KR2
6CHINANET-ZJ2
7002.558.157/0001-622
8tonghnetwork1
9UNICOM-GD1
10TencentCloud1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China25
2Brazil6
3United States4
4Netherlands3
5Taiwan2
6Saudi Arabia2
7South Korea2
8Italy2
9Germany2
10South Africa1

Wednesday, January 18, 2017

Suspected Bot List [2017-01-17]

detection period: 2017-01-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

I haven't got a new VPS for fake open relay yet.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-17]

detection period: 2017-01-17 00:00-23:59 UTC
total number of suspected botnet IPs: 118
number of botnet IPs notified to network operators: 111
number of spam blocked: 410
recipient count of spam blocked: 410

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN11
2CHINANET-GD7
3FPT-VN4
4FPT-NET4
5CMNET4
6RingLink3
7OCN3
8tonghnetwork2
9UNICOM-GD2
10TencentCloud2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China34
2Viet Nam23
3Japan7
4Taiwan5
5United States4
6Romania4
7Brazil4
8Russian Federation3
9Poland3
10Pakistan3

Tuesday, January 17, 2017

Suspected Bot List [2017-01-16]

detection period: 2017-01-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

The VPS used for fake open relay is gone today since its provider stops their operation.

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-16]

detection period: 2017-01-16 00:00-23:59 UTC
total number of suspected botnet IPs: 68
number of botnet IPs notified to network operators: 65
number of spam blocked: 255
recipient count of spam blocked: 255

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud5
2GIANT4
3RingLink3
4CHINANET-GD3
5tonghnetwork2
6RJNET2
7HINET-NET2
8ALISOFT2
9002.558.157/0001-622
10Xenius-Interoute-21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China34
2Taiwan4
3Germany4
4United States3
5Netherlands3
6Brazil3
7Romania2
8Italy2
9Colombia2
10Viet Nam1

Monday, January 16, 2017

Suspected Bot List [2017-01-15]

detection period: 2017-01-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-15]

detection period: 2017-01-15 00:00-23:59 UTC
total number of suspected botnet IPs: 76
number of botnet IPs notified to network operators: 71
number of spam blocked: 80223
recipient count of spam blocked: 401067

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ7
2CHINANET-GD6
3TencentCloud4
4HINET-NET3
5CHINANET-ZJ3
6tonghnetwork2
7RingLink2
8HINET-TW2
9ALISOFT2
10002.558.157/0001-622

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China41
2Taiwan5
3United States4
4Germany4
5Brazil3
6Singapore2
7Russian Federation2
8Colombia2
9Bolivia2
10Argentina2

Sunday, January 15, 2017

Suspected Bot List [2017-01-14]

detection period: 2017-01-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-14]

detection period: 2017-01-14 00:00-23:59 UTC
total number of suspected botnet IPs: 71
number of botnet IPs notified to network operators: 70
number of spam blocked: 391
recipient count of spam blocked: 543

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ALISOFT6
2UNICOM-BJ5
3TencentCloud3
4CHINANET-GD3
5002.558.157/0001-623
6tonghnetwork2
7UNICOM-GX2
8KORNET-KR2
9HICHINA2
10GIANT2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China36
2United States7
3Brazil4
4Germany3
5Russian Federation2
6South Korea2
7India2
8United Kingdom2
9Colombia2
10Venezuela1

Saturday, January 14, 2017

Suspected Bot List [2017-01-13]

detection period: 2017-01-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-13]

detection period: 2017-01-13 00:00-23:59 UTC
total number of suspected botnet IPs: 84
number of botnet IPs notified to network operators: 80
number of spam blocked: 2075
recipient count of spam blocked: 2075

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ7
2CHINANET-GD7
3TencentCloud6
4CMNET4
5tonghnetwork3
6HICHINA3
7UNICOM-SD2
8CAT2
9ALISOFT2
10Xenius-Interoute-21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China51
2Russian Federation6
3United States5
4Thailand2
5Japan2
6Italy2
7Germany2
8South Africa1
9Ukraine1
10Taiwan1

Friday, January 13, 2017

Suspected Bot List [2017-01-12]

detection period: 2017-01-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD27.147.151.50Bangladesh
BD202.5.37.132Bangladesh
ES88.28.209.187Spain
GE37.131.224.106Republic Of Georgia
IN59.145.146.94India
IN182.75.205.202India
NI190.124.32.202Nicaragua
PK110.36.63.25Pakistan
RO89.165.156.233Romania
SC41.86.56.47Seychelles
SV179.5.32.178El Salvador
SV179.5.32.182El Salvador
SV179.5.32.186El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador

List from greylisting:

Botnet Statistics [2017-01-12]

detection period: 2017-01-12 00:00-23:59 UTC
total number of suspected botnet IPs: 258
number of botnet IPs notified to network operators: 236
number of spam blocked: 3500
recipient count of spam blocked: 3662

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN27
2CMNET12
3UNICOM-BJ9
4CHINANET-HB7
5UNICOM-JX6
6UNICOM-GD6
7TencentCloud6
8SV-CSCV-LACNIC6
9CHINANET-YN6
10CHINANET-GX6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China147
2India8
3Viet Nam7
4Colombia7
5El Salvador6
6South Korea6
7Brazil6
8United States5
9Taiwan5
10Italy5

Thursday, January 12, 2017

Suspected Bot List [2017-01-11]

detection period: 2017-01-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 29

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD202.5.37.132Bangladesh
GE37.131.224.106Republic Of Georgia
HT200.113.221.17Haiti
IN59.145.146.94India
IN182.71.25.62India
IN182.71.119.162India
IN182.75.205.202India
NI190.124.32.202Nicaragua
PK110.36.35.128Pakistan
PK110.36.63.25Pakistan
PK110.38.217.122Pakistan
RO89.165.156.233Romania
SC41.86.56.47Seychelles
SV179.5.32.178El Salvador
SV179.5.32.182El Salvador
SV179.5.32.186El Salvador
SV179.5.32.194El Salvador
SV179.5.33.10El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador
ZM155.0.27.5Zambia

List from greylisting:

Botnet Statistics [2017-01-11]

detection period: 2017-01-11 00:00-23:59 UTC
total number of suspected botnet IPs: 565
number of botnet IPs notified to network operators: 536
number of spam blocked: 37755
recipient count of spam blocked: 40001

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN195
2CMNET20
3HINET-NET16
4UNICOM-BJ14
5BSNLNET11
6UNICOM-JX10
7UNICOM-GD10
8UCOM-GPON9
9SV-CSCV-LACNIC8
10CHINANET-YN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China353
2India22
3Taiwan19
4Italy12
5Colombia11
6Bangladesh9
7Armenia9
8El Salvador8
9Cambodia8
10United States7

Wednesday, January 11, 2017

Suspected Bot List [2017-01-10]

detection period: 2017-01-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR191.85.174.242Argentina
BD202.5.37.132Bangladesh
GA197.231.141.29Gabon
GE37.131.224.106Republic Of Georgia
HT200.113.221.17Haiti
IN59.145.146.94India
IN182.75.205.202India
NI190.124.32.202Nicaragua
PK110.36.63.25Pakistan
PK110.38.217.122Pakistan
RO89.165.156.233Romania
RO109.166.146.198Romania
SC41.86.56.47Seychelles
SV179.5.32.178El Salvador
SV179.5.32.182El Salvador
SV179.5.32.186El Salvador
SV179.5.32.194El Salvador
SV179.5.33.10El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador

List from greylisting:

Botnet Statistics [2017-01-10]

detection period: 2017-01-10 00:00-23:59 UTC
total number of suspected botnet IPs: 543
number of botnet IPs notified to network operators: 519
number of spam blocked: 61281
recipient count of spam blocked: 64743

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN207
2HINET-NET27
3CMNET18
4UNICOM-GD11
5BSNLNET9
6SV-CSCV-LACNIC8
7CHINANET-HB8
8CHINANET-YN7
9CHINANET-GX7
10UNICOM-JX6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China349
2Taiwan29
3India20
4Colombia9
5Brazil9
6El Salvador8
7Russian Federation8
8South Korea8
9Italy8
10Bangladesh8

Tuesday, January 10, 2017

Suspected Bot List [2017-01-09]

detection period: 2017-01-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD202.5.37.132Bangladesh
GE37.131.224.106Republic Of Georgia
HT200.113.221.17Haiti
IN59.145.146.94India
IN182.75.205.202India
RO89.165.156.233Romania
SC41.86.56.47Seychelles
SV179.5.32.178El Salvador
SV179.5.32.186El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador

List from greylisting:

Botnet Statistics [2017-01-09]

detection period: 2017-01-09 00:00-23:59 UTC
total number of suspected botnet IPs: 531
number of botnet IPs notified to network operators: 508
number of spam blocked: 57128
recipient count of spam blocked: 61291

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN225
2HINET-NET28
3CMNET13
4CHINANET-HB13
5UNICOM-GD9
6UNICOM-BJ7
7UNICOM-JX6
8BSNLNET6
9SV-CSCV-LACNIC5
10CHINANET-YN5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China348
2Taiwan32
3India16
4Italy11
5South Korea10
6Brazil10
7Russian Federation7
8Colombia7
9United States6
10Cambodia6

Monday, January 9, 2017

Botnet Statistics for the year of 2016

detection period: 2016-01-01 00:00 - 2016-12-31 23:59 UTC
total number of suspected botnet IPs: 277464
number of blocked spams: 4349886
recipient count of blocked spams: 55283278
detection methods: fake open relay + greylisting

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China95112
2Taiwan47932
3Viet Nam26200
4India22097
5Mexico12547
6Iran6308
7Brazil5402
8Colombia3633
9Turkey3611
10Indonesia3423
11Pakistan3408
12United States3315
13Peru2773
14Tunisia1720
15Thailand1498
16Bangladesh1477
17Argentina1452
18Romania1391
19Russian Federation1354
20Italy1310
21Venezuela1269
22Arab Emirates1267
23Philippines1210
24Poland1135
25Bolivia1090

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1Taiwan1448316
2China1168680
3United States665790
4Poland499047
5Brazil210130
6Mexico65594
7Germany40658
8Thailand21382
9India20017
10Romania18195
11Hong Kong13715
12Turkey12433
13Italy11855
14Russian Federation11528
15Slovenia10707
16Colombia10418
17France9188
18Viet Nam9010
19South Korea8593
20Bolivia5335
21Argentina4944
22United Kingdom4870
23Sweden4663
24Spain4642
25Philippines4093

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Suspected Bot List [2017-01-08]

detection period: 2017-01-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR191.85.155.115Argentina
BD202.5.37.132Bangladesh
GE37.131.224.106Republic Of Georgia
HT200.113.221.17Haiti
IN59.145.146.94India
IN182.75.205.202India
SV179.5.32.178El Salvador
SV179.5.32.182El Salvador
SV179.5.32.186El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador

List from greylisting:

Botnet Statistics [2017-01-08]

detection period: 2017-01-08 00:00-23:59 UTC
total number of suspected botnet IPs: 552
number of botnet IPs notified to network operators: 539
number of spam blocked: 59692
recipient count of spam blocked: 62628

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN269
2HINET-NET36
3CHINANET-HB23
4CMNET12
5UNICOM-BJ11
6UNICOM-GD10
7UNICOM-GX8
8CHINANET-JS8
9CHINANET-GX7
10SV-CSCV-LACNIC6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China414
2Taiwan38
3India12
4Cambodia7
5Bangladesh7
6El Salvador6
7Italy6
8Brazil6
9South Korea5
10Colombia5

Sunday, January 8, 2017

Botnet Statistics for December 2016

detection period: 2016-12-01 00:00 - 2016-12-31 23:59 UTC
total number of suspected botnet IPs: 12468
number of blocked spams: 562466
recipient count of blocked spams: 699850

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China6896
2Viet Nam1229
3India1195
4Brazil251
5Iran223
6Indonesia166
7Pakistan153
8United States149
9Mexico149
10Taiwan121
11Colombia105
12Italy104
13Bangladesh101
14Turkey99
15Russian Federation93
16Thailand68
17Philippines54
18Argentina52
19Poland42
20Cambodia42
21Antigua And Barbuda42
22South Korea37
23Tunisia34
24Serbia34
25Ukraine33

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China503171
2Romania16089
3India4917
4United States4772
5Poland4530
6Slovenia3572
7Italy2938
8Russian Federation1957
9El Salvador1333
10Colombia1274
11Taiwan1263
12South Korea1146
13Brazil1090
14Ukraine1020
15Germany983
16Bangladesh896
17Antigua And Barbuda759
18Cambodia758
19Armenia731
20Azerbaijan648
21Pakistan578
22Indonesia519
23Mexico506
24Gabon410
25Spain402

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Suspected Bot List [2017-01-07]

detection period: 2017-01-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD202.5.37.132Bangladesh
GE37.131.224.106Republic Of Georgia
HT200.113.221.17Haiti
ID118.98.125.58Indonesia
ID202.75.97.154Indonesia
ID203.190.113.186Indonesia
IN59.145.146.94India
IN182.75.205.202India
PK110.36.35.128Pakistan
PK110.36.63.25Pakistan
SC41.86.56.47Seychelles
SV179.5.32.178El Salvador
SV179.5.32.182El Salvador
SV179.5.32.186El Salvador
SV179.5.32.194El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador

List from greylisting:

Botnet Statistics [2017-01-07]

detection period: 2017-01-07 00:00-23:59 UTC
total number of suspected botnet IPs: 615
number of botnet IPs notified to network operators: 593
number of spam blocked: 103366
recipient count of spam blocked: 106814

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN232
2HINET-NET67
3CHINANET-HB22
4UNICOM-BJ18
5CMNET16
6UNICOM-GD10
7CHINANET-GD9
8UNICOM-SD8
9SV-CSCV-LACNIC7
10UNICOM-JX6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China414
2Taiwan71
3India13
4Bangladesh8
5El Salvador7
6Cambodia7
7Colombia7
8South Korea6
9United States5
10Russian Federation5

Saturday, January 7, 2017

Suspected Bot List [2017-01-06]

detection period: 2017-01-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD202.5.37.132Bangladesh
GA197.231.141.29Gabon
GE37.131.224.106Republic Of Georgia
HT200.113.221.17Haiti
IN59.145.146.94India
IN182.73.193.250India
IN182.75.205.202India
PK110.36.33.37Pakistan
PK110.36.63.25Pakistan
PK110.38.217.122Pakistan
RO89.165.156.233Romania
SC41.86.56.47Seychelles
SV179.5.32.178El Salvador
SV179.5.32.182El Salvador
SV179.5.32.186El Salvador
SV179.5.33.10El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador

List from greylisting:

Botnet Statistics [2017-01-06]

detection period: 2017-01-06 00:00-23:59 UTC
total number of suspected botnet IPs: 577
number of botnet IPs notified to network operators: 554
number of spam blocked: 18656
recipient count of spam blocked: 22952

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN248
2CMNET18
3CHINANET-HB18
4UNICOM-GD14
5UNICOM-JX10
6UNICOM-SD9
7UNICOM-BJ9
8HINET-NET9
9CHINANET-YN9
10UNICOM-HA8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China425
2India14
3Taiwan12
4United States9
5El Salvador7
6Russian Federation7
7Pakistan7
8Colombia7
9Bangladesh7
10South Korea6

Friday, January 6, 2017

Suspected Bot List [2017-01-05]

detection period: 2017-01-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 46

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BD202.5.37.132Bangladesh
FR193.252.26.9France
GA197.231.141.29Gabon
GE37.131.224.106Republic Of Georgia
HT200.113.221.17Haiti
ID118.98.125.58Indonesia
IN59.145.146.94India
IN182.73.193.250India
IN182.74.247.122India
IN182.75.114.174India
IN182.75.205.202India
PK110.36.35.128Pakistan
PK110.36.63.25Pakistan
SC41.86.56.47Seychelles
SV179.5.32.178El Salvador
SV179.5.32.182El Salvador
SV179.5.32.186El Salvador
SV179.5.32.190El Salvador
SV179.5.33.10El Salvador
SV179.5.33.137El Salvador
SV179.5.33.190El Salvador
SV179.5.33.202El Salvador

List from greylisting:

Botnet Statistics [2017-01-05]

detection period: 2017-01-05 00:00-23:59 UTC
total number of suspected botnet IPs: 595
number of botnet IPs notified to network operators: 549
number of spam blocked: 15342
recipient count of spam blocked: 18283

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN226
2CHINANET-HB26
3MSFT18
4CMNET18
5UNICOM-GD13
6UNICOM-BJ13
7CHINANET-YN10
8UNICOM-HA9
9SV-CSCV-LACNIC8
10CHINANET-GD8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China421
2United States28
3India16
4Taiwan9
5El Salvador8
6Colombia7
7Brazil7
8Bangladesh7
9Russian Federation6
10Cambodia6

Thursday, January 5, 2017

Suspected Bot List [2017-01-04]

detection period: 2017-01-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2017-01-04]

detection period: 2017-01-04 00:00-23:59 UTC
total number of suspected botnet IPs: 317
number of botnet IPs notified to network operators: 312
number of spam blocked: 14040
recipient count of spam blocked: 17229

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN197
2CHINANET-HB12
3UNICOM-BJ10
4HINET-NET7
5UNICOM-GX6
6CHINANET-GD6
7UNICOM-SD5
8CMNET4
9CHINANET-JS4
10RingLink3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China277
2United States7
3Taiwan7
4Hong Kong3
5Austria2
6South Africa1
7Viet Nam1
8Venezuela1
9Ukraine1
10Thailand1